Ms. NS Nappinai is a Supreme Court advocate and the founder of Cyber Saathi. She is an expert in various laws such as cyber, technology, constitutional, and criminal laws. She is the author of the book, ‘Technology Laws Decoded.’
Ms. Lohita Sujith and Ms. NS Nappinai had a fruitful discussion on the need for a robust policy and a legislative framework for the creative economy in the digital age.
Ms. Nappinai believes that cybersecurity is a vast area that does need specialised cyber safety laws.
Ms. Nappinai stated that Copyright law is one of the older laws in India. The Copyright Act, 1957 may need to be revisited in light of India becoming a party to the WIPO Copyright Treaty (WCT) and WIPO Performers and Phonograms Treaty (WPPT). Further, the Copyright Act, 1957 has also not been amended in terms of interoperability with the cyber laws, technology laws, and anti-piracy measures. In her opinion, though all these laws have individuality in terms of operation, they do have points of convergence, where their interoperability needs to be deliberated upon. India is still at a developing phase in terms of interoperability and convergence of laws.
Ms. Nappinai further discused the evolving nature of the laws concerning the digital space. The world has evolved during the pandemic; for example, OTT platforms became the primary source of entertainment. Education was redefined, and the classrooms were made portable through mobiles and tablets. In terms of various laws and their cohesion or harmonisation, in this new environment, India stills stand at a nascent stage. In numerous instances, there has to be deliberation on the provisions of a new law. However, the absence of convergence or harmonisation of existing laws does not mean the lack of a remedy available to the victims of copyright infringement or cyber crimes. There are remedies in various laws including the Information Technology Act, 2000 (“IT Act”)
On the point regarding geopiracy tools such as highjacked IP addresses, which threaten territorially restricted content offered by digital platforms, Ms Nappinai was of the view that while the laws need to be relooked , the problem is not with the robustness of laws to tackle a particular issue, but rather, in their implementation. The present laws, including the 2012 amendment to the Copyright Act, 1957 are very specific to their domain and lack dynamism. For example, the 2012 amendments do not include internet transmission/broadcast as a domain. India is using both technology and law for protection against piracy. Technology, while mostly effective, offers limited protection against piracy and does not hinder rogue sites from hosting pirated content. Legal developments have been encouraging, particularly the Delhi High Court’s 2019 judgment in UTV Software Communication & Ors. Versus 1337x.TO & Ors., wherein the Delhi High Court issued india’s first dynamic website blocking injunction for copyright infringement. This is complimented by a previous Bombay High Court judgment which recognized the proposition that John Doe orders must be based on concrete and precise information and must be narrowly tailored to block specific URLs in contradistinction to entire websites. Thus the law has recognized that the copyright holder’s rights must be balanced with the rights to fair use of copyrighted content as well as right to free speech. While India does not need many additional laws except a few for covering the digital domain, several problems could be solved by purposive interpretation and better utilisation of the present laws.
Speaking on the effective legal protections on technology, Ms. Nappinai stated that though law is dynamic, it sometimes becomes static when dealing with technology. For example, the Information Technology Act, 2000 was enacted for a digital medium, but it took eight years for the legislators to change it to an electronic medium for effective and adequate protection. In cases of infringement through technological advancements, including violations of Section 65A and 65B of the Copyright Act, 1957, the remedies are available within the laws. The copyright owners just need to look at the correct place, which includes the Information Technology Act, 2000.
In terms of creating awareness about accessing pirated content among the content consumers, it was pointed out by Ms. Nappinai that it is mainly moral persuasion which is employed to discourage use of pirated content by content consumers. The issue also crops up in countries like the USA because cheaper or no-cost entertainment does not appear, on the face of it, to harm the consumer. The awareness that piracy is a criminal offence should be spread. In her opinion, the narrative needs to be changed. Instead of pointing out the losses to the third parties or copyright owners owing to piracy, the losses to the consumers/users of such pirated content, such as spread of malware to their systems through sites hosting pirated content, will be more helpful.
The next question related to the impact of Artificial Intelligence and Augmented Reality on the copyright laws in India. The question of copyright ownership of content created using artificial intelligence assumes significance. Ms. Nappinai stated that copyright should be given to the facilitator of the outcome of the work. She highlighted the example of the “Monkey Selfie case” in the USA, where a monkey had taken a selfie of itself. The monkey had picked up a camera placed by a professional photographer and used it to take a selfie of itself. While the photographer tried to assert his copyright over the photograph, having expended his time, money and energy, to have the photograph taken the People for Ethical Treatment of Animals (“PETA”) contended that the monkey held the copyright to the photograph. The Court ultimately held that the photographer owned the copyright to the photograph. The Copyright Office went a step further, clarifying that copyright could be granted only for content created or generated by humans, and not by animals, holy spirits or technology. The reasoning is that there is a a human action involved in every technology, for example, there is a lot of content and music on the internet which is generated by artificial intelligence, but the development of the artificial intelligence system was done by a human, who worked on it to feed the right kind of information to the system. The human interference or aspect that is the most near to creating the content in question should be given the copyright.
Moving to data protection, Ms. Nappinai pointed that certain provisions of the IT Act need to be made more specific and clarified. Understanding the liabilities and remedies for a particular action must be more straightforward for the creators and users under the Act. For example, Illustrations to clarify the situations in which a person could rely on Section 43 of the IT Act (which provides for penalty and compensation for damage to computer systems), would go a long way in helping a layman understand remedies available to him. In the words of Ms. Napinai, “While talking about Civil, Criminal or IPR laws, we are looking at verticals, whereas Cyber laws is a horizontal which percolates each and every vertical.” Specificity and clarity of laws would thus assist users, police as well as courts. Ms. Nappinai also pressed on the urgent need for the introduction of a specific cyber security law. The new cyber law could also help combat online piracy as, at present, even the term is not easily defined.
Talking about the new Personal Data Protection Bill (PDP Bill), Ms. Nappinai observed that this bill, if enacted, would change the manner in which targeted advertising works. The collection of data, its processing, usage, sharing with third parties, and its deletion will all be changed once the bill gets the assent of the President. Even collection of viewer information for TRPs would be goverened by the data protection bill, once it becomes an act. The proposed legislation will closely monitor the collection and profiling of data. The entity collecting the data, its analytics, its marketing, profiling, or a study of that data would need to ensure compliance with the bill in terms of the manner in which the data will be collected, used, and retained. All this is in addition to the mechanisms related to advertising under the Consumer Protection Act.
Ms. Nappinai was of the opinion that the PDP Bill would also offer increased support to start-ups. Even though there are compliance standards, these compliances only look burdensome at the teething stage; once they start getting implemented, they start syncing and become easier to comply with. It is hoped that the DPA would not work ultra vires its powers, and in case there is opacity and clarity is required, it would also clarify to help the start-ups and businesses. She added that it would be helpful if the DPA would bring out a guidance document assist entities in the process of compliance with its regulations.
The PDP Bill also borrows from the General Data Protection Regulation (“GDPR”) of the European Union. Ms. Nappinai touched upon the fact that India and its sectors are entirely different from those of the countries in the European Union. For example. the PDP Bill could have utilized the word “marketing “ in place of the word “profiling” (as used in GDPR) as the latter has negative conotations. Further, the European Union had data protection rules for the past 20 years, but even then, the GDPR gave a two-year compliance period for the companies. In the PDP Bill of 2018, there was a one-year window for the companies to ensure compliances, which was subsequently removed from the 2019 draft of the PDP Bill. The DPA should notify the rules to make it easier for start-ups and MSMEs to comply with the laws. She however expressed the view that the industry would have sufficient window to comply with the PDP Bill once enacted.
With regard to non personal data, Ms. Nappinai stated that the provisions of mandatory data sharing and sharing of propreitory data with government authorities or start ups or MSMEs is still open ended. Even the report of the Kris Gopalakrishnan committee on the non personal data framework indicated the possibility of appropriation of data in public interest. This may be an area of concern from the point of view of copyright protection.
On the need to segregate data related to children under the PDP Bill, Ms. Nappinai felt that one of the main challenges is age verification and the standard of age- it is not clear through the PDP Bill whether India is taking the global standard of 13 years for a child or sticking with its own minor-major concept of 18 years for a child. Nonetheless, the bill lays down compliance requirements for profiling and handling children’s data and sets a higher onus on the intermediaries and significant social media intermediaries. Even collection of data by toys and chat bots on entertainment devices used by children, would be governed by the PDP Bill.
Ms. Nappinai also discussed the work and initiatives at Cyber Saathi. The idea behind Cyber Saathi is that everyone, irrespective of their age or gender, should become a friend to the internet. This cyberfriend should have basic knowledge about the internet and financial fraud. Cyber Saathi came in to ensure that there should be a basic level of knowledge about the individual threats or vulnerabilies in the digital age. The information is in the form of a stories that are easy to understand for a layman. The functioning of Cyber Saathi starts at the grassroots level to ensure a basic level of awareness and provides information and guidance on the remedies. On a more significant level, it also helps with the policies for cyber laws and cyber security.