Is The Digital India Bill Answer To The Outdated IT Act, 2000? Let’s Find Out

“The Information Technology Act, 2000 was framed and passed in 2000, before social media and before indeed the internet. The IT Act does not even mention the word internet. Clearly, we needed a modern law that could address the digital nagrik’s (citizen’s) requirements,” — Rajeev Chandrasekhar, MoS, MeitY.

While presenting the goal and design principles of the Digital India Bill during the Digital India Dialogues in Bengaluru earlier this month, Union minister Rajeev Chandrasekhar highlighted the challenges that The Information Technology Act, 2000, pose in regulating today’s massively evolved digitally empowered India. Some of the challenges he underlined were related to online criminalities, cybersecurity, hate speech, disinformation and fake news.

Deliberating on the need to have a whole new law, Chandrasekhar said, despite multiple amendments, the old law encompasses a very limited view of the complex forms of cybercrimes and cyberattacks, security breaches, catfishing, and phishing, etc.

Well, Chandrasekhar has a point here. The Information Technology Act of 2000 was simply meant to offer legal recognition of electronic records, transactions and electronic signatures over the electronic medium. However, the world today has gone through a paradigm shift in digital adoption compared to what it was almost two decades ago.

According to Rashmi Deshpande, partner, Business Chamber Law, the current Information Technology Act lacks comprehensive measures to protect the rights of users in ensuring their safety online.

“There is limited recognition of harms and cybercrimes, with inadequate awareness mechanisms in place. There are inadequate regulations to address emerging technology and the requirements of modern digital businesses, and regulatory approaches for handling harmful and illegal content are not well-defined,” Deshpande said.

She added that the Act also lacks adequate principles for data and privacy protection, a unified and coordinated institutional regulatory body with effective investigatory and enforceability mechanisms, and a swift adjudicatory process.

“Additionally, there is no coordinated mechanism for responding to cyber security incidents, and the safe harbour provision under the Act exempts intermediaries from any liability,” Deshpande said, adding that the Digital India Bill was the need of the hour.

Ahead of drafting the Digital India Bill, the Indian government has started the process of public consultation on the Bill.

Once enacted, the Bill aims to replace the IT Act, 2000 and address a whole lot of issues around the internet, which the existing IT Act does not.

Pointing out how the existing law fails to address the disputes and complaints around the internet, independent counsel and former metropolitan magistrate Bharat Chugh said, “The current IT Act, 2000, lacks a proper institutional regulatory body and adjudicatory mechanism. The lacuna in the existing law coupled with the new emerging challenges necessitated an urgent need for an adjudicatory mechanism for online civil and criminal offences that would resolve cyber and other related disputes.”

Having started consulting stakeholders earlier this month, the Indian government reportedly aims to introduce the Bill in the Monsoon or Winter Session this year.

While the Bill is yet to be drafted, let’s take a look at what it is all about and what exactly it aims to resolve and how.

What’s Behind The Digital India Bill?

Presenting how the Bill would be, Chandrasekhar has stated that the proposed Bill would be in sync with the Digital India goals 2026, and global standard cyber laws.

Digital India Bill aims to offer:

• Open internet
• Online safety and trust
• Accountability and quality of service
• Adjudicatory mechanism
• New technologies

According to the MeitY’s presentation, the Bill, along with sister laws including the DPDP Bill, National Data Governance policy and IPC amendments for cybercrimes, intends to:

• Ensure the internet in the country is open, safe, trusted and accountable
• Accelerate the growth of innovation and technology ecosystem
• Manage the complexities of the internet and rapid expansion of the types of intermediaries
• Create a framework for accelerating digitalisation and strengthening democracy and governance (G2C)
• Protect citizens’ rights
• Address emerging technologies and risks
• Be future-proof and future-ready

The Bill Aims To Regulate Tech Companies 

Promising to offer open internet, the Digital India Bill aims to free India’s internet from the hegemony of big techs. It aims to offer equal opportunities to Indian tech startups to grow in the areas that are otherwise dominated by big tech giants.

Interestingly, even Indian tech startups have been echoing a similar concern. They want the government to free the internet from big tech giants and create a level playing field, curbing the scope of monopoly or duopoly in the segment.

The debate around this gained weight in 2020 when tech behemoth Google decided to charge 30% commission from businesses selling digital goods/services through its Play Store. More than 50 Indian tech startups raised their concerns against this move and accused Google of turning to ‘unfair trade practices’.

Paytm founder and CEO Vijay Shekhar Sharma had then tweeted, “And Google Play Store fees: 30% (excluding GST) are costlier than a business tax on India’s internet ecosystem. It is all the margin in a mobile-android age company!”

Google’s Play Store policies require the app developers to exclusively and mandatorily use Google Play’s Billing System not only for receiving payments for apps distributed or sold through the Google Play Store but also for certain in-app purchases.

In October 2022, the Competition Commission of India (CCI) found Google to have violated fair trade practices at least six times, which attracted a penalty of $160 Mn for the search engine giant.

Back to the point, the Digital India Bill may seek to regulate algorithms being used by tech companies to resolve issues related to online safety and trust.

Further, the Bill would adjudicate user harm against revenge porn, cyber-flashing, dark web, women and children, defamation, cyber-bullying, doxing, salami attacks, etc.

Not only this, to keep issues related to fake news and misinformation at bay, the Bill aims to hold intermediaries accountable for what gets published on their platforms, unlike the IT Act, 2000 which has safe harbour provisions.

Depending on the type of intermediaries and the number of users it caters to, the intermediaries will be required to conduct digital audits and follow disclosure norms while collecting data.

The Bill classifies intermediaries as ecommerce platforms, digital media, search engines, gaming, AI, over-the-top (OTT) platforms, telecommunications service provider (TSPs), adtech platforms, Significant Social Media Intermediaries (SSMIs), and metaverse, among others. The Bill may have separate provisions for each of these categories.

“The Digital India Bill may prescribe specific compliances for intermediaries to curb fake information or news and impose strict requirements on AI’s development and deployment. The Bill plans to increase penalties for non-compliance, especially for cybercrimes and other violations. With this move, India aims to become a leader in digital innovation while ensuring the protection of its citizens,” Deshpande said.

Currently, social media intermediaries with more than 5 Mn users are mandated to publish monthly compliance reports under IT Rules 2021. The MeitY will also conduct quarterly compliance audits of these platforms.

The Apple Of Discord In The Bill 

Given the fact that the internet is horizontal in nature, the regulatory board’s activities are bound to interfere with areas of other regulatory authorities such as Telecom Authority of India (TRAI), The Reserve Bank of India (RBI), Securities and Exchange Board of India (SEBI) and proposed Data Protection Board of India.

Speaking with Inc42, MoS Chandrasekhar clarified, “We will certainly look at how multiple regulators can regulate sectors that may or may not have a digital presence. We have to discuss it through.”

Similar to how the government curbed the power of the proposed Data Protection Authority of India, which initially was intended to be independent of the executive and had more power.

It is pertinent to note that the Personal Data Protection Bill, 2018, recommended the appointment of the chairperson and the members of the Data Protection Authority by the Central government on the recommendation made by a selection committee comprising the Chief Justice of India (CJI) or a judge of the Supreme Court nominated by the CJI, who shall be the chairperson of the selection committee; the cabinet secretary; and an expert of repute, to be nominated by the CJI or a judge of the Supreme Court of India nominated by the Chief Justice of India, in consultation with the cabinet secretary.

However, in the latest Bill 2022, Data Protection Authority has been renamed to Data Protection Board, which would entirely be constructed by the Central government. The DPDP Bill, 2022, also authorises the Central government to exempt any state body, which it deems fit, to be exempted from it.

There are apprehensions among the stakeholders that the government may construct a regulatory body under the Digital India Bill, which would have limited powers and may even exempt the government.

It must be noted that several government platforms, such as government emarketplace (GeM), citizen-centric government communication platform mygov.in and so on, are run like intermediaries.

The Devil’s Advocate?

Many have raised doubts about whether the government would be able to maintain the transparency that it claims the Bill would offer.

According to Prateek Waghre, policy director at Internet Freedom Foundation, “Not only the Bill but also the process of making it should be transparent.”

“The government refused to publish the responses and feedback it received on the draft DPDP Bill. So, we are not aware of who participated in the feedback process and whether the Indian government took any note of this feedback,” Waghre said, adding that the government should make the entire Bill-making process more transparent.

He said that currently, under the IT Act and the Blocking Rules, the government can invoke a confidentiality clause and refrain from issuing any clarity on the process of taking down or blocking content on the internet.

While the Indian government claims to be seeking every stakeholder’s opinion on the draft Bill content and wants to make all intermediaries accountable, the question is will the government, under the Digital India Bill, make itself accountable while taking such decisions? Or, will the regulatory body take responsibility to ensure that there is transparency in its decisions?

Further, as the Bill is said to be evolvable in nature, Waghre fears that it could become something else in the process – something that happened with the frequent amendments to the IT Rules under the IT Act, 2000.

The Centre Could Be Walking On A Tightrope With The Bill

As of now, the Bill paints a rosy picture when it comes to offering an open and safe internet to users and making intermediaries accountable for the content, but there is a lot that needs to be tackled at the core.

Now, let’s substantiate the statement with an example. In December 2020, when Edward Snowden’s wife posted her image with their newborn on a social media platform, her account got blocked, categorising the image posted as child pornography.

The same year, Facebook’s AI inadvertently banned advertisements of numerous MSMEs. This hugely impacted their businesses as most of these were entirely dependent on Facebook.

While one could challenge these later, it could result in monetary losses by the time the issue is resolved.

Waghre said, “Currently under the IT Act, the government does not issue any report on the due process when any particular website or a post gets blocked. This does not inspire confidence among users about their claims of transparency. While the Indian government claims to be seeking every stakeholder’s opinion on the draft Bill content and wants to make all the intermediaries accountable, the question is will the government under the Digital India Bill make itself accountable while taking such decisions?”

Further, bursting fake news and misinformation has its own biases. There have been instances in the past when the Centre or state governments have asked social media platforms or ecommerce platforms to take down certain posts just because it didn’t suit the government’s narrative. Facebook and Twitter did not entertain all the cases and took the government to court.

In a lawsuit filed against the government in the Karnataka High Court, Twitter claimed, “Blocking of such information is a violation of the freedom of speech guaranteed to citizen-users of the platform. Further, the content at issue does not have any apparent proximate relationship to the grounds under Section 69A.”

Under the digital India Bill, the intermediaries may even be asked to share their algorithms with the regulatory board, which may make many uncomfortable.

Besides, once the Bill becomes an Act, intermediaries may be required to comply with not only the provisions of the Digital India Bill but also a host of other laws – DPDP Bill, New Telecom Bill, National Data Governance Framework, etc. This could defy the entire rationale behind the government’s efforts to promote ease of doing business.

Given the paradox, the government seems to be walking on a tightrope when it comes to striking the right balance between providing users access to safe and open internet and improving ease of doing business for intermediaries.

While the government aims to introduce the Bill in the upcoming Monsoon or Winter Session, experts have ample reasons to believe this could be delayed until the country’s general election next year.