Let us talk about E-Contracts (II): E-Commerce Business Models

Without any argument, new communication systems, especially digital payment technologies, have supplanted the snail-paced conventional systems of communication and transactions. Business communities and consumers are increasingly using digital means to send and receive information in electronic form. The reason is that the information technology (IT) has abridged the time and distance factor in transacting business. Nowadays, inflow and outflow of information have become instant and momentary. Therefore, one principal contribution of IT is in the field of contract-formation.

Electronic contracts (e-contracts) are born out of the need for speed, convenience and effectiveness. The law has already recognised contract-formation using facsimile, telex and other similar technologies.

Let us envision a contract between an Indian businessman and an English businessman. Away from digital means, one option is that one party first draws up two copies of the contract, signs them and sends (through postal or courier service) them to the other, who, in turn, signs both copies and sends one copy back. The other option would be that the two parties meet somewhere and sign the contract. However, within the digital world, the whole process can be completed in seconds, with both parties simply affixing their electronic signatures to the electronic copy of their contract. There is, thus, no need for tardy dispatching mechanism (postal or courier services) and/or supplementary travelling costs in such a situation.

Before proceeding with the E-Contracts, let us have a brief look at the basics of the business model and kinds of transactions under which e-contracts are mostly used.

E-Commerce Business Models

Electronic commerce (e-commerce), in a very general sense, refers to buying and selling products and services over the internet and the World Wide Web (www). E-commerce, however, in actuality, includes all forms of commercial transactions involving both—organisations and individuals—that are based upon the electronic processing and transmission of data including text, sound, and visual images; and involves transactions over the internet as well. In addition, e-commerce also refers to the effect that the electronic exchange of commercial information may have on the institutions and processes that support and govern commercial activities.

There are several ways of looking at e-commerce:

(1) From a communications perspective, it is the ability to deliver products, services, information, or payments via networks like the internet.

(2) From an interface view, it means information and transaction exchanges: business-to-business (B2B), business-to-consumer (B2C), consumer-to-consumer (C2C), and business-to-government (B2G).

(3) As a business process, e-commerce means activities that support commerce electronically by networked connections. For example, business processes like manufacturing and inventory and business-to-business processes, like supply chain management is managed by the same networks as business-to-consumer processes.

(4) From an online perspective, e-commerce is an electronic environment that allows sellers to buy and sell products, services, and information on the internet. The products may be physical, like cars; or services, like news or consulting, etc.

(5) As a structure, e-commerce deals with various media: data, text, web pages, internet telephony, and internet desktop video.

(6) As a market, e-commerce is a worldwide network. A local store can open a web storefront and find the world at its doorstep—customers, suppliers, competitors, and payment services. Of course, an advertising presence is essential.

Types of Online Transaction

Online transactions can be recognised and categorised in four ways:

Business to Customer (B2C)

It is the transaction where a business entity on one side and an individual customer, on the other hand, conduct business. The expression B2C has been commonly used to refer to a sale by a business enterprise or retailer to a person or ‘consumer’ conducted through the internet. For instance, Flipkart.com which provides facilities for customers to buy goods from the website—is an example of a B2C e-business. In this situation, the website itself serves the purpose of a shop. The B2C transactions can be in relation to both—tangible and intangible products. The focal point of this e-commerce application is on the consumer’s use of a merchant’s web storefront or website. Consumers from any place can browse and order for goods and services online at any time. B2C is an electronic equivalent of the conventional mail-order or telephone-based ordering system.

Business to Business (B2B)

It is the type of e-commerce where there is an exchange of products, services, or information between businesses using the internet, rather than between businesses and consumers. Alibaba.com is the prominent example of B2B model.

Customer to Business (C2B)

Customer to Business (C2B), also known as Consumer to Business, is the most recent e-commerce business model, where individual customers offer to sell products and services to companies that are prepared to purchase them. It is the opposite of the traditional B2C model. Example of this model is blogs or internet forums where the author offers a link back to an online business facilitating the purchase of some product (like a book on Amazon.com), and the author might receive affiliate revenue from a successful sale.

Customer to Customer (C2C)

It is the transaction which involves two or more customers with business entity merely providing a web-based interface to facilitate the consumer to consumer transactions (B2C). The expression C2C generally refers to the sale of a product pertaining to a consumer to another consumer either directly or through an intermediary exclusively dedicated for this activity. One best example of C2C website is Ebay.com, which is an online auction site, where any person can buy and sell, and exchange goods and articles using this website. This website provides the web-based interface (i.e. the website with its database and other functions) and users can transact freely with each other. Another example is Amazon, which in fact, acts as both a B2C and a C2C marketplace.

Recommended Readings

  • Alan Davidson, The Law of Electronic Commerce, Cambridge University Press, (2009).
  • R K Singh, Law Relating To Electronic Contracts (2017)

Let us talk about E-Contracts (I): Electronic agents and conclusion of online contracts

The advancements in the internet as means of facilitating contract formation does not, at first read, present a situation different from that applicable to a facsimile or telex. An e-contract can be created either via the exchange of e-mails or by the completion of a document as a website which is submitted to another party electronically. While it is true that to the great extent that e-contracts are modernised methods of contract formation but they don’t require any particular changes to the law. Still, there are some particular issues arising from their electronic form. This post will discuss the international instruments that provide legal recognition to e-contracts and very advanced facets of it.

A contract is concluded if the parties intend to be legally bound, and they reach a sufficient agreement. Conclusion of contract with offer and acceptance. A contract can be concluded by the acceptance of an offer.

There are various ways to conclude e-contracts. The significant and interesting ones are as follows:

Forming contracts via electronic communications (such as e-mails)

The simplest e-contract is concluded by the exchange of text documents via electronic communications, such as e-mail. Offers and acceptances can be exchanged totally by e-mails, or can be combined with paper documents, faxes, telephonic discussions, etc.

Acceptance of orders placed on online marketplaces

The vendor/ supplier can offer goods or services (such as air tickets, software, etc.) through his website. The vendee, in such cases, places an order by completing and transmitting the order form provided on the website. The merchandise may be physically delivered later (e.g., in case of outfits, CDS, books, etc) or be immediately delivered electronically (e.g., in case of e-tickets, software, etc).

Online agreements

In some cases, users are required to accept an online agreement in order to be able to avail the services e.g. clicking on ‘I agree’ while installing software or clicking on ‘I agree’ while signing up for an e-mail account.

The electronic data interchange (EDI)

It is the inter-process of communication of business information in a standardised electronic form. That is, they are contracts used in trade transactions which enable the transfer of data from one computer to another in such a way that each transaction in the trading cycle (for example, commencing from the receipt of an order from an overseas buyer, through the preparation and lodgment of export and other official documents, leading eventually to the shipment of the goods) can be processed with virtually no paperwork. In this case, the data is formatted by means of standard protocols, so that it can be implemented directly by the receiving computer. EDI is, frequently, used to transmit standard purchase orders, acceptances, invoices, and other records, and thus, reduces paperwork and the potential for human errors. In this type of contracts, in contrast to the above methods, there is an exchange of information and completion of contracts between two computers and not an individual and a computer.

Through electronic agents/ bots

It is possible for computer users to instruct the computer to carry out transactions robotically. For instance, in today’s supermarket, the computer updates its inventory as items are scanned for sale. When the stock of an item falls to a predetermined level, the computer is programmed, without human involvement, to contact the computer of the supplier and place an order for replacement stock. The supplier’s computer, exclusive of human intervention, accepts the order and the next morning automatically prints out worksheets and delivery sheets for the supply and transport staff.

These electronic agents are programmed by and with the authority of the purchaser and supplier. The legal status of electronic agents has not been clarified by the courts, but the most common view is that like any other piece of equipment under the control of the owner, the owner accepts responsibility. A computer is a tool programmed by or with a person’s authority to put into operation their intention to make or accept contractual offers.

According to Russell and Norving, ‘An agent is anything that can be viewed as perceiving its environment through sensors and acting upon that environment through effectors. A human agent has eyes, ears, and other organs for sensors, and hands, legs, mouth, and other body parts for effectors. A robotic agent substitutes cameras and infrared range finders for the sensors and various motors for the effectors. A software agent has encoded bit strings as its percepts and actions.’

Such electronic agents and devices have features which facilitate humans in their normal interaction and functions, such as, intelligence, autonomy and pro-activeness. The idea of having intelligent systems—to assist human beings with routine tasks, to shift through an enormous amount of information available to a user and select only that which is relevant—is not novel and a lot of work and results have already been achieved in the field of artificial intelligence (‘AI’).

Legal recognition of electronic agents

The E-COMMERCE DIRECTIVE 2000/31/EC of The European Parliament and of the Council of 8 June 2000 does not take in hand the issue of automated transaction made through electronic agents. The explanatory notes of the proposal of the Ecommerce Directive state that the Member States should refrain from preventing the use of certain electronic systems such as intelligent electronic agents for making a contract. But, the final version makes no reference to electronic agents in the main text or in the recital. The deletion of the proposed text furnishes a sign of the EU’s failure to respond to the tremendous growth of e-commerce. It is also not in consonance with the preamble to the Directive, which states that the purpose of the Directive is to stimulate economic growth, competitiveness and investment by removing many legal obstacles to the internal market in online provision of electronic commerce services. However, the exclusion of the provision giving legal recognition to electronic agents is a step backwards and a failure to recognise the role of electronic agents in fostering the development of e-commerce such as lower transaction costs, facilitate technology and adherence to international conventions.

The United Nations Convention on the Use of Electronic Communications in International Contracts 2005 (hereinafter referred to as the ‘UNCUECIC’) contains provisions dealing with issues such as determining a party’s location in an electronic environment; the time and place of dispatch and receipt of electronic communications and the use of automated message systems for contract formation. Art.12 of the UNCUECIC, which deals with the use of automated message systems for contract formation, states, ‘A contract formed by the interaction of an automated message system and a natural person, or by the interaction of automated message systems, shall not be denied validity or enforceability on the sole ground that no natural person reviewed or intervened in each of the individual actions carried out by the automated message systems or the resulting contract.’ The objective behind the adoption of the uniform rules was to remove obstacles to the use of electronic communications in international contracts, including obstacles that might result from the operation of existing international trade law instruments, and to enhance legal certainty and commercial predictability for international contracts and help States gain access to modern trade routes.

In the USA, the Uniform Electronic Transactions Act, 1999 (UETA) expressly recognises that an electronic agent may operate autonomously, and contemplates contracts formed through the interaction of electronic agents and those formed by the interaction of electronic agents and individuals.

Section 14 of the UETA reads as follows:

In an automated transaction, the following rules apply:

(1) A contract may be formed by the interaction of electronic agents of the parties, even if no individual was aware of or reviewed the electronic agents’ actions or the resulting terms and agreements.

(2) A contract may be formed by the interaction of an electronic agent and an individual, acting on the individual’s own behalf or for another person, including by an interaction in which the individual performs actions that the individual is free to refuse to perform and which the individual knows or has reason to know will cause the electronic agent to complete the transaction or performance.

(3) The terms of the contract are determined by the substantive law applicable to it.

Section 14 of the UETA, which is based upon Article 11 of the UNICTRAL Model Law on Electronic Commerce, deals with ‘automated transaction’. This Section states that contracts can be formed by machines functioning as ‘electronic agents’ for parties to a transaction. It wipes out any claim that lack of human intent, at the time of contract formation, prevents contract formation. When machines are involved, the requirement of intention flows from the programming and use of the machine. It is quite evident that the main purpose of this provision of the UETA is to remove barriers to electronic transactions while leaving the substantive law, e.g., law of mistake, law of contract formation, unaffected to the greatest extent possible. Also, the Uniform Computer Information Transaction Act (UCITA) also has provisions supporting the ability of electronic agents to make binding contracts.

Recommended Readings

  • Wooldridge & Jennings, ‘Intelligent Agents: Theory and Practice’, Knowledge Engineering Review, (June 1995) Vol. 10 No. 2, Cambridge University Press (1995).
  • Alan Davidson, The Law of Electronic Commerce, Cambridge University Press, (2009).
  • R K Singh, Law Relating To Electronic Contracts (2017)

Public health surveillance in India: concerns of an individual’s liberty and privacy amid a pandemic

(This article extensively borrows from another article that authors wrote for and first published on the Leaflet)

The world is grappling with the kind of situation that it has never seen before. The rapid pace of COVID-19 spread made it necessary for the governments around the world to use extreme means and measures that would otherwise be considered Orwellian. These emergency measures by the governments are attempts to effectively enforce a lockdown and strictly prohibit movement of the citizens in a bid to break the chain of infection.

As Governments are attempting to contain the contagious virus, the use of technology for monitoring people undergoing quarantine has doubled in order to combat the spread of the virus. Ordinarily, under such developing Orwellian state of affairs, civil liberty activists and privacy advocates stir commotion; considering the scale of the crisis, they seem to tacitly embrace these measures. It is obvious that this pandemic is reshaping our relationship with surveillance technology, albeit to the fear of some the surveillance that could become a norm.

World under surveillance

Across the globe, countries are expansively deploying tech-enabled surveillance infrastructure of Face Recognition Technology (FRT) based CCTVs, drones and cell phone tracking devices for contact tracing and enforcing quarantine. Growing number of countries such as Israel and South Korea are ‘contact tracing’ using mobile applications or cell phone records. It is a process of mapping travel history of an infected person by analyzing location records of the cell phones. It is followed by pinpointing the other contacts for quarantine that might have come in contact with such a person. Meanwhile, Taiwan has gone a step further in quarantining the traced contacts by deploying an ‘electronic-fence’. If a mobile user’s SIM card is tracked beyond the reach of a network station or found to be switched off, law enforcement authorities quickly approach the suspect.

In India, law enforcement authorities across the nation are increasingly using technology to monitor and restrict the spread of the virus. In several states such as Rajasthan, Punjab and Delhi, local authorities have published a list of personal details, in online media and newspaper, of those suspected or infected of COVID-19. The Karnataka government has taken this to an inordinate level by mandating all quarantined persons to send a selfie with geo-tags through an official app named ‘CoronaWatch’ every hour, except between sleeping time 10 PM to 7 AM. Now, the Ministry of Electronics and Information Technology (MeitY) has also launched an app- ‘Aarogya Setu’, which uses Bluetooth and GPS to alert an individual if they come within six feet of a Covid-19 infected person.

The case of “Public Health Surveillance”

Law enforcement agencies of different countries are carrying out tech-enabled surveillance on their citizens to ensure compliance with the rules of social distancing and lockdown. In normal times, such measures are targeted against terrorists or criminals; while also scrutinized vide privacy and civil liberty concerns.

However, even the World Health Organisation (WHO) has sought to play down privacy concerns in these unprecedented times, by terming the measure as “public health surveillance”. The WHO has simply legitimized the governments’ argument that the extraordinary situation of COVID-19 pandemic necessitates the use of an extraordinary measure of mass surveillance. The public health emergency of such magnitude is being touted as a valid justification for deploying tech-enabled mass surveillance and subversion of individual rights.

Is surveillance a matter of concern for India?

There are certain unique reasons due to which implementation of these emergency measures, in India, are worrisome.

No clarity on the legal basis for surveillance measures

Firstly, in India, neither the central government nor the state governments have provided any legal basis for directing such tech-enabled surveillance measures. For instance, neither of the official press release of the Aarogya Setu app and Karnataka’s ‘mandatory selfie direction mention any legal grounds for such directions nor have they provided any privacy policy with it. The absolute abandonment of civil liberties and privacy in the interest of public health, without the bare minimum legal foundation, portends negative consequences

The government has invoked the Epidemics Diseases Act, 1897 and Disaster Management Act (DMA), 2005 to deal with the COVID-19 outbreak. Both, the colonial era Epidemics Diseases Act and NDMA, do not cover surveillance in their scope. Although, there is an argument that basic residuary power to take ‘necessary’ steps to curb the spread of virus, under the mentioned laws accord a legitimate authority to government for surveillance.

It is unclear why the government has not availed these very basic residuary powers to also notify the standing rules on privacy or lawful manner of deployment of tech-enabled surveillance measures. As a natural consequence, government directives infringing an individual’s right to privacy cannot be tested for their legality without any standing rules for arbitrariness and lack of accountability. This is particularly dangerous in a country like India where a data protection statute does not exist.

The use of unregulated novel technologies for surveillance provides no legal checks and oversight

Secondly, the details regarding the technological capabilities of the government for surveillance are largely a secret. It is the sudden outbreak of pandemic that has forced the government to openly introduce a deluge of unregulated, contemporary and emerging technologies for mass surveillance. There is a growing concern among certain privacy advocates that the tech-enabled surveillance could persist beyond the pandemic once it gets accepted and normalized in the present emergency times. History is witness that world’s most dictatorships and authoritarian regimes emerge amid the crises.

There is no information available about the extent and scope of the government’s capability and techniques. The secrecy about the techniques of surveillance impedes the legislative checks or institutional audits. If the public is unaware of how a technology works (due to non-disclosure by the Executive), the said manner of surveillance then cannot be even challenged in a court of law. Therefore, such secrecy is nullifying the system of checks and balances in favor of the ever-augmenting executive power.

Several surveillance techniques are disproportionate and unnecessary

Thirdly, due to the use of technologies of varying level of invasiveness, there are doubts regarding the necessity and proportionality of such measures in relation to the right to privacy and individual liberty.

The Puttaswamy (I) judgment upheld, explicitly recognized in reference to public health, that to legitimately restrict fundamental rights such as privacy and liberty for implementing a measure, such measure should be proportionate in nature. In the case, the SC held that a government measure is proportionate if it satisfies following four criteria: 1) that the measure should pursue legitimate purpose; 2) that the measure should be rationally connected to the purpose; 3) that there should no less intrusive alternative measure available; 4) that the measure should accrue public benefit greater than the extent of infringement of a constitutional right.

More than half of the population of the country doesn’t have access to the internet services. In the context of such a scenario, how is surveillance through mobile application is a necessary measure? Further, several state governments are taking extreme measures of disclosing the home addresses and other personal details of infected and suspected persons, which grossly fall afoul of three prongs of the constitutional test upheld in the Puttaswamy I judgment. An obviously lesser intrusive measure such as informing at a locality level about the presence of infected cases in areas could have sufficed. Allahabad HC also held such practices, publishing personal details of anti-CAA protestors in public, of the UP government as “arbitrary invasion of privacy”.

Karnataka has rolled out a mobile application which comprehensively discloses the location history and home addresses of persons infected and quarantined. Also, some of the states are publicly listing such details wide in social media channels. Such invariable disclosure of private information of infected and suspected persons has prompted concerns and possibilities of social intimidation.

There have already been reports from across the nation of infected and suspected patients facing the stigmatisation, and various forms of discrimination which are further resulting in a negative social impact. For instance, in Maharashtra, public listing of coronavirus suspects on social media led to several cases of forceful eviction of quarantined people by their landlords.

Such events question the proportionality and necessity of the measure as it would have been a satisfactory measure if the government has alternatively chosen a lesser intrusive measure.

Ways to resolve the concerns

There is no denying that certain limitations can be imposed on civil liberties given the urgency of the COVID-19 crisis. However, in a democratic set up like India it is expected from the government that its actions should be transparent and provide a window to the public to assess the government’s accountability. All the worrisome aspects related to public health surveillance measures can be subdued by making concerted efforts to introduce legal backing for its actions, to establish institutional oversight and to use the least intrusive means.

For providing the legal basis, the government can issue the standing rules that would lay down the legal and accountability measures for the responsible local authorities undertaking public health surveillance. The governments should avail the residual powers under the NDMA and the Epidemic Diseases Act to also issue the ad-hoc rules and guidelines in addition to the emergency surveillance measures. These rules and guidelines will provide the mechanism under which surveillance can be carried out without causing deterrence to an individual’s privacy and liberty.

The government can presently provide such ad-hoc rules for privacy protection based on similar principles as delineated in the Personal Data Protection Bill 2019 (“PDPB 2019”) for the data collection during health emergencies. Clause 12 of the PDPB 2019 exempts the data fiduciaries from taking consent under urgencies like pandemic, but strictly imposes requirements of data minimization or purposes limitation, lawful processing, transparency and accountability. Introduction of such principles will ensure that the information collected surveillance is being handled under the constitutional checks to maintain privacy as much as possible

Such ad-hoc rules will obligate the government as a data fiduciary to follow principle of purpose limitation such that the authorities should only collect the minimum possible data which is sufficient for tracing contact, enforcing quarantine and any other lawful and specific purpose. The government shall use the anonymised data only and adopt all security measures to prevent leaks and maintain confidentiality of personal data of data subject. The rules will also mandate the government to delete the collected data at the earliest after it has been used for the specified purpose. This will automatically shun away the emerging concern that the surveillance’s effect could persist beyond pandemic. Further, it will inhibit the misuse of personal data and abuse of surveillance measures.

The surveillance measures aim to keep people in quarantine and check the spread of infection for their benefit, therefore it is suggested that the government should hold no secrets about its surveillance techniques and manners. It should adopt a method of “Public Notice” system such that the local district administration has to notify the model of surveillance to the public before conducting surveillance.

At the very least, this notice should disclose the legal rules governing the tech-enabled surveillance measure, and its purpose. It should be clear on the authorization required for the retention, access, and use of information collected through the use of such novel technology. Such a notice would provide the transparency in the process of imposition of surveillance and allow the legislature and public to exercise meaningful control and oversight over the manner of deployment of unregulated technologies for surveillance.

Parting note

Unarguably, the present situation calls for the governments to take substantial measures to protect the lives and health of public at large, but this should not happen in the utter disregard of constitutionally recognized rights to privacy and individual liberty. The policies and techniques of government should be legitimate and proportionate in order to maintain the democratic principles of public trust and transparency. There is no hard choice between public health and individual’ right to privacy and liberty. Both can mutually co-exist under the legal framework that guarantees the challenge to unnecessary expansion of the surveillance regime.

As pointed out by Deborah Brown, senior digital-rights researcher at Human Rights Watch, “surveillance measures should come with a legal basis, be narrowly tailored to meet a legitimate public health goal, and contain safeguards against abuse”.

Therefore, the government should definitely focus on the situation of urgency for many, instead of investing focused efforts in ensuring rights for few but should not absolutely ignore its accountability towards any section of the community. These fundamental rights are lung to the edifice of our entire constitutional system. The government should make efforts to prevent any injuries to it as much as possible.

COVID-19 crisis is changing Tech related Law and Policy: Surveillance, Fake news, Telemedicine, and Internet

As I view things and events around the world from the comfort of my home, this blog is my take on how regulations related to technology will get impacted due to the COVID-19 pandemic. As they say, sudden and unexpected events often lead to systematic and permanent changes.  Work from home is a mandate now, as the fear of personal contact and surface contact is prevalent, everyone has uncertainty about the impact of infection. There are even doubts on the globalization given the infection is spreading from one corner of the world to another.

Given the fact that COVID-19 is a pandemic, the authorities have commanded us to practice ‘social distancing’ (trending buzz word on social media) under the twenty-one days lockdown. Hence, there is an unwillingness to engage socially among masses now. As there are shifts in perceiving the world now, there is a shift in the understanding of technology as well. Governments around the world are now valuing its role more than ever and understanding the need for the well-drafted technology policy, as they rush to contain the spread of COVID-19.

Following are the potential changes that we can see in the technology policy of India during and after the COVID-19 crisis.

Increase in the adoption of internet services

With the reach of the internet increasing up to 500 million users and over 660 million broadband subscriptions, internet penetration in India is much evident. However, the present situation is proof that it has been a boon for us that Jio entered the market and made the internet more accessible than ever. The internet is an essential service and something that has kept the masses engaged and sane in their homes during the nationwide lockdown. India has the cheapest internet access in the world, but still, as the crisis gets over, the government will definitely consider more options of making internet services more accessible to the poor of the country which is largely suffering in this crisis. In the present lockdown state, it is important to mention the situation that exists in Kashmir where just the 2G internet is available with the speed which is good for nothing.

India has the cheapest mobile data in the world with 1GB costing just Rs 18.5 (USD 0.26) as compared to the global average of about Rs 600, research by price comparison site Cable.co.uk showed. Average Wireless Data Usage per wireless data subscriber per month is 10.37 GB.

Work from Home

Zoom, a video-meeting app, has seen a significant rise in its download over the last week. With employees are unable to attend offices, video conferencing services that work over the internet has become significant. Again, such applications make access to internet an essential service for operating the business online (a fundamental right). As the employment laws are being discussed these days to understand the place of Work from Home in the law, post the crisis policymakers will definitely deliberate on this and provide a permanent solution for it.

Certain important points for reference of readers from the advisory issued by the government in relation employment laws:

The Ministry of Labour & Employment, Government of India advised on March 20, 2020, that all public and private organizations are to refrain from terminating the services of their employees or reducing their wages.

The Ministry of Labour & Employment has extended the deadline for filing the Unified Annual Return for 2019 under eight laws that were filed on the Shram Suvidha Portal to April 30, 2020 (the previous deadline was February 1, 2020). The notification further states that authorities are not to take action against any entity that did not meet the earlier deadline.

The Employees’ State Insurance Corporation (ESIC), through its communication dated March 16, 2020, has extended the dates for filing of ESI contribution and payment. Accordingly, all contributions for the months of February 2020 and March 2020 can be filed and paid up to April 15, 2020 and May 15, 2020, instead of March 15, 2020 and April 15, 2020, respectively.

The Government of India will contribute the employer contribution (on behalf of companies) and employee contribution (on behalf of employees of those companies) towards the Employee Provident Fund Organization (EPFO) for the next three months for establishments with up to 100 employees meeting certain base salary thresholds.

All EPFO members (employees) will now be able to withdraw up to 75 percent of their total EPFO fund or an amount equivalent to three months of their salary, whichever is lower. The amount withdrawn from EPFO shall be non-refundable, and the employees do not need to return the same to their EPFO account.

Streaming services and regulations

In the process of home quarantine, the dependence on the streaming services is so much that the internet service providers have asked streaming platforms like Netflix and Amazon Prime to reduce the bits rate, in order to lower the stress on networks. The streaming platforms have duly conceded to this demand considering the continuous requirement of providing services to consumers. Consumers are realizing the benefits of streaming platforms and hence there is going to be a potential increase in subscriptions going forward, converting to paying users. In terms of policy-making, if streaming services have the potential to displace traditional entertainment services, the Indian government will look for regulating the content more than ever. Government is already in consultation with the stakeholders regarding options of self-regulation or government regulation.

Increase in demand for spectrum to meet the consumer demand

The percentage of connections that are based on a wireless medium is a staggering 96% approx. Therefore, in the light of increased adoption of the internet for continuous entertainment and work at home has led to increased stress on telecom operators. Therefore, with the 20% sudden increase in demand, telecom operators have sought more spectrum allotment from the government.

A new perspective for e-commerce

The government has rightly considered E-commerce as the provider of essential services during the present situation. Their adequate performance under the lockdown can provide them with a deep sigh of relief, as for the past few months, their food and grocery delivery services have been under the strict supervision of the government. There are several lobbies representing the brick and mortar retailers of groceries and food that have targeted e-commerce market and posed it as a threat to the business of offline retailers across the country. The opportunity for them to legitimize the need for online service during the lockdown has done what demonetisation did for digital payments.

Offline print becomes the victim

Online media channels are also opportunists that are gaining certain traction in terms of consumers. The newspaper industry seems to have been hurt by contact to contact the spreading nature of the COVID-19. Various online posts and WhatsApp threads are flowing in the online media that newspapers are potential vectors of COVID-19. In one of the cases, the Times Group has sent a legal notice to The Print for an article which suggested that COVID-19 can potentially spread through newspapers as well. Therefore, there could be a rise in online media usage and could lead to a rift between offline and online media.

A struggle to contain fake news or misinformation

The sensational way in which COVID-19 crisis has led to the nationwide lockdown is much due to the sensationalized content related to COVID-19 which is spreading through the social media across the country faster than the virus itself. The amount of misinformation spreading about COVID-19 is at large scale, and platforms are struggling to deal with it, especially given the lack of continuous moderation by social media platforms which are not warranted legally. This has given several blows to the effectiveness of lockdown given the people believed on certain misinformation such as cow urine is the cure of COVID-19, the religious congregation will protect from the disease etc, which led to people not take lockdown seriously. Understanding the struggles with automatic moderation of the content on the internet, the government can sooner than before enforcing its strict moderation policy which undermines the right to free speech.

The twenty-one days lockdown recently faltered when an exodus of the large number of migrant workers from urban cities like Delhi and Jaipur came in light. The Supreme Court’s division bench in a hearing on Tuesday, while reviewing the steps that the central government has taken to provide relief to the poor migrant workers during the lockdown, expressed serious concern over spread of fake news or misinformation regarding lockdown’s duration on social, electronic and print media causing the mass exodus of migrant worker from cities to their homes in villages. Read the SC’s order here. Centre in this light has sought direction from SC that no media stakeholders should publish COVID-19 news without ascertaining facts with government. Although, The constant and close monitoring has been held as not warranted by law as per various precedents of Indian courts.

Privacy, necessity and proportionality

While the right to free speech could be threatened in the future due to the present crisis, the right to privacy has already dealt with several blows. Considering the situation of emergency and lack of any comprehensive law protecting the privacy, the privacy of a number of citizens have been compromised. The health status of quarantined/ or infected is open to all as their homes are being marked and personal details are being made public on social media. Governments are openly surveilling quarantined people for ensuring the enforcement of quarantine and inviting bids from technology companies to procure technology that can make continuous surveillance more effective. In India, several governments are already tracking citizens by keeping a tab on their phones or utilizing geofencing. The crisis has legitimized much longing plans of the government to create an infrastructure which can assist in surveilling its citizens whenever the need arises. Given the opportunity, the Department of Science and Technology has invited proposals and has set up a task force for building surveillance, AI and IoT tools.

As several privacy activists have opinions against the government’s plan to keep track of infected persons. If litigation arises, the question is whether the present circumstances will meet the necessity and proportionality test in order to justify the violations of privacy?

Drones as part of law enforcement

Drones, in some cities, are being used for surveillance to ensure that the current curfew is not violated. Drones allow the police to surveill and document, in a low risk manner. In cities like Chennai, they are being used to disinfect areas. If all goes well in these difficult times of crisis, then expect that police will place more orders for drones going forward, and many tasks will be automated.

Telemedicine guidelines

One of the prime examples of the proposition that experience of COVID-19 crisis will pace up the policy-making with respect to regulate technology is the rollout of a set of guidelines for telemedicine or remote delivery of medical services. Telemedicine practice means that doctors will now be allowed to use information and communication technologies as per guidelines for the exchange of valid information for diagnosis and treatment of ailments with patients. In order to assure steady and quick medical services during the nationwide lockdown, Ministry of Health and Family Welfare finally sanctioned the guidelines that have been proposed ten years ago. Globally, telemedicine has emerged as a front-line weapon against the COVID 19 pandemic. The situation under present crisis motivated the government to provide the concept of telemedicine among masses explaining that the unnecessary exposure of people involved in the delivery of healthcare can be avoided using telemedicine, as patients can be screened remotely.

COVID-19 Lockdown Guidelines [updated with Addendum]: E-commerce for essential services, key takeaways & punishment under section 188 of IPC

The Ministry of Home Affairs has issued guidelines on the measures to be taken by government authorities for containment of COVID-19 epidemic, which exempts delivery of all essential goods through e-commerce from the 21-day lockdown that had come in effect from midnight today. E-commerce will operate without restrictions in order to deliver food, pharmaceuticals, and medical equipment.

MeITY issues advisory to State Governments

On the same lines, the Ministry of Electronics and Information Technology (MeITY) through an advisory has directed all state governments to permit IT/ITeS industries to carry out essential functions which include delivery, warehouse operations, shipping and logistics.  There are cases and videos reported from several parts of countries of police officials halting and beating delivery executives in order to enforce the implementation of the lockdown. Therefore, the advisory by MeITY will help in ensuring that delivery executives and other associated employees carry out these functions. The Ministry advised the state governments to treat “copy of orders, waybills, invoices” as evidence.

Reuters had reported that e-commerce and online grocery delivery services were being disrupted across the country as multiple states have locked down to contain the COVID-19 pandemic. Section 144 has also been imposed in multiple parts of the country, making it harder for delivery personnel to operate, and for warehouse employees to get to work. Flipkart and Amazon temporarily suspended logistics services for sellers across regions, according to an Economic Times report. The problem that e-commerce companies are facing right now is that different states have come out with different guidelines on their operations during the pandemic. For instance, the Tamil Nadu government has banned home delivery services such as Zomato and Swiggy as the state goes into lockdown, but the Maharashtra government exempted food delivery as the delivery of an “essentially good”.

Therefore, the MeITY advisory will assist in providing a uniform direction to all the state governments in order to allow the operation of e-commerce deliveries of essential services across the country.

Other important things to know

Further, for the general information of the reader:

As per guidelines,

Closed Exceptions
Commercial and private establishments will be closed. (such as shopping malls, private outlets etc.) Shops, including ration shops (under PDS), dealing with food, groceries, fruits and vegetables, dairy and milk booths, meat and fish, animal fodder/ district authorities may encourage and facilitate home delivery to minimize the movement of individuals outside their homes/ Banks, insurance offices, and ATMs/ Print and electronic media Telecommunications, internet services, broadcasting and cable services/ Delivery of all essential goods including food, pharmaceuticals, medical equipment through E-commerce.

 

Offices of the Government of India, its Autonomous/ Subordinate Offices and Public Corporations shall remain closed. Police, home guards, civil defence, fire and emergency services, disaster management, and prisons/ District administration, Electricity department, water, sanitation Municipal bodies (Only staff required for essential services like sanitation, personnel related to water supply etc)/ Hospitals and all related medical establishments, including their manufacturing and distribution units, both in public and private sector, such as dispensaries, chemist and medical equipment shops, laboratories, clinics, nursing homes, ambulance etc. will continue to remain functional/ Transportation services for medical purposed will be permitted.

 

The Ministry of Home Affair issued an addendum to the guidelines to include more services/activities that have been exempted from the 21-day nationwide lockdown. Following additional services have been exempted: [The post has been updated on 26.03.2020]

  • The Government “Treasury” has already been exempted vide the guidelines issued yesterday. It is now clarified that the term “Treasury” would include Pay & Accounts Officers, Financial Advisors, field offices of the Controller General of Accounts;
  • Further, it has been added that the RBI, RBI Regulated financial markets, entities such as NPCI and CCIL, payment system operators and standalone primary dealers would also stand exempted;
  • IT Vendor for banking operations, Banking Correspondent and ATM operation and cash management agencies;
  • Shops for seeds and pesticides;
  • Data and call centres for Government activities only;
  • Operation of Railways, Airports and Seaports for cargo movement, relief and evacuation and their related operational organisations;
  • Inter-state movement of goods/cargo for inland and exports;
  • Cross land border movement of essential goods including petroleum products and LPG, food products, medical supplies; and
  • Veterinary hospitals, pharmacies (including Jan Aushadhi Kendra), Pharmaceutical research labs stand exempted.

Punishment for violating the lockdown order

The guidelines strictly note that-

“Any person violating these containment measures will be liable to be proceeded against as per the provisions of Section 51-60 of the Disaster Management Act, 2005, besides legal action under Section 188 of the IPC.”

Section 188 of the Indian Penal Code provides two offences and their punishments as follows:

  • Disobedience to an order lawfully issued by a public servant, if such disobedience causes obstruction, annoyance or injury to persons lawfully employed. Punishment: Simple Imprisonment for 1 month or fine of Rs 200 or both.
  • If such disobedience causes danger to human life, health or safety, etc. Punishment: Simple Imprisonment for 6 months or fine of Rs 1000 or both.

The Section 3 of the Epidemic Diseases Act talks of penalty on any person found to be disobeying any regulation or order made under the law and would be deemed to have committed the offence under the Section 188 of IPC. Therefore, those violating the lockdown orders can face legal action under the Epidemic Diseases Act, 1897, which lays down punishment as per Section 188 of the Indian Penal Code, 1860, for flouting such orders.

Note from the author: The blog started with the aim of simplifying and compiling laws related to technologies for the understanding of everyone. The keyword that motivated the author to write on such topics is the uncertainty behind the laws that regulate technology. However, this post has been different and dealt with the simplification of certain other issues as well. It is again the uncertainty behind the present times that has motivated the author to write this blog piece. The uncertainty related to the magnitude of the damage due to the corona outbreak may result in more such unprecedented laws and guidelines from the government. The author will continue to simplify them for the understanding of everyone. A very little contribution to society in these difficult times. Let us fight this together. Stay home, stay healthy.

Simplifying FinTech and FinTech Laws: Key Takeaways for Indian FinTech Industry

The significant advancements in Fintech are directly impacting on the traditional financial sector. The regulators had to be cautious in order to not miss the train and should jump on the wagon of promoting financial innovation and stiff competition in the sector. The newcomers in the sector should be provided certain leniency in form of exemptions from a number of strict compliances which are used to curb the malpractices of the big corporations, for the sake of promoting competition in the market. This post is dealing with key takeaways from reports of different regulators’ committees in India. This is the last post in the series of ‘Simplifying FinTech and FinTech Laws’.

Fintech charged firms and businesses must work in tandem with the regulated entities, e.g. banks and regulated finance providers. The businesses that a bank can undertake are provided under Section 6 of the Banking Regulation Act, 1949 and there is no business outside Section 6 that can operate as the bank. Such provisions, therefore, incentivize banking companies to make fintech innovations in a narrower scope relevant to their operations. The archaic laws make it difficult for banks to undertake fintech innovations that can be of significant utility but are beyond the scope of financial regulation.

The Watal Committee Report noted this, that:

“The current law does not impose any obligation on authorised payment systems to provide open access to all PSPs. This has led to a situation where access to payment systems by new non-bank payments service providers, including FinTech firms, is restricted. Most of them can access payment systems only through the banks, which are also their competitors in the payments service industry. This, according to the Committee, has restricted the fast-paced expansion of digital payments in India by hindering competition from technology firms.”

Forming a comprehensive and non-discriminatory regulatory approach

Regulators and legislators are required to realign their legal approach to the Fintech services. There is a requirement of developing a deeper understanding of various Fintech services and their interaction in a financial environment with other fintech services. To provide the fintech space to work utmost to its potential, it is needed that it gets a level playing field in relation to the traditional banking and non-banking players. The practise of restricting the access of non-bank institutions to payment infrastructure, such as AEPS, has to be reevaluated and the proper steps to be taken. It is required from the end of Government and Regulatory bodies that they should adopt necessary measures in order to provide accessibility to national payment infrastructure and facilities to all fintech firms without any discrimination.

Providing Standards for Data Protection and Privacy

All the fintech companies are required to invest significantly in self-regulating policies to prevent privacy risks. Fintech companies should be provided with the standards of data protection as soon as possible by government and regulators. It is evident that the provisions of the Personal Data Protection Bill, 2019 can significantly affect the growth of Fintech companies. Therefore, the standards adopted for fintech companies by regulators should be reviewed with respect to data protection and privacy concerns. The government and regulators specific to finance of the country should start focusing on the valuation of data that is processed by banking companies and recommend practices to safeguard consumer interests.

Open Data principles should govern the financial sector in order to enhance Competition

The regulators should pay heed to the open data policy among participants of a fintech sector. The regulators should begin with the mandatory norms directing financial service companies to encourage banking institutions to enable participants to access the databases of their rejected credit applications on a specific platform on a consensual basis. The practice of the UK with respect to Open Data Regulations in Banking can be adopted, where banking institutions on the basis of consent framework allow data to be available to banking partners in order to foster competition. Even the RBI Steering Committee on Fintech recommended:

“It also recommends that all financial sector regulators study the potential of open data access among their respective regulated entities, for enhancing competition in the provision of financial services.”

The KYC process should be reformed with respect to the Supreme Court’s Judgment on Aadhaar’s validity

Fintech businesses are the most affected entities due to the striking down of Section 57 of the Aadhaar Act as it invalidated the online KYC process. The online KYC and authentication provided the required efficiency and convenience to fintech firms with respect to their endeavours of on-boarding as many as consumers on their digital platform. It is recommended that alternatives to the mandatory linking to Aadhaar should be adopted in the form of possible video-based KYC, such that the documents as verified must be protected and processed with the prior consent of the consumer.

Other key recommendations

1. It is recommended that the adequate cybersecurity, anti-money laundering and fraud control measures should be adopted by investing in technologies and guidelines that can prevent fraud.

2. Technical innovations should be monitored with respect to the potential risk that innovation carries in operation under the contemporaneous legal landscape of the country.

3. A self-regulatory body to facilitate the needs of fintech is much needed as for the RBI it is still turning out to be difficult to replace the existing regulatory structure. A regulatory mechanism allowing the broader participative consultation approach should be adopted.

4. Regulators should invest in Reg-Tech (“Reg Tech is a sub-set of FinTech that focuses on technologies that facilitate the delivery of regulatory requirements more efficiently and effectively than existing capabilities. In July 2015 the FCA issued a call for input entitled ‘Supporting the development and adoption of Reg Tech’.”)

5. The majority of economies have adopted the practice of setting up of the regulatory sandboxes catalyzing the fintech innovations. It is recommended that RBI should continue with the introduction of the mechanisms, like regulatory sandboxes, enabling the adaptation of regulatory initiatives which will play a key role in maintaining India’s competitive edge.

Simplifying FinTech and FinTech Laws: Regulatory Initiatives taken by Government and Regulators in India for FinTech

No industry in the economy can boom unless it is supported by the Government in the country it wishes to further expand in. A fine line exists between regulation and obstacles for the industry to boom. In light of this, the Government of India has begun to take initiatives and steps toward the stronger building of fintech in the country, paving the path for this industry to a brighter future. This post will give you a brief overview of all the regulatory initiatives that the Government and Regulators have taken to promote the FinTech in India. This is the fourth post in the series of ‘Simplifying FinTech and FinTech Laws’.

Fintech in the past decade has expanded rapidly. What once emerged as merely as an intersection point of financial services and technology, has now become an important aspect of India’s economy. With the vision of the country towards a digitized and less dependent economy with ‘make in India’, fintech has gained a larger space to expand in and function smoothly. According to the NASSCOM Report ‘Fintech Landing- Unlocking Untapped Potential’, it is because of initiatives in India that have led India to emerge as a leader for the fintech industry worldwide. According to this research by NASSCOM, India alone harbours 2% of the largest start-up base for fintech in the world and also leads in the rate of adoption of fintech at 87% adoption rate.

Not only the initiatives by the Government adversely affect the success of the fintech industry in the country, but the allied regulators of financial institutions play a role as well. These include regulators such as SEBI, RBI, Insurance Sector, etc. Such an encouraging atmosphere for the development of fintech in the country has increased faith in fintech among the consumers in the country, for easier and grass-root adoption and acceptance of fintech.

Initiatives by the Central Government

Encouragement for the Start-Ups

With the policies such as that of make in India and to boost the Indian economy, the start-ups are increasingly supported by the Government. In 2015 itself, over 12,000 start-ups in the area of fintech emerged across the world. In India, the initiative to support the start-ups was launched by the Central Government in 2016, reserving USD 1.5 billion funds to support the start-ups. Under the increased support, he start-ups began to receive in the country, there are more than 600 startups in fintech at present in India. It is in light of such an initiative begun by the Government and supported by the allied stakeholders that India progresses towards the vision of a completely digitalised economy, promoted innovation and leading economy with sustainable growth.
In further aid of this initiative that the Government has now introduced tax reliefs such as 3-year exemption from paying tax for the start-ups along with other exemptions, credit guarantee, etc.

Digitization of the Economy

The current Government fiercely promotes the digitization of the economy. Whether intended or not, the unprecedented demonetization has acted nothing less than a catalyst in increasing the digital payments in the country. Having scaled the benefits of digital payments, it is now increasingly used by the country than retreating back to the physical currency. Such an environment is an ideal environment for the fintech ecosystem to thrive in.

Taxation Reliefs

Apart from the policies of the Government to support the fintech, taxing regime plays a major role in the growth of the fintech industry in the country. The 2016 Budget introduced tax rebates for those traders who transacted more than 50% of their bill digitally. The Ministry of Finance further proposed withdrawal of surcharge on digital payments of cards and online used to avail government services. The surcharges as of now stay relaxed.

Protection of Intellectual Property

The fintech start-ups are supported with ease in the procurement of intellectual property (IP) acquirement. The facilitation in the acquirement of trademarks, patents, designs, etc. has led to an increase in the start-ups under the fintech industry in the country. Moreover, under the start-ups initiative, the Government offers 80% rebates for the patent costs required for the start-ups.

Infrastructural Plans

The Government’s plans to accelerate the economy of the country with digital India and Smart Cities have led to an increase in reliance upon fintech in the country more than ever. Not only the local fintech industry is expected to benefit out of his but the outsourcing and foreign investment are also expected to be increased to further the advancement of the fintech industry in the country.

National Payments Council of India

It is the umbrella organisation for all retail payments in India, under the guidance of RBI and Indian Banks Association. With the increase of multiple usages of mobiles in India and increased acceptance of Unified Payment Interface (UPI), there was a paved way for the National Payments Council in India (NPCI). The expected userbase of smartphones is by 2020 is 500 million. Thus, the digital footprint is expected to rise as well. Initiatives by the NPCI such as that of Rupay Cards have led to fintech adopting such technologies, penetrating further into the traditional banking system in the country.

India Stack

India Stack is a set of Application Program Interfaces that allow entities such as businesses, start-ups, governments and developers to engage in the utilisation of the digital infrastructure. This unique feature of India Stack helps to solve problems in ground level in India and promote the paperless, cashless and presence-less delivery system in India. India Stack mirrors the support system offered to the telecom industry back in the 1990s for the fintech industry in the country. This has enabled the manifold increase in fintech in the country and has facilitated easy adoption of fintech by the innovators, entrepreneurs, other industries and companies. However, after the Aadhaar judgment, the India Stack programme has stopped.

Initiatives by Financial Market Regulators

The financial market regulators (FMRs) role has gravely impacted the fate of the fintech industry in the country. Some of the primary FMRs are discussed herein:

Reserve Bank of India (RBI)

One of the most recent initiative by RBI for the adoption of fintech in the financial market is allowance to set up the regulatory sandbox. This refers to the controlled environment in which live testing of digitally innovative techniques may be conducted in the arenas of e-KYC, retail payments, management of wealth, etc. RBI has also acknowledged the possibility of fintech disruptions in the financial market, in light of which certain regulatory norms have been introduced. However, it is to be noted that these are purely regulatory in nature in benefit of the consumers and fintech industries, without creating a hurdle for the boom of the fintech industry. Moreover, to better understand the nitty-gritty of fintech in influencing the traditional financial market, RBI set up an inter regulatory working group to come up with an appropriate framework for fintech without disrupting its functions. RBI in 2017 released a ‘Report on Working Group on Fintech and Digital Banking’ acknowledging fintech to be a point of attention in today’s era and uncertain regulatory regime to stunt its growth. Thus, RBI persuades other sectors to be better apprised with fintech to come up with better and definable regulatory regime so as to not cause unprecedented or unforeseen loss to this industry and continue with its growth.

However, with no uniform set of guidelines and no particular authority to govern fintech, fintech at present faces loss in this area. The aforementioned market regulators have their own policies for fintech which often overlap and defeat the purpose of facilitating policies to obstacles fintech needs to overpower to ensure its smooth functioning. The grey areas of fintech require to be urgently addressed so that the booming growth does not reduce to stunted growth of the industry India expected to lead in future. It is expected with RBI’s report and acknowledged lacuna in the current fintech ecosystem, changes are soon to begun to take place across all sectors in the financial market to ease the functioning of fintech for greater benefits.

The RBI has also introduced several small fintech spaces in order to invite comments from general stakeholders before issuing any regulation governing new technologically innovative financial products. The RBI has released a ‘Draft enabling Framework for Regulatory Sandboxes’ which proposes guidelines on governing regulatory sandboxes to be established by RBI to check on the R&D of new fintech products and services.
The RBI, as well, has recognized the need for confidentiality and data protection. The RBI’s “Master Circular on Mobile Banking Transactions in India” states that “technology used for mobile banking must be secure and should ensure confidentiality”.

Below is the table that represents how well are such fin-tech regulatory sandboxes faring. This is an independent research initiative by the author.

Country Name of the Regulator Date of Starting Sandbox Name/ Project Name Number of Participants Remarks
The United Kingdom Financial Conduct Authority (FCA) Launched in October 2014- First cohort of applications opened on May 2016 The regulatory sandbox is a part of the project called Innovate by FCA Nearly 375 Applications (Since 2016); Nearly 131 Applications have been accepted. Sources: FCA publication on’Regulatory Sandbox lesson learnt’ https://www.fca.org.uk/publication/research-and-data/regulatory-sandbox-lessons-learned-report.pdf. Also See, Official Webpage of the FCA Regulatory Sandbox, https://www.fca.org.uk/firms/regulatory-sandbox/cohort-1 Following sources have been referred to understand the framework of ‘Regulatory Sandboxes’ in the UK: 1) FCA publication on Regulatory Sandbox https://www.fca.org.uk/publication/research/regulatory-sandbox.pdf; 2) FCA publication on’Regulatory Sandbox lesson learnt’ https://www.fca.org.uk/publication/research-and-data/regulatory-sandbox-lessons-learned-report.pdf; 3) Guide to Financial and Regulatory Innovation https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/701847/UK_finanical___regulatory_innovation.pdf
Singapore Monetary Authority of Singapore Launched in November 2016 There are two kinds of Sandboxes that have been proposed under the MAS supervision: ‘Sandbox’ and ‘Sandbox Xpress’ Nearly 50 Formal Applications have been considered; Half were withdrawn; 1/3rd proceeded without the need of Sandbox; remaining being approved or under review. (till 2019) Source: NUS CBFL working paper 19/04 https://law.nus.edu.sg/cbfl/pdfs/working_papers/CBFL-WPS-1904.pdf The low figures of participation is because MAS is very specifically selective about the applicants and MAS’ view of Sandbox as a last resort to facilitate innovation,
with the primary tool being instituting facilitative regulations in the first place. Further readings are important: https://law.nus.edu.sg/cbfl/pdfs/working_papers/CBFL-WPS-1904.pdf; MAS gidelines on Sandbox https://www.mas.gov.sg/-/media/MAS/Smart-Financial-Centre/Sandbox/FinTech-Regulatory-Sandbox-Guidelines-19Feb2018.pdf?la=en&hash=B1D36C055AA641F580058339 09448CC19A014F7; The MAS Act https://www.mas.gov.sg/regulation/acts/mas-act
Australia Australian Securities and Investments Commission (ASIC) Launched in December, 2016 Fintech Regulatory Sandbox is a part of Project Innovation Hub by the ASIC As set out in ASIC’s Innovation Hub Progress Report as of October 2018, 314 entities requested and received informal assistance, and 67 new AFSLs/ACLs were granted. In 2018–19, the Innovation Hub provided informal assistance to over 190 businesses (fintech and regtech), helping them consider regulatory issues early and where relevant prepare licence or relief applications. Source:ASIC Cooperation Report 2017-18 https://download.asic.gov.au/media/4922434/annual-report-2017-18-published-31-october-2018-section5.pdf & ASIC Cooperation Report 2018-19 https://download.asic.gov.au/media/5314426/asic-annual-report-2018-19-section-5.pdf. The Treasury Laws Amendment (2018 Measures No. 2) Bill 2019 (Bill) could provide an example of ideal specific legislative framework related to Fintech Sandboxes given the number of benefits it proposes. The Bill aims to enhance the existing regime by enabling more businesses to test a wider range of financial products and services, for a longer period of time. The Federal Government anticipates that this will help drive competition in the financial services industry, incentivising financial providers to be more responsive to the needs of consumers. While the Bill broadens the types of credit products and services which are eligible for the regime, it simultaneously imposes stricter requirements on credit services which are already subject to the regime. Sources referred: ASIC expands Sandbox Regime https://www.lexology.com/library/detail.aspx?g=825aafdb-0cf4-4dfd-b6b0-be411bb5f957;
Malaysia Bank Negara Malaysia (BNM) through its cross-functional group the Financial Technology Enabler Group (FTEG) Launched in October 2016 Regulatory Sandbox Till October 2019, 80 applications have been submitted under the Financial Technology Regulatory Sandbox. Source: Assistant Governor Keynote Address at the Takaful Rendezvous 2019 – “Leading in a Disruptive World – Revolutionising Takaful” at https://www.bnm.gov.my/index.php?ch=en_speech&pg=en_speech&ac=841. In 2017, there have been four confirmed participants and while in 2018 , there have been six confirmed participants (in which 1 exited later). Source: The State of Regulatory Sandboxes in Developing Countries, Digital Financial Services Observatory, Columbia Institute for Teleinformation, Columbia University, New York, https://dfsobservatory.com/sites/default/files/DFSO%20-%20The%20State%20of%20Regulatory%20Sandboxes%20in%20Developing%20Countries%20-%20PUBLIC.pdf Sources to refer: 1) BNM has provided a regulatory framework for the ‘Fintech Regulatory Sandbox Framework”. http://www.bnm.gov.my/index.php?ch=57&pg=137&ac=533&bb=file; 2) Infographics explain it all, https://www.myfteg.com/?page_id=1129; 3) The State of Regulatory Sandboxes in Developing Countries, Digital Financial Services Observatory, Columbia Institute for Teleinformation, Columbia University, New York, https://dfsobservatory.com/sites/default/files/DFSO%20-%20The%20State%20of%20Regulatory%20Sandboxes%20in%20Developing%20Countries%20-%20PUBLIC.pdf; 4) FAQs related to Sandbox, https://www.myfteg.com/?page_id=1133.
Hong Kong Hong Kong Monetary Authority Launched in November, 2016 Fintech Supervisory Sandbox (FSS) Nearly 170 Tested Participants [By the end of 2017, 28 fintech products tested (HKMA Annual Report 2017, Pg109, https://www.hkma.gov.hk/media/eng/publication-and-research/annual-report/2017/AR2017E.pdf), then by 2018, 42 products have been tested (HKMA Annual Report 2018, Pg.7, https://www.hkma.gov.hk/media/eng/publication-and-research/annual-report/2018/AR2018E.pdf) and till October 2019, around 92 new technology projects have been tested (Usage of the FSS until the end of October 2019, https://www.hkma.gov.hk/eng/key-functions/international-financial-centre/fintech/fintech-supervisory-sandbox-fss/)%5D. Nearly 84 products have been rolled out in the Market successfully (14 in 2017, 28 in 2018 and 42 till October 2019) Following sources are required to be referred to: HKMA-FSS framework of guidelines, https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2016/20160906e1.pdf; HKMA Annual Report 2017, Pg109, https://www.hkma.gov.hk/media/eng/publication-and-research/annual-report/2017/AR2017E.pdf.
Securities and Futures Commission (SFC) September, 2017 SFC Regulatory Sandboxes In 2018, there have been 2 firms that have been tested. (Source: https://bfsi.economictimes.indiatimes.com/news/regtech/global-sandbox-by-gfin-to-boost-cross-border-innovation-in-financial-services-fintech-association-of-hong-kong/69376356) Checked all the official reports but they have not provided any explicit number. I have scheduled a call with Syed Musari, Chairman of the HK Fintech Assn. [On call also he said there are 2 only such firms that have been confirmed till now) Following Sources: ‘Circular to announce SFC Regulatory Sandbox’, https://www.sfc.hk/edistributionWeb/gateway/EN/circular/openFile?refNo=17EC63
Insurance Authority (“IA”) Launched in September, 2017 IA Insur-tech Sandbox Since the launch of Insurtech Sandbox until end February 2019, IA received eight sandbox applications and two were completed and rolled out to the market. Source: Discussion Paper, Legislative Council Panel on Financial Affairs, LC Paper No. CB(1) 70/18-19(04), Pg.6, https://www.legco.gov.hk/yr18-19/english/panels/fa/papers/fa20190401cb1-760-4-e.pdf Following sources can be referred to: 1) https://www.ia.org.hk/en/aboutus/insurtech_corner.html#1 ; 2) Discussion Paper, Legislative Council Panel on Financial Affairs, LC Paper No. CB(1) 70/18-19(04), Pg.6, https://www.legco.gov.hk/yr18-19/english/panels/fa/papers/fa20190401cb1-760-4-e.pdf
Bahrain Central Bank of Bahrain’s FinTech and Innovation Unit Launched in May 2017 The Regulatory Sandbox Since its launch in 2017, 35 Fintech participants have been included in the Sandbox. (As provided on the official website in the section of ‘Regulatory Sandbox Register’ at https://www.cbb.gov.bh/fintech/). Although, till 2018 CBB received 48 applications. (Source: CBB Annual Report, https://www.cbb.gov.bh/wp-content/uploads/2019/04/CBB-Annual-Report-2018-English-1.pdf) Following sources: 1) ‘Regulatory Sandbox Register’ at https://www.cbb.gov.bh/fintech/ ; 2) CBB Annual Report, https://www.cbb.gov.bh/wp-content/uploads/2019/04/CBB-Annual-Report-2018-English-1.pdf; 3) The Circular https://cbb.complinet.com/net_file_store/new_rulebooks/c/o/Cover_letter-Regulatory_Sandbox-Amended28Aug2017.pdf
Netherlands De Nederlandsche Bank (DNB) Aand Dutch Authority for the Financial Markets (AFM) as per their MoC (Memorandum of Cooperation) Launched in January 2017 Regulatory Sandbox’ under the Innovation Hub There is no specifc register or data that is available for the number of entities that are strictly part of the Regulatory Sandbox (Even in their guiding paper released in December 2016, they specifically stated in Section 4, at Pg.5, that “such requests are confidential and will be treated as such”.) Although, the regulators have shared that total 650 queries has been received by the Innovation Hub and Sandbox together till 28th August 2019 (Source: Report DNB-AFM, Continuing Dialogue, InnHub and RegSandbox: lessons learned after three years, https://www.dnb.nl/en/binaries/Continuing%20dialogue_tcm47-385301.pdf) Following Sources can be referred to: 1) De Brauw Blackstone Westbroek, https://www.debrauw.com/alert/dnb-afm-create-regulatory-sandbox/; 2) Guiding paper/Framework related to Regulatory Sandbox, https://www.dnb.nl/en/binaries/More-room-for-innovation-in-the-financial%20sector_tcm47-361364.pdf?2020011512; 3) Report DNB-AFM, Continuing Dialogue, InnHub and RegSandbox: lessons learned after three years, https://www.dnb.nl/en/binaries/Continuing%20dialogue_tcm47-385301.pd; 4) European Banking Authority, Report, FinTech: Regulatory sandboxes and innovation hubs, https://www.esma.europa.eu/sites/default/files/library/jc_2018_74_joint_report_on_regulatory_sandboxes_and_innovation_hubs.pdf.)
UAE Financial Services Regulatory Authority Launched in August 2016. Although, the first cohort started in May 2017 FinTech Regulatory Laboratory (RegLab) Until October 2019, 185 Applicants, 74 Participated – [First Cohort: 11 Applicants, 5 Selected (Official Press Release, https://www.adgm.com/media/announcements/abu-dhabi-global-market-admits-first-5-regional-and-international-reglab-applicants); Second Cohort: 22 Applicants, 11 Selected (Official Press Release, https://www.adgm.com/media/announcements/abu-dhabi-global-market-admits-2nd-reglab-cohort-with-11-more-local–global-fintech-firms); Third Cohort: 69 Applicants, 26 Selected (Official Press Release, https://www.adgm.com/media/announcements/abu-dhabi-global-market-admits-3rd-reglab-cohort-with-more-uae-fintech-firms); Fourth Cohort:83 Applicants, 32 Selected (Official Press Release, https://www.adgm.com/media/announcements/adgm-admits-4th-reglab-cohort)%5D. Following sources: 1) The official Guidance, The guidance paper, http://adgm.complinet.com/net_file_store/new_rulebooks/f/i/FinTech_RegLab_Guidance_VER01_31082016.pdf; 2) Entire legal framework and associated papers can be found here http://adgm.complinet.com/en/display/display_main.html?rbid=4503&element_id=13995.

Securities Exchange Board of India (SEBI)

The presence of SEBI has largely affected the financial market for over two and a half decades now. The interface of technology in the financial market has only led to a rise in the financial sector. It has led to efficiency in the system of trading, reduced costs of transactions and an increase in consumer base. Not only this, technology has played a significant role in democratising the financial market. While these remain the immediate effect felt of technology as it entered the financial market, more recent are the machine-based and algorithmic trading. SEBI has warmly welcomed technology in the market with screen-based trading, dematerialisation of shares and using it as a platform to offer nationwide trading. The capital market in India with such innovations backed by SEBI has witnessed the transformation in recent years.

Insurance Sector

The innovation in the insurance sector has always been thought about twice, such that its adoption has remained the slowest in this sector in the financial market. However, the past decade with the rise of fintech has seen the regime of insurance sector change, especially with the digital channels and process automation. Technology has further led to the addition of personal touch and customised services for consumers. The fintech had led to increasing common conscience of the society to repose faith in the insurance sector due to customised services and cost-effective functions. Fintech has ensured that the start-ups in the insurance sector do not act as a tool of disruption in the insurance sector and spread a sense of insecurity amongst the existing companies but act as a collaborator, collate the efforts of all and direct services for the benefit of the consumers.

Recommended Readings:

Solve India’s problems’: Modi launches Rs 100 billion fund, generous tax breaks for Indian start-ups, First Post, 17 January 2016, http://www.firstpost.com/business/pm-modis-grandinitiative-for-indian-start-ups-a-rs-10000-cr-fund-3-year-tax-rebate-2587272.html accessed on 25 May 2016.
Budget 2016: Start-ups get 100 per cent tax exemption for 3 years on profits, 29 February 2016, DNA India, http://www.dnaindia.com/money/report-budget-2016-start-ups-get-100-taxexemption-for-3-years-on-profits-2183981(last accessed on 25 May 2019).

Manisha Shroff, Nikita Nehriya, Ankit Chavan and Praneetha Vasan, Data Privacy: Have Banking Laws in India kept pace with Technology, Indian Law News Vol 9 Issue 2, at https://www.khaitanco.com/PublicationsDocs/IndiaLawNews-KCOcoverageManishaShroff-Copy%20(2).pdf

Simplifying FinTech and FinTech Laws: All the laws that govern digital payments and transactions in India

Over the years, the financial services industry has become increasingly regulated in terms of adoption of technologies for facilitation and disintermediation of transactions. The extensively fragmented laws and regulations certainly make it difficult for any person and entity to objectively find the mandatory requirements that a law imposes upon them. This post will give you a brief overview of fintech laws and the various ways in which they govern our digital transactions. This post is the third one in the series of ‘Simplifying FinTech and FinTech Laws’.

The legal topography that regulates the Fintech services in India is majorly distributed, and there is not a single comprehensive regulation or legislation that governs the Fintech industry in the country. The lack of a complete and comprehensive single set of guidelines or regulations makes it hard to refer to actual authorities that are supposed to govern the Fintech in India. The legislative or regulatory, whichever it is, primarily comprises of:

The Payment and Settlements Act, 2007

The sources of law that actually governs payment in Indian jurisdiction are the Payment and Settlement Systems Act, 2007 (PSS Act) and the Payment and Settlement Systems Regulations, 2008 and rules as issued thereunder. Basically, these are the statutes from which India’s central bank, the Reserve Bank of India, derives power to function and regulate payment and settlement system in India. In accordance with the PSS Act, the RBI has wide discretionary powers to issue orders, directions and rules to financial systems established in India. There are several recommendations (pending), to change the PSS Act and form a new regulatory board named as the Payments Regulatory Board (PRB), while the necessary amendments to the PSS Act still await.

As per the PSS Act, any person inclusive of the non-banking financial companies (NBFCs) which want to undertake the operation of a payment system, may do so as upon taking the authorization by the RBI. The Act provides several eligibility criteria that are required to be fulfilled by that person or company wishing to operate as a payment system. Further, technology facilitators between merchants and banking institutions (that process and settle the transactions), are known as ‘Gateway Service Providers’, doesn’t have to acquire any authorization from RBI. For instance, common gateway service providers are BillDesk, RazorPay, InstaMojo etc.

The PSS Act is the primary legislation that governs the regulation pf [ayments in India. The PSS Act provides the definition of the “payment system” such that:

“a system that enables payment to be effected between a payer and a beneficiary, involving clearing, payment or settlement service of all of them, but does not include a stock exchange”.

Master Direction on Issuance and Operation of Prepaid Payment Instruments

Prepaid Payment Instruments (PPIs) that are pre-loaded values (basically your PayTM or Freecharge wallets) and in some cases that value can be utilized for a specified purpose only as payment (basically Ola Money). PPIs provide the value to existing in a specified form which facilitates the payment for goods and services also in certain cases person to person remittance transactions of money for eg. sending money to your friends or family members. As defined in Rule 2.3 of the Master Directions:

“PPIs are payment instruments that facilitate purchase of goods and services, including financial services, remittance facilities, etc., against the value stored on such instruments. PPIs that can be issued in the country are classified under three types viz. (i) Closed System PPIs, (ii) Semi-closed System PPIs, and (iii) Open System PPIs.”

The Master Directions were issued by the RBI on October 11, 2017, and amended from time to time. It provides the eligibility criteria that is required to be followed by the PPI issuers, provides the thresholds for debits and credits that can be done using PPIs, and also provides the other operational obligations that are required to be fulfilled by a PPI issuer at the time of issuing such instruments to its customers in India. PPIs come into the ambit of the term ‘payment system’ as provided under the PSS Act and henceforth have to comply with the PSS Act and the Master Directions, both. PPIs include brand-specific gift cards, e-wallets like PayTM wallet, Freecharge, Mobikwik, shopping or travelling cards as issued by the Banks themselves, etc.

NPCI Guidelines governing the UPI Payments

UPI payments are governed through the Procedural Guidelines related to UPI and Operating and Settlement Guidelines related to UPI, as issued by the NPCI. As per the contemporary governing framework, the Banks only have the scope to provide UPI payment services to consumers. Banks are authorized to integrate the UPI platform into their payment systems. They operate over the UPI platforms by engaging the services of a technology provider, in such circumstances the Guidelines subject such technology providers and the Banks to strict compliance with certain norms as prescribed by the NPCI.

“The Unified Payment Interface enables architecture and a set of standard Application Programming Interface (API) specifications to facilitate digital payments using a mobile phone.”

Regulations related to Non-Banking Financial Companies (NBFCs)

The primary document of legislation that governs the NBFCs is the Reserve Bank of India Act, 1934 and subsequent to other secondary master directions and rules and guidelines and circulars which regulates the licensing and operation of such companies in India. The RBI has formed a set of thresholds that are required to be fulfilled in order to determine whether a business entity is to classified as a “financial services company” which also requires a license. Majority of lenders that operate digitally fall under the ambit of the term ‘NBFCs’. The most important regulation that holistically governs NBFCs is the Master Direction – Non-Banking Financial Company – Systemically Important Non-Deposit taking Company and Deposit taking Company (Reserve Bank) Directions, 2016, Master Direction – Non-Banking Financial Company –Non-Systemically Important Non-Deposit taking Company (Reserve Bank) Directions, 2016, and Master Direction – NBFC – Acceptance of Public Deposits (Reserve Bank) Directions, 2016.

Master Directions related to P2P lending platforms

The Master Directions- NBFC- Peer to Peer Lending Platform Directions 2017 incentivized a whole lot of activities for P2P platforms. It provided the P2P platforms to act as an intermediary, such that it has to comply with certain strict legal requirements and has to conduct proper due diligence of participants that are using the platform to finance or borrow. The Master Directions make it mandatory for P2P portals to check the creditworthiness in a form of an assessment and perform risk profiling of the borrower’s business or project, and actively share the disclosures with the potential investors or lenders. Further, RBI regulations bar the P2P platforms from lending or raising deposits or cross-sell any product over the portal. They are not required to facilitate any credit guarantee or secured loans. Cross-jurisdictional flows of funds are barred as per the Master Directions. Therefore, in toto, the Directions prescribe the norms that govern lender exposure and aggregate borrowing thresholds in the context of workings of P2P lending platforms in the country.

Guidelines to govern Payment Aggregators/Intermediaries

The RBI’s circular related to“Directions on opening and operation of Accounts and Settlement of Payments for Electronic Payment Transactions involving Intermediaries” as on November 24, 2009, (“Payment Intermediary Circular”), which lays down the legal framework that applies to the operation of payment gateways and intermediaries in India. Such intermediaries are strictly subjected to be in compliance with guidelines related to the operation of intermediary systems in Inda as provided under the Payment Intermediary Circular.
According to the RB I’s recent discussion papers, it has been suggested that the payment gateways and aggregators form a significantly critical link in the transaction flow, and henceforth it is required to regulate the activities as fall under the ambit of the PSS Act, 2007. The RBI has provided that the established contemporary guidelines governing payment intermediaries and gateway providers have to be reviewed in its Monetary Policy Statement for 2018-19.

RBI Guidelines on Payment Banks

The Guidelines on operation of Payment Banks and Guidelines for Licensing of Payment Banks as provided under the RBI’s governing framework elucidates that the governing regulations and measures related to licensing and operation of payments banks in India. The guidelines, among others, lays down the criteria for eligibility for registration or permissible operation and further other such guidelines that govern the working of payment banks. The Reserve Bank of India provides the purpose of setting-up Payment Banks such that:

“Reserve Bank of India says ―The objectives of setting up of payments banks will be to further financial inclusion by providing (i) small savings accounts and (ii) payments/remittance services to migrant labour workforce, low income households, small businesses, other unorganised sector entities and other users.”

Anti-Money Laundering (AML) Regulations and Know Your Customer (KYC) Regulations

Know Your Customer (“KYC”) is a term that indicates the customer identification process. The KYC norms include the prudential efforts made to ascertain the identity and ownership source of accounts, source of funds, the nature of customer’s business, and accountability of operations in the account in connection to the customer’s businesses etc which further assists banking institutions to manage the risks reasonably. The purpose of the KYC guidelines is to avoid and prohibit banks from being used, specifically as criminal essential of money laundering.

The Reserve Bank of India issued the guidelines to banks under Section 35A of the Banking Regulation Act 1949 and Rule 7 of Prevention of Money-Laundering (Maintenance of Records of the Nature and Value of Transactions, the Procedure and Manner of Maintaining and Time for Furnishing Information and Verification and Maintenance of Records of the Identity of the Clients of the Banking Companies, Financial Institutions and Intermediaries) Rules, 2005.

The key takeaway regulatory guidelines that prescribe anti-money laundering (AML) norms for fintech services in India are part of the PMLA, the PML Rule and the KYC norms included in the Master Directions.

Data Protection Regulations and Rules

Fintech is a data-driven industry due to which it faces a challenge or risk related to the data ownership and its security. Such a risk can be superseded by taking certain legal and technical measures only. There are choices of cybersecurity measures that data labelling, optional information sharing and identified data shareholding, which can be the response to various data-driven challenges that the fintech space is facing.
Unauthorized access to customers’ data is a threat to data privacy, which actually violates the fundamental right to privacy, and therefore a significant challenge to the Fintech platforms engage in gathering and storing several forms of financial and behavioural data. India, right now, doesn’t have any comprehensive legislative or regulatory framework that governs data protection. The Information Technology Act 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, contemporarily provide for the obligations of corporations or businesses to take reasonable measure in order to protect the personal data of consumers.

Further, the draft Personal Data Protection Bill, 2018, that is in pipeline can be best described such that:

“The draft Personal Data Protection Bill (2018) contains provisions that go beyond just the requirements of the IT Rules. The Bill specifies a notice and consent framework with explicit consent in the case of sensitive personal data. Explicit consent is understood as consent that is informed, clear, and specific along with being free and capable of being withdrawn.”

Recommended Readings:

  1. Aayush Rathi and Shweta Mohandas, Fintech in India: A study of privacy and security commitments, The Centre for Internet and Society, at https://cis-india.org/internet-governance/files/Hewlett%20A%20study%20of%20FinTech%20companies%20and%20their%20privacy%20policies.pdf (last accessed on 12/10/2019).
  2. Dr. R Srinivasan and Prof. M. Subramanian, Payment Banks in India – Demystified, SSRG-IJEMS, Vol. 2 Issue 12 (December 2015).
  3. Department of Payment and Settlement Systems, Discussion Paper on Guidelines for Payment Gateways and Payment Aggregators, Reserve Bank of India, at https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=943 (last accessed on 12/10/2019).
  4. Latha Ramesh and Yashika Gandhi, Reserve Bank Regulations for P2P lending platforms, Deccan Herald, at https://www.deccanherald.com/business/economy-business/reserve-bank-regulations-p2p-718950.html (last accessed on 12/10/2019).
  5. Rahul Gochhwal, Unified Payment Interface- An advancement in Payment Systems, American Journal of Industrial and Business Management Vol.7 Iss.10, 1174-1191, at https://www.researchgate.net/publication/320661583_Unified_Payment_Interface-An_Advancement_in_Payment_Systems (last accessed on 12/10/2019).
  6. Shilpa M. Ahluwalia & Himanshu Malhotra, Fintech 2019 in India, Golbal Legal Insights, at https://www.globallegalinsights.com/practice-areas/fintech-laws-and-regulations/india (last accessed on 12/10/2019).
  7. Shaikh Zoaib Saleem, What are prepaid payment instruments?, Livemint, at https://www.livemint.com/Money/Wq5AT6vx1JklC0lRSMbnSI/What-are-prepaid-payment-instruments.html (last accessed on 12/10/2019).

Delhi HC has expanded the scope of injunction orders in Internet jurisdiction: Geo-blocking to Global-blocking in IT law

This post has borrowed extensively from an earlier blog-publication by Aryan Babele on Tech Law Forum @ NALSAR.

On 23rd October 2019, the Delhi HC has delivered an impactful judgment authorizing Indian courts to issue “global takedown” orders to Internet intermediary platforms like Facebook, Google and Twitter against illegal content as uploaded, published and shared by their users. The Delhi HC delivered the judgment on the plea filed by Baba Ramdev and Patanjali Ayurved Ltd. requesting the global takedown of certain videos which are defamatory in nature.

The Court passed the order in the context of its observation that there is a ‘hare and tortoise race’ between technology and law such that the ‘technology gallops, the law tries to keep pace’. Such observation reflects that the Court’s intention is to interpret IT law in the manner which will ensure the effective implementation of the judicial orders throughout the internet jurisdiction and mitigate the circumvention of such orders by use of the advanced technology.

However, the Court’s order is attracting criticism globally from several internet-freedom activists. It seems that the Court has made a hasty attempt to win the ‘hare and tortoise race’ and has missed on considering the far-reaching implications of it on the IT law jurisprudence and conflict of law provisions. This article aims to analyze and indicate the significant points in the Delhi HC’s judgment, which the Court lacked in considering while relying on the unsettled jurisprudence of global injunction orders.

Background- The case of Swami Ramdev v. Facebook

In Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC], Swami Ramdev (a prominent yoga guru and public figure) filed a case before the Court against Facebook, Google, YouTube and Twitter, inter-alia, praying for the global take down of defamatory contents (videos) as uploaded, published and shared by users of these intermediary platforms.

The given case stems out of the publication of videos on defendants’ platforms, which are based on those particular offending portions of the book titled “Godman to Tycoon: The Untold Story of Baba Ramdev’ by Priyanka Pathak Narain, which are already undergoing an ad-interim injunction as granted by the Court in Swami Ramdev v. Juggernaut Books [CM (M) 556/2018] in May 2018.

Subsequently, in January 2019, the Court passed an interim injunction against the defendants’ platforms to disable access to the offending URLs and weblinks for the Indian domain as per Section 79 of the Information Technology Act, 2000, [hereinafter referred as IT Act 2000] i.e. ordered geo-blocking.

However, the plaintiff argued that the geo-blocking is an ineffective solution as the objectionable content is widely available on the global internet and internet users in India can still access such content using VPNs and other such mechanisms. Therefore, the only effective remedy, according to the submission of plaintiff, is to issue a global blocking order.

Internet intermediaries have contended against such a global take down mechanism as it poses a number of technical and legal difficulties for them. Firstly, cross-jurisdictional laws vary in standards for determining defamation, and hence disabling access globally will breach the principles of international comity. Secondly, in order to globally disable access to the content, the intermediary platforms have to monitor every upload on their platforms which is technically difficult and legally wrong.

The Delhi HC’s Judgment

The Court agreeing with the plaintiffs’ submission went on to held that the online intermediary platforms can be ordered to take down content globally by a competent court in India, as the content is published on their global services. It observed that the complete removal is needed because there are easy –to-use technology applications available widely that helps local users in circumventing the geo-blocking and render the take-down order useless. Therefore, an absolute removal globally is an absolute remedy, as per the Court’s observations.[1]

Further, the following directions, hereby in brief, have been put forth by the Court to support its order:

  • The Court broadened the interpretation of Shreya Singhal v. Union of India: As per the Court, Section 79 of the IT Act 2000 provides that in order to avail the safe-harbor immunity, “intermediaries have to take down and disable access to the offending material residing in or connected to a computer resource in India”. It interpreted the definition of ‘Computer Resource’ as given in the IT Act, such that the “Computer Resource” as per the judgment “encompasses within itself a computer network, which would include a maze or a network of computers. Such a computer network could be a global computer network”.[2]
  • Global take downs are technologically possible: The Court held that whenever any content violates the community standards of the internet intermediary platforms, such content is taken down globally by the platform on its own. Therefore, it observed that it is technologically possible for the platforms to take down content globally on the orders of the competent courts as well.
  • Application of IT Act in extra-territorial jurisdiction: In order to justify the global take down, the Court explained that, “a perusal of Section 75 of the Act shows that the IT Act does have extra territorial application to offences or contraventions committed outside India, so long as the computer system or network is located in India”.[3] Therefore, the Court held that as long as the content has been uploaded from the Computer Resource located in India, Indian courts will be competent to pass the global injunction/ take down orders.
  • Allowing the direct ‘Notice-and-Takedown’ mechanism for the future uploads of the objectionable content: The Court has held that the plaintiffs can approach the intermediaries directly if it finds the publication of the questionable content again on their online platforms in future. However, the Court has provided an option of the counter-notice system for intermediaries, by opting which the intermediaries can refute claims of illegality and shift the onus of proof back on plaintiffs, such that after which the plaintiffs will have to approach the Courts for an appropriate remedy.

Observations: the Loopholes, Unsettled Jurisprudence and the Comment

The Loopholes

It is completely understandable that the Court is favouring the global take-down order to make its injunction orders against global services more effective. Unfortunately, in its broad evaluation of legal feasibility of the global injunction order and technological capabilities of intermediaries to obey the same, the Court missed on considering certain very significant arguments[4]:

  • Use of VPNs another way around: The Court agreed to the plaintiffs’ argument that due to the wide availability of the easy-to-use applications like VPN, the geo-blocking is circumvented. However, it didn’t consider the circumvention in the case other way around, in which the user can upload the content using VPN and other web proxy services, and can further easily fake the IP address to make it look like as if the content is being uploaded from outside India, negating the Court’s jurisdiction. Therefore, global takedown order, even at prima facie, doesn’t seem to be the appropriate remedy.
  • In denial of the principle of international comity and right to information: The cross-jurisdictional defamation laws vary on a large scale. If global takedown was mandated, the platforms will be wary of falling foul of the law in other countries. For eg., if Indian courts mandate the global takedown of the content which is not at all questionable as per the laws of certain countries, the takedown order will be in contravention of the right to information of citizens of that country. Not respecting the laws of other country amounts to the breach of the principle of international comity and conflict of laws.[5]
  • Without due consideration to the rights to free speech and privacy: The Court failed to understand the technicalities that involved in the operation of global take down orders, the intermediary platforms have to start monitoring each and every content that is being uploaded in order to stop the dissemination globally. This will further impose the risk of private censorship on the Internet and affect the right to free speech and privacy of users. The constant and close monitoring has been held as not warranted by law as per various precedents of Indian courts.[6]
  • Shifting away from the law established by the Manila Principles on Intermediary Liability and Shreya Singhal case: The Court has allowed plaintiffs to directly approach the intermediary platforms in case of re-uploading of the objectionable content in future. This is a great shift away from the existing process under Section 79 of the IT Act, 2000 as established by the Supreme Court’s landmark judgment in the Shreya Singhal case, which requires intermediaries to take down or disable the access to the content only in cases of receiving an order from either the government or the Court to do so. The same is considered global best practice according to the Manila Principles on Intermediary Liability.
  • The question of extraterritorial application of the IT Act in the present case: As per the Section 75 of the IT Act 2000, it is clear that the Act applies extra-territorially to certain offences or contraventions committed outside of India if the same is committed using “a computer, computer system or computer network located in India, the contraventions as contemplated under the Act are provided for in Sections 43, 43A, 66A, 66B, 66 66E and Section 66F.” Defamation is not covered in any of these provisions.[7]

Heavy reliance on the unsettled jurisprudence

The Court has heavily relied on certain foreign judgments while reaching the conclusion in its own judgment. The issue with the same is that the jurisprudence around geo-blocking and global injunctions is unsettled and still developing; with the Delhi HC’s order adding more confusion to the same.

The Court has relied on the case of Google Inc. v. Equustek Solutions Inc., which is the living proof of the unsettled jurisprudence.[8] The Supreme Court of Canada ordered Google to de-index listings from its search results in order to provide protection to trade secrets of a subject from Google globally. While, the Supreme Court of Canada upheld a global injunction against Google, the US Court sided with Google ruling that the Canadian order “threatens free speech on the global internet”.

The Court also relied on the case of Eva Glawischnig-Piesczek v. Facebook Ireland Limitedin which the CJEU ordered Facebook and other platforms to remove questionable content, copies of the same and block the access to the same, globally. While emphasizing on the case, the Delhi HC didn’t consider at all the CJEU decision in the case of Google v. CNIL[9], in which it was held that the Google is not required to de-reference listings from its global service, just because the content has been declared to be illegal by an EU member state.

Comment

It is clear that the Delhi HC left a lot to consider before delivering the judgment such that from the complexities of territorial jurisdiction to the difference in nature of cross-jurisdictional laws. In the present case, the Court mainly failed to understand the varying nature of defamation laws across jurisdictions— such that in the UK, the burden of proof is on the defendants to prove that the content is not defamatory, while in the US, a heavy onus of proof is placed on the plaintiff.

The Court also failed to consider certain very important foreign judgments which have specifically highlighted the issue of difference in the nature of law. In Google v. CNIL, CJEU held that the ‘right to be forgotten’ (which was the main issue in the case) has differences in standards for its application and interpretation around the world. Therefore, it agreed that it is enough for Google to block access to the questionable content from the EU domain only. Further, in Bachchan v. India Abroad Publications Inc.[10], the Supreme Court of New York County refused to enforce a defamation judgment awarded by the High Court of Justice in London, England, ruling that it will be a threat to the free speech protections as offered by the First Amendment to the US Constitution.

Unarguably, internet jurisdictions have always been a challenge for the courts and governments. Courts have always been behind the technology in the race and unable to assert absolute jurisdiction. This makes the internet risks become a proverbial ‘wild west’ with no single comprehensive applicable law. The fact that injunction against an intermediary, on a global scale, doesn’t make it necessarily invalid and aggressive. After all, the limited denial of access in the local domain is not protecting the underlying rights at stake; global takedown seems the right method to ensure effectiveness. But all of this is required to be done while mediating the conflicting interests as well as recognizing the protection to certain forms of speech.

As Gautam Bhatia said in the context of Swami Ramdev v. Juggernaut Books last year, “Indian courts seem to increasingly view freedom of speech as a mere annoyance to be brushed aside when confronted with competing claims”. If global take-down orders will become mainstream, the regressive laws on freedom of speech and expression online will become a norm. The Courts and governments, in order to win this ‘hare and tortoise race’, shall not ignore the countervailing arguments in relation to freedom of speech and right to privacy. These rights shall not be considered under-weighed against the values like national integrity, security interests, etc., rather an effort shall be made to strike the balance between both the sides.

The judgment is under challenge now by Facebook before a Division Bench, and the matter is listed for final hearing on January 31, 2020. The Court must set a precedent in the unsettled jurisprudence that will consider the free speech and privacy rights in the world of internet at the intersection of technology and laws such as defamation law.

References:

[1] Para. 87, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[2] Para. 78, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[3] Para. 86, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[4] Apoorva Mandhani, Why Baba Ramdev’s win against Facebook, Google in Delhi HC only adds to judicial confusion, The Print, https://theprint.in/india/governance/judiciary/why-baba-ramdevs-win-against-facebook-google-in-delhi-hc-only-adds-to-judicial-confusion/312403/.

[5] Balu Nair, Delhi HC Gives Expansive Interpretation to Section 79 of IT Act: Issues Global Blocking Order Against Intermediaries, SpicyIP, https://spicyip.com/2019/11/delhi-hc-gives-expansive-interpretation-to-section-79-of-it-act-issues-global-blocking-order.html.

[6] Delhi High Court Approves Take Down of Content Globally, SFLC, https://sflc.in/del-hc-orders-global-take-down-content.

[7] Para 16, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[8] Google Inc. v. Equustek Solutions Inc., Cambridge Core, https://www.cambridge.org/core/journals/american-journal-of-international-law/article/google-inc-v-equustek-solutions-inc/E667668ED944EBE52233E17320478448/core-reader.

[9] Google v. CNIL, CJEU Case C-507/17.

[10] Bachchan v. India Abroad Publications Inc., 154 Misc 2d. 228, 585 N.Y.S.2d 661.

Simplifying FinTech and FinTech Laws: Trends and Regulatory Challenges related to FinTech in India

In the second quarter of 2019, Indian mobile payment leader PayTM surpassed China in the number of deals. Such a feat has been achieved while India is still an evolving fintech market in comparison to the developed fintech market like China. Red-tapism and the immense number of laws are the reasons of slow down for the FinTech market in India, but strict regulations are inevitable when it comes to a financial or technological company. The Steering Committee on FinTech related issues constituted by the Ministry of Finance, Department of Economic Affairs, submitted in September 2019 its report indicating various trends and challenges related to FinTech in India. This post discusses the same in brief. This post is the second one in the series of ‘Simplifying FinTech and FinTech Laws’.

Suggestion by the Steering Committee on Issues related to FinTech
Suggestions by the Steering Committee on Issues related to FinTech. Source: Economic Times

Trends related to Fintech in India

The FinTech sector in India is thriving and growing expansively, enabled by a large consumer base, innovatively boosted startups and balanced regulatory policies in the form of ‘Digital India’ programme. The Indian Fintech industry has grown by 282% in the last decade and has reached the valuation of USD 450 million in 2015. Currently, there are more than 400 fintech companies that are working in India and the investments are to be fueled with 170% by 2020. The Indian fintech market is expected to grow by USD 2.4 million by 2020 from the present USD 1.2 billion, as per NASSCOM report. The transactional value of Indian fintech sector is evaluated to be USD 33 billion in approx in 2016 and is further forecasted to reach the point of USD 73 billion by 2020.

Figures based on banks people per bank
Source: Bloomberg

FinTech facilities in India

The primary facilities offered by companies operating in the space of fintech are:

Pre-paid Payment Instruments

Also known as PPIs, this instrument enables the user to engage in the purchase of products that include products relating to financial services as well. To be able to purchase the products, a value entered into the e-wallets in the PPIs so as to make purchases against that value. There are 3 types of PPIs: Closed, semi-closed and open systems. Depending on the type, one may also have the facility to withdraw cash from the PPIs. Other than the banks, they can only be issued by institutions authorized to function in the arena of e-wallets or pre-paid card services.

UPI Payments

Managed by the National Payments Corporation of India, the UPI (Unified Payment Interface) provides a platform for quicker real time-based transactions, facilitating ease for the smartphone users to enter into multiple transactions with a lower cost than what the traditional method demands. Constituting a major part of the consumer behaviour in the market, the UPIs enable universality to the transactions they wish to enter in and engage in the greater number with the traders.

Digital Transactions

In the traditional financial market, it was only the banks that could lend money. However, with the convergence of technology and financial market, loans nowadays are even dispersed by non-banking financial companies, also known as NBFCs. The NBFCs with their interactive and user-friendly applications have attracted wide userbase in the digital arena to enter into credit purchasing, loan system after verification.

Lending Platforms

These lending platforms offered are Peer to Peer based. Such platforms bring together willing lenders and borrowers to enter into regulated transactions. As per the guidelines issued by RBI in this regard, the lending platforms can only be offered by the registered non- banking companies in India.

Online Sale and Purchase

The recent trends amongst many have also been that of online sale and purchase. To facilitate the same there requires to be a system whereby an entity collects payments form the purchases and send it across to the sellers. The entities involved in this function are known as payment aggregators or intermediaries. These entities electronically consolidate the payments done and transfer the same to the sellers.

Banking Services

Once begun as a measure to penetrate into the grassroots level of society the banking system and provide ease to the customers, digital banking services by the payment banks have now become a feature of the payment banks. The RBI has allowed payment banks to offer basic services involved in smooth banking by the customers online. This includes facilities such as accepting deposits (though RBI has placed a limit on it), view transactions, transfer funds, etc. However, this arena remains strictly regulated for not all facilities remain digitally available such as issuing credit cards.

FinTech Investments by US Banks
Source: Bloomberg

Regulatory Challenges to Fin-Tech in India

While in India, digital finance firms are thriving as the government is continuing to issue pro-startup regulations and policies, the central regulatory body for Fintech i.e. the Reserve Bank of India, still suffers due to a traditionally rooted and established infrastructure which cannot be easily replaced with the updated regulatory framework that matches the advancements of technology.
Indian market is already recognized as the conservative and restrictive market and henceforth makes it difficult for Fintech firms to further instil the confidence in adopting the Fintech services in the absence of any concrete regulatory framework.
The commendable steps have been taken by the Indian government and regulatory institutions in a prompt manner, however, policies and regulations have to match the pace with which technological advancements in the finance sector taking place. This is much needed to ensure secure a transparent growth of Fintech in India.

Regulatory Uncertainty in the Fintech Sector

The foremost challenge that the regulator for the fintech sector has to dealt with by it the lack of regulations. Moreover, if there are regulations then to consolidate them is another major challenge. There is a requirement to “to support the formulation of policies that foster the benefits of fintech and mitigate potential risks”. Henceforth, a regulator or policy-maker has to work in the directions of “the modification and adaptation of regulatory frameworks to contain risks of arbitrage, while recognizing that regulation should remain proportionate to the risks.”

Digital On-boarding and Financial Inclusion

The two significant challenges that one can see as the huge mountainous tasks in the Indian context are: firstly, making the fintech platforms accessible to every Indian and secondly, analyzing the risks that are potentially present in trying out a scheme to provide digital onboarding. The Supreme Court recently decided upon the constitutionality of the Aadhaar, the ambitious government project to provide a unified identity. Aadhaar has been held constitutional but Section 57 of the Aadhaar Act was struck off. Section 57 provided the mandatory verification and linking procedure for consumers to avail a company’s service. The judgment is having serious implications on the government’s efforts to provide frictionless onboarding of consumers.

“The judgement impacted the delivery of financial services across verticals including bank account opening, loans, mutual funds and insurance. Though the judgement allows voluntary use of Aadhaar by consumers, there are multiple interpretations of it and the Unique Identification Authority of India (UIDAI) has resorted to safer approaches to avoid any more legal battles and stopped services to private entities altogether.”

Low Credit for Startups

Investors in the market are now hesitant to invest in fintech startups. The investors are baulking as there have been quite a number of bad loan incidents. The big setback to the fintech industry as well as the financial sector came into the form of IL&FS breakdown. The company defaulted against the inter-corporate deposits and commercial papers or borrowings. The incident has affected the whole fintech industry as the crisis included lending businesses that were key to a number of NBFCs as a funding source.

e-NACH crisis

The Apex Court’s judgment brought down to stoppage, another popular mode of financing which is also the foremost mode of debit for lenders, MFs and insurance, as in pulling money from customer’s account. This is yet another judgment that has slowed down the advancement and has promoted the traditional manner of physical registrations.

Data Protection

Both the traditional banking system and the fintech services gather a large number of data records from various of their clients, which contains a profile of behavioural and financial information. Though the utility of such data is positive when it is used for a specific purpose of improving the services, it leads to giving way to a heap of privacy issues as well, especially when the financial service provider engages a third party’s technology services.

The judiciary recognized the risk of data privacy to the banking sector’s consumer in the case of Punjab National Bank v Rupa Mahajan Pahwa, “in which Punjab National Bank had issued a duplicate passbook of a joint savings bank account, held between the petitioner and her husband, to an unauthorized person”.

Other Challenges to the Fintech system in India

In terms of regulatory standards, India lacks in providing a comprehensive cybersecurity framework to reduce the cyber-crime issues. The competition law has also, in some sort of stages, have failed to control the domination of certain advance fintech NBFCs.

Recommended Readings: