They pointed to a potential“ overlap” between certain provisions in the newly announced draft Indian Telecommunication Bill, 2022 and the existing IT Act as well as the revamped Information Technology Act (The Digital India Act) and the upcoming Personal Data Protection (PDP) Bill as a matter of “concern.”
The new telecom policy –released on Wednesday–has included over-the-top (OTT) communication services such as WhatsApp, Telegram and Signal under its ambit, even as the proposed IT regulations are also expected to include provisions that will govern these companies, they noted.
As the government is drawing up both telecom and IT laws afresh, it needs to decide which of the regulators– whether it is the Telecom Regulatory Authority of India (TRAI) or the proposed Data Protection Authority (DPA) under the PDP Bill— will have oversight of these companies, said the people cited above.
Currently, apps like WhatsApp are regulated under the IT Act, while provisions under the IT Rules, notified last year, have also increased oversight of significant social media firms such as WhatsApp including provisions pertaining to traceability of messages.
Meanwhile, the newly released draft telecom policy has also expanded the definition of “telecommunication services” to include OTT communication services, which means these companies will also be regulated under the new law.
Discover the stories of your interest
The Clause 24 (2) (a) of the draft telecom Bill also states that information transmitted and received over telecommunication services could be intercepted by an authorised official of the government “in the interest of the sovereignty, integrity or security of India, friendly relations with foreign states, public order, or preventing incitement to an offence”.
Some industry experts noted that this provision could open up the debate over breaking of encryption. Meta-owned WhatsApp, which claims to be end-to-end encrypted, has previously taken the government to court for mandating it to identify the first originator of messages.
WhatsApp did not reply to ET’s queries on the matter.
“OTT services are already being forced to comply with IT laws that don’t factor in modern privacy technology and intent, especially end-to-end encryption. Extending telecom laws to also paint these by the same brush as phone calls for interception will make for one more unnecessary headache that doesn’t achieve anything additional for the country or its law enforcement,” said Prasanto K Roy, cyber policy expert.
“And the OTTs face other upcoming regulations, including Data Protection and the Digital India Act. Even though the extant 1885 act was overdue by about a half-century for an overhaul, this duplication is unnecessary,” he added.
Others such as Salman Waris, a partner at legal firm TechLegis was of the view that the “government is trying to put in place multiple mechanisms to exercise control over the internet via different regulations, ( it) wants to have the ability to be able to ‘control and analyse’ content and communication on OTT players in ‘real-time’ rather than conducting a post-mortem subsequently.”
Pointing to “substantial overlap ( between) the proposed draft of the Telecommunication Bill, the existing provisions of the IT Act and IT Rules, and the now withdrawn Personal Data Protection Bill,” Waris said it will “only add to the regulatory woes of service providers.”
Noting that the “end-to-end encryption offered by many OTT players has been a bone of contention. While the intermediary rules obligate apps to provide on-demand information to law enforcement agencies, apps, citing encryption, express inability,” he added.
To be sure telecom operators have argued for regulation of OTT players that offer similar communication services. While telecom companies are subjected to various licensing and regulatory provisions, OTT players virtually operate unregulated, preventing a level-playing field, according to Waris.
Aman Taneja, lead, Emerging Technologies, Ikigai Law, said, “Both regulations need to be crafted such that there is no mingling of the streams. Specifically, on the aspect of traceability and breaking end-to-end encryption, there are already cases challenging these provisions which are pending, so judicial clarity on these aspects becomes all the more important.”
Holding that it is possible for more than one regulator to regulate a space, Taneja said it is, however, important to have clarity about what aspects each regulator oversees to avoid any inconsistency that is difficult for businesses to navigate. For instance, “while the proposed telecom law looks at licensing obligations and consequences which flow from that, the Digital India Bill which is still awaited may be limited to content regulation and conditions for intermediary safe harbour,” he said.
Elsewhere, lawyers pointed to the possibility of the new “Digital India Bill reported to replace the Information Technology Act, 2000 soon, may or may not provide for provisions to govern OTT altogether, including the aspect of content services by OTT platforms.”
Harsh Walia, Partner, Khaitan & Co, said, under the new telecom Bill, the definition of “telecommunication services” includes, inter alia, OTT communication services only and thus does not give the impression to incorporate OTT, as a whole, within its scope.”
However, as one “cannot rule out potential overlap of powers that may arise in the future, it is only prudent to expect that the Government will enact these Bills after extensive caution,” he added.