THIS WEEK IN TECHNOLOGY LAW

for private circulation only 16 – 22 August, 2021

INFORMATION TECHNOLOGY
A. SUPREME COURT REJECTS PLEA CHALLENGING WEST BENGAL GOVERNMENT’S NOTIFICATION SETTING UP AN
INQUIRY COMMISSION TO LOOK INTO THE PEGASUS PROJECT DISCOVERIES

On August 18, 2021, the Supreme Court turned down a plea made by Global Village Foundation Public Trust
to grant stay on the notification issued by West Bengal Government constituting an Enquiry Commission to
investigate into the allegations pertaining to the Pegasus spyware scandal. However, the Apex Court has
directed that the matter may be listed along with other pleas seeking probe into the Pegasus scandal on
August 25, 2021.

The Pegasus scandal came into light when “The Wire”, a media house, uncovered a 'snoop list' that showed
that activists, politicians, journalists, judges and several others were the potential targets of cyber-surveillance
conducted through the Israeli firm NSO Group's Pegasus software. The scandal has also raised surveillance
tensions in the international arena as well. A panel constituted by the United Nations has called for
moratorium on sale of ‘life threatening’ surveillance tech. The panel has requested the international
community to “develop a robust regulatory framework to prevent, mitigate and redress the negative human
rights impact of surveillance technology and pending that, to adopt a moratorium on its sale and transfer”.

On August 16, 2021, the Central Government had submitted an affidavit before the Supreme Court (accessible
here) to establish a committee of experts to look into Pegasus assertions. The Central Government in the said
affidavit has denied all allegations made against it in respect of the Pegasus allegations and said that all these
allegations are based upon unsubstantiated media reports or incomplete or uncorroborated material and thus
cannot be made basis for invoking the writ jurisdiction of the honorable court.

Read more here.

DSK Comment: The Telegraph Act, 1885 which deals with interception of telephonic conversations and
the Information Technology Act, 2000 (“IT Act”) which deals with interception of electronic data or
records are the primary legislations dealing with any kind of surveillance. Surveillance in India is
permitted provided the same being conducted by an authorized law enforcement agency and done only
for certain limited grounds including maintenance of sovereignty and integrity of India; security of the
State; friendly relations with foreign states; public order, etc. Section 5(2) of the Telegraph Act and
Section 69 of the IT Act empower authorized law enforcement agencies to lawfully intercept the
transmission of any electronic communication in India. Under Section 69 of the IT Act, 10 security and
intelligence agencies have been authorized by the Central Government for the purposes of interception,
monitoring and decryption of any information generated, transmitted, received or stored in any
computer resource.

Page | 1
THIS WEEK IN TECHNOLOGY LAW

for private circulation only 16 – 22 August, 2021

CRYPTOCURRENCY AND BLOCKCHAIN

A. THE CRYPTOCURRENCY AND REGULATION OF OFFICIAL DIGITAL CURRENCY BILL, 2021 TO BE TABLED BEFORE
THE CABINET

Finance Minister Nirmala Sitharaman, on August 16, 2021, announced that the long-awaited
Cryptocurrency and Regulation of Official Digital Currency Bill, 2021 (“Crypto Bill”) has been tabled before
the Cabinet and is awaiting its approval.

Read more here.

DSK Comment: Currently, owing to the lack of regulation or legislation, most cryptocurrency platforms
and exchanges in India are self-regulated and have their own code of conduct to ensure compliance with
the Indian law. These include voluntary compliance with the Anti Money Laundering/Combating the
Financing of Terrorism, KYC regulations, company and taxation laws in India. The Crypto Bill has the
Indian crypto industry holding its breath since it proposes to prohibit all private cryptocurrencies and lays
down the regulatory framework for the launch of an “official digital currency”. The Indian crypto industry
has been eager to help the government formulate the right regulations, however, the government’s
approach towards regulation of cryptocurrency has so far been negative.

B. SEBI ISSUES CIRCULAR ON SECURITY AND COVENANT MONITORING USING DLT

Securities and Exchange Board of India (SEBI) has asked its depositories to employ distributed ledger
technology (blockchain technology) for recording and monitoring securities generated as well as non-
convertible securities covenants. The implemented technology will record and monitor the created security, as
well as monitor covenants of non-convertible securities. Further, the system will record the process of creating
a security, continuous monitoring of covenants by debenture trustees, and credit rating of the non-convertible
securities by the credit rating agencies (CRA). Additionally, SEBI has urged depositories to give secure login
credentials to issuers, CRAs, and debenture trustees. This is for recording and validating relevant information
on the system.

Read the circular here.

Page | 2
THIS WEEK IN TECHNOLOGY LAW

for private circulation only 16 – 22 August, 2021

PRIVACY AND CYBERSECURITY

A. CHINA PASSES NEW PERSONAL DATA PRIVACY LAW

On August 20, 2021 China passed a legislation seeking to protect online user data privacy. The legislation will
come into effect on November 1, 2021, and lays out conditions for which companies can collect personal data,
including obtaining an individual's consent, as well as laying out guidelines for ensuring data protection when
data is transferred outside China. The legislation further requires handlers of personal information to
designate an individual in charge of personal information protection and to conduct periodic audits to ensure
compliance with the law.

China’s Ministry of Industry and Information Technology recently ordered body corporates (including tech
giants like Tencent) to make rectifications for breaking the country’s data transfer regulations. In this regard,
43 applications were found to be illegally transferring user data.

China has been firming its grip on tech giants and is planning to implement a slew of regulations to regulate
competition and use of consumer data by corporations (in addition to its new data privacy law). On August
17, 2021, the State Administration for Market Regulation (SAMR) issued a new set of draft regulations
banning unfair competition and restricting the use of user data. The proposed regulations set priorities in
setting the 'rules of engagement' for online competition and seek to impose compliance requirements on e-
commerce platforms to curb abuse of dominance.

Read more here.

B. TALIBAN MAY HAVE ACCESS TO VARIOUS BIOMETRIC DATABASES AND EQUIPMENT IN AFGHANISTAN

With Taliban taking control of Afghanistan last week, the United Nations has expressed concerns that the
organization may now have access to a vast database of biometric data. Now that the US military is no longer
present in Afghanistan, the Taliban could potentially use the biometric data to target allies left behind.
According to the Intercept, primarily the collection of biometric data was for military personnel only. However,
Afghan civilians such as translators who worked for the U.S. embassy were also included in the database. The
military used the Handheld Interagency Identity Detection Equipment (HIIDE) which collects everything from
iris scans to fingerprints. These devices are now reportedly in the Taliban’s possession.

Read more here and here.

C. DATA BREACH AT ASIAN FINTECH GIANT - PINE LABS

Around 500,000 records of Pine Labs, a B2B fintech solutions company working with various financial
institutions and merchants, including confidential client agreements, employee data, financial reports, and
other internal documents were allegedly hacked by BlackMatter Ransomware Group. The data leaked also
included service and private agreements, and invoices of Pine Labs with various financial institutions and
Indian banks. Names, departments and email ids of several Pine Labs employees, too, were leaked. The
claims have, however, been denied by the Pine Labs group.

Read more here.

Page | 3
THIS WEEK IN TECHNOLOGY LAW

for private circulation only 16 – 22 August, 2021

E-COMMERCE
A. DELHI POLICE MAKES ARRESTS IN CONNECTION WITH E-COMMERCE SCAM

On August 17, 2021, the Delhi Police arrested 5 men in connection with a search engine optimization scam.
The Delhi Police has alleged that the accused have published multiple fraudulent e-commerce websites,
offering electronic goods at throwaway prices and duped people. More than 10,000 people were cheated of
around Rs. 25 crores in the last 3 years.

DSK Comment: In India, the IT Act and the Indian Penal Code, 1860 ("IPC") lay down penalties for
cybercrimes like fraud, mischief, data theft, identity theft, etc. Though the IT Act lays down penalties
specifically for any offence occurring over or through a computer resource, the IPC is wide enough to
cover both online and offline offences. Interestingly, the overlap of certain offences has created situations
***
of conflict while adjudicating online offences in the past.

Read more here.

B. GOVERNMENT PLANS ESTABLISHMENT OF AN INDEPENDENT REGULATORY AUTHORITY FOR E-COMMERCE

Government is considering establishing an independent regulatory authority for e-commerce sector similar to
the Securities & Exchange Board of India (SEBI). The proposal was announced during a meeting chaired by
Union Minister of Commerce & Industry, Shri Piyush Goyal on the review of Open Network for Digital
Commerce (“ONDC”) which is a first of its kind of initiative of Department for Promotion of Industry and
Internal Trade for democratizing digital commerce and moving it from platform centric model to open network
model enabling buyers and sellers across different segments such as mobility, grocery, food order and
delivery, hotel booking and travel etc. to transact with each other through an open network.

Read more here and here.

DSK Comment: E-commerce sector in India is governed by an array of laws like Consumer Protection
(E-commerce) Rules, 2020, FDI Policy, Legal Metrology Act, 2009, Information Technology Act, 2000 etc.
However, currently there is no legislation which provides for establishment of independent body for e-
commerce sector. The introduction of an apex body regulating the e-commerce industry seems to be a
move in the right direction considering the growing concerns of abuse of dominance by tech giants in the
sector. However, an insight on the effectiveness and independence of such regulator can only be given
once a formal policy is placed by the policy makers in this regard.

Page | 4
THIS WEEK IN TECHNOLOGY LAW

for private circulation only 16 – 22 August, 2021

__________________________________________________________________________________

For further queries and/or clarifications please contact:

Mr. Rishi Anand Mr. Nakul Batra

Partner Associate Partner
(Rishi.anand@dsklegal.com) (Nakul.batra@dsklegal.com)

Page | 5