Meta’s President for Global Affairs, Nick Clegg touched upon various aspects of India’s data regulatory regime during his visit to India for the 3-day Global Tech Summit organised by Carnegie India in New Delhi. Clegg joined Meta in 2018 and was the deputy Prime Minister of the United Kingdom from 2010 to 2015.
It’s interesting to note that Clegg has now worked with the government as well as Big Tech, both of which are often at odds with each other. At the summit, he said he is very “positive” about the draft Digital Personal Data Protection Bill, 2022. He said the bill seems to be “clear, cogent, (and) it has great clarity about what it’s trying to achieve.” He also said the government has done “some really thoughtful work in terms of this revised draft”.
FREE READ of the day by MediaNama: Click here to sign-up for our free-read of the day newsletter delivered daily before 9 AM in your inbox.
However, it is also important to note the contrasting views of digital rights experts and organisations, who have said the bill uses “pro-corporate language” and leaves out several important details by saying they will be prescribed later. The Internet Freedom Foundation said this “creates vague, unguided power for the Union Government to frame rules”.
Let’s have a look at five noteworthy points made by Clegg during the event and his media interviews:
- Don’t club OTT with telecom: Meta believes regulating OTT apps like telecom services doesn’t seem to be the most effective way of proceeding, said Clegg while speaking to Economic Times. Legislations like the IT Act seem to be a more natural place (for regulating) rather than mixing Apples and Pears, Clegg said.
Why it matters: Medianama has extensively reported on how the draft Indian Telecommunication Bill, 2022, released in September, aims to regulate OTT communication apps such as Facebook, Instagram and WhatsApp. Telecom players like Jio, Airtel and Vi want certain OTT apps to be regulated like telecommunication services as they are eating up telcos’ revenue. Whereas OTT apps believe this will not only affect their innovation capabilities and ease of doing business but also affect the privacy protections of users while using internet messaging and calling services. - Important to protect encryption capabilities: At present, Meta shares metadata with law enforcement, which is very useful, Nick said to ET. He also said that I think the problem is that the moment you attach a fingerprint to a message, you have to attach a fingerprint to all messages, otherwise, you cannot trace it later. He added, the moment you do that, you no longer can provide the privacy that people expect of their intimate communications.
Why it matters: In the telecom bill, the government is promoting the verification of users using telecom services as it believes that every caller should get to know the identity of the person who is calling. At a press conference, the Union Minister of Communications Ashwini Vaishnaw even said that KYC of callers is mandatory and it will help reduce cyber frauds. Such provisions, if enforced on encrypted services like WhatsApp will threaten the privacy of users such as fingerprints (collected via KYC) can be linked to their WhatsApp accounts. Moreover, the draft telecom bill also allows the government to intercept communications in events such as a public emergency, public safety, etc. This could force encrypted platforms to break their encryption thus, impacting the privacy of users. Several OTT players have asked the government to introduce an interception-related exemption in the telecom bill.
-
India not Following other legislations blindly: Clegg praised India’s draft DPDP (Digital Personal Data Protection) Bill, 2022, for moving away from just emulating laws like the General Data Protection Bill (GDPR). Many legislations were emulating the GDPR, but I don’t think that will carry, Clegg said at the summit. He added, “India is not the European Union. We have our own needs, we have our own specificities. We’re going to craft legislation as a sovereign nation for ourselves. So I think, of course, I hope in my current position, on behalf of a global platform, that there is as much consistency across different jurisdictions because if it’s too erratic, it becomes incredibly difficult just to do it in practice.”
Context: Rajeev Chandrasekhar, India’s Minister of State for Electronics and Information Technology, echoed the same view in his recent Twitter Spaces conversation about the draft DPDP Bill, 2022. He said, “India will chart its own path and create a unique design. And I say this because there was a tremendous amount of influence of the European GDPR on the preceding version of the bill, the 2019 version. And GDPR, after a lot of studies we had concluded was not what India required”.
- Regulating metaverse is complex: Clegg highlighted how regulating the Metaverse can be challenging due to its complex structure. He said everybody agrees that it is important to safeguard the safety and privacy of “sovereign data individuals”. He questioned rhetorically, “But if people are moving seamlessly from one part of the metaverse to another, who makes sure those rules are applied consistently? How do we make sure that commerce can move seamlessly from one part of the metaverse to the other?”. He explained this by giving an example where an individual goes to watch the Arsenal-Tottenham football match in the Metaverse and the person buys an arsenal t-shirt over there (in Facebook’s metaverse). Next, that person wants to attend a concert in Microsoft’s Metaverse. Will that individual be able to take their Arsenal t-shirt from one Metaverse to another? “These are candidly, all pretty open and fluid questions now,” he said.
- Cross-border data flow: The “Indian government has been very clear and pinned its colours in favour of open data flows, not unconditional data flows,” Clegg said. He also said, “I think India is entirely entitled to expect the same sort of principle of reciprocity around the world, but doing so in a way which nonetheless retains that openness of data flows”. While speaking on cross-border data flows, he said it is important for the government to protect the interest of their citizens but they (the government) should “try and do so in a way which doesn’t undermine the ingenuity of the internet, which is undoubtedly based on an immense amount of cross-border fluidity”.
Why it matters: The DPDP Bill, 2022, allows the transfer of personal data outside of India to certain countries which the government will notify. How will these countries be determined? Although the bill does not mention any explicit way to do this, MeitY Minister of State Chandrasekhar has said that “trusted geographies” will be determined based on “reciprocal agreements” between countries for cross-border data transfer. The DPDP bill also does away with data localisation provisions and the definitions of sensitive and critical personal data.
Note: The headline was updated on December 2, 2022 at 12:02 PM to change “FB” to “Meta”
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.
Also read:
- What India’s IT Minister Has To Say About The Concerns Around The New Data Protection Bill
- Twelve Major Concerns With India’s Data Protection Bill, 2022
- Summary: India’s Digital Personal Data Protection Bill, 2022
- Deep Dive: How The Data Protection Bill Enables Govt Surveillance And Misuse Of Personal Data
