2022 Year in Review: Policy advocacy is the long game

tl;dr

The policy team at IFF participated in 13 consultations with Union and State governmental bodies as well as non-governmental bodies, sent 103 letters and tracked 126 Facial Recognition Technology (“FRT”) systems. Through sustained advocacy, we came one step closer to successfully safeguarding sanitation workers from workplace surveillance and were able to get IRCTC to roll back its plans to monetise passenger’s digital data. On the one hand we authored 6 public briefs, explainers and summaries, while on the other, we collaborated with various organisations with the aim of increasing collaborative public output on digital rights issues. In our efforts to strengthen Parliament’s commitment towards a more secure digital environment for all citizens, we continued and expanded our engagement with Members of Parliament through routine publications and dialogue.

The aim of the policy vertical remains unaccomplished unless we are truly able to widely disseminate information as well as analysis regarding key, and often complex, policy issues. To that end, we adopted several tools to get the conversation started such as rapid responses, attention grabbing twitter threads, video explainers, citizen campaigns and pledges, etc. We are extremely grateful to our community for consistently engaging with and supporting our work and we promise to continue the hard work and do our best in the coming years.

We’ll let the numbers do the talking

Over the course of the year, we participated in 13 consultations with Union and State governmental bodies (a full table of consultations we participated is included below). We also sent a total of 104 letters to various governmental and non-governmental bodies on pertinent digital rights issues in the year 2022. Lastly, IFF’s Project Panoptic, which is India’s first facial recognition technology systems tracker, is currently tracking 126 systems throughout the country. For these projects, we have filed a total of 118 Right to Information requests.

No.	Ministry / Department	Consultation Paper	Date of Publication	Our Submission
	National Health Authority (“NHA”)	Proposed Health Data Retention Policy	November 23, 2022	Link
	Telecom Regulatory Authority of India (“TRAI”)	Regulatory Framework for Promoting Data Economy Through Establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges in India	December 16, 2021	Link
	Ministry of Electronics and Information Technology (“MeitY”)	India Digital Ecosystem Architecture (InDEA) 2.0	January 2022	Link
	MeitY	Draft India Data Accessibility & Use Policy 2022	May 27, 2022	Link
	TRAI	Consultation Paper on Issues relating to Media Ownership	April 12, 2022	Link
	NHA	Ayushman Bharat Digital Mission - Draft Health Data Management Policy	April 23, 2022	Link
	MeitY	Draft National Data Governance Framework Policy, 2022	May 27, 2022	Link
	MeitY	Proposed Draft Amendment on the IT Rules, 2021	June 06, 2022	Link
	Agriculture & Cooperation Dept., Government of Telangana	Telangana Agricultural Data Management Policy	July 2022	Link
	Department of Telecommunications (“DoT”)	Need for a new legal framework governing Telecommunication in India	July 23, 2022	Link
	DoT	Draft Indian Telecommunication Bill, 2022	September 21, 2022	Link
	NITI Aayog	Responsible AI for All: Adopting the Framework – A use case approach on Facial Recognition Technology	September 21, 2022	Link
	MeitY	Draft Digital Personal Data Protection Bill, 2022	November 18, 2022	Link

Let’s talk impact

We made sure that the MeitY knew what ‘public’ in 'public consultation' meant

On February 21, 2022, MeitY published the draft India Data Accessibility and Use Policy, 2022 (Draft Data Access Policy). MeitY's website claimed the policy was made after consultation with stakeholders whose identities were not revealed, which runs contrary to the practices outlined in the Pre-Legislative Consultation Policy, 2014.
IFF’s response: We flagged our concerns and filed an Right to Information request asking for information about the stakeholders consulted. We also sent our comments as part of the public consultation exercise for the Draft Data Access Policy.
Impact: After receiving stark criticism on the lack of transparency in the consultation process, MeitY updated their website to state that the policy "will be finalised after getting inputs of stakeholders in the consultation process".

IRCTC’s took back its plans to monetise the digital data of passengers

The Indian Railways Catering and Tourism Corporation (IRCTC) had uploaded a tender on its website for appointing a consultant to monetise digital data.
IFF’s response: On August 19 2022, IFF tweeted about the IRCTC’s plans to monetise passenger data, which also included passenger’s personal data. The thread published on twitter included a detailed analysis of IRCTC’s stated objective as well as the emerging privacy concerns, such as data maximisation.
Impact: After an outpouring of public criticism, the IRCTC was forced to roll back its tender on appointment of a consultant for digital data monetisation. IRCTC was also summoned by the Parliamentary Standing Committee on Information Technology on August 26, 2022 to discuss concerns over “citizens’ data security and privacy".

A step in the right direction: IFF’s sustained and collaborative efforts towards protecting sanitation workers from workplace surveillance led to a positive outcome

After reports concerning the use of GPS tracking devices on Safai Karamcharis by the Ranchi Municipal Corporation came to light, the All India Lawyers Association For Justice (AILAJ) reached out to us to initiate a joint letter to express concerns over such violations.
IFF’s response: We sent a joint letter dated May 30, 2022 to the National Commission for Safai Karamcharis (NCSK) to urge them to investigate this issue and to take the necessary steps to ensure that all Safai Karamcharis are safeguarded from this imposition. The joint letter received endorsements by 18 organisations and 187 individuals.
Impact: In a significant step, the National Commission for Safai Karamcharis (NCSK) directed four municipal corporations using GPS tracking devices on sanitation workers to furnish a factual report to them.

External Collaborations

On December 16, 2021, the United Nations Office of the High Commissioner for Human Rights (“OHCHR”) released a call for submissions, seeking inputs from civil society to support a report on internet shutdowns. We responded to the call with our submission, which included extensive research.
IFF became a proud Fairwork Partner in May, thus demonstrating our efforts to contribute to a fairer future for platform and gig-based work. We have been and are also even more committed to bringing about meaningful changes in our own practices, one small, necessary step at a time.
In September, we collaborated with Young Leaders for Active Citizenship (YLAC) fellows on two projects namely, ‘Landscape of Monitoring Software in Educational Institutions’ and ‘Online Privacy and Safety for Young Adults’.
IFF co-authored the Internet Impact Brief on "India CERT-In Cybersecurity Directions 2022" as well as on “Draft Indian Telecommunication Bill 2022” with Internet Society in June and November respectively.
Jan Sarokar released a report post the 2022 Budget session, in which IFF contributed a chapter on ‘Digital technology’. We also attended their report launch event in March which saw participation from civil society across sectors as well as a few Members of Parliament, with some of whom we were successfully able to establish contact with.
We started our collaboration with Tactical Tech for their Influence Industry Project in July which looks at how data plays a role in shaping public opinion and influencing their electoral decisions. We are adapting and contextualising available literature for India (See our posts here and here).
We are currently collaborating with the students of the Public Policy Club of IIM Ahmedabad on two projects namely, ‘Review the online issues faced by users of social media platforms’ and ‘Review of the privacy policies of applications and platforms’.
In July, 2022, Ada Lovelace Institute put out an international call for input on the effectiveness and social impact of vaccine certificates and digital contact tracing. In response to the call, we submitted evidence on digital contract tracing from India drawing from our interventions on Aarogya Setu and COVID surveillance in India.
We sent our submission in November in response to the call for inputs by the United Nations Special Rapporteur for the forthcoming report to the Human Rights Council on the topic of health.

IFF’s awareness drive

Public briefs and explainers: In our efforts to simplify complex policy and legislative resources, we published 6 public explainers, summaries, and briefs. We are currently also working on a public explainer for the ‘Open Network for Digital Commerce’ (ONDC) and the draft Digital Personal Data Protection Bill, 2022 (DPDPB, 2022). We authored our public briefs, summaries, and explainers on the following topics:

CERT-In Directions on Cyber Security (link)
Draft Data Protection Bill, 2021 (link)
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022 (link)
Draft Indian Telecommunication Bill, 2022 (link)
India Digital Ecosystem Architecture (InDEA) 2.0 (link)

Increasing awareness through Twitter: This past year, we made an effort to capture all issues, however big or small, and improve public attention around it. To that end, we started documenting global as well as local issues or developments relevant to digital rights on Twitter. To check out these threads, see the following hashtags on Twitter: #EveningReads and #NewsPickOfTheDay. Over the past year, we published approximately 36 and 10 threads with the hashtags respectively. We list below some threads which captured privacy concerns arising out of certain developments:

Repurposing and relaunching of the Aarogya Setu (AS) & CoWIN platforms.
Privacy concerns with the HarGharTiranga website launched by the Ministry of Culture
Mandatory linking of Aadhaar with Voter ID

We know how much you like memes, and we’ve tried our best to deliver. Whether it be through a Shah Rukh Khan appreciation post or a Taylor Swift birthday post, we’ve attempted to spread awareness about key digital rights issues in a way that would catch many many eyeballs.

IFF’s sustained advocacy around digital rights through Parliamentary tools

In recent times, digital rights have become increasingly important, prompting Parliament to consider the most pressing concerns. To highlight important areas of concern, IFF released legislative briefs for the budget, monsoon, and winter sessions, as well as a session review post for the budget and monsoon session. These briefs provide an insight into policy debates and assists Members of Parliament (“MPs”) in taking up parliamentary intervention to safeguard citizens' rights.

On at least 5 instances, we wrote to the Standing Committee on Communication and Information Technology on significant issues such as citizens’ data security and privacy, women security in the digital space, review of the Information Technology Act, 2000, review of the indian Telegraph Act, 1885, etc.

In the past year, in addition to conducting briefings for the research and policy team of various MPs, we also met in-person with several MPs and briefed them about pertinent issues which require urgent public attention. To that end, we assisted the MPs by providing assistance in drafting and/or reviewing the following letters on matters of importance:

Inconsistent and non-transparent public consultation held by MeitY
Withdrawal of the draft Data Protection Bill, 2021
Increasing instances of data breaches of in the country
Concerns around use of Facial Recognition Technology by Tamil Nadu Police

Our engagement with key legislations, rules, and regulations

We bid adieu to the draft Data Protection Bill, 2021: On August 3, 2022, the Minister for Communications and Information Technology, Ashwini Vaishnaw was granted permission to withdraw the draft Data Protection Bill, 2021 (DPB, 2021) in the Lok Sabha. The Minister stated that the Bill was withdrawn to make way for a comprehensive legal framework for the digital ecosystem. However, there were concerns that the withdrawal of the DPB, 2021 would result in a regression to the state of digital regulation in 2018 rather than progress towards a stronger legal framework in 2022. In response to the withdrawal, we released a statement and wrote to the Minister expressing our concerns.

Draft Digital Personal Data Protection Bill, 2022: After the withdrawal of the DPB, 2021, there was anticipation for an open and transparent public consultation process on a new legal framework for data protection. However, on November 18, 2022, MeitY released the draft Digital Personal Data Protection Bill, 2022 (“DPDPB, 2022”) for public consultation without prior notice. An initial analysis was published on the same day based on a preliminary reading of the draft and detailed comments were sent on December 16, 2022. We are currently in the process of drafting a detailed public brief on the DPDPB, 2022.

IT Amendment Rules: On June 06, 2022, the MeitY opened public consultation for the proposed draft amendments to the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021. We sent detailed comments on the proposed draft amendments, and even attended an in-person discussion on the matter held by MeitY. When the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Amendment Rules, 2022 (“IT Amendment Rules, 2022”) were finally notified, we released a detailed statement the very next day. Additionally, we also published a detailed, yet concise public brief on the IT Amendment Rules, 2022.

CERT-In Directions: India has witnessed several data breaches and cybersecurity incidents in 2022. In light of this, CERT-In's Cyber Security Directives issued by the Indian Computer Emergency Response Team (CERT-In) on April 28, 2022, should have been a ray of hope for digital security, but they instead raise threats of mass surveillance & excessive data retention, that too in the absence of a data protection law. We are constantly striving for cybersecurity & privacy by charting public explainers & resources, hosting briefing calls, and representing SnTHostings -- a VPN service provider -- against these Directives.

Draft Indian Telecommunication Bill, 2022: The draft Indian Telecommunication Bill, 2022 (Telecom Bill, 2022) was released for public consultation by the Department of Telecommunications (DoT) on September 21, 2022. We were quick to notice the release of the draft Indian Telecommunication Bill, and we immediately went on a civic literacy blitz. Within a day we published a detailed explainer that went to shape thinking around the bill. We also authored op-eds in leading newspapers, and hosted a members’ and donors’ briefing call on the Telecom Bill

State-level policy analysis and engagement

The journey to a data protection framework at the national level has been long and full of roadblocks. While we have in the past and continue to advocate for a comprehensive national data protection law, this year we put on our policy-analysis lenses to check how states are faring when it comes to data protection policies. We compared and contrasted state-level data policies of 7 states, namely, Punjab, Odisha, Karnataka, Tamil Nadu, Sikkim, Telangana, and Chandigarh.

While the results were enlightening to say the least, we observed that Tamil Nadu fared better as compared to the other states. Thus, we wrote to the Tamil Nadu e-Governance Agency, providing our inputs on the Tamil Nadu Data Policy, 2022 (TNDP, 2022). A great outcome of this initiative was that IFF was invited to a closed-door round table discussion by ICRIER to partake in this consultation meeting wherein the Tamil Nadu IT Dept were seeking comments on their data policy with a special focus on issues related to data sharing, pricing, and monetisation. This was for us a tiny, incremental win, as we were able to open lines of engagement with the Tamil Nadu state government in a meaningful manner.

State of internet access in India

Access to information via the internet is a fundamental right. The importance of the internet for business, learning and a better quality of life cannot be overstated. Keeping this in mind, we released the first and second edition of our connectivity tracker in 2021 and 2022 respectively to provide a consolidated database for all statistics related to internet connectivity and access from January 2020 to October 2021. In our third edition, which we released this month, we analysed and provided an overview from January 2020 to September 2022, with a special emphasis on tracking changes from October 2021 onwards. We analysed data on telecom and broadband connectivity, as well as the digital divide in the context of the Mobile Gender Gap Report, 2022, released by the Global System for Mobile communications Association.

Upcoming projects

Digitaldivide.in: Developing and housing IFF’s connectivity work to overcome the digital divide. Will map data and various initiatives to help the poor, women and DBA gain greater access to the internet. Launch in February-March, 2023.
Socialmediasimplified.in: Social media regulation is a dense policy conversation on big tech requiring a service oriented approach in which Indians learn about digital rights (eg. censorship of posts, account deletion). Launch in June-July, 2023.
Digital Policing: Due to growing digitisation of policing and surveillance technologies we will be starting work on our new project on the increasing adoption and use of surveillance and AI-based technology by law enforcement agencies in India.

Parliamentary engagement

In the coming year, we hope to see a greater commitment from Parliament to strengthen digital rights in India. We will continue to work with MPs and other parliamentary stakeholders to address the pressing issues related to digital rights and protect the rights of all citizens.

Keeping up with the digital ecosystem

Just like we stepped up our game this year, you can expect us to do a lot of rapid responses, participate in even more (hopefully in-person) public consultations, publish public briefs and explainers, and keep engaging with the government, at both the Union and State levels. We will keep an eye out for key legislations, currently in development, and endeavour to publish as several public facing outputs around them. We promise to continue our efforts towards spreading awareness about digital rights issues and bring more attention to these complex, yet significant issues in an entertaining and fun way.