News
How India’s new draft Telecom Law may impact Data Privacy
India recently released a new draft Telecommunications Bill, 2022, which is currently open to public consultation. This Bill would repeal and replace laws that are decades and in some cases, over a century old. The Bill has already been receiving some backlash against the draft law imperilling encrypted messaging application and justifying communications blackout. The author deep-dives on how could the new draft telecom laws potential impact data privacy in India.
India moved to overhaul its ageing telecommunications laws in late September 2022, by releasing a new draft Telecommunications Bill, 2022 (“Telecom Bill”). This Bill would repeal and replace laws that are decades, and in some cases centuries, old - the Indian Telegraph Act, 1885, the Indian Wireless Telegraphy Act, 1933 and the Telegraph Wires (Unlawful Possession) Act, 1950.
The Telecom Bill proposes quite a few momentous changes to India’s telecom regulatory regime. For example, it proposes to regulate OTT communication platforms on the same footing as ‘traditional’ telecom services, as a result of which players such as WhatsApp or Zoom may find themselves facing stringent licensing norms in India. The Telecom Bill also proposes (once again) to regulate spam calls and messages, which have so far defied all attempts at curtailment.
But perhaps the most consequential impact of the Telecom Bill would be to further enhance the Indian Government’s surveillance powers in telecommunications matters. This is important, in that past jurisprudence on phone tapping has always informed India’s data privacy regime, and has found echo even in protections afforded to computer data under Indian IT regulations. If the Telecom Bill replaces the Telegraph Act, there may be a ‘reset’ on restrictions on the Indian Government’s power to access telecom calls and data, and also data stored on computer systems in India or aboard.
The Origins of Indian Surveillance Regulations
As this author has argued before , the grundnorm source law on electronic surveillance in India is Section 5(2) of the Indian Telegraph Act, 1885. When read with the terms of the Indian Telegraph Rules, 1951, this allows interception and disclosure of telecom messages only “on the occurrence of any public emergency or in the interest of public safety”.
Section 5(2) of the Telegraph Act was formulated in 1972 to facilitate surveillance by way of telephone tapping. In 1996, limitations on the Indian Government’s ability to tap phones was placed by the Supreme Court’s ruling in People’s Union for Civil Liberties v. Union of India (“PUCL Case”). The Indian Supreme Court in the PUCL Case issued nine (9) rules and directions on telephone taping, including a sunset on any interception orders, and an internal review committee to oversee such orders. Following this case, a new Rule 419A was added to the Telegraph Rules, enshrining these limitations into law.
Why this case has resonance beyond the telecom space, is that the same legal reasoning (and text) was adapted for surveilling computer records in later laws that governed computer systems. In 2000, Section 69 of the Information Technology Act was drafted to mirror Section 5(2) of the Telegraph Act. And like Rule 419A, the Information Technology (Procedures and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009 allow data access with the same restrictions.
As such, Indian telecom and data surveillance laws, in their present form, are rooted in a judgement of the Supreme Court that places limits on the Government’s phone surveillance and access powers. Indian courts have continued to apply such limitations to the state’s surveillance powers when it comes to telephone tapping, access orders, etc.
But if the basic grundnorm of the Telegraph Act is changed, how much of this protection remains? Surveillance under the draft Telecom Bill
Section 24 of the Telecom Bill addresses interception of telecom calls and messages, akin to the erstwhile Section 5(2). Upon the occurrence of any public emergency or in the interest of the public safety, the duly designated officer of the Government may, if satisfied that it is necessary in the interest of the sovereignty, integrity or security of India, friendly relations with foreign states, public order, or preventing incitement to an offence, order interception of messages, from or to any class of persons.
So far, so good – the reasons and rationale for interception is broadly similar to that under the old law. But the operative part of the Government powers will be contained in any rules and subordinate legislation that define the actual parameters of such interception. Would these reflect the old Rule 419A of the Telegraph Rules, or would the Government take this opportunity to ‘streamline’ the way in which it can access telecom messages and calls?
Whatever form the final Telecom Bill and its rules take, they will likely have an impact beyond the interception of SMSs and phone tapping. India is also contemplating replacing its 20 year old Information Technology Act with an updated ‘Digital India Act’ . The reframing of India’s digital regulations may present a similar opportunity for the Government to apportion to itself additional powers of data access and surveillance. There has been a trend towards increased surveillance in recent Indian laws, including those ostensibly dealing with cybersecurity and intermediary rules.
What Happens Next?
The draft Telecom Bill is currently out for public consultations under mid-October 2022, post which it may be revised to reflect inputs received. There has already been a substantial backlash against the new draft law imperilling encrypted messaging applications and justifying communications blackouts . Whether this will make the Government step back and revise the draft law is uncertain; in recent times, while the Government has withdrawn one unpopular draft law from circulation (the Personal Data Privacy Bill, 2019), in other cases it has forged ahead unheeding of criticism (most recently, in Cyber incident reporting directions that require notification of a breach within 6 hours).
As this author noted in an earlier piece , Indian jurisprudence around telephone tapping has been headlined by Indian courts seeking to place fetters on the State’s power to access information and data. Indian courts’ continued willingness to push back against Government surveillance orders is ultimately derived from the law they are called upon to enforce. Diluting protections under the underlying laws is the surest way to bypass judicial review of such matters. But doing so also has far reaching consequences, in that the overall standard of protection available to individuals (Indian or foreign) in India may be diluted. And this may have consequences, in turn, when evaluating the adequacy of protections in India.
But will this realization be enough to curtail the Government’s recent penchant for surveillance? An interesting few months lie ahead of those of us who follow data privacy developments in India.
Article provided by INPLP member: Vikram Jeet Singh (BTG legal, India)
Discover more about the INPLP and the INPLP-Members
Dr. Tobias Höllwarth (Managing Director INPLP)
News Archiv
- Alle zeigen
- Mai 2023
- April 2023
- März 2023
- Februar 2023
- Jänner 2023
- Dezember 2022
- November 2022
- Oktober 2022
- September 2022
- August 2022
- Juli 2022
- Mai 2022
- April 2022
- März 2022
- Februar 2022
- November 2021
- September 2021
- Juli 2021
- Mai 2021
- April 2021
- Dezember 2020
- November 2020
- Oktober 2020
- Juni 2020
- März 2020
- Dezember 2019
- Oktober 2019
- September 2019
- August 2019
- Juli 2019
- Juni 2019
- Mai 2019
- April 2019
- März 2019
- Februar 2019
- Jänner 2019
- Dezember 2018
- November 2018
- Oktober 2018
- September 2018
- August 2018
- Juli 2018
- Juni 2018
- Mai 2018
- April 2018
- März 2018
- Februar 2018
- Dezember 2017
- November 2017
- Oktober 2017
- September 2017
- August 2017
- Juli 2017
- Juni 2017
- Mai 2017
- April 2017
- März 2017
- Februar 2017
- November 2016
- Oktober 2016
- September 2016
- Juli 2016
- Juni 2016
- Mai 2016
- April 2016
- März 2016
- Februar 2016
- Jänner 2016
- Dezember 2015
- November 2015
- Oktober 2015
- September 2015
- August 2015
- Juli 2015
- Juni 2015
- Mai 2015
- April 2015
- März 2015
- Februar 2015
- Jänner 2015
- Dezember 2014
- November 2014
- Oktober 2014
- September 2014
- August 2014
- Juli 2014
- Juni 2014
- Mai 2014
- April 2014
- März 2014
- Februar 2014
- Jänner 2014
- Dezember 2013
- November 2013
- Oktober 2013
- September 2013
- August 2013
- Juli 2013
- Juni 2013
- Mai 2013
- April 2013
- März 2013
- Februar 2013
- Jänner 2013
- Dezember 2012
- November 2012
- Oktober 2012
- September 2012
- August 2012
- Juli 2012
- Juni 2012
- Mai 2012
- April 2012
- März 2012
- Februar 2012
- Jänner 2012
- Dezember 2011
- November 2011
- Oktober 2011
- September 2011
- Juli 2011
- Juni 2011
- Mai 2011
- April 2011
- März 2011
- Februar 2011
- Jänner 2011
- November 2010
- Oktober 2010
- September 2010
- Juli 2010