An imminent need for updated cyber policies

By G.V. Anand Bhushan and Maygha Viswanat

India is the fastest-growing trillion-dollar economy in the world and the fifth-largest overall, with a GDP of $2.94 trillion. Catapulted by the rising availability of high-speed connectivity, India already has one of the world’s largest (and still growing) base of digital consumers. The IT sector, while contributing to around 8% of the country’s GDP and providing employment to 4.36 million people, has leapfrogged multiple stages of development faster than many western economies.

As the country continues to embrace the contours of “Industry 4.0” such as 3D printing, augmented wearables and cognitive computing, there is an immediate need to strengthen the regulatory framework in a manner that fosters innovation while protecting the public interest.

Cryptocurrencies
Cryptocurrencies are a digital asset akin to a virtual currency secured by cryptography. They have been defined as anything from currencies to commodities and have received different legal treatment by regulators world over. In India, the cryptocurrency market was rapidly growing until the year 2018 when the RBI issued a circular prohibiting financial institutions from providing financial services to entities dealing in cryptocurrencies. However, things turned around when the Supreme Court, in March 2020, invalidated the RBI’s ban on cryptocurrency-related payments and stated that, in the absence of enabling legislation, the business of dealing in cryptocurrencies ought to be treated as a legitimate trade that is protected as a fundamental right under the Constitution.

The Supreme Court judgment points to a regulatory framework that enables crypto-trading is currently not functioning. Cryptocurrencies, at present, operate in a regulatory vacuum since they lack the safeguards that other financial institutions have, such as audits, financial reporting and proper security infrastructure.
Taking a cue from Japan, India should leverage this technological advancement to its advantage and adopt enabling legislation that regulates cryptocurrencies in a manner that mitigates the risks associated with it, such as money laundering, cyberattacks and fraud, as well.

While a law regulating cryptocurrencies is the need of the hour, going forward, it is also recommended that the government implements regulations for other domains in the fin-tech space such as robo-advisors, distributed ledger technologies and smart contracts.

Data privacy
Data privacy has been garnering a lot of attention over the last few years. Today, countries all across the globe, such as, the European Union, UAE, UK, and Singapore to name a few, have implemented data protection regulations to protect their citizens’ interests.

In India, the watershed moment was the K.S. Puttaswamy case, where the apex court upheld the fundamental right to privacy and called upon the government to enact a robust data protection framework. Latest ban on Chinese apps stating one of the grounds that it poses national security risk, with data being transferred outside India, highlights the need of implementing a data protection framework as more critical than ever before.

At present, India’s data protection laws – the IT Act and the SPDI Rules only offer limited protection on collecting, storing and processing of personal and sensitive personal information. The laws provide basic rights to the provider of information and lack detailed provisions on consent requirements, sharing of data, cross-border transfer of data, and stringent penalties for breach data privacy laws. The existing laws do not provide for an adequate redressal mechanism, which is in sharp contrast to the GDPR. Further, sectoral regulators such as the RBI and TRAI have adopted sectoral regulations which are often inconsistent with one another, thereby, only causing more ambiguity.

It is, thus, critical to immediately implement an overarching, all-embracing data protection framework that adequately protects one’s information. For this purpose, the government of India introduced the Personal Data Protection Bill in December 2019 (“PDP Bill”). With detailed provisions on the categorisation of data, consent and transfer of data, it is hoped that the PDP Bill, when enacted, will safeguard the right to privacy and foster digital innovation at the same time.

Drone technologies
At this juncture, it becomes imperative to deal with the current drone market in India. There has been an exponential growth in the use of drone technologies in multiple business pursuits such as photography, supply chain management and agricultural manning in the last few years.

With such an explosion in drone technologies, the government recently introduced the draft Unmanned Aircraft System (“UAS”) Rules, 2020 (“Rules”) to overcome the grey areas of the existing National Drone Policy, 2018. While the Rules are progressive, certain discrepancies ought to be addressed before implementation. Most importantly, the Rules do not provide for a mechanism to check whether the operators are adhering to the norms. One of the primary concerns with respect to any legal framework on UAS is the enforceability of the same since it is challenging to monitor compliance by drone operators. The Rules also fail to account for privacy implications that can be encountered by the usage of UAS. Further, the Rules lack transparency and accountability measures since the government has the power to exempt any agency from the requirement of obtaining an operator permit.

With ecommerce companies conducting trial runs for ensuring deliveries using drone technologies, it is imperative to include provisions on transparency, enforceability and privacy while implementing a framework regulating UAS.

Technology and digital connectivity are now being seen as a basic parameter of development, so much so that within three decades, from having no internet connectivity, we are now talking of “2G Free India”, just like as we speak of “Poverty Free India.”

Currently, due to the pandemic, quarantine, job loss and recession there is a lot of doom and gloom in the market. However with the right incentives and regulatory framework coupled with further advances in internet speed, augmented and virtual reality, artificial intelligence and 3d printing we can usher in a golden age for everything from cheap renewable energy, to housing and education for all.

(G.V. Anand Bhushan is Partner, Chennai Head and Maygha Viswanat is Associate at Shardul Amarchand Mangaldas & Co. The views in this article are the personal views of the author.)

Cyber LawCybersecuritypolicyShardul Amarchand Mangaldas & Co.
Comments (0)
Add Comment