Tag: Internet Regulation

Open Banking in India & the Need for Setting Uniform Standards in Usage of APIs

Posted on by Tech Law Forum NALSAR

[This post has been authored by Vaibhav Parikh, Legal Counsel at ICICI Bank. Views are personal]

The value of online/ mobile banking rose from INR 69.47 billion in 2016-17 to INR 21,317 billion in 2019-20. Providing data access to third-party firms by banks and other financial institutions has proved to be one of the important reasons for such rapid development in online/ mobile banking, since it has allowed for introduction of innovative financial services and products to customers (Basel Committee Report on Open Banking, Page 8); such as seamless payments transmission between accounts at different banks, instant payments using Unified Payments Interface (“UPI”) and aggregation of all financial accounts onto one dashboard. Gradually, the delivery of financial services and products is also being offered by non-banking third parties, such as fintech firms. These developments are aspects of open banking and are continuously evolving in nature.

Read more

Over-The-Top Services: A Regulatory Quandary (Part II)

Posted on by Tech Law Forum NALSAR

[This is the second part of a two-part post authored by Abhilash Roy and Hrishikesh Bhise, fourth-year students at the National Law Institute University, Bhopal. Click here for Part I]

Argument for a Level Playing Field
‘Fair and reasonable opportunities to all market players’ and the concept of ‘a level playing field’ for market participants is important for a regulatory framework. A good regulatory framework is designed to induce confidence in the market and stems from necessity, more so, the imperativeness that positive competition practices in the market thrive and ensure opportunities to all participants without indirectly favouring a specific section of the market. It is evident that absence of a regulatory framework for OTT services is fostering poor competitive environment. For example, massive digital ad-revenue and the power/outreach of internet has facilitated the growth of OTT companies as giants in the industry and gives them an advantage over TSPs with respect to similar services such as messages and VoIP, among other things such as lack of a digital ad-revenue space for TSPs. However, there is ample evidence to suggest that telecom industry is not a ‘victim’ in a clinical sense as TSPs still charge customers for data consumption for using OTT services and an increase in these services results in increased data consumption which then translates to increased revenue for telecom companies. Any regulatory framework would have to be formulated by keeping in mind the revenue model of both stakeholders.

Read more

Over-The-Top Services: A Regulatory Quandary (Part I)

Posted on by Tech Law Forum NALSAR

[This is the first part of a two-part post authored by Abhilash Roy and Hrishikesh Bhise, fourth-year students at the National Law Institute University, Bhopal. Click here for Part II ]

The purposes and functions of the internet, as we know it today, have grown manifolds since its inception over thirty years ago. Its importance and use has only grown due to the ongoing pandemic with an estimated 50 to 70% more hits.

Read more

Delhi HC’s order in Swami Ramdev v. Facebook: A hasty attempt to win the ‘Hare and Tortoise’ Race

Posted on by Tech Law Forum @ NALSAR

This post has been authored by Aryan Babele, a final year student at Rajiv Gandhi National University of Law (RGNUL), Punjab and a Research Assistant at Medianama.

On 23rd October 2019, the Delhi HC delivered a judgment authorizing Indian courts to issue “global take down” orders to Internet intermediary platforms like Facebook, Google and Twitter for illegal content as uploaded, published and shared by users. The Delhi HC delivered the judgment on the plea filed by Baba Ramdev and Patanjali Ayurved Ltd. requesting the global takedown of certain videos which were alleged to be defamatory in nature.

Read more

Data Protection of Deceased Individuals: The Legal Quandry

Posted on by Tech Law Forum @ NALSAR

This post has been authored by Purbasha Panda and Lokesh Mewara, fourth and fifth years from NLU Ranchi. It discusses the data protection laws for deceased individuals, and the legal justifications for post-mortem privacy. 

Post-mortem privacy is defined as the right of a person to preserve and control what formulates his/her reputation after death. It is inherently linked with the idea of dignity after death. The first type of opinion with respect to post-mortem privacy raises the question of how there can be a threat to the reputation of a person if he no longer exists. However, there is another school of thought which argues  that when a person’s public persona or reputation is harmed after death, he might not be defamed but the ante-mortem person could. Another question that comes up, is that when a person dies, does the interest of the dead person that survives become the interest of others or is it actually his interests alone that are protected or is it both the possible scenarios?

Private law justification of post-mortem privacy

There is an English principle called “Action personalis moritur cum persona”which means that a personal cause of action dies with the person implying a negative attitude towards death. However certain EU states following the civilian tradition have allowed protection of data of the deceased. Article 40(1) of the French Data Protection Act regulates the processing of data after an individual’s death. As per the article, individuals can give instructions to data controllers providing general or specific indications about retention, erasure and communication of personal data after their death.

In the US case of In Re Ellsworth[1], yahoo as a webmail provider refused access to the surviving family of a US marine killed in action. Yahoo argued that the privacy policy of the company aims to protect the privacy of third parties who have interacted with the deceased individual’s account. The family on the other hand, argued that they should be able to see the emails he sent to them, as well as the emails he sent to others since Yahoo follows a policy of deleting the account once the account user dies. The family argued that pursuant to this policy, there would be an imminent danger that emails would be lost forever. The court allowed Yahoo to stick to their privacy policy and it did not allow login and password access of the deceased individuals account but instead gave an alternate option of providing the family with a CD containing copies of emails in the account of the dead person. The ratio, in this case, raises certain questions with respect to where proprietary rights with respect to the content of a mail are placed. Is it transfer of property rights or is there any other mode to transfer content of the email to the legal heirs? One could view that since the deceased is the author of those emails, copyright could be vested with him. Subsequently, this could be transferred to his legal heirs, giving them a right to approach the court to access the emails. Another view could be that Yahoo was vested with proprietary rights in the email which could be made available to the family members on court order. There are certain practical problems with granting rights on the content of an email.

Justice Edward Stuart in the case of Fairstar Heavy Transport N.V v. Adkins[2] attempted to hypothesize a possible right to property over the contents of an email. This case dealt with a request of an employer to access content of emails on personal computer of his ex-employee relating to business affairs of his company. The question that came before the Queen’s bench was “Whether the claimant had any proprietary rights over content of the emails?”. This case held that the contents of an email cannot be subjected to proprietary rights and therefore the employer does not have an enforceable proprietary claim over the content of the e-mails. The court while trying to decide existence of a possible proprietary right over the contents came up with five possible methods of construing such proprietary rights. The first method would be that the title over the content of the email remains throughout with the creator or his principal. The second method would be that upon an email being sent title of the content would pass to the recipient (drawing from the analogy of vesting of title in passing of a letter according to the principles of transfer of property). The third method would be that the recipient of an email has a license to use the content of an email for any legitimate purpose consistent with the circumstance in which it was sent. The fourth method would be that the sender of the email has a license to retain the content and use it for any legitimate purposes and finally the last method would be that the title over the content of the email is shared between the sender and all the recipients in the chain. The court analysed the veracity of existence of each of these methods in construing a possible right to property over information.

The court held that the implication of adopting the first method would be that the creator of an email would be able to assert his title against the content of the world. The court opined that implication of this option would be strange and would have far-reaching impractical consequences. The court opined that if a possible title over the content of an email remains with the creator, then such vesting of title must allow the creator to use the very same title in all possible forms, which means it should also allow the creator to exercise the title by asking recipients down the chain to delete the content of the email. However, such exercise of the title is not feasible or practical, making this very option quite redundant. The court also rejected the second method. It rejected this method on the ground that if at any given point of time an email is forwarded to multiple recipients, the question of who had the title over its content at any given point of time would be extremely confusing. The third and fourth method mix the existence of proprietary right over the content of an email with nature of use of such information that is whether it’s use is for legitimate purposes or illegitimate purposes. The court held that the nature of use of information should not be an important consideration for exercising a proprietary right of control. The fifth option was also rejected on the ground of compelling impracticality.

The advent of digital will in India: future of data protection of deceased individuals?

If we look at the “Information Technology Act, 2000” then Section 1(4) of the IT Act,2000 read with the First Schedule of the IT Act provides that the IT Act is not applicable to a will defined under clause (h) of section 2 Indian Succession Act, 1925 including any other testamentary dispositions. If we look at digital wills in foreign jurisdictions, then the most talked about legislation would be the “Fiduciary Access to digital assets and Digital Accounts Act”. This piece of legislation is enacted by Delaware, which became the first state in the United States allowing executors of a digital will the same authority to take control of a digital asset. If we look at the 2016 Delaware Code, it basically revolves around the concept of ‘digital assets’ and the idea of ‘fiduciary’, as someone who could be trusted with the digital asset. The legislation defines “digital asset” as data, text, emails, audio, video, images, sounds, social media content, health care records , health insurance records, computer resource codes, computer programs and software, user names, passwords created, generated, sent, communicated, shared, received or stored by electronic means on a digital device.The legislation also defines a “fiduciary’ as a personal representative appointed by a registrar of wills or an agent under durable personal power of attorney. It provides that a fiduciary may exercise control over any and all rights in digital assets and digital accounts of an account holder to the extent permitted under state law or federal law.

Data Protection Bill

The Data Protection Bill, 2018 provides for the “right to be forgotten” under Section 27. It refers to the ability of individuals to limit, de-link, delete, or correct the disclosure of personal information on the internet that is misleading, embarrassing, irrelevant, or anachronistic. Now, upon an individual passing away, his sensitive personal data is up on line and if there is no regulation, his rights will be infringed as many times as the data fiduciary wants and the person does not have any remedy as the bill does not take into consideration the case of deceased individuals. The dynamic nature of data is such that it cannot be deleted on its own once the person is dead. The other provisions which are there for living individuals can be applied in cases of deceased individuals as well. UnderSection 10of the Personal Data Protection Bill, 2018, the data fiduciary can store data only for a limited period of time and can use the information only for the purpose it was taken for. If the data principle wants to amend any information or remove any information, he has the right to do so and the data fiduciary without any law cannot prohibit the person to do so. The current data protection regime fails to recognize and fulfil the needs for protection of digital rights. It is pertinent to consider whether the concept of a “digital asset” and “fiduciary” as present in Delaware legislation can be emulated in India. Protection of data post death involves questions of digital succession as well as intellectual property rights which is inheritable and this has to be taken into consideration while framing a legislation pertaining to post-mortem privacy. The number of internet users is estimated to be 566 million as of December 2018, registering an annual growth of 18%.Considering the growth of internet use in India, it is pertinent to have a proper legal framework for protection of data of deceased individuals.

[1]In re Estate of Ellsworth, No. 2005-296, 651- DE (Mich. Prob. Ct. May 11, 2005).

[2]Fairstar Heavy Transport NV v. Adkins. [2012] EWHC 2952 (TCC).

Read more

Metadata by TLF: Issue 6

Posted on by Tech Law Forum @ NALSAR

Welcome to our fortnightly newsletter, where our Editors put together handpicked stories from the world of tech law! You can find other issues here.

Delhi HC orders social media platforms to take down sexual harassment allegations against artist

The Delhi High Court ordered Facebook, Google and Instagram to remove search result, posts and any content containing allegations of sexual harassment against artist Subodh Gupta. These include blocking/removal of social media posts, articles and Google Search result links. The allegations were made about a year ago, by an unknown co-worker of Gupta on an anonymous Instagram account ‘Herdsceneand’. These allegations were also posted on Facebook and circulated by news reporting agencies. An aggrieved Subodh Gupta then filed a civil defamation suit, stating these allegations to be false and malicious. Noting the seriousness of the allegations, the Court passed an ex-parte order asking the Instagram account holder, Instagram, Facebook and Google to take down this content. The Court has now directed Facebook to produce the identity of the person behind the account ‘Herdsceneand’ in a sealed cover. 

Further Reading:

  1. Trisha Jalan, Right to be Forgotten: Delhi HC orders Google, Facebook to remove sexual harassment allegations against Subodh Gupta from search results, Medianama (1 October 2019).
  2. Akshita Saxen, Delhi HC Orders Facebook, Google To Take Down Posts Alleging Sexual Harassment by Artist Subodh Gupta [Read Order], LiveLaw.in (30 September 2019).
  3. Aditi Singh, Delhi HC now directs Facebook to reveal identity of person behind anonymous sexual harassment allegations against Subodh Gupta,  Bar & Bench (10 October 2019).
  4. The Wire Staff, Subodh Gupta Files Rs. 5-Crore Defamation Suit Against Anonymous Instagram Account, The Wire (1 October 2019)
  5. Dhananjay Mahapatra, ‘MeToo’ can’t become a ‘sullying you too’ campaign: Delhi HC, Times of India (17 May 2019).
  6. Devika Agarwal, What Does ‘Right to be Forgotten’ Mean in the Context of the #MeToo Campaign, Firstpost (19 June 2019).

Petition filed in Kerala High Court seeking a ban on ‘Telegram’

A student from National Law School of India, Bengaluru filed a petition in the Kerala high court seeking a ban on the mobile application – Telegram. The reason cited for this petition is that the app has no  checks and balances in place. There is no government regulation, no office in place and the lack of encryption keys ensures that the person sending the message can not be traced back. It was only in June this year that telegram refused to hand over the chat details of the ISIS module to the National Investigation Agency.  As compared to apps such as Watsapp, Telegram has a greater degree of secrecy. One of the features Telegram boasts of is the ‘secret chat’ version which notifies users if someone has taken a screenshot, disables the user from forwarding of messages etc. Further, there are fewer limits on the number of people who can join a channel and this makes moderation on the dissemination of information even more difficult. It is for this reason that telegram is dubbed as the ‘app of choice’ for many terrorists. It is also claimed that the app is used for transmitting vulgar and obscene content including child pornography. Several countries such as Russia and Indonesia have banned this app due to safety concerns. 

Further Reading:

  1. Soumya Tiwari, Petition in Kerala High Court seeks ban on Telegram, cites terrorism and child porn, Medianama (7 October 2019).
  2. Brenna Smith, Why India Should Worry About the Telegram App, Human Rights Centre (17 February 2019).
  3. Benjamin M., Why Are So Many Countries Banning Telegram?, Dogtown Media (11 May 2019).
  4. Vlad Savov, Russia’s Telegram ban is a big convoluted mess, The Verge (17 April 2018).
  5. Megha Mandavia, Kerala High Court seeks Centre’s views on plea to ban Telegram app, The Economic Times (4 October 2019). 
  6. Livelaw News Network, Telegram Promotes Child Pornography, Terrorism’ : Plea In Kerala HC Seeks Ban On Messaging App, Livelaw.in (2 October 2019).

ECJ rules that Facebook can be ordered to take down content globally

In a significant ruling, the European Court of Justice ruled that Facebook can be ordered to take down posts globally, and not just in the country that makes the request. It extends the reach of the EU’s internet-related laws beyond its own borders, and the decision cannot be appealed further. The ruling stemmed from a case involving defamatory comments posted on the platform about an Austrian politician, following which she demanded that Facebook erase the original comments worldwide and not just from the Austrian version worldwide. The decision raises the question of jurisdiction of EU laws, especially at a time when countries are outside the bloc are passing their own laws regulating the matter.

Further Reading:

  1. Adam Satariano, Facebook Can Be Forced to Delete Content Worldwide, E.U.’s Top Court Rules, The New York Times (3 October 2019).
  2. Chris Fox, Facebook can be ordered to remove posts worldwide, BBC News (3 October 2019).
  3. Makena Kelly, Facebook can be forced to remove content internationally, top EU court rules, The Verge (3 October 2019).
  4. Facebook must delete defamatory content worldwide if asked, DW (3 October 2019).

USA and Japan sign Digital Trade Agreement

The Digital Trade Agreement was signed by USA and Japan on October 7, 2019. The Agreement is an articulation of both the nations’ stance against data localization. The trade agreement cemented a cross-border data flow. Additionally, it allowed for open access to government data through Article 20. Articles 12 and 13 ensures no restrictions of electronic data across borders. Further, Article 7 ensures that there are no customs on digital products which are electronically transmitted. Neither country’s parties can be forced to share the source code while sharing the software during sale, distribution, etc. The first formal articulation of the free flow of digital information was seen in the Data Free Flow with Trust (DFFT), which was a key feature of the Osaka Declaration on Digital Economy. The agreement is in furtherance of the Trump administration’s to cement America’s standing as being tech-friendly, at a time when most other countries are introducing reforms to curb the practices of internet giants like Google and Facebook, and protect the rights of the consumers. American rules, such as Section 230 of the Communications Decency Act shields companies from any lawsuits related to content moderation. America, presently appears to hope that their permissive and liberal laws will become the framework for international laws. 

Further Reading:

  1.     Aditi Agarwal, USA, Japan sign Digital Trade Agreement, stand against data localisation, Medianama (9 October 2019).
  2.     U.S.-Japan Digital Trade Agreement Text, Office of the United States Trade Representative (7 October 2019).
  3.   Paul Wiseman, US signs limited deal with Japan on ag, digital trade,Washington Post (8 October 2019).
  4.   FACT SHEET U.S.-Japan Digital Trade Agreement, Office of the United States Trade Representative (7 October 2019).
  5. David McCabe and Ana Swanson, U.S. Using Trade Deals to Shield Tech Giants From Foreign Regulators, The New York Times (7 October 2019).

Read more

Does Web Crawling Contravene the Indian Copyright Act, 1957?

Posted on by Tech Law Forum NALSAR

[Ed Note: The following post has been authored by Shivang Agarwal, currently in his final year at NALSAR University of Law. In an interesting read, he analyzes the nature of web crawling actions and the kind of information collected to assess whether claims of copyright infringement may be brought against entities running such search engines.]

Web crawling is a process by which programs, which are colloquially known as ‘web spiders’ or ‘web robots’, browse the World Wide Web in a methodical and automated manner in order to index information found on every web page they come across. Many legitimate service providers, including search engines, employ web spiders to provide up-to-date information and data to their users.

Web crawling results in the creation of an index of web pages, allowing users to send queries through a search engine and provide links to the webpages that match the queries. The index is a list of entries which consists of key words, titles, headings, meta data etc. which were taken note of by the web crawler and addresses of the webpages on which they were found.  Web crawling also enables archiving of webpages, which involves storing and cataloguing large sets of webpages on servers which are connected to the internet and updating them periodically.

Thus, any potential contravention of the Copyright Act, 1957 (‘Copyright Act’) must be evaluated against the aforementioned uses and the nature of information indexed, stored or cached in the process of web crawling. Under Section 14(1)(a) of the Copyright Act, ‘copyright’ is defined as  an exclusive right subject to the provisions of the Copyright Act, to do or authorise any of the stipulated acts in respect of a work or any substantial part thereof. Under Section 51(a)(i), a copyright is deemed to be infringed when any person, without a license granted by the owner of the copyright or the Registrar of Copyrights under this Act does anything that is an exclusive right conferred upon the owner of the copyright.

Firstly, it would be pertinent to discuss the copyrightability of information or data which is getting stored, cached or catalogued through web crawling. Courts in India have placed a heavy reliance on US copyright jurisprudence, to hold that copyright does not subsist in raw facts, data, ideas, information etc. Feist Publications Inc. v. Rural Telephone Service Co. Inc, cited with approval in Eastern Book Company v. D.B. Modak, held that facts are not copyrightable since the sine qua non for copyright is originality. “Original”, as a term used in copyright, means that the work is created by the author independently and that it possesses at least some degree of creativity. In R.G. Anand v. Delux Films, the Supreme Court propounded that a mere idea cannot be the subject matter of copyright.

Therefore, a contravention of the Copyright Act would firstly depend upon the material which is collected by the web crawler. A web crawling action which simply results in collection of bare facts, raw data such as historical information, data captured by sensors, machine inputs, information pertaining to unclassified commercial transactions etc. cannot be copyrighted. Hence, indexation, storage or usage of such data or information in any other form will not constitute a contravention of the Copyright Act. However, if the crawler caches or uses copyrighted works hosted on webpages, then it will invariably constitute a contravention of Section 13(1) of the Copyright Act which states that a copyright shall subsist in original literary, dramatic, musical, artistic works, cinematographic films and sound recordings.

Secondly, a contravention of the Copyright Act would largely depend on the nature of web crawling being carried out by a company. If the scope of web crawling activities is only limited to creation of an index which is used to provide the users with the location of webpages which contain the relevant information required by them, then it should not result in a contravention of the Copyright Act. Essentially, any index created through web crawling contains billions of webpages and is well over 100,000,000 gigabytes in size. Such an index is similar to an index in the back of a book i.e. with an entry for every word seen on every web page indexed. When a web page is indexed, it is added to the entries for all of the words it contains. Thus, the web crawler by indexing web pages performs a limited role of directing the users to webpages of their choice by making the URL of such pages available to them.

The key question which needs to be then asked at this juncture is how the work is being made ‘available’ to the public. Under Section 2(ff) of the Copyright Act, “communication to the public” means making any work available for being viewed by the public by means of display or diffusion, without issuing copies of the work, whether or not any member of the public actually views the work.  Copyright is deemed to be infringed if any person, who is not the owner of the copyrighted work indulges in communication to the public of any work.

Although there are no precedents in India, in my opinion the judgment in Perfect 10 v. Amazon.Com would be pertinent. Herein, the US Court of Appeals for the Ninth Circuit held that just providing HTML instructions for the location of copyrighted subject-matter would not by itself cause the copyrighted subject-matter to appear on the user’s computer screen. The HTML merely gives the address of the copyrighted subject-matter to the user’s browser. The user’s browser then interacts with the computer that stores the copyrighted subject-matter. It is this interaction that causes the subject-matter to appear on the user’s computer screen. Essentially, the web-crawler will only display to the public the location and address of the webpages hosting the copyrighted work rather than the work itself. This would not amount communication of the work to the public under Section 2(ff) read with Section 51(a)(i) of the Copyright Act as a web-crawler does not host the actual work thereby making it available to be seen or heard or enjoyed by the users directly or by means of display or diffusion.

Having said that, there are other scenarios in which web crawling may amount to contravention of the Copyright Act.  If a web spider or a bot in the course of crawling through web-page stores or caches web pages or even entire websites on servers connected to the internet, it will constitute a direct contravention of the Copyright Act under Section 51(a)(i). Such an action would amount to making copies of and storing subject-matter in which copyright subsists. The Copyright Act equates the storage of any work in any medium by electronic or other means to reproduction of the work in any material form.

Henceforth, a potential contravention of the Copyright Act would largely be dependent on the kind of content hosted by the websites which are crawled upon and the nature of the web crawling itself. Any web crawling action concerned with indexation and storage of bare facts or raw data is legitimate. For works which are original and presuppose creativity, an infringement would be dependent on the nature of the web crawling action. If web crawling is limited to providing the location of the webpages after matching them with the queries of the customers, then it should not constitute a contravention of the Copyright Act under Section 51(a)(i). However, storage or creation of copies of web pages hosting copyrighted works would invariably contravene the Copyright Act.

Read more

December, 2014: Fireworks and more!

Posted on by Kartik Chawla

December, 2014, has been the month when the Indian community received a multitude of shocks, one after the other and each one more powerful, on the issue of internet-related legal problems.

First, we had the lamentable Uber issue, which was followed by Airtel announcing (and later withdrawing) its VoIP-data plan, which violated Net Neutrality down to the first principle. This also inspired TRAI to work on a consultation on Net Neutrality. Soon after, we learnt that SoI had filed a case against Google for “displaying an incorrect map” of India. And just as the month was wrapping up, Airtel and Hathway accidentally blocked all of imgur rather than just a single image.

Read more

A Wolf in Sheep’s Clothing: The Trans-Pacific Partnership

Posted on by Jitesh Anand

[Image Source: http://flic.kr/p/osRzan]

After the scrapping of the ‘Stop Online Piracy Act’ (SOPA) and the ‘Protect IP Act’ (PIPA) in the U.S., one could have been under the impression that the Internet would be free from unadulterated interference by the government. SOPA and PIPA basically gave the government unprecedented powers to shut down any website/blog at will. Be that as it may, few know about the presence of an equally perilous agreement called the ‘Trans-Pacific Partnership’. U.S. is a key member of this partnership bolstered by corporate lobbyists and this will ultimately be pushed down on all countries around the world by means of trade deals. WikiLeaks in recent times has released some draft chapters of the TPP. In this blog post, I will try to analyze some contentious provisions of the TPP from the viewpoint of an Indian internet user.

Read more