Home / #india

Green Intellectual Property

6 July, 2022
Mathews Verghese

The damage to the environment has over the last decade or so been a topic of paramount importance. Changes to the same can now be felt closer to home rather than in some remote corner of the globe. The Intergovernmental Panel on Climate Change (IPCC) released a report in 2021 stating that climate change is “widespread, rapid, and intensifying”. We are at the precipice of an important stage in the history of our planet. Never before has technology reached the levels that we have now. It is time to optimally harness technology to protect the environment to sustain future generations. With the literature currently in the media, there is definitely awareness of the damage being caused.

Green technology and innovation thereof will be of paramount importance, and Intellectual Property (IP) rights play a major role. The term ‘Green Intellectual Property’ refers to the protection of innovations in the field of green technology. The UN Rio Declaration on Environment and Development of 1992 stated that Green Technology means “environmentally sound technologies that protect the environment, are less polluting, use all resources in a more sustainable manner, recycle more of their wastes and products, and handle residual wastes in a more acceptable manner than the technologies for which they were substitutes“.

WIPO is playing a huge role in the acceleration of Green IP through WIPO Green (https://www3.wipo.int/wipogreen/en/). “WIPO GREEN is an online platform for technology exchange. It supports global efforts to address climate change by connecting providers and seekers of environmentally friendly technologies.”

India, with a huge focus on agriculture, could see smart agriculture come to the forefront. We could also see the rise of water and soil conservation mechanisms, soil re-carbonization and carbon sequestration, etc. In fact, since 2016, over half of the patents granted in India were related to green technologies. In sheer numbers, 61.186 patents were granted in this field, and over 90% of these technologies addressed waste management and alternative energy production methods.[1]

Green IP is likely to lead to the rise of a huge amount of innovation. With innovation comes patent protection. Secrecy may be maintained to maximise market position for innovative technologies that will result in the rise of trade secrets. The aesthetic appearance of new innovations will come under the ambit of protection of design rights. Design rights may also be a valuable right as the use of 3D printing grows as a potentially more sustainable manufacturing technique. The rise of Green IP will also result in the rise of certified trademarks. Software and data evaluation will also play a decisive role in improving existing technologies in an environmentally friendly way. We will also see the rise of technology transfer licensing agreements as companies look to leverage technology developed by others to their advantage. Thus, the importance of Green IP will percolate to an increase in IP protection as well.

For those who are trailblazers in the field, having an IP checklist and an IP strategy will be of importance. Apart from this, the Indian government may also need to look at more subsidies and rebates for the development of Green IP. In a recently published report, Green Future Index 2022, India was ranked among a contingent labelled as “climate laggards”. The country’s COVID-19 recovery plan favours traditional industries, which is hampering the move to greener policies.

Nevertheless, subsidies in official fees for start-ups and MSME’s have pushed these industries to protect their intellectual property. Such a change can also be effected with rebates for the filings for Green IP. With the problems brought about by damage to the environment being closer to home, it is time for India to be at the forefront of the development of Green IP.

References:

[1] https://timesofindia.indiatimes.com/india/every-2nd-patent-granted-since-2016-relates-to-green-tech-most-linked-to-waste-alternative-energy/articleshow/89420047.cms

Image Credits: Photo by JudaM from Pixabay

POST A COMMENT

Home / #india

Cryptocurrency and Money Laundering: Deciphering the Why and the How

The financial sector continues to revel in the advancement of disruptive technological innovations. Due to the attractive rates and fees, ease of access and account setup, variety of innovative products and services, and improved service quality and product features, financial technology is attracting more customers and investors today.^[1] Despite the numerous advantages of these sectoral transformations, it is impossible to deny that the digitization and ease with which the internet has enabled all of us to function effectively in our day-to-day work has also created a space for virtual crimes.

Amidst the pioneering fintech revolution, cryptocurrency has emerged as a modern financial technology that can be used to easily launder money. Despite rapid market fluctuations and an uncertain legal status, cryptocurrency continues to captivate Indian investors, who are undeterred and unbothered by the associated risks of cyber fraud.

This article will explore how the crypto market nurtures a convenient and fertile ground for money laundering activities.

Cryptocurrency and India

The Indian regulatory market has had a hot and cold relationship with cryptocurrency over the years. The RBI, vide Circular DBR.No.BP.BC.104/08.13.102/2017-18 dated April 06, 2018[2], restricted all crypto transactions. However, in 2020, the Supreme Court effectively struck down the ban. As a result, the RBI stated in Circular DOR. AML.REC 18/14.01.001/2021-22 that banks and financial institutions cannot cite the aforementioned circular to warn their customers against dealing in Virtual Currencies. However, it did state that, “Banks, as well as other entities addressed above, may, however, continue to carry out customer due diligence processes in line with regulations governing standards for Know Your Customer (KYC), Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) and obligations of regulated entities under the Prevention of Money Laundering Act (PMLA), 2002, in addition to ensuring compliance with relevant provisions under the Foreign Exchange Management Act (FEMA) for overseas remittances.”[3]

At present, while the talks of implementing comprehensive legislation governing cryptocurrencies have fizzled out, the Union Budget 2022 brought digital currencies under the tax net. As of 2022, the crypto asset market in India stands at an approximated evaluation of 45,000 Crores and 15 million investors[4].

However, it is pertinent to note that it is transactions, not investments, in the digital currency that pose an issue. In India, the Enforcement Directorate discovered over 4,000 crores of such illegal cryptocurrency transactions in 2021. As per the 2022 Crypto Crime Report by blockchain data firm Chainalysis[5], cybercriminals laundered $8.6 billion worth of cryptocurrency in 2021, $6.6 billion in 2020 and $10.9 billion in 2019. Furthermore, the study discovered that at the moment, darknet market sales or ransomware attack profits are virtually derived in cryptocurrency rather than fiat currency, thus significantly contributing to the data.

Money laundering, terror financing, drug dealing, and other criminal activities are all done using cryptocurrency transactions. Although these transactions are recorded on a blockchain and are traceable, criminals use mixers and tumblers to make it difficult for a third party to track them.

The Laundering Mechanism

Eurospider Information Technology AG, “Mixers Tumbler Example,” fig.

For clarity, refer to the above image. Using the OHNE mixer, A sends 20 bitcoins to B, U sends 15 bitcoins to V, and X sends 5 bitcoins to Y. These are single-layer transactions that are simple to trace and identify.

The transaction takes place in a different way in the second image, where the MIT mixer is used. For the sake of brevity, let us consider a single layer of mixer being used. In real life, the number of mixers used is in the thousands. Here, A sends 20 bitcoins to M1, U sends 15 bitcoins to M2 and X sends 5 bitcoins to M3. In the next stage, B receives 20 bitcoins from M2, V receives 15 bitcoins from M1, and Y receives 5 bitcoins from M1. The difference we must notice is that B, V, and Y are receiving the same number of bitcoins as in picture one, but not from A, U and X, respectively. Because there is no information about A sending bitcoins to B, U sending bitcoins to V, or X sending bitcoins to Y, these transactions are not single-layered and are impossible to trace. Hence, making the transaction anonymous.

Criminals use a similar method to send money using cryptocurrencies. Consider the following scenario to gain a better understanding: A, B, C, and Z are cryptocurrency users who keep their coins in their digital wallets. They use the same mixing service to make transactions. A, B, and C are law-abiding citizens, while Z is a criminal involved in drug trafficking. A has to pay X a certain amount of money. X is paid, but the bitcoins he received were deposited by Z, a drug trafficker. When X received the payment, he had no idea that the bitcoins he had were dirty bitcoins and had been used for illegal activities. This is a straightforward explanation of how dirty bitcoins are making their way through the market, paving the way for money laundering.

What can be done?

The International Monetary Fund (IMF) has released a report titled “Global Financial Stability Report”^[6] which discusses the following details about how cryptocurrencies should be regulated, considering their increasing market capitalization and the growing exposure of banking and financial systems to crypto assets:

Implementation of global standards applicable to crypto-assets should be the key focus area of national policies.
Regulators should identify and control the associated risks of crypto assets, specifically in areas of systemic importance.
Coordination among national regulators is key for effective enforcement and fewer instances of regulatory arbitrage.
Data gaps and monitoring of the crypto ecosystem for better policy decisions should be prioritised by the regulators.

The report also discusses how stablecoins and decentralized finance pose a significant risk to the crypto market and the overall economy if they are not properly regulated and supervised by issuers.

Regulations should be proportionate to the risk and in line with those of global stablecoins.
Coordination is a must, to implement requisite recommendations in the areas of acute risks, enhanced disclosure, independent audit of reserves, and fit and proper rules for network administrators and issuers.

The report also discusses the importance of managing macro-financial risks through:

Enactment of de-dollarization policies, including enhancing monetary policy credibility.
Formulating a sound fiscal position with effective legal and regulatory measures and implementing central bank digital currencies
Reconsidering Capital Flow Restrictions with respect to their effectiveness, supervision, and enforcement

However, according to the report, cryptoization would make finance more cost-effective, quick, and accessible.

There is also an intergovernmental organisation known as the Financial Action Task Force, which is constantly updating its recommendations to maintain legal, regulatory, and operational methods for combating money laundering, terrorism financing, proliferation, and other threats to the integrity of the international financial system. The Financial Action Task Force (FATF) recently released a compliance framework recommending that all anti-money laundering rules that traditional financial systems follow be applied to stable coins, cryptocurrency, and virtual asset service providers. Even though identifying the source of such funds and keeping track of who is the beneficiary of such funds is difficult, countries are still being encouraged to develop provisions that provide for due diligence, record keeping, and the reporting of suspicious transactions.^[7]

The Legislative Way Forward for India

At present, there is no comprehensive legislative framework to govern fintech advancements encompassing blockchain and cryptocurrencies. At best, the present regulatory framework is a patchy, cross-networked arrangement that demands careful deliberations in alignment with the evolving technological innovations in the sector.

The Information Technology Act, 2000:

While the legislation successfully addresses issues like identity theft, hacking, and ransomware and provides a means to tackle the issue of extraterritorial jurisdiction, it is safe to conclude that the serpentine considerations of blockchain cannot be comprehended and addressed by the Act.

The Prevention of Money Laundering Act, 2002 and the Prevention of Money Laundering Rules, 2005

The offences listed in Parts A, B and C of the PMLA Schedule attract the penalties enumerated under the Act.

Part A categorises offences under: Indian Penal Code, Narcotics Drugs and Psychotropic Substances Act, Prevention of Corruption Act, Antiquities and Art Treasures Act, Copyright Act, Trademark Act, Wildlife Protection Act, and Information Technology Act.

Part B enlists offences under Part A with a valuation of Rs 1 crore or more.

Part C exclusively deals with trans-border crimes.

Recently, the Enforcement Directorate attached proceeds of crimes amounting to Rs 135 crores in 7 cases in which the usage of cryptocurrency for money laundering activities was flagged by the authorities.[8]

However, it is pertinent to note that the offences recognised under the respective parts of the schedule only comprise the offences under the current framework of legislation, which is at present not equipped to regulate any segment of cryptocurrency transactions and digital currency operations in the country.

Foreign Exchange Management Act, 1999

Even though the Act specifies procedures to conduct cross-border and foreign exchange transactions, it fails to identify the role of technology as an instrumental enabler of such transactions at present. However, it is interesting to note that it empowers the RBI to establish a regulatory framework to address the same.

The Payment and Settlement Systems Act, 2007

The PSS Act was enacted with the objective of establishing a regulatory framework for banks and ancillary financial institutions, designating RBI as the nodal authority. Section 4 of the Act states that no payment system shall operate in India without the prior due authorization of the RBI.

Apart from the above-mentioned legislation, regulators like SEBI, Ministry of Electronics and Information Technology (MeitY), Insurance Regulatory and Development Authority of India (IRDAI), and Ministry of Corporate Affairs (MCA) have also undertaken initiatives to implement specialised guidelines. While these regulations deal with the contemporary issues of payments, digital lending and global remittances, none of them has managed to find a concrete ground for effectively supervising and regulating cryptocurrency transactions backed by blockchain in the current volatile ecosystem.

At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Furthermore, initiatives should be taken to ensure transparency of such transactions, establish secure authentication transactions for the exchanges and tighten the legislative noose on cyber security systems in the country. Additionally, establishing a centralised statutory body and local self-regulatory bodies across the sovereign, and implementing an extensive centralised framework is also imperative. The current scheme of criminal activities in virtual space transcends geographical boundaries, hence it is crucial for global policymakers to implement mechanisms to ensure coordination and collaboration by institutionalising inter-governmental bodies.

References:

[1] ‘The Current Landscape Of The Fintech Industry – Fintech Crimes’ (Fintech Crimes, 2022) <https://fintechcrimes.com/the-landscape-of-fintech-in-year-2020/> accessed 9 February 2022.

[2] https://www.rbi.org.in/scripts/FS_Notification.aspx?Id=11243&fn=2&Mode=0

[3] https://rbi.org.in/Scripts/NotificationUser.aspx?Id=12103

[4] https://timesofindia.indiatimes.com/business/india-business/union-budget-2022-no-crypto-bill-listed-this-budget-session/articleshow/89265038.cms

[5] https://go.chainalysis.com/rs/503-FAP-074/images/Crypto-Crime-Report-2022.pdf

[6] ‘Global Financial Stability Report’ (2021) <https://www.imf.org/en/Publications/GFSR/Issues/2021/10/12/global-financial-stability-report-october-2021> accessed 11 February 2022.

[7] ‘VIRTUAL ASSETS AND VIRTUAL ASSET SERVICE PROVIDERS’ (2021) <https://www.fatf-gafi.org/media/fatf/documents/recommendations/Updated-Guidance-VA-VASP.pdf> accessed 11 February 2022.

[8] https://economictimes.indiatimes.com/news/india/ed-investigating-7-cases-of-cryptocurrency-usage-in-money-laundering-attaches-rs-135-crore/articleshow/90200012.cms

Image Credits: Photo by Bermix Studio on Unsplash

At present, key industry regulators and stakeholders should collaborate to understand the novelty, process and extent of the present disruptive fintech trends. Further, initiatives should be undertaken to ensure transparency of such transactions, establish secure authentication transactions of the exchanges and tighten the legislative noose on cyber security systems in the country.

POST A COMMENT

Home / #india

TRAI’s Framework for Data Centres, Interconnect Exchanges and Content Delivery Networks- An Update

Communication services such as voice, video, data, internet, and wideband multimedia have become indispensable in the modern society. Information communication technology (ICT) has become a vital resource in development of various economic sectors enabling the various participants in economic and social spheres to have a quick and easy access to information and knowledge. ICT makes communication efficient in all spheres of life- in companies fostering increased efficiency, allowing access to human resource, promoting sustainable development of entrepreneurship.

At present, most sectors and organizations are generating mountains of data on a daily basis. Therefore, to stay competitive, organizations are constantly working to optimize data to leverage it to their advantage. For instance, the banking sector uses data extensively to understand how their customers use data to identify potential security risks. Data plays a vital role in the real estate and property management sector by extending an improved property analysis mechanism, understanding the customers and deciphering the market trends. The telecom industry is also utilizing data to improve in several key service areas, including customer experience, fraud reduction, churn prediction, and dynamic pricing. Further, with the rollout of 5G, data plays a key role in network planning, monitoring and management. Hence, data is the central force for driving crucial innovative and advanced industry solutions for the systematic growth of the economy.

Digital advances have generated enormous wealth in record time, but that wealth has been concentrated around a small number of individuals, companies and countries. Under current policies and regulations, this trajectory is likely to continue, further contributing to rising inequality, not only at the country level between developed and developing economies but also at the level of big online players, controlling data acting as an entry barrier for new entrants, leading to near monopoly in global digital markets. The effect of globalization and the development of the telecommunication sector has also affected the Indian market vitally.

On 21 December 2021 TRAI- the Telecommunication Authority of India released a consultation paper on the ‘Regulatory Framework for Promoting Data Economy through Establishment of Data Centres, Content Delivery Networks, and Interconnect Exchanges in India’ where it discussed and opined thoroughly on the markets of data economy, its challenges and its growth and future opportunities in the sector.

The TRAI Consultation Paper and Data Centres

The new era of digitization has rolled out 5G, Internet of Things (IoT), and Artificial Intelligence (AI) leading to the creation of data via widespread, geographically distributed networks and new-age devices. Further, Enhanced Mobile Broadband (eMBB), Ultra-Reliable Low Latency Communications (URLLC), and Massive Machine Type Communications (MMTC) are set to emerge as dominant storage interfaces. 5G, along with edge computing, is set to fulfil the needs for ultra-reliable, low-latency, and high-throughput communication. Use cases driven by this intelligence-centric connectivity will catalyse computing at the edge as they effectively become mini data centres and bring a completely new paradigm to storage at the edge. This brings with it a need for advanced networking, computing and storage in edge devices and endpoints.

The main theme of the TRAI consultation paper is the development of a regulatory framework to make the data market more abiding and regulated for systematic development and protection of its users. While competing with the world data economy the need for a proper regulatory framework that can encourage the development of 5G, IoT, data centres, and associated services, data analytics, edge computing, digital platforms, and applications were discussed and their effect on the growth are discussed in the paper. For any economy to be competitive, it has become essential to become reliable and self-sufficient in terms of futuristic technology. This has bought the Indian government’s inaction to bring in various initiatives and policies to bring digitalisation to the forefront of the market. Policies like Digital India Programme 2015 and National Digital Communication Policy 2018 contributed tremendously to the development and population of the data economy and digitalization.

The TRAI paper clearly emphasized and questioned the potential of growth of data centres in India in light of various challenges in terms of economic/infrastructure and financial aspects. The paper sought views on:

(i) incentives and long-term measures to facilitate growth and investment in data centres, Content Delivery Networks (“CDN”s), and Interconnect Exchanges (“IXP”s).

(ii) building, safety, disaster recovery, and security standards for data centres.

(iii) access to facilities such as dedicated fibre and electricity, and provision of concessional tariffs or subsidies.

(iv) need for a unified data centre policy in India and centre-state coordination.

(v) need for a regulatory framework for CDN and interconnect exchanges in India.

Additionally, it was noted in the paper that the mere establishment of data centres will not efficiently meet the country’s data requirements. Initiatives to address challenges of data penetration in Tire 2 and Tire 3 cities also has to be addressed. The paper also discussed and opened itself to comments on the green data certification, building norms for data centres and other aspects important for the development of an economically efficient data economy. The paper further discusses the impact of Covid-19 on the digital economy that resulted in a data surge arising out of increased digital social interactions and online transactions.

The Infrastructure of the Data Economy

The paper recognises the following three main infrastructures for boosting the data ecosystem and facilities

Data Centres
Content Delivery Networks
Internet Exchange Points

Together these three form the part of what can be termed as “Digital communication infrastructure and services”. It is important to note that with CDN the delivery of the data sought by the users is established and the players like Netflix, Youtube and Amazon establish their own CDN in locations that are near to users to make the use of the internet bandwidth less which ultimately reduces the cost and make it more economical for them. These CDN networks are not adequately regulated in the Indian market. TRAI with the consultation paper has sought opinions on the same and has also highlighted the point of whether the lack of a regulatory framework for these CDN networks in India affects the growth of the CDN market in the country.

The main mission of the paper was to connect India with proper digital communication infrastructure, propel India with the latest technology including 5G, AI, IoT Cloud, and empower India by securing its digital sovereignty and data protection.

The consultation paper further analysed the idea of the dark fibre cable network, data centre and the regulatory framework or other limitations these data centre companies are facing and how these avenues can be incentivised.

Infrastructure Requirements for Data Centres

The paper discussed the resources which are required for the establishment of the data centres and how their availability or shortage can add to the hardships of the establishment of economical units of the data centre. While opting for and establishing a data centre it’s essential to look into the availability of the power supply and water. India faces an energy deficit of 1,44,1 Million Units (MU). The most affected areas are the rural areas in India. The cost of power can also not be overlooked. The major cost which is approximately 50-60% of the total operating cost of these data centres is the cost of power. The power and cooling segment of the Indian Data Centre power and cooling market is expected to reach $1,065.5 million by 2025, growing at a Compound Annual Growth Rate (CAGR) of 9.4% during the forecast period 2019–2025.

Water resources were another facility for which data centres might face challenges. The major work of the water is to cool off. As per the report around 15- megawatt of energy in a Data Centre can use up to 360,000 gallons of water a day as the scale of the data centre will rise more reliable sources of water has to be looked into. In the process of cooling off some amount of water is also evaporated leading to loss of water. The question which arose is whether India is ready to meet these power and water supply requirements for the establishment of a highly popularizing segment of data centres. This remains a question of concern to meet the cooking up future requirements

Looking into the matter the TRAI suggested developing renewable energy and development of green data centres. In Europe, the climate-Neutral Data Centre pact is the law that aims to make all of the European Union Climate-neutral by 2050. These green data centres will have low emission rates. A vision to create such data centres and emphasis on the establishment of data centres driven by renewable energy was also emphasised.

Telecom Data and its Security Issues

Telecom data is the first digital footprint created by any household. For proper functioning of the services collecting such user data and establishing robust infrastructure for the services providers to proffer better services becomes very essential. For this, the mechanisms of the consented sharing of telecom data and data empowerment and protection Architecture were explained in the paper.

Even though the intention of the Personal Data Protection (Bill) 2019 was to extend legislative protection to users wherein purpose-driven collection of data, user consent to sharing of personal data etc. were addressed, it is yet to be seen how the law progresses in the future.

Telecom Industry and the OTT Platforms

The functioning of the telecom industry and its importance and assistance in the development of Over the Top (OTT) platforms like ‘Netflix’, ‘Amazon’, ‘Hotstar’ can be understood easily. The telecom industry provides the oil to these OTT industry players for smooth functioning and better market reach. In the recent paper released by the Competition Commission of India (CCI) on the market study of the telecom sector, it highlighted the raising trends of a partnership between the telecom Industry and these platforms and how this can act as an entry barrier.

CCI’s Concern over the Growth of the Telecom Market and its Nexus with TRAI

The market study of the telecom sector released by the CCI on 22^nd January 2021, highlighted various contemporary competition issues, including upcoming competition issues as the telecom sector is set to see further transformation and innovations with 5G around the corner, discussing:

(a) Financial stability and competition

(b) Vertical integration and competition.

(d) Infrastructure and competition.

The CCI raised concerns over the data privacy of the users from deals like Jio- Facebook, where the users are robbed of their right to data privacy. Raising concerns of such kind in its study, the TRAI also channelized its discussions on similar lines in its paper where a huge threat to the data privacy of the users was discussed and a strong need to regulate and limit the data sharing and purpose-driven data collection was identified.

Regulatory Framework for the Data Centres, Current Scenario and the Way Forward

A strong surge in the consumption of data has been projected for the coming years. This massive increase in the use of data shall require a robust mechanism for data management, data security, and good data infrastructure. However, India still lacks a centralized regulatory framework that properly regulates or prescribes compliance standards with respect to the establishment of such data centres. This consultation paper by TRAI is the first concrete step in this direction.

The paper received comments from various significant stakeholders. While addressing the issue of data penetration at Tier 1 and Tier 2 cities, Vodafone Idea Limited (‘VIL’), one of the stakeholders, suggested that the Government should extend tax benefits to Service Providers that are building disaster recovery sites to ensure reliable services. Development of Special Economic Zones (‘SEZ’) in TIER 2 & 3 cities should be undertaken to motivate data centre players, rationalization of electricity tariffs across all states and ready infrastructure facilities inclusive of power, transport, water supply, fibre connectivity etc. should be set up in those Tier 2 & 3 cities. VIL further observed that a central law governing data construction and operation should address aspects relating to the entire lifecycle of data centres. Since the National Broadcasting Company (‘NBC’) covers maximum data centre related guidelines, it is recommended to form a single regulatory body under NBC, which should develop India-specific building standards for the construction of data centres operating in India.

Internet freedom foundation, another stakeholder, has also provided its comments and suggestions on the considerations raised in the Paper. The foundation advocated the urgent need for the creation of a multi-stakeholder body for the enforcement of net neutrality. The need for a more efficient data policy specifically designed for the telecom industry was also put forward promoting evidence-based policymaking for the CDNs. In order to ensure a more streamlined functioning of the telecom industry, the foundation emphasized overall sectoral transparency. It raised concerns over data monetization and its threats. Additionally, it placed stress on proper surveillance of these data centres as sensitive data of users would be involved.

The National Association of Software and Service Companies (‘NASSCOM’) in their comments on the paper focused on the development of the CDN market and its growth potential in India. NASSCOM raised concerns over regulatory compliances that can potentially make the Indian CDN market less competitive and advised on initiating strategies to combat the same. It also raised concerns over the reduced network efficiency because of the regulatory requirement of interconnection with Telecom Service Provider (TSP) and Internet Service Providers (ISP) and network neutrality. It opined that both will be affected negatively by the criteria proposed by the paper. It urged TRAI to refrain from imposing ex-ante obligations for mandatory interconnection between CDNs and ISPs.

With all these regulatory challenges the stakeholders also provided their point of view on the issues and challenges of the data centres, from advocating for the establishment of special economic zones and providing some tax benefits for the establishment of the data centres to the need for proper authority for the certification of the data centre as adopted globally has been highlighted. The stakeholders also highlighted the portions wherewith not much effort skilled labour can be found and up-gradation of the existing skills can be done. Data privacy matters took the spotlight in almost all the stakeholders’ comments. They advocated for the implementation of a comprehensive law to deal with the matter at hand. Further, on compliance, the stakeholders emphasized structuring an all-encompassing competent channel for the use and availability of the resources such as power, land, and water for smooth functioning of the data centres.

In 2020, Singapore imposed a moratorium on the establishment of the data centres because of the disparity in the use of resources by 7%. India is already facing challenges in sustainable development and is aiming to become a global hub for data centres, without a practical mechanism in place. It is interesting to note that, states like Karnataka and Tamil Nadu have formulated their policy on the same. They have also sought amendments in the state legislations to incorporate congenial provisions for the establishment of the data centres but until now no steps have been taken.

As per some of the suggestions, in addition to notifying a national policy on data centres, the government should also identify and proffer various incentives for the players keen on undertaking the establishment of such data centres, especially with respect to considerations like electricity, water resources, infrastructure, technology and Research and Development. Before formulating and enforcing anything it’s evident for the government to into consideration all the aspects of labour, resources, real estate etc. before devising a perfectively addresses the challenges of the sector and works in concert towards the benefits of its stakeholders.

In 2020 the Ministry of Information Technology formulated a Data Centre Policy, 2020 discussing the challenges and how a centralised system for clearance and approval for the establishment of data centres has to be structured and new building norms specifically dealing with the construction of the data centres are to be developed. More stress on a smooth regulatory framework for ease of doing business was emphasised.

While the central government is yet to formulate comprehensive legislation to govern data centres, various state governments have undertaken the initiative to regulate the sector within their jurisdiction.

Maharashtra’s Data policy extends fiscal incentives such as stamp duty exemption, electricity duty exemption, value-added-tax refund and property tax benefits for data centres that comply with specific criteria.

Telangana’s Policy extends fiscal incentives like power, building fee rebates and land at subsidized costs. Additionally, other non-fiscal incentives like exemption from the purview of the Telangana Pollution Control Act, exemption from statutory power cuts and from inspection under specified labour legislation and permissions to file self-certificates have also been offered.

The Tamil Nadu Data Centre Policy 2021 has established a single-window facilitation portal to maintain time-bound processing of applications and coordination with various agencies and departments. Further, incentives such as electricity tax subsidies on power, concessional open access charges and cross-subsidies, dual power and stamp duty concessions and permits for self-certificates pertaining to compliance with respect to statutory registrations and forms under respective labour legislation are provided.

The Data Centre Policy 2021 of Uttar Pradesh provides incentives with respect to data centre park developers and data centre units. Interest/capital subsidy, land subsidy, stamp duty exemptions and dual power grid network, as well exemption from inspection under labour legislation and permissions to file self-certificates have also been provided for under the legislation.

West Bengal data centre policy 2021 is a 5-year plan providing various power, water and infrastructure facility for the smooth functioning of the data centres.

Haryana and Karnataka are still finalising their state policy while the Odisha government has also rolled out a policy that needs further development and the status of its implementation is not yet confirmed.

As per some of the suggestions of the stakeholders, in addition to notifying a national policy on data centres, the government should also identify and proffer various incentives for the players keen on undertaking the establishment of such data centres especially with respect to considerations like electricity, water resources, infrastructure, technology and Research and Development. Before formulating and enforcing anything it’s evident for the government to into consideration all the aspects of labour, resources, real estate etc. before devising a perfectively addresses the challenges of the sector and works in concert towards the benefits of its stakeholders.

Image Credits: Photo by Ian Battaglia on Unsplash

POST A COMMENT

Home / #india

Privacy Shield 2.0: Cue for EU-India Data Transfer Mechanism?

Since the implementation of GDPR standards across the EU, data transfer between other countries and the EU has become a widely debated complex issue across the world. Article 44 of GDPR permits the transfer of personal data outside the EU, only when the recipient country has an equivalent level of security to protect the personal data of EU citizens, as guaranteed by the General Data Protection Regulation (GDPR). The biggest dilemma that many countries across the globe face is that they either lack a national legislation on data privacy or if they do have one in place, it may not be considered at par with the standards set by GDPR. Such a situation creates a genuine legal obstacle to the transfer of personal data between the EU and those countries.

Conceptualization of the Privacy Shield

Over the years EU and various other countries have developed certain mechanisms to tackle these obstacles created by requirements mentioned under Article 44. Standard contractual clauses (SCC), binding corporate rules (BCR) are such instruments that the countries and corporates have adopted for the transfer of personal data.

The United States of America lacks a comprehensively dedicated legislation for data privacy. However, the country has many sectorial legislation and regulations ensuring the privacy protection of individuals, yet, the EU has consistently ruled that the USA does not guarantee an equivalent level of protection. Safe Harbour Framework, one such additional mechanism agreed upon between the Governments of the EU and USA defines a series of principles to be followed and adopted by companies for the transfer of personal data.

US companies were required to self-certify these principles mentioned under the safe harbour framework and the US regulators would in turn enforce such framework within their limits and jurisdictions. In 2013, Edward Snowden rocked the world with some lethal revelations about various global surveillance programs run by the NSA. In light of such a disclosure, an Austrian citizen named Max Schrems filed a complaint stating that the US does not provide adequate protection of personal data against such mass surveillance undertaken by authorities. The European Court of Justice (“ECJ/ Court”), noted that the US could allow any national security, public interest argument and law enforcement requirement to prevail over the Safe Harbour framework. Hence, the ECJ concluded that the safe harbour decision was invalid, as it interfered with the fundamental rights of an EU citizen. This decision is widely known as Schrems I.

After courts invalidated the safe harbour decision, the European Commission and the US Department of Commerce came up with the Privacy Shield framework for the continued transfer of data from the EU to the US. US Corporations who intend to receive personal data from the EU self-certify before the Department of Commerce that they will adhere to certain principles recognised in the Privacy Shield. These principles were developed by the US Department of Commerce in consultation with the European Commission.

This led Max Schrems to again file a complaint challenging the validity of the privacy shield and the use of SCCs by companies to bypass the requirements of adequate protection stipulated by Article 44 of the GDPR on the ground that US investigation agencies have unlimited access rights of personal data retained with USA corporations neither Privacy Shield nor SCCs prevents those rights. Accordingly, it was argued that Privacy Shield or SCCs does not ensure the privacy rights of EU citizens. This case soon came to be known as Schrems II. The Court of Justice of the European Union (CJEU) examined the US’s Foreign Intelligence Surveillance Act and the surveillance programmes that such provisions allow and found that US agencies have wider access rights on every data retained with USA corporations and Privacy Shield in any manner takes away these rights of USA investigative agencies. CJEU accordingly invalidated the EU-US privacy shield mechanism.

The judgment in Schrems II had led to a major deadlock between US-EU economic relations, particularly concerning the transfer of data. With no approved mechanism in sight, companies found it difficult to transfer data for achieving their business obligations. On 25^th March 2022, the EU commission and US government announced that they had agreed in principle on a new framework for the purpose of cross border transfer of data, known as Privacy shield 2.0. The new framework promises to provide benefits to both sides of the Atlantic and ensure that a balance is created between the new safeguards and the national security objectives of the US, which will ensure the privacy of EU personal data.

The text of this new framework has not been released. The press note released by the White House contains a few details that the framework might incorporate. It states that intelligence collection might be undertaken only where it is necessary to advance legitimate national security objectives and in no way should impact the protection of privacy and civil liberties[1]. In addition, the US intelligence agencies will adapt procedures to ensure effective oversight of new privacy and civil liberties standards[2]. Moreover, a proposal to set up an independent Data Protection Review Court has been mooted for EU individuals seeking claims and damages for breach of their personal data by the US Government. The proposal also details that the adjudicating members or individuals shall be chosen from outside the US Government.

If Privacy shield 2.0 does pass the test laid down by the European courts, experts believe that this could trigger an estimated $7.1 trillion economic relationship between the US and the EU. Hopefully, Privacy shield 2.0 will be able to provide a predictable, effective and lasting remedy for transferring personal data from the EU to the USA.

Data Transfer between EU and India

The above discussions and mechanisms have a significant relevance in relation to data transfer between the EU and India. The Indian investigation and intelligence agencies have similar powers to their US counterparts in terms of their right to access or demand or conduct searches in any Indian enterprises and collect all relevant data required. The fundamental right to privacy recognised in the Puttuswamy case is not absolute. Further, as per Article 19(2) of the constitution, the state can impose reasonable restrictions on the exercise of fundamental rights in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.

Moreover, Section 69, of the IT Act, 2000 provides the Central and State government with the power to intercept or monitor any information stored in a computer resource provided such information is required for:

In the interests of India’s sovereignty and integrity.
Defence of India,
State’s security,
To maintain friendly relations with other nations, or
To maintain public order, or
For preventing incitement to the commission of any cognizable offence relating to the above, or
For investigation purposes

The above provisions are similar to the rights available to US investigative agencies. For the same reasons, the Schrems II judgment and Privacy Shield mechanisms are relevant while considering EU-India data transfer.

Currently, there are no approved mechanisms for data transfer between the EU and India like the Privacy Shield framework. Hence, the European companies are justifiably reluctant to establish business relations with our country. Since India is a hub of IT-enabled services like BPOs and KPOs, it is desirable to have an efficient and clear legal regime for data transfer to foster a symbiotically advantageous economic relationship between the two sovereigns. Unfortunately, neither of the Governments has taken any urgency to initiate the formulation of rules similar to the Privacy Shield. It is worthwhile to consider whether the new Privacy Shield 2.0 could be considered and replicated in India. If both the governments can demonstrate their intent, the groundwork for a contusive business environment for data transfer between the two sovereigns can be initiated.

References:

[1] https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/25/fact-sheet-united-states-and-european-commission-announce-trans-atlantic-data-privacy-framework/

[2] Id

Image Credits: Photo by Pete Linforth from Pixabay

POST A COMMENT

Home / #india

Navigating the Legal Quagmire of Limitations on Trademark Oppositions

Though the pandemic seems to be receding across the world, the problems that it has created seem to be multiplying, and the legal system has been grappling trying to address the issues affecting business. The High Court of Delhi, in a recent judgment, Dr. Reddys Laboratories Limited vs. the Controller General of Patents, Designs and Trademarks, sent shockwaves through the system.

The petitioners had filed writ petitions against the haphazard manner in which the Controller General of Patents, Designs and Trademarks (“CGPDTM”) had handled the filing of Trademark opposition proceedings during the pandemic. The petitioners were aggrieved when they discovered that opposition proceedings couldn’t be initiated on the online portal of the Trademarks Registry post the statutory timelines of four (4) months, as prescribed under Section 21 of the Trademarks Act, 1999. However, the Supreme Court in Suo Moto Writ (Civil) No. 3 of 2020, titled In Re: Cognizance for Extension of Limitation, had extended the statutory time period in India. Additionally, the Trademarks Registry also refused to accept such oppositions when filed manually. Further, the Trademarks Registry went on to issue the Certificates of Registration even though they were aware of the requests to initiate opposition.

The Supreme Court had clearly stated in the aforementioned order that “the time period between March 15, 2020, and February 28, 2022, has to be fully excluded for the purpose of calculating limitation under all enactments and statutes, both before judicial and quasi-judicial bodies.” The CGDPTM had also reaffirmed the above order vide its notice of January 18, 2022. The petitioners argued that the non-acceptance of the oppositions was in contravention of the Supreme Court order, especially as it had been reaffirmed by the CGDPTM as well.

The officials of the CGDPTM also informed the court that more than 4 lakh registration certificates had been granted during this period. Further, vide an affidavit submitted by the CGDPTM, it was affirmed that 113517 oppositions were filed between the periods of March 24, 2020, and February 28, 2022. It was also mentioned that “6,000-7,000 oppositions have been filed during the pandemic period beyond the four-month period of limitation, and the same have also been entertained.” Thus, the CGDPTM has been accepting oppositions in a very haphazard manner, undermining the rights of those who wished to initiate opposition actions and has also issued Certificates of Registration, granting challengeable rights to applicants.

As the limitation period in terms of the orders of the Supreme Court would have been extended for filing oppositions to the said applications until the expiry of 90 days from March 1, 2022, i.e., till May 30, 2022, the High Court of Delhi has instructed as follows:

Opponents must send emails expressing their interest in opposing any of the marks until May 30, 2022. On receipt of any such email, even if the mark currently stands as opposed, the CGDPTM is to facilitate the filing of the opposition either through the online platform or by accepting the same manually.

If the mark stands registered, and in the absence of any request to oppose the marks by May 30, 2022, the mark will continue to stand registered.

For those marks that stand as registered, if the opposition is received by May 30, 2022, the Certificates of Registration shall stand suspended till the opposition is decided upon.

The High Court of Delhi has also gone on to caution the CGDPTM and instructed them to develop a mechanism to dispose of the huge backlog of opposition currently pending at their end.

Right holders, especially those who are in receipt of the Certificates of Registration, will need to keep their fingers crossed that no oppositions are filed by May 30, 2022. Furthermore, infringement proceedings may not be initiated against infringing parties until the May 30, 2022 deadline.

The haphazard handling of the opposition proceedings in this time period has created both a logistic nightmare as well as hampered the rights of numerous applicants. With more skeletons coming out of the closet of the CGDPTM, it remains to be seen how they are handled. The High Court of Delhi needs to be lauded for taking such a sensitive issue and handling it at the earliest.

Exciting times to navigate through the curveballs thrown by the CGDPTM.

Image Credits: Photo by Markus Winkler on Unsplash

POST A COMMENT

Home / #india

Self Reliance: Not Just a Political Construct Anymore

Since independence, Indian political leaders have espoused the need for “self-reliance”. Over the last five decades, we have certainly achieved this goal in areas such as the production of food grains and milk. It is clear that we have not done so in some other basic areas, including education, healthcare and energy. When the government announced “Make in India” and “Atmanirbhar”, some called it “old wine in new bottles” or “mere election slogans”. While there may be some truth in these allegations, it cannot be denied that recent developments around the world (and in our own neighbourhood) are forcing us to rethink concepts such as “national interest” and hence, “self-reliance”.

Self-Reliance Important Despite Globalization

Especially in the last two years, major events have unfolded that continue to have a significant impact on our lives and indeed, the world as we know it. The pandemic has painfully underscored global interdependence amongst countries. Whether it was PPE kits, face masks, syringes or vaccines, no one country had it all. And if they did, they chose not to share it with others. Inherent inequities in the current global healthcare and socio-economic systems led to many parts of the world remaining without access to resources that were critical to preventing infection and the spread of COVID 19. Many western countries with the financial muscle to place bulk vaccine orders in advance end up destroying millions of expired vials. What a waste! Arguably, political and governance decisions made even a couple of months before the vaccines expired could have helped to vaccinate hundreds of thousands of people in less fortunate countries that were not self-reliant.

Russia’s month-long invasion of Ukraine continues even as I write this post. Many countries have united to impose a range of sanctions on Russia; many have stayed away. But in an interdependent world, the impact of such sanctions cannot be localised to just one country. India, which imports more than 85% of its crude oil requirements, has been adversely affected. Many of our young citizens who were pursuing medicine or other courses in Ukraine, have been affected. It is unclear whether they will be able to complete their education in Ukraine if the war continues, and what alternatives there may exist.

Petroleum is a natural resource and we cannot do much on the supply side if we do not have economically exploitable reserves in India (whether onshore or offshore). We have little choice but to look at alternative energy sources and manage demand- which is what we have been doing for some years now. An example is the Electric Vehicle revolution that is beginning to gather momentum. Similarly, drones have the potential to transform many fields, including agriculture, logistics, healthcare and of course, defence- but we need to develop the capacity to design and build them in India.

As the world evolves even more into a knowledge economy, innovation will be a clear source of competitive advantage. Not just through technological advancements in fields like AI/ML, IoT and quantum computing, but also through innovations in creating appropriate legal frameworks to ensure the orderly functioning of the global/national systems. This also means revamping our education system to ensure that it encourages the kind of critical thinking that’s needed in the years ahead. The New Education Policy was introduced in 2020, but many teething troubles remain; steps need to be taken quickly to resolve them if we are to benefit from this new approach to primary, secondary and higher education in our country.

Fostering Self-Reliance Involving Multiple Stakeholders

While the Founding Fathers had a certain perspective when they wrote our constitution, that worldview was limited by what they envisioned at the time. It is reasonable to say that the world has changed drastically in the last 70 years. Indeed, many of these changes could not have been imagined in the late 1940s or even in the 1990s. This is why we, as a nation, must view “self-reliance” in a different way than we have done in the past. The quasi-federal structure that we have given ourselves must not impede progress; the Central and State Governments must work together to formulate policies that complement and supplement each other and are not designed to create face-offs.

Policies and strategies alone are not enough; action is needed on the ground to convert them into actionable plans, projects and measurable goals. This needs everyone to work together. The private sector must play its part in making the necessary investments in building critical capacities and training our youth. The PLI scheme has begun to show some results, and I hope manufacturing of drones, electric vehicles and batteries based on sodium, etc. will also soon take off in a bigger way. Our citizens, too, have an important role to play. The advice to “reuse, reduce, recycle” is not just for environmental gains; it has the potential to conserve physical and financial resources that will make it easier for us to become self-reliant.

The starting point is to set aside ego and ideological differences, make the effort to understand other points of view and work together to build a self-reliant India that becomes a self-contained ecosystem that is more capable of bearing external shocks in the future. We cannot predict what these shocks might be or where they will originate, but we can be better prepared.

Image Credits: Photo by Christopher Burns on Unsplash

POST A COMMENT

Home / #india

IS17428 -A New Privacy Assurance Standard in India

Recently, Aditya Birla Fashion and Retail Ltd (ABFR) faced a major data breach on its e-commerce portal. As per the reports, personal information of over 5.4 million users of the platform was made public. The 700 GB data leak included personal customer details like order histories, names, dates of birth, credit card information, addresses and contact numbers. Additionally, details like salaries, religion, marital status of employees were also leaked. Forensic and data security experts were pro-actively engaged to implement the requisite damage-control measures and launch a detailed investigation into the matter.[1] This demonstrates the need to have wider awareness and establish standardized protocols for personal data management.

The battle of data protection and privacy currently stands at a juxtaposition with a flourishing data economy. 2021 was a watershed moment in the privacy & data protection dialogue in the country. The need for comprehensive data protection law was louder than ever and there were major initiatives on the legislative and executive front.

In June of 2021, the Bureau of India Standards (BIS) introduced IS 17428 for data privacy assurance. It is a privacy framework designed for organisations to handle the personal data of individuals that they collect or process. The certification provided by BIS for IS 17428 can be deemed as an assurance extended to the customers/users by the organizations of well-implemented privacy practice. The BIS being a statutorily created standard-setting body of our country will bring some welcome change in our data management.

IS 17428 is divided into 2 parts[2]:

Part 1 deals with the Management and Engineering parameters that are mandatory for an organization to comply with. This part provides for establishing and cultivating a competent Data Privacy Management System.
Part 2 deals with the Engineering and Management guidelines which enable the implementation of Part 1. These guidelines are not mandatory in nature but a reference framework for an organization to implement good practices internally.

The Context – Privacy & Data Protection laws in India

The Data protection bill was expected to be tabled in parliament back in 2019 but was postponed due to the ongoing pandemic. The country was hoping to pass the bill last year, however, it was sent to the Joint Parliament Committee (JPC) for perusal. The JPC made its report on the bill public in the month of December 2021.

Also, Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 had been implemented back in 2011, primarily to safeguard the sensitive personal data of individuals that are collected, processed, transferred, or stored by any organisation and enumerate security practices. The rule lays down certain practices and procedures to be followed by a stakeholder while dealing with sensitive personal data. International Standard IS/ISO/IEC 27001 is one such acceptable standard.

Later ISO27701 was specifically introduced that focused on Privacy Information Management. However, our Indian enactment has not specifically endorsed any such standards though Standards formulated by the industry association that is approved and notified by the Central Government are also deemed appropriate. In this background, BIS introducing a standard is a welcome initiative as it will help in bringing uniformity in terms of the implementation of privacy practices across Indian industries.

Components of Part 1 of IS 17428[3]

Development of Privacy Requirements:

While developing the privacy requirements of the organisation in relation to the data collected or processed, the organisation has to take into consideration various factors such as jurisdiction, statutory requirements and business needs.

Personal Data Collection and Limitation:

The organisation is permitted to collect the personal information of the individuals, provided the same has been consented to by such individuals.

Privacy notice:

The organisation is bound to provide a notice to individuals while collecting information from them and when such collection is through an indirect method employed by the organisation, then it is the duty of the former to convey by the same in an unambiguous and legitimate means.

The contents of a privacy notice at the minimum should include the following[4]:

Name and Address of the entity collecting the personal data
Name and Address of the entity retaining the personal data, if different from above
Types and categories of personal data collected
Purpose of collection and processing
Recipients of personal data, including any transfers

Choice and Consent:

As mentioned earlier, while collecting information, the organisation should get the consent of the individual at the initiation of the process while offering such individuals the choice of the information that they consent to disclose. This entire process should be done in a lawful manner and according to the privacy policies implemented by the organisation.

Data Accuracy:

The data collected by the organisation should be accurate, and in case it is inaccurate, it should be corrected promptly.

Use Limitation:

The data collected by the organisation should be used for the legitimate purpose for which it was agreed upon and it shall not be used for any other purposes.

Security:

The organisation should implement a strict security program to ensure that the information collected is not breached or compromised in any manner.

Data Privacy Management System:

The organisation is required to establish a Data Privacy Management System (DPMS). The DPMS shall act as a point of reference and baseline for the organisation’s privacy requirements/objectives.

Privacy Objectives:

The privacy objective of the organisation shall be fixed and set out by the organisation itself. While determining the objectives the organisation shall also look into various factors such as the nature of business operations involving the GDPR processing of personal information, the industry domain, type of individuals, the extent to which the processed information is outsourced and the personal information collected. Moreover, the organisation shall also ensure that the objectives are in alignment with its privacy policy, business objectives and the geographical distribution of its operations.

Personal Data Storage Limitation:

The organisation shall be allowed to retain the information collected from the individual only for a specific time period as required by the law or the completion of the purpose for which it was collected in the first place. The individual shall have the right to delete their personal information from the organisation database upon request.

Privacy Policy:

The organisation shall create and implement a privacy policy that shall determine the scope and be applicable to all its business affiliates. The senior management of the organisation shall be in charge of the data privacy function. Moreover, the privacy policy should be in consonance with the privacy objectives of the organisation.

Records and Document Management:

The organisation shall keep a record of its processing activities which shall, in turn, ensure responsibility towards the compliance of data privacy. The possible way to achieve such a standard is to lay out procedures that help to identify various records. While laying out procedures, the organisation shall take into consideration certain factors such as a record of logs that demonstrate affirmative action and options chosen by individuals on privacy consent and notice, evidence of capture events related to access or use of personal information, and retention period of obsolete documents.

Privacy Impact Assessment:

A privacy impact assessment shall be carried out by the organisation from time to time. Such an assessment shall help in estimating the changes and the impact that they can possibly have on the data privacy of the individuals.

Privacy Risk Management:

The organisation shall put in place and document a privacy risk management methodology. The methodology shall determine how the risks are managed and how the risks are kept at an acceptable level.

Grievance Redress:

A grievance redressal mechanism shall be established by the organisation to handle the grievances of the individuals promptly. The organisation shall ensure that the contact information of the grievance officer shall be displayed or published and that they have the channel of receiving complaints from the individuals. Moreover, the organisation shall also make it clear as to the provision for escalation and appeal and the timelines for resolution of the grievance.

Periodic Audits:

The organisation shall conduct periodic audits for the data privacy management system. The audit shall be conducted by an independent authority competent in data privacy, internal or external to the organization, at a periodicity appropriate for the organization, at least once a year.

Privacy Incident Management:

Privacy breaches and data privacy incidents shall be reported regularly and the organisation shall come up with a mechanism to manage such incidents. The process shall involve identifying the incident at the first stage and investigating the root cause, preparing analysis and correcting the incidents in the second stage. The last stage is basically informing the key stakeholders including Data Privacy Authority about the breach or incident.

Data Subject’s Request Management:

The organisation shall develop a mechanism to respond to requests from individuals concerning their personal data. This process shall include the means to verify the identity of the individual, provision access to the information and the means to update the information.

How IS 17428 would help in Privacy and Data Protection?

The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (RSPP and SPDI rules) had been the only law for organisations to follow. The rules did not prescribe or detail any specific requirements or standards in relation to personal data management and in the absence of formulated standards for the protection of the sensitive personal data of individuals, industry bodies were struggling to have uniform procedures.

This being the case, introducing specific standards for personal data management will bring more clarity and will help companies to adhere to an approved standard prescribed by a government agency. Moreover, principles narrated in this standard are in accordance with the Internationally recognised privacy principles and will help Indian companies to proffer confidence when dealing with their commercial counterparts.

Introduction of record and document management, risk assessment and data subject request management are a few of the aspects that bring onerous responsibilities on companies making them more accountable and transparent. These aspects have laid down procedures and mechanisms for an organisation to improve their privacy management, for example, introducing processes such as verification of identity, access to information, evidence of capture events of consent and retention period of obsolete documents.

The proposed data protection legislation and the IS 17428

The IS 17428 standard has been inspired primarily from the principles dictated from OECD privacy principles, GDPR and ISO27701. The proposed data protection legislation on the other hand has many divergences from the above instruments in many respects. For Instance, the IS standard has an elaborate description provided for the privacy objective of the organisation and the factors that need to be taken into account. Most of these objectives are covered under Sections 22 and 23 of the draft Bill but nevertheless, the standard has recommended a few other factors such as geographical operation, industrial domain and type of individuals as specific factors to be taken into consideration while drafting the privacy objectives. How much discretionary privacy standards can be created, what is allowed freedom for industries in this regard is unclear.

Section 28 of the draft bill talks about the records and document management of the data collected or processed and the standard covers almost every bit of the section. In addition to the consideration mentioned under the bill, the standard goes forward and echoes the need to establish a policy on the preservation of obsolete policies and process documents. Data and record-keeping should be for a defined period. The majority of other legislation prescribes an average of 7 years of data-keeping. Keeping any data beyond such a reasonable period may not serve many purposes. Why this standard has prescribed such obsolete data retention is again unclear.

The standard could be made effective by only having an enactment for data protection legislation in place. For instance, the grievance redressal mechanism, though the standards do envisage an appeal mechanism, they do not establish appeal machinery. This part of the standard can be put to use only after the Data Protection Authority as per section 32 is constituted. The standard also calls for an investigative process in the event of any breach or compromise of data. The organisation is welcome to conduct an onsite or internal investigation into the breach or incidents, but once again an independent authority to investigate in a legitimate and fair manner is required.

In short, I am afraid, has it failed to take into account the special requirements contemplated under the PDPB, 2019 which may eventually become the law of the country thereby, once this law is enacted, this standard will also be required to be modified. The government has not made any announcement as per the RSPP and SPDI rules, that IS 17428 is an appropriate standard certifying the compliance of personal data management. In the absence of such explicit endorsement, the ambiguity continues as to whether the adoption of this standard is sufficient compliance under the said rules.

Finally, with the Data protection bill around the corner, the Data Protection Authority envisaged being constituted under the legislation which shall have the power to issue code, guidelines, and best practices for protecting the privacy of data subjects. How IS 17428 standards framed by the BIS will be looked at by the DPA or the proposed rule will offer a different set of practices shall be an interesting development to observe.

References:

[1] https://economictimes.indiatimes.com/industry/cons-products/fashion-/-cosmetics-/-jewellery/abfrl-faces-data-breach-on-its-portal/articleshow/88930807.cms

[2] The IS 17438 was established on November 20, 2020 and notified in the official gazette on December 4, 2020. Please see the notification available at: https://egazette.nic.in/WriteReadData/2020/223869.pdf (last visited Jan 18, 2022).

[3] Supra note 2.

[4] Sub-clause 4.2.2 of the IS Requirements: “Privacy Notice”.

Photo Credits:

Image by Darwin Laganzon from Pixabay

POST A COMMENT

Home / #india

From Assembly Elections to Industry the Need to Address Change is Universal

Along with announcing the schedule for elections in 5 states a few days ago, India’s Election Commission (EC) also imposed certain restrictions on how parties and candidates can campaign during these elections. The limitations on rallies and gatherings- the most popular platforms for all political parties- were the result of the continuing spread of Covid cases across India. It was also partly in response to the criticism of the EC for not preventing large gatherings and political rallies during the previous round of assembly elections held in 2021. The EC has said it will review its restrictions after a period of time.

Expectedly, some murmurs have begun about how such restrictions will create a non-level playing field against smaller and regional parties. This concern is probably not entirely invalid; the EC’s action will definitely have an impact on how different parties campaign (and possibly, the results too, in some cases). However, I prefer to see the bigger picture. Specifically, I see two key messages in the EC’s recent action. The first is the acknowledgement that even in our country, political processes are not immune to change. The second is that while many forces of major change are unpredictable (e.g., the pandemic itself), the human race is by and large equipped to adapt to them.

Responding to changes takes time, and these timelines vary with the context of the change. For example, climate change related actions have taken much longer than ideal. Also, not all solutions will be ideal. And as solutions are deployed, newer problems may emerge (e.g., the virus mutating to new strains). It will therefore be interesting to see how different parties and individual candidates utilize digital tools to reach out to the people in their constituencies and convey their poll messages. In some sense, election campaigning is a lot like marketing, so a mix of physical, electronic and digital avenues will need to be used. The restrictions on rallies will tip the scales in favour of electronic/digital and hybrid channels will emerge.

It is just as important for parties to keep track of which of these channels gives them the highest RoI, so that they can refine them and build on them for future use. There is no point in adopting campaign channels that do not deliver. All change must be looked at in the context of its impact on consumer behaviour. In elections, the voters are the consumers of the political messaging; elsewhere, it is the paying customer.

In the world of business, as in life, it is tempting but naïve to look for one-to-one mapping of cause and effect. Consider the example of disruptions to global supply chains that have adversely impacted certain industries more than others. The automotive industry, for instance, has been affected because customers are keen on buying a certain model of car/SUV with certain preferences- and if those are not available (because carmakers do not have the chips or other components), they defer their purchases.

The emergence of Electric Vehicles (EVs) as a distinct industry with its own ecosystem is another major trend. The high price of fossil fuels, government policies, reducing cost of EVs, availability of charging infrastructure and rising environmental consciousness around the world are all contributing to a shift to hybrid/EVs. This is a threat to conventional carmakers whose products run on internal combustion engines. Unless they pivot, they will find it difficult to stay relevant in the years ahead. I do not expect conventional petrol/diesel powered cars/SUVs to be replaced by EVs in the next decade. But players will need to transform themselves to meet the challenges posed on both the supply and demand side.

The rise of the Direct-to-Customer model in FMCG may well provide a template for carmakers as well. Rather than mass-producing a large number of cars of a certain model/colour etc. and shipping them to dealers around the country (where they remain as inventory), the industry may evolve to a model where customers can pre-order vehicles of their choice and get it delivered on a certain day/date. This has already started in India, with Ola adopting this approach for its electric scooters. But as with anything new, teething troubles are inevitable. Just as companies have to get used to not having the cushion provided by dealers, customers too will have to get used to the absence of the middleman- the dealer- whose neck is the first one to catch if there is a delivery delay or problem with the vehicle.

I cite the above example only to illustrate my point. Multifaceted change and the consequent need to respond to these forces is not limited to any particular industry. While the underlying drivers of change or the pace may vary, enterprises in every industry will need to transform to remain relevant. Even the professional services industry (lawyers, accountants, consultants etc.) is not immune, simply because the kinds of problems they will increasingly be called to help solve will not be similar to the ones they have dealt with in the past.

Image Credits: Photo by Ross Findon on Unsplash

Multifaceted change and the consequent need to respond to these forces is not limited to any particular industry. While the underlying drivers of change or the pace may vary, enterprises in every industry will need to transform to remain relevant.

POST A COMMENT

Home / #india

Delhi HC Draft Rules for Patent Suits, 2021: Streamlining the Procedure

The Delhi High Court has witnessed a surge in the number of patent infringement actions filed before it across various scientific and technological fields including pharmaceuticals, diagnostics, mechanical engineering, telecommunications, electrical /electronics, wind technology etc, since the past 10-15 years.

In a bid to address the growing complexities concerning patent suits and actions, the Delhi High Court vide its notification dated 10^th December published the Rules governing Patent Suits, 2021 in the public domain and has invited inputs and suggestions of the relevant stakeholders, by 17^th December 2021.

The main objective of Drafting a new set of rules is to streamline the procedure for filing patent suits and establish a uniform structure of provisions and governing mandates concerning patent litigation in the city’s adversarial system, following the establishment of IPD.

Key Highlights of the Draft Rules Governing Patent Suits, 2021

The Draft Rules clarify that the published rules will apply to all patent suits in India which lie before the Intellectual Property Division of the Delhi High Court. As per the issued notification, in case of any inconsistency occurs over the Delhi High Court (Original Side) Rules, 2018 and the Delhi High Court Intellectual Property Division Rules, then in that case the present rules will prevail.

Further, the General Clause of the Rules (Rule 17) states that “Procedures and definitions not specifically provided for in these Rules shall, in general, be governed by The Civil Procedure Code, 1908 as amended by The Commercial Courts Act, 2015 and the Delhi High Court (Original Side) Rules, 2018 as also the Delhi High Court Intellectual Property Rights Division Rules, 2021, to the extent they are not inconsistent with the present Rules.”

As per the Definition Clause Rule 2(b), it is maintained that all suits seeking relief under Section 48, Sections 105, 106 including counterclaims under Section 64, Section 108, 109, 114 in the Patent Act, 1970 are governed by the provisions of the Rule. Additionally, the provision of Priority Patent Application has also been provided for in the Rules. It is defined under Rule 2(j) as, “ A parent application, a Convention application or a Patent Cooperation Treaty application from which the suit patent claims priority.”

Rule 3 elaborates upon the mandated contents of the pleadings and Rule 4 provides the details of the documents to be attached with the respective pleadings discussed under Rule 3. It also highlights the specifications that are crucial to mention in the pleadings.

The Plaint (Rule 3 A) shall discuss a brief background of the technology and relevant technical details, ownership details, corresponding suits/applications emanating from the innovation and the respective requisite details of the suit. An infringement analysis through a claim’s vs product chart, list of experts and details of the royalties received qua the suit/ patent portfolio also has to be mentioned.

Written Statement (Rule 3 B) shall be inclusive of arguments comprehensively challenging the claim of infringement. Technical analysis with specifics of the product/process used by the defendant shall be included in the written statement while claiming non-infringement. Further, if the defendant is willing to obtain a license from the patentee, quantum for the same has to be elaborated upon. Details of the sales of the allegedly infringing product/process also have to be provided.

Counter Claim (Rule 3 C) shall be precise as to the grounds that are raised under Section 64 of the Patent Act. The ground claiming lack of novelty or inventive step shall have to be supported by ‘art documents. If a counter-claim is filed seeking relief on the ground of noninfringement, then the requirements for a Suit under Section 105 of the Act shall be followed.

Replication ( Rule 3 D) shall initially summarize Plaintiff’s case and Defendant’s case. Subsequently, it shall provide a para-wise reply to the written statement.

A suit seeking a declaration of non-infringement under section 105 of the Act, shall specify the scope of the claims, the product/process being implemented by the Defendant claimed to be non-infringing and the technical/legal basis on which declaration is being sought

A suit under section 106 of the Act for an injunction against groundless threats shall contain the nature of the threat, whether oral or documentary; details of any challenge made to the validity of the patent and an invalidity brief pursuant to the challenge and details pertaining to correspondence that may have taken place between the parties.

It is pertinent to note that, strict directions and guidelines for the governance of relief applications under the Patent Act, 1970 saves judicial time and resources and improve the quality of judgements delivered by the court.

Further, the Draft Rules segregate the suit adjudication into three case management hearings, apart from the first listing, namely First Case Management Hearing, Second Case Management Hearing, and Third Case Management Hearing. The Rules enumerates specific directions that may be given by the Court at each stage, and also provide guidelines on when certain specific documents may be filed, officers may be appointed, etc.

A key concept of Hot-tubbing has been discussed under Rule 9 (iii) that provides that expert testimony can be directed by the Court if it deems fit, on its own motion or application by a party to be recorded by Hot Tubbing technique guided by Rule 6, Chapter XI, Delhi High Court (Original Side) Rules, 2018. Further, the rule also discusses the recording of evidence through video conferencing, by a Local Commissioner or at a venue outside the Court’s premises; all subjected to the discretion of the court.

The current Draft under Rule 12 has provided for “compulsory mediation”. It provides that at any stage of the proceedings if the court is of the opinion that the parties ought to explore mediation, it shall appoint a mediator/ a panel of mediators and technical experts to explore the pathway of amicable dispute resolution.

Under Rule 13 the court has been empowered to prepare a list of scientific advisors that shall assist the Court in the adjudication of patent suits. The list shall be subjected to periodical review. When the assistance of the expert is sought, they would have to submit a declaration of integrity and impartiality.

Under Rule 16, In addition to the provisions in the Commercial Courts Act, 2015 for Summary judgment, Summary Adjudication of Patent suits can be undertaken in the following conditions;

(a) Where the remaining term of the patent is 5 years or less;

(b) A certificate of validity of the said patent has already been issued or upheld by the erstwhile Intellectual Property Appellate Board, any High Court or the Supreme Court;

(d) If the validity of the Patent is admitted and only infringement is denied.

Conclusion

The Draft Rules present adaptability to the technological revolution that has enveloped the industry sectors across the world by simplifying litigation and increasing flexibility of the procedural aspect of the law. The contents of the pleadings are unambiguously discussed, leaving no room for confusion, as all the requisite information can be obtained by the parties at the first instance. Further, the clearly earmarked list of mandatory documents to be filed by the litigants saves judicial time wasted in adjournments owing to the lack of availability of documents.

Incorporation of methods of video conferences, hot-tubbing etc. for the purpose of collecting evidence while providing for the filing of technical primer, makes the case more comprehensible and streamlines judgment quality across the patent suit. The Draft has also successfully addressed the issue of a lengthy litigation process by providing for Summary adjudication of Patent suits.

Since the Rules are currently open to the opinion and suggestions of the stakeholders, it is yet to be seen how the final rules would shape up.

Image Credits: Photo by Markus Winkler from Pexels

POST A COMMENT

Home / #india

Architectural Design Copyright: Analyzing Strategic Trolling in Light of the Design Basics Judgement

Like any other form of creative works of expression, copyright protection was extended to work of architectural design keeping in mind the creative labour that goes into the production of such works and to protect the legitimate interest of such bona fide authors. However, there have been instances where copyright owners have made their revenue model to indulge in the scheme of copyright trolling.

Copyright trolling is a scenario where creators of copyrighted work enforce their work with the hopes of profiting from favorable infringement enforcement lawsuits.

This article analyses one such US case which was an appeal in the Seventh Circuit Court of Appeal i.e., Design Basics, LLC v. Signature Construction[1] that addressed the question of copyright protection over architectural designs and its alleged infringement by a subsequently developed floor plan. The article also touches upon the Indian intellectual property laws that deal with copyright protection of architectural designs.

Background of the Design Basics Case

The Appellant had received copyright registration over series of its floor plans and sued Defendant for alleged infringement of ten of its floor plans. In response, the Defendants moved for summary judgment, wherein the lower court, while dismissing the Appellant’s claim of infringement ruled that the Appellant’s copyright protection in its floor plan was ‘thin’ and only a ‘strikingly similar’ plan could give rise to an infringement claim. The Appellant’s appeal against the Summary Judgement met with the same fate as the seventh circuit court, re-affirmed the position taken by the lower court for reasons explained herein in greater detail. While doing so, the court came down heavily on the Appellant i.e., Design Basics, LLC., a home design company, for its floor plan-based copyright trolling scheme that it had utilized to file over a hundred copyright cases, including the present one, in federal courts that had resulted in thousands of victims paying license/settlement fees.

Test of Similarity: Independent Creation or Unlawful Copying

In the present case, the copyright protection was hailed as a thin one, as the designs mostly consisted of unprotectable and basic elements – a few bedrooms, a large common living room, kitchen, etc. The Court reiterated the fact that “copying” constitutes two separate scenarios – Whether the defendant has, rather than creating it independently, imitated it in toto and whether such copying amounts to wrongful copying or unlawful appropriation. For instance, in the present case, much of the Appellant’s content related to functional considerations and existing design conventions for affordable, suburban, single-family homes. In such a case, to give rise to a potential copyright infringement claim, only a “strikingly similar” subsequent work would suffice.

Determining the Piracy: A Circumstantial Scenario

The Seventh Circuit explained that in absence of evidence of direct copying, the circumstantial evidence should be taken into consideration. To bring a case under this limb, one had to identify whether there was access to the plaintiff’s work by the creators of the subsequent work and if so, then, whether there exists a substantial similarity between the two works. The substantial similarity should not only be limited to the protective elements of the plaintiff’s work but also, any other similarity.

The court in this case used the term “probative similarity” when referring to actual copying and “substantial similarity” when referring to unlawful appropriation. In a case of thin copyright protection, a case of unlawful appropriation requires more than a substantial similarity. Only if a subsequent plan is virtually identical to the original work, it will cause an infringement.

The utility aspect: The Brandir analogy

For instance, if a particular type of architectural detailing is a significant feature of an organization, so much so that it creates an imprint on the minds of the target consumers that such a style is attributable to the Appellant, is that design/style copyrightable? To answer this question the case of Brandir International, Inc. v. Cascade Pacific Lumber Co[2], must be taken into consideration, where the court stated that “if design elements reflect a merger of aesthetic and functional considerations, the artistic aspects of a work cannot be said to be conceptually separable from the utilitarian elements. Conversely, where design elements can be identified as reflecting the designer’s artistic judgment exercised independently of functional influences, conceptual separability exists.”

The rule of law, as evidenced from the above precedent states that the copyrightability of work ultimately depends upon the extent to which the work reflects artistic expression and is not restricted by functional considerations. Hence, while considering designs, which have a particular utility in the minds of the customers, the artistic part should be considered separately from the utilitarian part, as, the Copyright Act clearly states that the legal test lies in how the final article is perceived and not how it has evolved at the various stages along the way. Any similarity in the end-product when taken as a whole should be considered.

The Ideal Test(s) for Determination of Ingringement: Scènes à Faire and Merger Doctrine

The determination of piracy and subsequently the legitimacy of a copyright claim has seen a sharp change over a period. There has been a change in the stance of the courts from the Sweat of the Brow system to the Originality Test. Where the former absolved a defendant from a copyright infringement claim based on the evaluation of substantial labour in the development of the subsequent work, without taking into consideration the amount of overlap or the quality of such work, the latter absolved the author of a subsequent work from a potential copyright infringement claim if his work (the subsequent work) enshrines an adequate amount of creativity and diligence.

An extension of the Originality doctrine is seen in a Scene A Faire scenario, which states that when certain similarities are non-avoidable, what needs to be determined is if the depiction pertains to certain things which are extremely common to a particular situation, for e.g., the depiction of police life in the South Bronx will definitely include “drinks, prostitutes, vermin and derelict cars.”[3] Hence, such depictions do not come under the realm of copyright protection.[4]

The court adopted the same analogy in the present scenario, stating that the rooms in the Appellant’s floor plans were rudimentary, commonplace, and standard, largely directed by functionality. For example, the placement of the bedroom, hall, and kitchen did not show an extraneous unique expression of an idea. Hence, they constituted of a scene a faire scenario, which could not be protected.

Expressions and not ideas are protectable. The doctrine of merger prevents the protection of underlying ideas. However, if certain ideas can only be expressed in multiple ways, copyrighting each expression would end up in copyrighting the idea itself, which would run counter to the very basis of copyright protection. Similarly, where the Appellant is the owner of 2500+ floor plans, is it possible for any other Appellant to design a suburban single-family home that is not identical to at least one of these plans?

The court answered in negative and held that if the copyright infringement claim of the Appellant was allowed to succeed, then it would own nearly the entire field of suburban, single-family type homes, which would be a result of anti-competitive practice. Hence, the present plea was not allowed.

A Classic Case of Copyright Trolling

The court called this instance a classic case of a copyright troll. This was because Design Basics, as a matter of practice, had registered copyrights in over thousands of floor plans for single-family tract type suburban homes, which they used for attacking several smaller businesses, using their employees to spawn through the internet in search of targets and slapping on them strategic infringement suits in which the merits were always questionable. This fueled their agenda in securing “prompt settlements with defendants who would prefer to pay modest or nuisance settlements rather than be tied up in expensive litigation.”

The Indian Position on Protection of Architectural Design

Even though courts in India have not taken a similar stand on copyright protection over architectural work yet, a similarly high threshold of originality for protection and enforcement of such works stems from the Copyright Act, 1957 (“the Act”) as well as the Designs Act, 2000. Section 2(b) of the Act defines ‘work of architecture’ as: “any building or structure having an artistic character or design, or any model for such building or structure.”, and Section 2(c)(ii) includes work of architecture under the ambit of artistic work.

Additionally, Section 59 of the Act, restricts remedies in case of “works of architecture” which states that where construction of a building or other structure which infringes or which, if completed would infringe the copyright in some other work has been commenced, the owner of the copyright shall not be entitled to obtain an injunction to restrain the construction of such building or structure or order its demolition. The owner of the copyrighted building cannot claim specific relief and the only remedy available to the copyright owner will be damages and criminal prosecution.

The law corresponding to this is Section 2(d) of the Designs Act, 2000 which allows for designs of buildings to be registered. This provision may prove to be more useful as it allows for mass production of the designs registered under the Designs Act. As for Copyright protection, if a design has been registered under the Copyright Act, as well as the Designs Act, then the copyright ceases to exist if the design is commercially reproduced or reproduced more than fifty times.

Thus, the Copyright Act purports to provide protection to very special architectural works which have an artistic element to them and are not mass-produced to protect the artistic integrity of the work. Hence, commercial rights of architectural work are better protected under the Designs Act which allows for the reproduction of the design multiple times.

Analysis and Conclusion

The Appellate court in the present case concluded that apart from the marking up of the Design Basics floor plan by Signature, there was no evidence of actual copying. Even under the test for circumstantial proof of actual copying, there existed many noteworthy differences between the two works, for instance, the room dimensions, ceiling styles, number of rooms, and exterior dimensions were all different enough to preclude an inference of actual copying as a matter of law. Even though the two plans were similar, they differed in many aspects. Hence, the copyright infringement claim could not subsist.

The United States’ Modicum of Creativity approach is a modern proliferation of the originality test, which delves into the thought process and the judgment involved behind the formulation of subsequent work.[5] However, using this approach in isolation is not enough. Whether the subsequent work is the result of a thought process and adequate judgment should be determined after passing it through the ‘Nichols Abstraction’ test. The Seventh Circuit decision was largely based on the Nichols Abstraction test[6] which narrows down to the product that remains after filtering out all the dissimilarities. The residual product, in this case, that remained after filtering out all the dissimilarities between the two was the main idea behind the works and ideas are not protectable and hence a case of infringement could not be made out.

Copyright trolling is more common in countries that provide escalated damages for infringement and there it needs to be addressed in a stricter manner. In 2015 alone, trolls consumed a whopping 58% of the US federal copyright docket. Clearly, the judiciary plays a very important role in sorting out a troll from a genuine copyright claim. Moreover, the litigation process needs to be cost-effective, which may enable defendants to dispute the claims of a copyright troll more easily. Hence, proper care and caution must be taken while meandering through the trolls.

References:

[1] Case No. 19-2716 (7th Cir. Apr. 23, 2021)

[2] 200 (2d Cir. N.Y. Dec. 2, 1987)

[3] David Nimmer, Nimmer on Copyright Vol III, (1963).

[4] http://blog.ciprnuals.in/2021/06/from-sweat-of-the-brow-to-nichols-abstraction-a-revisitation-of-the-r-g-anand-precedent-with-its-mature-modern-implications/

[5] Feist Publications, Inc. v. Rural Telephone Service Co., 499 U.S. 340 (1991).

[6] Nichols v. Universal Pictures Corp., 45 F.2d 119 (2d Cir. 1930)

Image Credits: Photo by Sora Shimazaki from Pexels

Copyright trolling Is more common in countries that provide escalated damages for infringement and there it needs to be addressed in a stricter manner. In 2015 alone, trolls consumed a whopping 58% of the US federal copyright docket. Clearly, the judiciary plays a very important role in sorting out a troll from a genuine copyright claim.

Green Intellectual Property

Related Posts