Category: Regulation

How Facial Recognition Systems Threaten the Right to Privacy

Posted on by Tech Law Forum @ NALSAR

[This post has been authored by Prajakta Pradhan, a 1st year student at Dr. Ram Manhar Lohiya National Law University (RMLNLU), Lucknow.]

Facial recognition involves the use of face mapping techniques to identify an individual’s facial features and compares it with available databanks. The facial recognition market is expected to grow to $7.7 billion in 2022 from $4 billion in 2017. The reason for this stellar growth is the varied application of facial recognition technology in both private and public sectors, with governments of many countries using facial recognition for law enforcement and surveillance.

Read more

Post-Crypto-Writ Judgement: How(ey) to regulate the ICOs?

Posted on by Tech Law Forum @ NALSAR

[This post has been authored by Harshit Goyal, currently in his 3rd year at National Law School of India University, Bangalore.]

Imagine that you get to know about a cryptocurrency that had been launched recently and has been selling like hotcakes. The price of this token has been on a steep rise, and thus, you also decide to invest a dear amount in it. How will you feel if the value of this cryptocurrency plummets the very next day to rock bottom? Worse, how will you feel if you get to know that the law had done absolutely nothing to prevent such a situation?

Read more

Chance or Skill: Fantasy Sports Leagues and Gambling

Posted on by Tech Law Forum @ NALSAR

This piece has been authored by Karthik Subramaniam, a second year student at NALSAR University of Law. It discusses the debate surrounding Fantasy Gaming Leagues and gambling.

Spectator sports have been popular since time immemorial. fantasy sports leagues across the world have gained huge fan bases and manage to rake in massive revenues. The National Football League (NFL), the premier American Football tournament in the United States managed to generate revenue of around 13,680 million USD in 2017, which surpasses the GDP of almost 64 countries. Many individuals see these leagues as geese that lay golden eggs, thereby, motivating them to get involved.

Sports Fantasy leagues are games in which participants accumulate points based on the statistical accomplishments of the athletes they have selected to their teams based on a draft. One of the earliest published accounts of a fantasy sports involved Oakland businessman Wilfred “Bill” Winkenbach who devised fantasy golf in the latter part of the 1950s in the United States.With sports leagues such as the National Football League (NFL), the National Basketball Association (NBA), Major League Soccer (MLS), Major League Baseball (MLB) and the National Hockey League (NHL) present in North America, Fantasy Sports Leagues boasted almost 56.8 Million players in 2015. With people spending an estimated 11 Billion USD on online fantasy leagues in 2013, the need for regulations in the area becomes all the more important. The spending of so much money on a game where the pay-outs are highly uncertain draws a very fine line between such spending and the illegal act of gambling.

The Unlawful Internet Gambling Enforcement Act of 2006(UIGEA) is a legislation in the United States that regulates online gambling and ensures the protection of individuals operating in this rapidly booming field. The UIGEA prohibits gambling businesses from knowingly accepting payments in connection with the participation of another person in a bet or wager that involves the use of the Internet and that is unlawful under any federal or state law. The presence of this legislation has made gambling over the internet illegal. In fact, betting on sports is illegal in all American states apart from Nevada. The reason fantasy football and other such fantasy sports fall outside the ambit of being a gamble or wager is due to the UIGEA. The legislation says that games of “skill” played for a certain reward (money in most cases) can be permitted to continue online, while games that involve an element of “chance” cannot. UIGEA includes a specific exemption for fantasy sports from being considered as gambling, provided that they meet three essential requirements: 1) The value of the prize involved is entirely independent of the number of players involved, 2) the outcome is based on the relative knowledge and skill of the participants and determined by statistical results, and 3) the outcome cannot be determined by the score of the game or based solely on one individual player’s performance in a single real sporting event. These specific exceptions were carved out to accommodate the slowly growing (in 2005) industry of online fantasy gaming. In a letter dated Feb. 1, 2006, the top lawyers from the NFL, NBA, NHL and MLB asked members of Congress to co-sponsor UIGEA, which included the fantasy carve-out. The legality of the same has allowed many states to impose taxes on fantasy gaming, allowing them to join in on the money bandwagon as well.

The Indian standpoint on this is based on the differentiation between games involving chance, and games involving skill as well, as laid out in the American context.

The Fantasy Sports League sector in India has been gaining steam for a while. Recently, in April 2019, Dream11, a Mumbai-based fantasy gaming start-up became India’s first gaming unicorn. The online gaming revenue is expected to increase from around 2,000 crores in 2014 to around 11,900 crores in 2023. The sector has undergone a massive change over the last few years with people rapidly gaining interest.

The current Indian legislations that deal with gaming in India are the Public Gambling Act, 1867(PGA) and the Prize Competitions Act, 1955(PCA). The 1867 Act, being a pre-Independence legislation offers a colonial approach to gambling, which put forward a largely anti-gambling rhetoric.[1] While this legislation looks at predominantly criminalising gambling in most cases, it also tries to distinguish between betting on a “game of chance” and staking on a “game of skill” to provide a safe harbour to activities such as wagering on horse races which were extremely popular amongst the British. While the application of this legislation was limited to the erstwhile British presidencies, the adoption of the principle espoused by the statute in most state legislations illustrates a similar mind-set showcased by Indian states.

Very much like the UIGEA, the Indian position with respect to declaring online-fantasy games as legal lies on the emphasis given on “games of skill”. While the PGA does not clearly mention specific games that constitute as games of “mere skill”, Indian courts have by and large adopted the “dominant factor test” or “predominance test” which requires the court to analyses the case and verify if chance or skill “is the dominating factor in determining the result of the game”.[2] Courts have recognised that no game is a game of pure skill alone and almost all games involve an element, albeit infinitesimal, of chance.

Based on the above, Sports Fantasy games have been exempt from the provisions of the PGA and have been declared as a legitimate business activity protected under Article 19(1)(g) of the Constitution of India. With a high potential for growth in the Indian market, foreign entities have been looking at exploring possibilities in the country. The classification of games into those involving “skill” and those involving “chance”, in India has been very vague, and often left up to the interpretation of courts. In an era of growing acceptance and evolution there is a requirement of an effective legislation specifically classifying activities as illegal gambling, separating it from those involving preponderance of skill.

[1]Vivek Benegal, Gambling Experiences, Problems and Policy in India: A Historical Analysis, in 108, =&0=&, December 2013, 2062-2067.

[2]Dr. K.R. Lakshmanan v. State of Tamil Nadu, AIR 1996 SC 1153; State of Andhra Pradesh v. K. Satyanarayana, AIR 1968 SC 825.

Read more

Algorithms: Can They Collude?

Posted on by Tech Law Forum @ NALSAR

This piece has been authored by Lokesh Vyas, a fourth year law student at Institute of Law, Nirma University, Ahmedabad. Here, he gives a lucid explanation of issues posed by the increasing use of algorithms. 

The Cloak of Algorithms

Unlike the traditional market, the digital economy does not have any geographical limits. Thus, there is fierce competition among all the players. However, due to the unequal availability of resources, it is becoming increasingly difficult for new aspirants to join the market. The use of pricing algorithms, presently adversely  affects the present landscape of online retail.

An algorithm is an established computational procedure that takes a set of values, as input and produces another set of values as output. A catena of algorithms is used in the market to create artificial transparency.[1] These algorithms are called pricing algorithms because competitors in the market use them to set prices after gauging market behavior and competitors. They help competitors to outlive others through optimum pricing. Such a scenario creates artificial algorithmic transparency in the market. However, with an increase in such algorithms in the market, it becomes easy to predict the change in the market. An increase in the accuracy of such predictions, not only strengthens the dominance of certain competitors but also eliminates small competitors altogether, hindering consumer welfare.

Unilateral decision making, the right to make intelligent decisions is a fundamental right of any business, since they aim at maximizing profit. The exercise of such a right effectuates conscious parallelism which is a legitimate and obvious factor in any market. However, the artificial transparency that continues to exist due to algorithms enables competitors to control the market.

Further, the increasing transparency in the market creates interdependency among the competitors, thereby incentivizing collusion. Algorithms create a god’s eye view, enabling competitors to monitor activities in the market in real time. Market players are less likely to deviate because of the instantaneous fear of retaliation.

Hence, the algorithms become a cloak to escape liabilities under competition law. Such tacit collusion has not been considered not barred by the law.

Challenges

The primary question is, does traditional competition law accommodate the recent trends in the market such as pricing algorithms and if so, how? The challenge before competition law authorities is to detect whether tacit collusion exists among competitors, and whether it negatively impacts consumer welfare.

Additionally, questions about communication and liability arise. The absence of explicit communication is a major issue when considering collusion, because in order to prove collusion, there must be an existence of communication. Algorithms have enabled companies to escape the necessity of explicit communication.

Another issue associated with such algorithms is that of liability, because there is no human intervention which facilitates such tacit collusion. Thus, it becomes difficult for authorities to ascertain the liability of the final wrongdoer. The three possible assertions with respect to liability are; the liability of the person who invents such algorithms; the liability of the person who deploys them; the liability of the person who gains from such algorithms.[2]

None of the above acts are explicitly prohibited by law unless a mala fide intention [intentional cartelization] to cause harm is proved. Competition law only outlaws bilateral or multilateral decision making by the competitors because it implies the existence of cartelization. By contrast, the adoption of pricing algorithms through undertakings merely enables them to attain dynamic pricing. The issue arises when competitors maximize their profit by colluding with each other, by entering into automatized virtual agreements. As per the current debate on algorithmic collusion, algorithms are used to facilitate an existing price agreement between the competitors. They simply act as intermediaries, as an extension of the human will. Alternatively, the algorithms are designed to result in a tacitly collusive result. Here, unilaterally designed algorithms learn to tacitly understand each other due to limited market characteristics. Presently, two scenarios emerge when considering algorithms that could cause collusion.

The first is the ‘messenger scenario’, since here algorithms acts as an instrument of collusion, including the implementation of agreed price adjustments as well as the monitoring of such agreements. An example of this is the US Department of Justice and UK Competition and Markets Authority’s proceedings regarding the distribution of posters through the Amazon Marketplace. Here, the companies involved initially agreed via e-mail that they would not underbid each other. After an attempt at the manual adjustment of prices had proved too complex, both companies used (different) repricing software. Pertinently, this software made it possible to monitor competitors’ prices and dynamically adjust one’s own prices according to those of competitors. The software was set so that the products were offered at the same price as long as no third (uninvolved) dealer with a lower price was active on the market.

In the second scenario, a collusive market comes about because the behavior of companies is canonically harmonized by using similar algorithms or by using algorithms which adapt to change in the others. Such agreements do not come under the general definition agreement, however there exists a tacit ‘meeting of mind’ among the competitors. Hence, the traditional definition of a contract under competition law needs to revisited in order to include such collusion. Notably, the definitions of an anti-competitive agreement under Section 3 of the Competition Act, 2002, Section 1 of the Sherman Antitrust Act, 1890, and Article 101 of the Treaty on the Functioning of the European Union do not cover mere ‘meeting of mind’ which exists due to such virtual agreements.

The use of algorithms in the market cannot be curbed altogether, since it would tremble the pillar of the digital economy. However, there is a need for regulatory policies to accommodate for the status quo. Pertinently, mutual price monitoring—the crux of tacit collusion which is not prohibited by Competition Law—must be addressed again.

The meaning of communication, a pre-requisite for constituting anti-competitive behavior also needs to be revisited to prevent ‘algorithm driven cartelization’. Pricing algorithms create a barrier for new entrants which in the long run affects market efficiency. Such a barrier is likely to impede the innovation in the market, which has direct nexus with consumer welfare.

Information Technology Act, 2000

There have been a lot of cases where e-commerce platforms and social media websites have been cleped as intermediaries, however, it is largely connected with the content uploading. Similarly, Section 2 of the recent Motor Vehicles (Amendment) Act, 2019 defined aggregators such as Uber and Ola as digital intermediaries or marketplaces which can be used by passengers to connect with  cabs. The question of intermediary liability primarily deals with content uploading or verification, and attracts the applicability of IP laws or other criminal laws.

However, the competition in the market is so fierce today, that independent firms like Feedvisor and Intelligence Node have started offering algorithmic pricing as a service. Here, the question arises whether such firms are intermediaries under section 2(w) of Information Technology Act, 2000 and do not attract liability (see Section 79 of the Act) because they are a link that collects the information of various competitors and compares them to produce the best results for a third party. Thus, the applicability of the safe harbor provision on algorithm deploying companies also needs to be considered, since they are aware about the effects and utilization of these algorithms.

  • Algo 1- Algorithm P
  • Algo 2- Algorithm P

[The above diagram demonstrates a scenario where a common algorithm (Algo P) is used by two different business entities(Firm A & Firm B).]

Conclusion and Suggestions

There have been four approaches to solving the above problems so far:-

  1. To broaden the interpretation of competition laws;
  2. To insert new provisions in the existing legislation;
  3. To use more rigorous alternative methods of dispute resolution; and
  4. To act in a way that parallel consciousness would not happen.

The underlying assumption of all the above approaches is that algorithms are inherently perilous to the market and pose threats to the fair competition in markets. The heart of the entire pricing algorithms debate revolves around the term ‘contract’ which needs to be revisited and interpreted. The term contract/agreement connotes ‘meeting of mind’ and the meeting of mind suggest the intention of the parties to agree on something. The most strenuous task before the competition law agencies is to ascertain such intention even when such explicit agreement is lacking.In order to curb the above challenges, the intervention can either be in the form of making big legal changes (e.g. Expanding the scope of major offenses like cartelization and abuse of dominant position) or to come up with small interventions (such putting a cap on the price change for more than a certain number of times in a day).

Therefore, competition law authorities can retaliate to such changes by bringing enforcement algorithms which can detect deviant or anomalous behavior in the market and thwart them timely.

[1] See Virtual Competition by Ariel Ezrachi and Maurice E. Stucke.

[2] See Virtual Competition by Ariel Ezrachi and Maurice E. Stucke.

Figure taken from here.

Read more

Standardizing the Data Economy

Posted on by Tech Law Forum @ NALSAR

This piece has been authored by Namratha Murugeshan, a final year student at NALSAR University of Law and member of the Tech Law Forum.

In 2006, Clive Humby, a British mathematician said with incredible foresight that “data is the new oil”. Fast forward to 2019, we see how data has singularly been responsible for big-tech companies getting closer to and surpassing the trillion-dollar net worth mark. The ‘big 4’ tech companies, Google, Apple, Facebook and Amazon have incredibly large reserves of data both in terms of data collection (owing to the sheer number of users each company retains) and in terms of access to data that is collected through this usage. With an increasing number of applications and avenues for data to be used, the requirement of standardizing the data economy manifests itself strongly with more countries recognizing the need to have specific laws concerning data.

What is standardization?

Standards may be defined as technical rules and regulations that ensure the smooth working of an economy. They are required to increase compatibility and interoperability as they set up the framework within which agents must work. With every new technology that is invented the question arises as to how it fits with existing technologies. This question is addressed by standardization. By determining the requirements to be met for safety, quality, interoperability etc., standards establish the molds in which the newer technologies must fit in. Standardization is one of the key reasons for the success of industrialization. Associations of standardization have helped economies function by assuring consumers that the products being purchased meet a certain level of quality. The ISO (International Standards Organization), BIS (Bureau of Indian Standards), SCC (Standards Council of Canada), BSI (British Standards Institute) are examples of highly visible organisations that stamp their seal of approval on products that meet the publicly set level of requirements as per their regulations. There are further standard-setting associations that specifically look into the regulation of safety and usability of certain products, such as food safety, electronics, automobiles etc. These standards are deliberated upon in detail and are based on a discussion with sectoral players, users, the government and other interested parties. Given that they are generally arrived at based on a consensus, the parties involved are in a position to benefit by working within the system.

Standards for the data economy

Currently, the data economy functions without much regulation. Apart from laws on data protection and a few other regulations concerning storage, data itself remains an under-regulated commodity. While multiple jurisdictions are recognizing the need to have laws concerning data usage, collection and storage, it is safe to say that the legal world still needs to catch-up.

In this scenario, standardization provides a useful solution as it seeks to ensure compliance by emphasizing mutual benefit, as opposed to laws which would penalize non-adherence. A market player in the data economy is bound to benefit from standardization as they have readily accessible information regarding the compliance standards for the technology they are creating. By standardizing methods for collection, use, storage and sharing of data the market becomes more open because of increased availability of information, which benefits the players by removing entry barriers. Additionally, a standard-mark pertaining to data collection and usage gives consumers the assurance that the data being shared be used in a safe and quality-tested manner, thereby increasing their trust in the same. Demand and supply tend to match as there is information symmetry in the form of known standards between the supplier and consumer of data.

As per Rational Choice theory an agent in the economy who has access to adequate information (such as an understanding of costs and benefits, existence of alternatives) and who acts on the basis of self-interest, would pick that choice available to them that maximizes their gains. Given this understanding, an agent in the data economy would have higher benefits if there is increased standardization as the same would create avenues to access and usage in the market that is currently heading towards an oligopoly.

How can the data economy be standardized?

The internet has revolutionized the manner in which we share data. It has phenomenally increased the amount of data available on the platform. Anyone who has access to the internet can deploy any sort of data on to the same – be it an app, a website, visual media etc. With internet access coming to be seen as an almost essential commodity, its users and the number of devices connected to the Internet will continue to grow. Big Data remained a buzzword for a good part of this decade (2010’s), and with Big Data getting even bigger, transparency is often compromised as a result. Users are generally unaware of how the data collected from them is stored, used or who has access to it. Although, sometimes terms and conditions concerning certain data and its collection specify these things, it is overlooked more often than not, with the result that users remain in the dark.

There are 3 main areas where standardization would help the data economy –

  1. Data Collection
  2. Data Access
  3. Data Analysis

 

  1. Data Collection – Standardizing the process of data collection has a supply and demand side benefit. On the supply side, the collection of data across various platforms such as social media, personal use devices, networking devices etc., would be streamlined based on the purpose for which they are being harvested. Simpler language of terms and condition, broad specifications of data collection would help the user make an informed choice about whether they want to allow data collection. Thereby, this would seeking permissions from the user by way of categorizing data collection and making the same known to the user. On the demand side, this streamlined data collection would help with accumulating high-quality data as required for specific usage by those collecting it. This would also make for effective compliance with as is required by a significant number of data protection laws across the globe. Purpose limitation is a two-element principle. It says that data must be collected from a user for “explicit, specified and legitimate” purposes only and that data should be processed and used only in a manner that is compatible with the purpose it is collected for. This helps purpose limitation because once data providers are aware of how their data is going to be used, they can make a legitimate claim to check the usage of it by data collectors and seek stricter compliance requirements.

 

  1. Data Access – Standardizing data access would go a long way in breaking down the oligopoly of the 4 big tech companies over data by creating mechanisms for access to the same. As of now, there is no simple method for data sharing across databases and amongst industry players. With monetization of data rising with increasing fervor, access and exchange will be crucial to ensure that the data economy does not stagnate or have exceedingly high barriers to entry. Further, by setting standards for the access to data the stakeholders will be able to participate in discussions regarding the architecture of data access.

 

  1. Data Analytics – This is the domain that remains in the exclusive control of big tech companies. While an increasing number of entities are adopting data analytics, big tech companies have access to enormous amounts of data that has given them a head start. Deep Blue, Alexa, Siri are examples of the outcome of data analytics by IBM, Amazon and Apple respectively. Data analytics is the categorization and processing of data collected and involves putting to use the data resource to achieve the goal of creating newer technologies to cater to the needs of people. Data analytics requires investment that is often significantly beyond the reach of the general population. However, data analytics is extremely important to ensure that the data economy survives. By consistently searching for the next big thing in data analytics, we have seen the advent of Big Data, Artificial Intelligence and Machine Learning (a subset of AI) so far, indicating that investments in data collection and processing pay-off. Further, data analytics has a larger implication on how we tend to work and what aspects of our life we let technology take over. The search for smarter technologies and algorithms will ensure that the data economy thrives and consequently have an impact on the market economy. Standardization of this infrastructure would ensure fairer access norms and usage of collected data.

With the increasing application of processed information to solve our everyday problems, the data economy is currently booming; however, large parts of this economy are controlled by a limited number of players. Standardization in this field would ensure that we move towards increased competition instead of a data oligopoly, ensuring increased competition that will ultimately lead to the faster and healthier growth of the data economy.

Read more

E-Pharmacy and Tech Law: An Interface (Part II)

Posted on by Tech Law Forum NALSAR

This is the second part of a 2-part post authored by Anubhuti Garg, 4th year, and Gourav Kathuria, 2nd year, of NALSAR University of Law. Part I can be found here.

The previous post analysed the laws applicable to e-pharmacies in India. The present post looks at the draft e-pharmacy rules and its implications and suggests ways to ensure the smooth application of the law in India.

Draft E-Pharmacy Rules

On August 28, 2018, the government came out with the Sale of Drugs by E-Pharmacy (Draft Rules) for regulating the sale of drugs through e-pharmacies. These Rules aim to put in place an extensive regulatory regime for e-pharmacies and are important in light of the concerns that e-pharmacies pose. Given below are the salient features of the Rules:

  1. According to the Rules the definition of e-pharmacy includes within its ambit sales made through websites as well as through mobile phone apps termed ‘e-pharmacy portals’.
  2. Mandatory registration is prescribed for all e-pharmacies and sales have to be routed through specified portals. A registration application must be reviewed within 30 days.
  3. Mandatory uploading of prescription by the customer is recommended which must specify the prescribed drugs and quantity thereof. This does not apply to over-the-counter drugs.
  4. All generated data must be kept confidential and localized.
  5. An e-pharmacy cannot sell drugs covered by the Narcotic Drugs and Psychotropic Substances Act, 1985 or and the restriction extends to those listed under Schedule X of the Drugs and Cosmetics Rules.
  6. An e-pharmacy has to comply with the provisions of the Information Technology Act, 2000 and the associated Rules.

Implications of the Policy

Firstly, it will fill the regulation gap that currently exists and will put into place a robust framework to deal with e-pharmacies. Existing laws are inadequate when it comes to addressing the requirements of e-pharmacies, however, the Rules will resolve the issue and prevent misuse of medicines and data.

Secondly, sales of conventional brick and mortar outlets will be adversely affected due to competitive pricing offered by e-pharmacies. Conventional stores may fail to compete with online pharmacies which provide substantial discounts as a result of which offline stores will suffer due to loss of business.

Thirdly, the question of jurisdictional conflicts remains unaddressed as it remains to be seen which law holds the field in case of legal inconsistencies. Several inconsistencies may be spotted in the Draft Rules which need to be resolved if a solution to this issue is to be found.

Impact on the Right to Privacy

Privacy forms an important concern for consumers. There need to be adequate safeguards regarding how the data given by a customer is protected and this warrants heavy regulatory compliances in addition to strict penalties in cases of violations. The recent Aadhar judgment also brought to light numerous concerns regarding privacy which need to be kept in mind when implementing a regulatory framework for e-pharmacies.

The Draft Rules prescribe that e-pharmacies would keep data confidential and localized, however, state and central governments can secure access to the data for “public health purposes”. No criterion is prescribed for what would constitute such a purpose and the Rules also fail to mention which authority can compel e-pharmacies to share health information.  Such ambiguities pose a threat of misuse of data by government.

Further, the Draft Rules come in direct conflict with the draft of the Personal Data Protection Bill, 2018, which allows for the transfer of data outside India where the patient has expressed his/her consent or where the transfer is necessary for prompt action. The conflict between the two needs to be resolved before the Draft Rules can be implemented.

Conclusion

In conclusion, it can be said that the e-pharmacy regime is changing slowly but steadily. The government has taken cognizance of the fact that there are many health concerns surrounding the sale of medicines online and accordingly has formulated a policy which address these concerns. India is taking a step forward in terms of drafting a full-fledged policy exclusively for e-pharmacies; this is sure to make the lives of a lot of citizens easier.

There is no doubt that the proposed Rules are progressive in nature. By making regulations that stand in conformity with global best practices the government is providing impetus to the continued growth of the e-pharmacy industry. However, there exist issues that need to be resolved sooner rather than later, such as the tendency of the government to misuse data and the conflicting nature of its provisions with those of the IT Act, 2000.

India has a long way to go in governing e-pharmacies and there are a lot of loopholes that need to be plugged. Currently, there is no law governing the actions of drug companies and as a result they are operating with little regard to the consequences of their actions. There is a need to bring the Rules into force as quickly as possible, and despite the government’s promise to implement them within 100 days of the elections they are yet to act in this matter.

It is hoped that concerns about consumer privacy are addressed in a more stringent manner by the government and that provisions are put in place which ensure that misuse of the data of the customers is strictly prohibited. The government should address loopholes in the policy and examine how they come into conflict with existing rules and amend them to resolve such contentious issues.

Read more