Nikhil Sud is a lawyer by training and specializes in legal and policy issues related to technology. He serves as Regulatory Affairs Specialist at the Albright Stonebridge Group. Views expressed are personal and do not constitute legal advice.
In India, tech policy is everywhere. Data privacy. Data protection more broadly. Data localisation. Non-personal data regulation. Content moderation. Antitrust. A recently released tech-intensive budget. On these and other tech policy issues, there’s a lot India is doing right and there’s a lot it can do much better. To help ensure India achieves its commendable goal of boosting innovation and competition, the country’s policymakers should immediately implement several strategies, six of which are discussed below.
Experts only, please
Many in the tech policy space over-embrace generalism: “If you’re smart, you can do some reading and pick up anything”. That mantra has its place but, crucially, also has its limit unless by “some reading” you mean several years of formal training followed by many years of highly specialised professional experience, which is what it takes to develop a sound antitrust policy, for example. And that’s at a minimum. Even seasoned antitrust lawyers routinely debate extensively before arriving at even a glimmer of an answer, particularly on tech issues. Yet many policymakers in India’s tech-antitrust space have absolutely no antitrust expertise.
This has led to many developments that seriously threaten innovation. These developments include, among others, a non-personal data report reflecting a staggeringly defective view of antitrust, and a second (current) draft which on close analysis reveals the same problem but has been hailed incorrectly by many non-expert observers as largely benign. Such non-expertise has also fueled policymakers’ tendency to stretch antitrust beyond its scope, into matters such as privacy and consumer protection. Antitrust may even begin to seep into free speech issues, a conflation that Indian policymakers have so far commendably generally resisted. Additionally, non-expertise in antitrust, coupled with limited or no expertise in the dynamics of the web, has prevented policymakers from fully grappling with aspects of the web that make anticompetitive behaviour unlikely. These aspects include multi-homing (the fact that users exist on various platforms simultaneously, as do developers); low market-entry barriers; and low or no switching costs between platforms. These aspects have resulted in a vivid history of users fleeing services that mistreat them—a history that policymakers ignore or insufficiently acknowledge. They and often even several practitioners in the policy space continue to refer to outdated, inapplicable notions of “market power.”
The latest and perhaps most worrying dismissal (albeit implicit and perhaps unintentional) of the need for expertise: the Joint Committee (JC) merging personal data protection and non-personal data issues into one bill (the Data Protection or DP bill) and one agency’s jurisdiction (the Data Protection Authority or the DPA). Though the JC acknowledges the potential role of a separate non-personal data regulation, the aforementioned merging dramatically raises the likelihood of folks who know no antitrust handling non-personal data governance—a project with enormous antitrust implications. And it’s a project that even when not merged with personal data issues suffers major shortcomings given deficient expertise.
Perhaps the problem is this juxtaposition: Antitrust seems highly intuitive, but in reality, it is one of the most complex and dynamic legal subjects. So everyone thinks they get it (or can get it with “some reading”) whereas hardly anyone does; even those that do barely do. Apologies, this is no time for levity; but I’m trying to make a point. If you’re not an expert on this or the many other tech policy topics that require deep expertise, please call in the specialists. Resist the generalism mantra, as empowering as it may feel. The mantra has its place. This is not it.
“Levelling the playing field”: Bust that myth
A rationale that policymakers invoke perhaps more often than any other—and across many tech policy topics—is that they’re levelling the playing field for different sets of companies, most often Indian and international companies. But that rationale can rarely withstand scrutiny. The intent and/or effect is almost never a levelling of the field, and the effect is often a dampening of innovation. It’s time policymakers acknowledge that, despite this rationale’s buzzwordy appeal.
For instance, policymakers have often invoked this rationale for data localisation, a prominent and innovation-hampering feature of the DP bill and other policies. But the costs of data localisation indisputably risk placing international companies at a comparative disadvantage. That creates an uneven playing field, hurting competition on the merits and innovation. And that practical reality trumps any theoretical argument that localisation creates a level playing field by subjecting all companies to the same (Indian) data protection laws, an argument which is also undermined by the fact that data need not be localised in India for it to adhere to data protection laws equivalent to (or even stronger than) India’s. Policymakers have also invoked this rationale for potentially overreaching content moderation policies such as the contested Information Technology (IT) Rules which could hamper innovation and free speech. There, this rationale incorrectly ignores significant differences between online and offline platforms. And in the competition context, policymakers claim to level the playing field for Indian and international companies while simultaneously and explicitly favoring Indian companies over international ones, thereby betraying that rationale and undermining competition on the merits and thus innovation.
Ironically, some policies invoking the “level playing field” rationale—often really designed to help Indian companies over international ones—inadvertently undermine even that true intent because they inadvertently hurt Indian companies. For example, India’s data localisation requirements can hurt Indian businesses in various ways. Several Indian companies may use highly experienced and advanced international cloud service providers who have global networks benefiting from the economies of scale. This may be particularly true of Indian small and medium enterprises (SMEs) who may not have their own cloud infrastructures. Localisation could force these Indian companies to choose alternative providers, potentially sacrificing cost-effectiveness.
Additionally, India’s localisation rules could prompt other countries to retaliate with similar or even stricter rules, which could hurt Indian companies operating abroad or looking to expand abroad but store (or continue storing) data in India.
Alternatively, some Indian companies operating abroad or looking to expand there could prefer storing certain data (including data of Indian residents) abroad for technical and cost-related reasons. India’s localisation demands could hinder those plans and consequently the growth of these Indian companies.
And the final nail in this rationale’s coffin? Policymakers have little or no evidence showing an uneven playing field. India’s tech space is already vibrant with numerous international and Indian companies thriving and competing to bring the best services to Indian consumers.
Non-intervention is often policy success
There’s a deeply ingrained and damaging fallacy among policymakers and regulators in the tech space: They often believe their job is to intervene. It isn’t. It’s to spur innovation. And that requires rigorously examining whether intervention is needed, and then intervening if needed. This may seem obvious but frequently escapes policymakers even in deeply experienced jurisdictions (in addition to when political motivations in some jurisdictions around the world may have prompted a disregard of this reality). Often there is simply no need to intervene, and sometimes intervention can cause significant harm. In all such cases, a policymaker should consider themselves successful if they can determine that intervention is not needed or that it is harmful, and then resist the almost hardwired urge to intervene.
In fact, in the tech antitrust context, scholarship demonstrates that policymakers and regulators should resist intervening in conduct that produces consumer benefits given (1) the significant probability of an erroneous decision (of whether to intervene) because of the complexity of such assessments and (2) over-enforcement (also called “type I errors”) can be more damaging than under-enforcement (also called “type II errors”). To its credit, the Competition Commission of India (CCI) has frequently recognised that non-intervention is often regulatory success. It has often launched and conducted years-long, incredibly expansive investigations and then correctly decided not to intervene, sometimes contrary to the flawed recommendations of the Director General (its investigative wing). However, the CCI’s recent spike in activity in the tech space casts significant doubt on whether it will remain steadfast in this sensible approach. Additionally, India’s competition space increasingly features policymakers beyond the CCI, and their actions so far suggest that they may conflate intervention with success.
Look to international precedent—but smartly
India conventionally looks to Europe for precedent. Looking to the US is unconventional and many observers in the policy space think Indian policymakers will therefore not look to the US. Observers underestimate the policymakers who have sometimes looked to the US, recognising that India’s technology innovation ambitions are far closer to the US landscape than to Europe’s. But now several US policymakers seem inclined to intervene far more than ever before. India should not follow suit. The very rationale of looking to the US is to foster the vibrant innovation the US has so far fostered. That innovation has come from a generally restrained approach the U.S. has taken so far. Look to that approach and contrast it with Europe’s less restrained approach and less vibrant innovation. Smart inspiration is key. Policymakers should look to other countries, including unconventional sources of inspiration, but they should reject copy-pasting that ignores the kind of context discussed above. The CCI has commendably rejected largely copy-pasted allegations from European investigations in the past. But India’s spike in tech policy scrutiny suggests this healthy approach may be fading.
Incorporate judicial scrutiny
…particularly where policies give the government wide powers. For instance, the DP bill provides the government powers that are almost indescribably wide. The bill should create a role for India’s courts, such as requiring a court order for the government to exercise its more expansive powers. The bill currently calls for an order by the government, not a court order. This is strikingly ironic because the report accompanying the first bill released by the committee led by Justice Srikrishna, whom the JC’s report cites frequently, called for judicial scrutiny precisely in this regard.
India’s judiciary has frequently been a voice of reason, including on multiple tech policy issues. But when the judiciary’s role isn’t incorporated into policies and laws, it can impose only ex post scrutiny (i.e., scrutiny when government action based on the law or policy is challenged). But ex ante scrutiny (i.e., scrutiny before the government acts based on the law or policy) is also important, especially when the government’s powers are extraordinarily wide.
Without the embedded “checks and balances” of judicial scrutiny, these powers risk severely undermining citizens’ rights and their trust in the government. Citizens may also resist sharing data with private companies, fearing that government could unjustifiably access and use even that data. This culture of mistrust risks eviscerating innovation.
Notably, government overreach in various tech policy areas including privacy and content moderation also risks eviscerating innovation that could help marginalised groups achieve social inclusion. If these groups fear government overreach on platforms that could otherwise help them, they will avoid using such platforms and become even more marginalized. Such platforms could include a wide range, including those relating to LGBTQ+ issues, mental health, and other matters on which the world is making incredible progress. Conscientious Indian and international tech companies in India support such progress in India too, including through the content and services they offer. India’s policymakers should offer support by embedding the checks and balances of judicial scrutiny into their policies.
Eliminate “policy chaos”
There are at least four types of chaos that mar India’s tech policy space, jeopardizing innovation.
The first is intragovernmental disharmony. We should not have multiple government departments releasing policies on the same subject. This leads to confusion and contradictions, as we saw with the e-commerce policy’s data protection and localisation provisions juxtaposed with the then-current data protection bill’s provisions on the same topics. We see similar concerns when we juxtapose the DP bill’s content moderation provisions with those in the IT Rules. The government commendably sometimes recognises such chaos when it’s occurring and eliminates it by assigning jurisdiction to one department. But this should be the approach from the start, rather than a clean-up exercise. One department should hold the pen and collaborate with other relevant departments.
The second is scope creep. For instance, a committee charged with developing data protection rules, based on a Supreme Court judgment about data protection, should not develop content moderation rules. It also shouldn’t step into the antitrust arena. But the JC has done both. Such scope creep risks conflating issues; exaggerating any link between issues; underappreciating issues that aren’t the “core” matter being examined; and catching all stakeholders off-guard, thereby creating a strikingly unpredictable policy environment. This can clobber innovation, albeit unintentionally.
Third, let’s get the writing right. Even when a policy isn’t rendered confusing by other departments’ policies on the same topic, it’s often rendered confusing by its own text. Many tech policies in India suffer from notably unclear language. Often, this does not perturb industry advisors and observers in the policy space, who find refuge in the belief that “the details will come later”—only to later realise that they don’t. So companies dial down their innovation to comply with the most restrictive interpretation of the ambiguous language or risk being perceived as non-compliant. The latter often means going to court, which drains their resources at innovation’s cost, and similarly drains the government’s resources. And courts too sometimes don’t solve the problem, as even judicial opinions on tech policy issues in India have suffered from ambiguity.
Often the issue isn’t merely missing details, but writing that is self-contradictory or simply has no reasonably interpretable meaning, making the belief that clarity will come later an even less sensible approach. Having learned all this the hard way, some industry advisors and observers are now asking policymakers for clarity upfront. But they’re making a new mistake: they’re often satisfied with the clarity provided in conversations and interviews. That doesn’t and cannot be expected to stick. Policymakers cannot reasonably be expected to articulate and commit to complicated clarifications in ad hoc conversations. Policymakers should instead provide clarifications in writing, ideally in the policy itself.
Fourth, policymakers must bring all stakeholders—industry, civil society, academia, and others— into policy development from the start. And keep them in the loop throughout. Engage them meaningfully. Stakeholders’ incentives are far more aligned than policymakers frequently appreciate. Further, such engagement will prevent shocks, which are currently common in India’s tech policy ecosystem. Often the morning brings with it news of an elaborate, quickly applicable, and potentially innovation-damaging policy that no or too few stakeholders were informed of let alone consulted on. And panic ensues. Such policy environments can repel investment and innovation, undermining India’s spectacular potential.
The writer is a lawyer by training and specialises in legal and policy issues related to technology. Views expressed are personal and do not constitute legal advice.
The thoughts and opinions shared here are of the author.
Check out our end of season subscription discounts with a Moneycontrol pro subscription absolutely free. Use code EOSO2021. Click here for details.