In 2020, the Telecom Regulatory Authority of India wrote a note saying that it should be charged with regulating large swathes of the data economy, including data protection, cyber security and “converged” communications, likely a reference to messaging and calling apps. The Ministry of Electronics & Information Technology and the Department of Telecommunications should instead be focused on sectoral development, TRAI had said in the note, obtained by Entrackr.
We are making the note public here. TRAI has held a consultation on digital privacy in the past, and has also touted its potential as a converged regulator of the digital space.
“Multiple Government Institutions/Departments responsible to govern overlapping functions/ converged services with no institutional mechanism for coordination among them is not only creating confusion amongst stakeholders but also resulting in a scenario where many stakeholders are able to exploit regulatory gaps by classifying their services differently before different Government Institutions/Departments,” TRAI complained in the note.
“TRAI, which is a converged regulator and already working for orderly growth of the ICT sector which include telecommunication, broadcasting, broadband, satellite communication, cloud computing and communications, M2M communications, Net Neutrality, OTT services, smart city networks, data ownership and privacy, manufacturing of telecom equipment, content delivery networks, international data centers etc., can continue to lead stakeholders’ consultations for formulating the policies relating to [a] converged ICT sector,” the regulator argued.
“It is pertinent to note here that stakeholders’ consultations for the National Digital Communications Policy–2018, which has attracted the positive accolades from the international community for the country, were led by TRAI.”
The regulator also devised an ideal division of labor where it would take over regulation of critical questions like data protection and converged technologies, and the ministries and departments of the union government would instead do the following:
Things haven’t quite worked out that way since TRAI sent this note.
The Ministry of Electronics and Information Technology has doubled down on creating a brand new draft bill which seeks to create a new board led by government appointees to oversee data protection in India, and earlier this year put out cybersecurity guidelines through its Computer Emergency Response Team, which led to several leading VPN companies removing servers from India, and formed critical rules on vulnerability disclosures for companies.
The IT Ministry also ruled that messaging apps like WhatsApp should allow the government to trace the originator of forwarded messages, a demand that Meta has argued will dilute end-to-end encryption offered by the service.
The Department of Telecommunications, on the other hand, has moved quickly to create a law replacing the Telegraph Act (which TRAI also said was necessary, but apparently sought to lead consultations on), and just wound up a consultation seeking inputs from the public on a draft. Far from letting TRAI take a lead on key issues surrounding the draft, the bill dilutes the regulator’s powers instead, alarming officials to such an extent that they reportedly approached the Prime Minister’s Office to make a case for their role.
“Under section 11(1) (d) of the TRAI act, 1997, the Central Government may entrust additional functions relating to ICT, Data Privacy, cyber security to TRAI,” the regulator had said in its 2020 note.
While TRAI may not be able to achieve the central role in regulating the digital economy that it sought, amid different departments and ministries’ ongoing tussle to assert themselves in the space, a DoT official reportedly said that the regulator’s concerns would be addressed in the final bill, and that legislation strengthening its mandate would be passed at a “later stage”.
