Blocking apps: Indian cyberlaws may be put to the test
Experts say the absence of a dedicated data privacy and security law limits govt’s legal options
Experts say the absence of a dedicated data privacy and security law limits govt’s legal options. SUDIPTO DEY writes
The government’s move to block 59 Chinese mobile apps will put to test the provisions of the two-decade-old, overarching statute — the Information Technology Act, 2000 — in safeguarding the country’s data security and privacy concerns.
Section 69A of the Act empowers the central government to block access to information on the internet that is considered prejudicial to sovereignty and integrity of the country. However, the legal basis of the move — and whether it could withstand judicial scrutiny — is still being debated. Some experts feel the absence of a dedicated data privacy and security law limits the country’s legal options. There is also concern among a section of policy analysts, who argue the move sets a precedent in terms of expanding the power of the government to block web services.
This is the first time internet applications have been blocked on the ground of national security, say experts. In the past, the ground for initiation of such action included display or dissemination of specific inappropriate content, breach of privacy or data security concerns. The sweeping nature of the order to block these mobile apps has taken many experts by surprise. “I am unaware of instances where internet applications have been banned on the grounds of national security,” says Santosh Pai, partner, Link Legal.
Internet Freedom Foundation, an advocacy group that works to protect and advance digital rights, argues in a blogpost that according to its reading, Section 69A does not extend to directions for blocking smartphone applications, but individual pieces of information and content.
Legal experts point out most governments generally issue notice or direction to the concerned service providers, allow them to comply, before issuing any blocking orders. India, too, has been largely following that protocol. However, this time the service providers have to first comply with the government order, before making representations to concerned authorities and convince them they comply with all the regulations.
The affected service providers are entitled to appeal against the move in Indian courts, citing provisions of Article 14 of the Constitution, say lawyers. Article 14 provides any person equal protection of the law within the territory of India. However, legal experts point out courts generally do not interfere with a government order based on the grounds of national security. Pai, too, expects the affected service providers to first enter negotiations with the government to put forth their point of view and try and comply with the security concerns raised.
But the fact remains the absence of dedicated laws raises questions around the efficacy of India’s cyberlaw framework to counter It-related data security and privacy threats. Further, the advent of artificial intelligence, blockchain technology and cryptocurrencies, and the increasing use of Internet of Things devices throw techno-legal challenges regarding privacy and security, say experts. The current work-fromhome scenario raised several questions around data privacy and security. “India needs to have a holistic approach on these techno-legal issues,” says Pavan Duggal, a cyber-law expert. The Supreme Court recognised the right to privacy as a fundamental right under Article 21 of the Constitution. However, the proposed Personal Data Protection Bill, 2019, is still in the works, pending consideration of the Joint Parliamentary Committee. Experts feel India needs to learn from the experience of other countries like Singapore, Australia, and Vietnam, which have already legislated new legal frameworks dedicated to cybersecurity and its various aspects. Given the newly changing ground realities of 2020, there is a need to review and extensively amend the IT Act, 2000, and make it topical and relevant in today’s context, says Duggal. Most experts are in favour of putting in place specific regulatory instruments to safeguard individual privacy and meet data security concerns. Any non-compliance should be penalised in an objective and evidence-based manner, following proper legal standards, they add. In its blogpost, Internet Freedom Foundation says any expansion of power to the government to block web-services is detrimental to the interests of users, innovation, and India’s larger technology ecosystem. The move to block the mobile apps is likely to have a lasting impact on the data security and privacy framework.