The policy team at IFF participated in 9 consultations with Union and State governmental bodies as well as non-governmental bodies and sent 60 letters. We continued advocacy on matters core to the mandate of IFF. We resumed the SaveTheInternet campaign to, once again, caution TRAI against proposals for regulation, licensing, and banning of online communication services and warn them of the threats to net neutrality. We also sustained our efforts around releasing analysis on the Digital Personal Data Protection Act, 2023 and the various amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules, 2021). We authored 16 statements and public briefs, while also hosting a range briefing calls and events on complex policy developments for our community. We continued and expanded our engagement with Members of Parliament through routine publications and dialogue. We also took on new areas of work such as digital consumer rights, and kept pace with governance of emerging technologies such as artificial intelligence.
The aim of the policy vertical remains unaccomplished unless we are truly able to widely disseminate information as well as analysis regarding key, and often complex, policy issues. To that end, we adopted several tools to get the conversation started such as rapid responses, attention grabbing twitter threads, video explainers, citizen campaigns and pledges, etc. We are extremely grateful to our community for consistently engaging with and supporting our work and we promise to continue the hard work and do our best in the coming years.
Digital rights defenders, assemble
The policy team organised 3 large-scale campaigns, all with the aim of safeguarding digital rights from authoritarian threats and perverse commercial motives.
#1: In September 2023, we resumed the #SaveTheInternet campaign in response to some alarming comments received by Telecom Regulatory Authority of India (“TRAI”) on its consultation paper proposing the regulation, licensing, and banning of online communication services. Telecom services providers such as Reliance Jio, Airtel, Vodafone Idea and BSNL are pushing for a “same service, same rules” argument to levy the same obligations as telecom operators face in India on online services — simply because these services are delivered “on top” of their infrastructure. Additionally, telcos want to charge them a network fee, just like they did in 2015. Bringing OCS under a licensing regime and/or requiring them to pay network usage fees will affect the very architecture of the free, open, and neutral internet. To prevent any attack on the internet, we enabled a smooth, large-scale, and impactful process for internet users to engage in the consultation process. We built an automatic mailer that allowed concerned users to send a templatised response to TRAI in a matter of minutes. More than 1900 concerned internet users chose to write to TRAI to urge them to save the internet.
On September 29, 2023, we coordinated a letter on behalf of the SaveTheInternet movement, following requests from over 130 Internet startups and their recognition of the significant consequences potential regulation and selective banning of ‘OTT’ services may have for India's startup ecosystem. The Cellular Operators Association of India (COAI), in a letter dated October 04 titled “Regarding misdirected submission by Startups to TRAI on OTT Regulation based on false pretence”, claimed that the 130+ signatories were “grossly misled”, and asked TRAI to not consider the letter as “credible or valid”. Voicing their opposition to the arguments made in the letter signed by startup founders, COAI attempted to convey that the proposed fair share charge would not adversely impact the startup ecosystem and net neutrality principles. Given the alarming claims, we coordinated communication to all 132 signatories to allow them to withdraw their support, in case they agreed with the claims made by the COAI. We were pleased to note that none of the 132 signatories chose to withdraw their support to the letter (read the letter to TRAI rejecting COAI’s allegations here).
#2: The Ministry of Information and Broadcasting (MIB) released the draft Broadcasting Services (Regulation) Bill, 2023 which proposed the inclusion of “OTT” broadcasting services, such as Netflix, Disney Hotstar, Jio cinema under its regulatory ambit, which originally only governed the traditional broadcasters such as Cable TV and Radio. In what seems to be an attempt to stifle journalistic speech and expression, the Bill extends regulatory compliance to individuals who broadcast news and current affairs programs through a digital medium, including a website or a social media platform. If enacted, it will clamp down on our right to free expression —censoring everything from satire to inconvenient truths. The second campaign we launched was aimed at stopping the government from moral policing our viewing choices online and censoring independent news analysis creators. We created a similar automated mailer system as SaveTheInternet and urged users to send MIB a templatised letter asking them to #LetUsChill! So far, close to 700 concerned individuals have written to MIB, and the deadline to send in comments is till January 15.
#3: The third campaign titled #7ReasonsForProposal7 was aimed at raising awareness about Proposal 7, titled "Assessing Allegations of Biased Operations in Meta's Largest Market", among shareholders before Meta's Annual General Meeting. This proposal addressed allegations against Facebook regarding hate speech dissemination, failure to address risks and political bias, and concerns about content moderation and transparency. As part of a campaign to encourage shareholders to vote in favour of the proposal, jointly launched by Ekō, India Civil Watch International (ICWI), and Internet Freedom Foundation (IFF), we published detailed posts on social media in the week leading up to the meeting, highlighting instances where Meta failed to address critical issues effectively.
Policy team in numbers
- 9 consultations
- 60 letters
- 6 public briefs
- 10 statements
- 13 data breach incidents tracked under PlugTheBreach
- 14 videos
A trip down notable efforts of 2023
Our engagement with key legislations, rules, and guidelines
Digital Personal Data Protection Act, 2023: The Ministry of Electronics & Information Technology (“MeitY”) introduced the draft Digital Personal Data Protection Bill (DPDPB), 2023 before the Parliament on August 03, 2023, exactly a year after withdrawing the 2022 iteration in the Parliament. On the same day itself, we published a statement and a first read, summarising our initial thoughts on the draft bill and how it compares to the 2022 version. Realising that the DPDPB, 2023 retained the shortcomings of the DPDPB, 2022 and failed to inculcate several of the meaningful recommendations made during the consultation process, we urged the Union government to address the numerous recurring problems with successive iterations that have been raised by civil society stakeholders. Upon received the President’s assent on August 11, we released another post summarising the discussions (or the lack thereof) on the bill in both Houses of the Parliament, and shedding light on the disappointing legislative journey of the bill right from the beginning (consultation process) till the end (passage of the bill).
Following are the op-eds authored by current or then staffers of IFF on the DPDPB, 2023:
- Explained | What is the Data Protection Bill of 2023? (link)
- The long saga of the data bill holds crucial lessons (link)
- So much data but not much protection (link)
- Will the Upcoming Personal Data Protection Law Live Up to Years of Expectations? (link)
Guidelines on Prevention and Regulation of Dark Patterns, 2023: The Ministry of Consumer Affairs, Food and Public Distribution (“Consumer Affairs Ministry”) with inputs from the Advertising Standards Council of India (“ASCI”) and industry stakeholders, released a set of draft Guidelines on Prevention and Regulation of Dark Patterns (“Dark Patterns Guidelines”), on which comments were invited until 5 October, 2023. We submitted detailed comments on the draft, which were bolstered by input from the IFF community through a survey on identifying dark patterns in our daily lives – a tool that helped us demonstrate the vast and ever-changing world of such deceptive designs to the Ministry. Our advocacy around identifying dark patterns also extended to two instagram explainers (here and here) and a live dark patterns media and community tracker, which will be developed as a living resource in the new year.
In our comments to the draft, we highlighted and offered recommendations on five broad areas of concern: lack of regulatory clarity and possibilities of overlap; narrow categorisation of dark patterns that may lead to a narrow application of the guidelines; vague standards for prescribing penalties; pressing privacy concerns surrounding dark patterns; and consumer grievance redress. While a satisfactory starting point for regulating dark patterns, we pointed out that the Guidelines have an opportunity to establish robust consumer redress and feedback mechanisms, while strengthening existing ones. In the meantime, we also wrote to the RBI, urging the sectoral regulator to legislate narrowly to protect consumer interest against fraudulent loan practices using dark patterns.
Then on December 1, 2023, the Ministry published a revised set of Guidelines which addressed many of these deficiencies. We were pleased to note that some of our recommendations, notably the suggestion to make Annexure 1 of the Guidelines illustrative rather than exhaustive, and the addition of privacy-related dark patterns, were accepted and incorporated into the law. We analysed all revisions made to the draft and conveyed them to the Ministry, including the fact that comments sent on the draft Guidelines by stakeholders, which seemingly have been incorporated, were not published in its website. Additionally, we engaged with our community and extended our gratitude to them for helping us bolster our original submissions.
Following are the op-eds authored by current or then staffers of IFF on the Dark Patterns Guidelines:
- In need of greater nuance: The draft norms are welcome, but there is a need to rethink critical aspects (link)
The Telecommunications Act, 2023: The Telecommunications Bill, 2023 (“Telecom Bill, 2023”), which has now become an act of Parliament, has been released as a repackaged version of the colonial 1885 law it meant to overhaul, retaining the draconian surveillance and internet suspension powers of the Union government. Definitional ambiguity in the Telecom Bill, 2023 leaves us worried and confused about its application to internet services. If applicable, the expansion of surveillance and suspension powers from traditional broadcasting services to online communication services will cause irreparable damage to user rights and democratic freedoms.
In continuation of our advocacy against the draft Indian Telecommunication Bill, 2022, we released a statement on the 2023 iteration. We then published a detailed first read with our comprehensive initial analysis. We also shared our thoughts on the hurried introduction and passage of the Telecom Bill, 2023 in the Parliament. In addition to generating buzz around the bill by posting memes, reels, and videos, we organised a briefing call to dissect its provisions and understand the implications. We also released our initial analysis and explainer on The Telecom Bill, 2023, which is now an Act, in a video format for our community. We are working on a detailed public brief for the 2023 iteration and hope to publish it soon (in the meanwhile, please go through our public brief on the Telecom Bill, 2022).
Following are the op-eds authored by current or then staffers of IFF on the Telecom Bill, 2023:
- New India Telecom Regulations Are A Relic Of The 19th Century (link)
- Telecom Bill 2023 Is a Repackaged Version of the Archaic Colonial Law (link)
Over the course of the year, we participated in 9 consultations with Union and State governmental bodies. A full table of consultations we participated in can be found below.
Letters and representations
IFF’s engagement with our policymakers and elected representatives often takes the shape of detailed letters, representations or submissions outside the frameworks of pre-legislative public consultations. Our correspondence with government entities are timely, action-oriented, and rich with rights-based recommendations.
Letters of welcome to newly-appointed officials: We sent welcome letters outlining our interests and positions to the new secretaries at MeitY and the Department of Telecommunications, as well as the newly convened Parliamentary Standing Committee on Communications and Information Technology.
Letters seeking compliance with the Pre-Legislative Consultation Policy, 2014: Many letters reflected our demands for a free and open public consultation which is accessible to all stakeholders, for publishing of comments after a round of consultation, or for diverse stakeholder engagement. We wrote to the MHA in relation to three new Criminal Law Bills, to MeitY on “Digital India Bill”, upcoming DPDP Rules and the draft Robotics Strategy, to the Consumer Affairs Ministry on the Dark Patterns Guidelines, and to the Ministry of Health and Family Welfare, on the Cigarettes and other Tobacco Products Amendment Rules, 2023.
Letters drawing attention to data breaches and cybersecurity threats: We wrote letters to Indian Computer Emergency Response Team (“CERT-In”), alerting them of data breaches (on the Aadhaar and Redcliffe data leak, and breaches at Zivame, Taj Hotels). We also gave our inputs on CERT-In’s investigation on the Apple ‘state-sponsored attack’ threat notification. We additionally inquired about the status of the National Cybersecurity Strategy. To holistically address certain pressing privacy threats, we wrote to the Parliamentary Standing Committee on Communications and Information Technology urging action on the massive Aadhaar data leak and the Apple threat notification.
Letters concerning data privacy: Noticing contradictory RTI responses and inadequacy of the existing privacy policies on the Har Ghar Tiranga 2.0 website under the campaign, we wrote to the Ministry of Culture noting privacy concerns with their rampant data collection. We similarly wrote to the National Health Authority, alerting them of the display of personal patient data on a public AB PM-JAY dashboard, which directly jeopardises the sensitive health data of 5.6 Crore Indians. Our letter to the Chief Election Commission on the use of beneficiary data outlines how regional political parties are using data from state welfare schemes to target their political campaigning. Finally, we wrote to the Ministry of Education on the nation-wide roll-out of the APAAR student ID framework based on Aadhaar authentication, which jeopardises the privacy of minors.
Letters regarding use of FRT and other surveillance tools: We wrote a letter to the Secretary, the Ministry of Civil Aviation raising our concerns about the exclusion that may be caused by the DigiYatra Scheme at Indian airports. We also wrote to the Chief Election Commissioner of India and the Chief Electoral Officer, Karnataka on the alarming use of facial recognition technology for voter verification in Karnataka. We sent follow-up letters to four municipal corporations using GPS tracking devices on sanitation workers inquiring about the status of the factual reports which they were supposed to furnish on order of the National Commission for Safai Karamcharis, dire. We wrote to the Municipal Corporation of Delhi when we heard they had plans to put in place similar surveillance systems for sanitation workers in the national capital.
Other notable letters and representations: After IFF wrote to the Delhi Police Commissioner, the Delhi Police deleted the data and removed the Google Form that collected data from Delhi’s residents hailing from North Eastern States, Darjeeling and Ladakh. We wrote to the Ministry of Health and Family Welfare, raising our concerns surrounding the excessive nature of the Cigarettes and other Tobacco Products Amendment Rules, 2023, the lack of consultation with relevant stakeholders, and their effect on free speech, artistic expression, as well as the right to receive information. Noting their rampant use, we wrote to the Reserve Bank of India, urging sectoral regulation of finance and payments related dark patterns that are deceiving consumers into taking fraudulent loans. We wrote to the chairpersons of the three grievance appellate committees established under the IT Amendment Rules, 2022, to seek clarity on the GACs’ establishment and functioning.
Sustained advocacy, public statements, and latest initiatives
While we continued to spread awareness about complex yet significant digital rights issues in comprehensible and digestible ways, we also expanded the scope of our work by understanding and responding to emerging areas of technology policy.
Internet shutdowns and digital censorship: The internet shutdown in Punjab in March 2023 was also accompanied by 120 twitter accounts being suspended/withheld. IFF issued a statement, wrote a letter to MeitY raising, and filed an RTI application enquiring into MeitY’s compliance with the procedural safeguards laid down in the Blocking Rules, 2009.
In addition to highlighting the indefinite nature of internet shutdown in Manipur in our first statement and 50 day statement and writing to Review Committee and Commissioner (letter after 10 days and letter after 50 days of the shutdown), we also noted the unconstitutional nature of the FIR registered for the offence of sedition under Section 124-A of the Indian Penal Code, 1860, which violates the interim order of the Supreme Court in S.G. Vombatkere v. Union of India, that stayed Section 124-A of the IPC. We further highlighted the news reports of arbitrary online censorship wherein Twitter accounts of local groups were reportedly withheld.
IFF published a statement on recurring internet shutdowns - West Bengal and Bihar Shutdown - following incidents of communal violence. We wrote to the District Magistrate, Howrah District, West Bengal stating our concern about suspending internet services under Section 144 CrPC instead of following the procedure laid down in the Telecom Suspension Rules, 2017.
Public brief on the unfair concept of ‘fair share’: We published a Brief on Telcos’ Demand for a ‘Fair Share’ from Over-The-Top (“OTT”) services. These demands have been justified by stating that similar rules must be applied for offering similar services (for eg. voice calling or messaging) by different service providers. We trace the ‘same service, same rules’ arguments in the Indian and international context in our public brief, in an effort to analyse the increasing demands for regulation of OTT services and also break down the irrational demand for a "fair share" of the “stolen” profits from OTT services.
Statement on exemption of CERT-In from RTI Act: An amendment to the Second Schedule to the Right to Information (RTI) Act, 2005 was notified on November 24, 2023, exempting CERT-In from providing information under the Act. On November 25, 2023, we published a statement expressing our disappointment and concerns with this move, as it is certainly not in the public interest and weakens the rights of the people by diluting an Act meant to empower them.
Banning of the BBC documentary and the IT survey at the BBC office: As the re-sharing and uploading of links of the BBC documentary titled “India: The Modi Question” got banned by the Ministry of External Affairs and the MIB, the guarantee of free speech as envisioned in the Constitution wavered. The MIB banned re-sharing and uploading of links of the the documentary by invoking its emergency powers, as defined in Rule 16 under Part III of the IT Rules, 2021. The Income Tax Department carried out 3 day long survey operations at the BBC India offices in Delhi & Mumbai. We published a post elaborating on our concerns on the lack of transparency around these blocking orders, the attack on freedom of speech and right to privacy, intimidation and harassment of the press, the act of indiscriminate device seizures in the absence of any procedural safeguards, and the expansive surveillance powers of the Union government.
2024 general elections and platform accountability: In light of the upcoming elections, the team launched the #DoTheRightsThing series, which aims to assess the reporting on human rights impact undertaken and released by significant platforms, with a specific focus on the Indian context. The first post in this series covers Meta and its second annual Human Rights Report (“2023 Report”). We summarise the updates on India and reiterate the need for releasing a complete human rights impact assessment.
Fact-checking the fact checker: We received statistics on the Press Information Bureau’s functioning as a fact-checker in an RTI response, based on which we wrote and published an analysis. The PIB “fact-checked” our analysis on Twitter, following which we published a response and wrote to the PIB explaining why our analysis is accurate.
Explainer videos (to the rescue): As promised, we published several videos breaking down and explaining complex policy and regulatory developments. In our video on the ‘Open Network for Digital Commerce’ (ONDC), we go over what the ONDC is, how it works, what the stated promises and potential challenges are, especially regarding accountability, data safety, and the ability to address market issues.
In conversation with experts and beneficiaries: In March 2023, workers launched a 100 day dharna at Jantar Mantar in New Delhi to protest changes to the National Rural Employment Guarantee Scheme, the use of the National Mobile Monitoring System, and the difficulties of the Aadhaar based payment system. We visited Jantar Mantar to speak to protestors and hosted a Twitter Space with Rajendran Narayan, Nikhil Dey, Ashish Ranjan, and Rakshita Swamy, moderated by former IFF staffer Anushka Jain to discuss these issues.
Unravelling the many mysteries of the Digital India Bill: The Digital India Bil (DIB), referred to and discussed in several public forums since early 2021, has been an enigma for many. In our post dated February 2023, we sought to break some of the mystery by highlighting the concerns arising from conflicting statements given by unnamed (and sometimes named) officials leading to confusion around the timeline of the Bill. We also list the user harms and issues reported to be considered under the DIB, and the possible consequence of absence of nuance due to the expanded scope of the Bill.
To reach a broader audience, we released a video unpacking all the rumours, reports, and riddles surrounding the DIB (with a side of IFF). The video has got drama, intrigue, will-they-won’t-they tension, and (literal) he-said-she-said.
We didn’t stop there. While waiting for the other shoe (the DIB) to drop, we released another post dissecting the meetings held by the MeitY on and the official discourse around the upcoming DIB. In addition to the statements made by the Minister of State (MoS) during these meetings held in Bengaluru and Mumbai, we also relied on the presentation shared by the Minister in both meetings to conduct our analysis of the upcoming bill.
Interventions around the Criminal reform bills: Three bills overhauling current Indian criminal laws, namely the Bharatiya Nyaya (Second) Sanhita, 2023 (“BNS”), Bharatiya Sakshya (Second) Bill, 2023 (“BSB”), and Bharatiya Nagarik Suraksha (Second) Sanhita, 2023 (“BNSS”), were passed by both houses of the Parliament in the 2023 Winter Session, and have now received Presidential assent. The bills contain several provisions that threaten our fundamental rights to privacy and free speech. The review and recommendations of the Parliamentary Committee on Home Affairs also did not adequately address these shortcomings. We published a brief digital rights overview of the Committee reports ahead of the Parliament session, and after the bills were passed, we published a statement against the undemocratic legislative process that was followed, and brought attention back to some of their draconian provisions.
The bills, at various instances, attempt to digitise many aspects of criminal procedure, and include ‘digital evidence’ under the ambit of the evidence law, without outlining procedural safeguards. Though the word ‘sedition’ has been deleted from the law, the concept is retained through vague provisions, which leaves room for arbitrary application. Executive powers pertaining to search and seizure of digital evidence have also been broadened. We highlighted our concerns in a deeper analysis shortly after the bills were passed in both houses. We plan to sustain our engagement on these bills, insofar as they affect digital rights and freedoms.
Artificial intelligence, human consequences: The legislative process of the EU AI Act is moving forward steadily. On December 9 2023, Parliament reached a provisional agreement with the Council on the AI act. The agreed text will now have to be formally adopted by both Parliament and Council to become EU law. The Act, when passed, will have a massive effect on all of us and how we interact with technology. In this post, we briefly explain what the law seeks to achieve and its effect on India.
IFF’s sustained advocacy around digital rights through Parliamentary tools
In recent times, digital rights have become increasingly important, prompting Parliament to consider the most pressing concerns. To highlight important areas of concern, IFF released legislative briefs for the Budget, Monsoon, and Winter Sessions, as well as a session recap post for each session. These briefs provide an insight into policy debates and assists Members of Parliament (“MPs”) in taking up parliamentary intervention to safeguard citizens' rights.
Parliamentary questions in India are a vital tool for government accountability and transparency. MPs use them to scrutinise government actions, seek information on policies, represent constituents, and contribute to public awareness. Thus, throughout the three sessions this year, we tracked significant answers to parliamentary questions placed in both Houses by various members.
On at least 6 instances, we wrote to the Standing Committee on Communication and Information Technology on significant issues such as the emergence of “OTT” platforms and related concerns, internet and telecom suspensions, general data protection concerns, Aadhaar based data collection concerns, misuse of social/online news media platforms, including special emphasis on women security in the digital space, cyber security in India, platform governance, emerging technologies such as artificial intelligence, telecom sector related concerns, and more pointedly, on recent privacy threats namely the reported leak of Aadhaar data and the Apple threat notification about state-sponsored attack. We also wrote to other Parliamentary Standing Committees, in particular the Committee on Home Affairs requesting them to initiate public consultation on the 3 criminal law bills, the Committee on Finance regarding the scheduled briefing by representatives of the Reserve Bank of India, the Indian Banks Association, the National Payments Corporation of India, and the CERT-In on the subject ‘Cyber Security and rising incidence of cyber/white collar crimes’, and to the Committee on Subordinate Legislation of Rajya Sabha prior to their meeting on the consideration of the IT Rules, 2021.
In the coming year, we hope to see a greater commitment from Parliament to strengthen digital rights in India. We will continue to work with MPs and other parliamentary stakeholders to address the pressing issues related to digital rights and protect the rights of all citizens.
PlugTheBreach: Given that most companies fail to even acknowledge these breaches resulting in a near complete lack of information, IFF recognised the need to maintain a public list of data breaches that occurred in the country since 2020 on a publicly accessible database, PlugTheBreach.
Project Panoptic: We continued tracking the use of FRT-based surveillance tools under Project Panoptic, and were able to broaden its horizons to themes like advocacy against DigiYatra service at airports and the use of FRT for voter verification.
What’s next in store for the policy team?
Just as we elevated our efforts this year, we plan to continue with our rapid responses, increase participation in public consultations, send more representations and letters, release detailed and comprehensive public briefs and explainers, and sustain engagement with governmental bodies at both the Union and State levels. We commit to vigilantly monitor and generate numerous public-facing outputs related to crucial legislations consequential for digital rights. We promise to employ various interventions to increase awareness and raise concerns around the threats to digital rights in light of the imminent general elections. We will make sure to expand our current community facing projects and also develop new long-term projects. Furthermore, we assure you of our dedication to dissecting intricate technological policy advancements such as Artificial Intelligence and Digital Public Infrastructures, simplifying these complex concepts to make them as accessible to you as possible. In the upcoming year, we will continue to closely track Parliament proceedings and bring to your attention how your elected representatives are tackling urgent issues concerning digital rights. Our commitment for 2024 involves raising awareness about digital rights issues and shedding light on these intricate yet crucial matters in an entertaining and engaging manner.