How Bharat is being digitally transformed

Digital India is a flagship programme of the government that aims at transforming India into a digitally empowered economy and knowledge society. It was approved in August 2014 with three key goals in mind: provide quality digital infrastructure to every citizen, provide all public services digitally on demand and empower citizens digitally to enable them to participate fully in a rapidly digitalising economy and society. The approach was to involve all the central ministries and all the states in a whole-of-government framework to work holistically to achieve these goals. How has the programme performed in its eight years of implementation and what lies ahead for it?

The achievements under the programme have been quite impressive by any standards. BharatNet has become the world’s largest rural broadband programme with over 5.75 lakh kilometers of optical fibre laid to connect over 1.85 lakh village panchayats. With near universal 4G coverage, the number of internet users in India has exploded to 83 crores with access to the world’s cheapest mobile data. A huge network of nearly 5 lakh common services centres across the entire country provide assisted access to a wide range of online services. The coverage of Aadhaar and banking services have become near universal, allowing everyone to access online services and receive benefits in their bank accounts directly. Digital inclusion has been a key goal of this programme with over 5.14 crore people trained in digital literacy under the Prime Minister’s Gramin Digital Saksharta Abhiyan.

The confluence of universal digital identity, banking services, mobile phones and increasing digital literacy has resulted in huge expansion of demand for online services. The volume of online transactions has grown over 50 times to over 34 crores per day. DigiLocker, Mobile Seva and UMANG platforms have greatly simplified the access to a wide range of public services through mobiles. Digital life certificates through Jeevan Praman have proved to be a boon to over 5.6 crore pensioners in the country.

India is now the global leader in digital payments with the Unified Payments Interface transactions crossing the $1 trillion mark in value during 2021-22. The Direct Benefits Transfer now covers over 300 schemes and over 22.7 lakh crore have already been transferred to the beneficiaries’ bank accounts directly.

New-age digital platforms in health and education have transformed the delivery of services in these domains. CoWin has become the world-leading platform for covid vaccinations with over 194 crore vaccine doses administered. The online teleconsultation platform, e-Sanjeevani, has greatly helped the people in accessing healthcare services during covid with nearly 4 crore tele-consultations conducted. Under the Ayushman Bharat Digital Mission, over 22 crore health accounts have been created. Similarly, DIKSHA is the nation’s largest online platform for school education.

With a thriving technology and innovation ecosystem, India has become the world’s third largest startup hub with over 100 unicorns. Tech startups alone have created over 23 lakh jobs since 2016. Many of these startups are focused on advanced research and development in emerging technologies, such as artificial intelligence, blockchain, metaverse, web 3.0, robotics, Internet of Things, 5G, etc.

India has also made great strides in electronics manufacturing with the country now the world’s second largest manufacturer of mobile phones in terms of volume. With the new Production-Linked Incentives schemes, the country is poised to become a global leader in semiconductors and large-scale electronics manufacturing as well.

With such impressive achievements under its belt, what lies next for Digital India? It is clear that the programme owes its success to well-defined goals, adequate funding and a whole-of-government approach in both conceptualisation and implementation of various schemes. It must now transform itself in both scale and scope to achieve the target of $1 trillion digital economy by 2026 and make India a global leader in advanced digital technologies. Scaling up would involve enhancing the coverage of the programme to the entire country including all the villages and the entire population including women and the weaker sections. On the other hand, enhancing the scope would imply that such digital transformation permeates all sectors of the economy including the micro, small and medium enterprises and all governance domains, both at the central and state levels. For achieving this vision, specific focus would be required in the next phase of the programme on digital infrastructure, digital government, electronics manufacturing, modern digital laws with a focus on digital privacy, cyber security, capacity building and skilling.

(The above article appeared in The Economic Times on July 3, 2022 and is available at https://economictimes.indiatimes.com/tech/technology/how-bharat-is-being-digitally-transformed/articleshow/92613053.cms?from=mdr. The views expressed in the article are personal.)

Digital India: What’s Next?

Digital transformation is a key central theme of Budget 2022 with announcements ranging from infrastructure status to data centres to taking fibre to all panchayats under the BharatNet programme. Introduction of a blockchain based sovereign digital currency, setting up of 75 digital banking units, constitution of an Animation, Visual effects, Gaming and Comics (AVGC) task force, launch of a digital university, digitalisation of school education platforms and support for the Production Linked Incentive (PLI) scheme for large scale electronics manufacturing and IT hardware were also part of the overall focus. The incentive scheme of US $10 billion for semiconductor and display fabs announced earlier also fits into the broader vision for making India “Aatmanirbhar” and a global leader in digital technologies.

How can the Digital India programme be reinvented to achieve this vision? This programme, launched in 2015 with the goal of ushering in digitally driven transformation in governance, economy and society, already has many highly noteworthy achievements. Many flagship schemes, e.g., the Unified Payments Interface (UPI), the digital literacy programme (PMGDISHA), e-Hospital, DigiLocker, Common Service Centres (CSCs), etc. have seen massive expansion under Digital India. The number of internet users has also grown to over 83 crores now, which is fuelling further aspirations for a full-scale digital transformation in all domains with focus on ease of living and ease of doing business.

The Digital India 2.0 needs to be architected on six major pillars for accelerating digitalisation and achieving the vision of complete digital transformation. First, it needs to ensure provision of world-class digital infrastructure in the country, including high-speed broadband connectivity to all through fibre and 5G network, and hyperscale data centres to make India a global hub for data centres and cloud. With increasing focus on privacy, security and the need for storing data within the country, there are strong demand drivers in place for making investments in data centres attractive.

Second, digital government and digital services need to undergo a paradigm shift with focus on data governance, whole-of-government approach and creation of new public digital platforms in major domains such as education, health, agriculture, logistics, etc. The National Digital Health Mission and the PM Gati Shakti initiatives are aimed at this vision. There is a need for building similar public digital platforms in other domains. There also needs to be a strong focus on standards, interoperability and using common technology platforms, such as Aadhaar, UPI, Single Sign-on, etc. to make the development of new applications easier and faster.

The third major area where there is a great potential for digital transformation is in accelerating the growth of our digital economy to at least USD one trillion in the next 4-5 years. This requires ensuring high and sustainable growth in electronics manufacturing, IT-ITES and emerging technologies, such as artificial intelligence, machine learning, Internet of Things, 5G, etc. Creating a vibrant start-up ecosystem in these areas holds the key to achieving the trillion-dollar digital economy goal.

Fourth, we need to modernise our digital laws to support the rapid growth of the digital economy, and address the growing concerns on accountability of online platforms and increasing cyber security threats. Enacting the personal data protection bill would help in addressing the privacy concerns. The new statutes would be helpful in creating trust and confidence amongst the users in the online world, which is crucial for digital inclusion as we need to focus now on bringing the remaining 40% of the population into the digital world.

Another major area of focus should be on rapid advancements in strategic and emerging technologies with ownership of intellectual property. We need to quickly formulate national strategies in these areas and fund the flagship initiatives. Recently published strategies by MeitY on blockchain and additive manufacturing are steps in the right direction. A national policy on data governance also needs to be formulated so that access to data, so crucial to advancement in these technologies, is made easier for our researchers, start-ups, etc.

Last, but not the least, there needs to be a strong push for skilling and capacity building in digital technologies at all levels in partnership with the industry and academia. Schemes such as FutureSkills Prime need to be expanded to provide for the rapidly growing need for highly skilled resources. PMGDISHA needs to expand at the population scale to make all citizens digitally literate. India should rightly aim at becoming the skill and talent capital of the world.

With rapid strides already made under the Digital India programme, it is the right time to visualise India becoming a global leader in digital technologies across the entire spectrum, not just in IT services. The next phase of Digital India should aim to achieve this vision.

(The above article appeared in The Economic Times on April 3, 2022 and is available at: https://economictimes.indiatimes.com/tech/technology/whats-next-for-digital-india/articleshow/90608332.cms. The views are personal.)

A Holistic Approach to Personal Data Protection

After detailed deliberations, the Joint Committee of Parliament on the Personal Data Protection Bill has made several important recommendations, and a debate is currently raging in the country over some of those proposals.

The Committee’s recommendations need to be understood in the broader context of personal data protection and to support the growth of a robust innovation and data-driven digital economy.

The Committee has proposed to include a new clause to include non-personal data within the ambit of the Bill, since renamed as Data Protection Bill, 2021.

This has been done to take a holistic approach towards processing of data, both personal and non-personal, as with the advent of advanced technologies like artificial intelligence and sophisticated data analytics, it may not be too difficult in future to relate anonymised personal data (a form of non-personal data) to individuals.

However, the revised Bill only contains a provision for formulating rules regarding non-personal data at a later stage. Currently, it does not have any substantive provisions in this regard.

A key provision in the Bill to allow certain exemptions to the government data fiduciaries has generated a lot of discussion.

The exemptions under Section 35 of the Bill need to be on a case-to-case basis and only on the grounds of sovereignty and integrity of India, security, etc. which are within the ambit of reasonable restrictions under Article 19(2) of the Constitution.

Further, the reasons for exemptions have to be just, fair, reasonable and proportionate which are as per norms laid down by the Supreme Court in its 2017 privacy judgement in the Puttaswamy case.

The exemptions under Section 12 are narrower and more specific for facilitating better delivery of government services, disaster management, dealing with epidemics and medical emergencies, etc.

Government entities are not exempted from their obligations as data fiduciaries and complying with the rights of data principals in general. There are adequate safeguards in the Bill to prevent any misuse of such exemptions, including oversight by the Data Protection Authority (DPA).

Another recommendation that has generated much debate relates to making social media platforms liable for content hosted on their platforms from unverified accounts and making verification of accounts mandatory.

However, this is only for those platforms that do not act as intermediaries eligible for safe harbour as per Section 79 of the Information Technology Act, 2000. This is only a recommendation that needs to be examined by the government later and is not part of the revised Bill.

Concerns have also been raised over the compliance burden on startups and its impact on innovation.

To address this concern, the Bill places much greater emphasis on compliance by the significant data fiduciaries with additional obligations, such as periodic audits, appointment of data protection officers, etc. Startups and small businesses do not need to comply with these additional obligations as they would not be classified as significant data fiduciaries.

The Bill also provides for the creation of a sandbox to encourage innovation. Processing of personal data of foreign nationals is also exempted under the Bill.

Another key concern is regarding the provisions for data localisation.

Section 33 of the Bill makes it clear that sensitive personal data shall continue to be stored in India, while Section 34 allows its transfer outside India under certain conditions.

The EU GDPR places similar conditions on data transfer to only those countries which fulfil the ‘data adequacy’ norms.

These provisions will make it easier for Indian entities to attract more outsourcing business from abroad as India would fulfil these norms. Storage of sensitive personal data within India would support the growth of hyperscale data centres and an innovative data-driven economy.

Concerns have also been raised over another recommendation relating to norms for testing the integrity of hardware and software on devices.

This has been done to prevent any unauthorised data breaches through insertion of any untrusted hardware. This provision has been added within the scope of functions of the DPA under Section 49 and can be implemented only after the DPA formulates an appropriate code of practice in consultation with the relevant stakeholders.

The concept of privacy has evolved from the Aristotelian concept of idios, meaning “one’s own” or “private”, in ancient times to its modern-day focus on informational privacy.

The Data Protection Bill, 2021 provides a holistic framework for addressing informational privacy that will also help greatly in the growth of a robust digital economy in India.

(The above article appeared in The Economic Times on January 9, 2022 and is available at: https://economictimes.indiatimes.com/tech/catalysts/ettech-opinion-a-holistic-approach-to-personal-data-protection/articleshow/88775228.cms?from=mdr. The views are personal.)

‘Digitisation has transformed India’s governance model’

The next wave of digitization needs to ensure that digital opportunities should ..

Traceability vs Privacy: The Real Issue is of Collective Security

Societies have long realised the need to provide collective security for all to ensure sustainable development and prosperity. Providing collective security involved imposing some form of social control to regulate individual and group behaviour through gathering information about individuals. In the modern information age, a good government can ensure collective security through efficient use of information for law enforcement without necessarily encroaching upon individual privacy.

Countries around the world have enacted laws to ensure that such information could be collected easily through various sources to help in achieving the wider societal goal of collective security. The US enacted the Stored Communications Act (SCA) in 1986 to require the internet service providers (ISPs) to provide content and metadata on stored emails to the government agencies under certain conditions. As this law soon became outdated due to rapid technological advances, the US passed the Communication Assistance for Law Enforcement Act (CALEA) that required the telecom companies to redesign their networks to facilitate wiretapping by the government agencies. Later, in 2005, it was expanded to cover ISPs and services like Skype, etc.

UK and Australia have gone even further in enacting laws that require device makers and software developers to provide access to encrypted data. The Investigative Powers Act 2016 and the Investigatory Powers Regulations 2018 in the UK provide sweeping powers to the intelligence and law enforcement agencies to carry out both targeted and bulk interception of internet communications and hack into devices to access data. The Telecommunications Assistance and Access Act 2018 of Australia gives broad powers to the government agencies to require communication service providers (CSPs) to decrypt any communication.

The raging debate in India over the ‘traceability’ provision in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 must be understood in the context of the need for ensuring collective security as a social good. The rules require the significant social media intermediaries to identify the first originator of a message in India for investigation of grave offences relating to the sovereignty and integrity of the country, crimes against women and children, etc. that are punishable with a minimum prison term of 5 years.

Critics have claimed that this provision would seriously undermine privacy and force the intermediaries to break the end-to-end encryption. However, the rules make it very clear that what is required to be provided by the intermediaries is only the metadata about the first originator of the offending message, and not its contents. The message itself needs to be provided by the law enforcement agencies to the intermediaries. There is no attempt to make them break any encryption. With such safeguards built into the rules, the provision cannot be termed as harming privacy. In fact, the rules place much less onerous obligations on the intermediaries for sharing information compared to what several other countries have mandated, as noted earlier.

The law and the evolving jurisprudence in this domain in India have provided strong safeguards for ensuring freedom of expression and privacy. The upcoming Personal Data Protection Bill aims to further enhance this legal framework for protection of personal data and online privacy subject to reasonable checks in the interest of collective and national security. John Locke, a famous 17^th century philosopher and the “Father of Liberalism”, argued in his Second Treatise of Civil Government that individuals needed a strong government to be able to exercise their individual rights and liberties.

There need not necessarily be a trade-off between privacy and collective security. Collective security is just as essential to make people feel safe and allow them to enjoy their privacy protections to function effectively as individuals. The new IT Rules seek to achieve that larger social good.

(The above article appeared in The Economic Times on 10th October 2021. It is available at: https://economictimes.indiatimes.com/tech/catalysts/traceability-vs-privacy-the-real-issue-is-of-collective-security/articleshow/86721078.cms?from=mdr. The views are personal.)