The Ministry of Electronics and Information Technology (MEITY) is looking to begin industry consultations on amendments to India’s Information Technology Act by end of April or early May, S. Gopalakrishnan, Additional Secretary at MEITY, said on a private video call hosted by the Centre for Digital Economy Policy Research (C-DEP), several participants on the call told MediaNama. Gopalakrishnan said that MEITY is open to both amending the IT Act and tweaking it, as well as looking at it “de novo”. “De Novo” suggests that MEITY would be open to looking at the IT Act afresh — whether it should exist in its present form, or be broken into pieces, where each piece may focus on a different aspect such as cyber security, cyber crime, and enabling India’s digital ecosystem, a participant on the call explained to us. The IT Act is India’s primary law governing the Internet ecosystem, and amendments to it will have far reaching consequences for its governance.

The call, to which Gopalakrishnan and Group Coordinator (Cyber Laws) Rakesh Maheshwari were invitees, largely had participation from industry representatives, and some from civil society. We had contacted Gopalakrishan for comments yesterday afternoon, as well as earlier today, and will update this if and when we hear from him.

“The minister had mentioned that we will be amending the IT Act”, Maheshwari told MediaNama, confirming his participation on the call. “We have, 4-5 days back, reached out to the concerned ministries and IT secretaries, to see as to what is their view with respect to the IT Act, and what kind of changes they would like to see, supported by case studies and activities happening in the international arena. The aim was to take a phased approach: first collect our view within the government, so that we come with a draft document, and then we move to an industry consultation, and then a public consultation.”

To that end, MEITY has reached out to DPIIT (which reached out to industry bodies for comments on its own), the Ministry of Women and Child Development, Ministry of Home Affairs, Telecommunications Disputes Settlement and Appellate Tribunal (TDSAT), National Critical Information Infrastructure Protection Centre (NCIIPC), the National Cyber Security Coordinator, and Controller of Certifying Authorities (CCA).

Issues raised on the call

The following issues were raised during the discussion, corroborated across several participants on the Zoom call:

  • Four areas of amendments: Hosting the call, Jaijit Bhattacharya, President of C-DEP, pointed towards four areas of amendments to the IT Act: one was on personal safety on the Internet, under which content management and faster adjudication were considered; the second was on government data requests; the third was around syncing the IT Act with the Personal Data Protection Bill; and the fourth was around new and emerging tech (AI, IoT and cryptocurrencies). Bhattacharya declined to comment on specific statements attributed to him in this story, and sent a statement about participation, which is included in the last segment of this article.
  • Define the problem statement first: Raman Jit Singh Chima, Asia policy director and senior international counsel at Access Now, asked MEITY about the definition of problem statements that MEITY is hearing about from different ministries, especially the Ministry of Home Affairs, given that each is tackling a different tech policy issue within its own sector. Chima asked for definition of understanding the harm first, and what is being solved for, before the IT act is being amended. Chima confirmed his comments to MediaNama.
  • Amending the IT Act or looking at sectoral enactment? When the IT Act was enacted, it had led to changes in other laws, Apar Gupta, the Executive Director of the Internet Freedom Foundation (IFF) pointed out. He asked whether MEITY was looking at amending the IT Act itself, or if it was looking at sectoral enactment. Gupta hasn’t responded to an email sent yesterday, requesting comments on specific statements attributed to him in this story. We will update in case he responds.
  • Impact on the Intermediary Liability rules: Chima also asked MEITY about what impact amending the IT Act will have on the Intermediary Liability Rules. Another participant on the call said that the changes to Rule 3 in the Intermediary Liability Rules were yet to face the free speech test. Proposed amendments to Rule 3 include traceability of the originator, proactive content takedowns, and curtailing safe harbour provisions for intermediaries.
  • Re-evaluate the role of CERT-IN: There is a need to re-evaluate the institutional structures that are set up under the IT Act, particularly the role and functions of CERT-IN, Rishabh Bailey, legal consultant with National Institute of Public Finance and Policy (NIPFP) said. It is unclear what CERT-IN is doing, particularly in terms of coordinating with various other sectoral regulators, whether critical infrastructure, RBI etc. Bailey confirmed his comments to MediaNama.
  • On criminalisation of harms, and taking stock of implementation: On personal safety, while it is clear that there are many new types of online harms, it is not clear if criminalising all these acts is the solution, Smriti Parsheera, Fellow with NIPFP, said. She suggested that before any new penalties are introduced in the IT Act, stock needs to be taken of what may have gone wrong with implementation under the existing law. The problem may be more about implementation structures than legal protections, she said. Parsheera confirmed her comments to MediaNama.
  • Can the IT Act accommodate Non-Personal Data issues? Bhattacharya raised the question about whether a new regulator can be instituted, or a new law can be created for non-personal data, once the committee of experts for non-personal data has made public its recommendations, or whether clauses related to non-personal data can be contained in the IT Act. The oddity of the inclusion of Non-Personal Data in the Personal Data Protection Bill, 2019, has been raised by many stakeholders since the Bill was tabled in Parliament in December 2019.
  • Law enforcement and cross-border data flows: Parsheera suggested that this review process would be a good time to revisit India’s position on the Budapest Convention, adding that this also links to the need for a broader discussion on whether India is thinking of international agreements on cross border data flows.
  • State law enforcement and copyright: Arjun Sinha, Partner at AP & Partners, highlighted issues with state law enforcement agencies, especially regarding threats being made without any grounds, especially in case of copyright enforcement issues. Sinha hasn’t responded to an email sent yesterday, requesting comments on statements attributed to him in this story. We will update in case he responds.
  • IT Act needs to be technology neutral: Chima highlighted that the IT Act needs to be technology neutral.
  • Civil society involvement: Gupta spoke about the need for a multi-stakeholder consultation, and suggested that MEITY should consider allowing civil society and academic organisations put issue-by-issue white papers, so that each can be engaged with at depth.

Note: If you were on the call, and we’ve missed what you had said, do drop us a note at nikhil@medianama.com. We will update this story with on-record comments.

On who was invited for the call and why

On the call, which lasted for around an hour and 10 minutes, representatives of Amazon, Facebook, ShareChat, Netflix, AP & Partners, TMT Law were there. Civil society saw some representation through Access Now, the Internet Freedom Foundation, and NIPFP.

Some civil society organisations have privately asked about why they weren’t invited to this particular call, whether this was a meeting organised by MEITY, and who had put together the invite list. In response to these questions from MediaNama, C-DEP sent the following response, requesting that it be published in full:

C-DEP organized a preliminary call with senior industry representatives and respected civil society organizations to discuss possible areas for amendments that could be brought about in the IT Act. Officials from MEITY were also invited. Bloggers and civil society activists were not invited for this round of CDEP’s consultation on the topic. I understand from your call prior to the event that Medianama also wanted to be part of the event but it was declined.

Based on comments made during the course of the call, we will provide a formal report to the Ministry which we hope constructively adds value to the discussions.

Note that MediaNama, on learning about this call, had requested participation. We had reported on the fact that this meeting was being held, on the day of the call.

*Disclosure: I am a co-founder and a former trustee of the Internet Freedom Foundation.