This article was originally published in the 13th April 2018 edition of The Times Of India.
While India has its share of unicorns, most have adapted global business models. We are yet to see Indian companies revolutionizing the global market. Steve Wozniak, co-founder of Apple, recently attributed this lack of "creativity" to our education system, an often ignored but important aspect are sound governmental policies that promote innovation and laws which don't impede it.
It's now a cliché that law lags behind technological innovations. Therefore, the question then arises, is there a need for governmental intervention? If yes, why and to what extent? Often, the tendency to introduce regulation is due to the fear of the unknown or as a reaction to the actions of one rouge industry player.
Therefore, the onus is on the industry players to act responsibly.
Innovative businesses need to voluntarily self-regulate to ensure that the interests of all the stakeholders including the government are respected. The government must act as an enabler and work in collaboration with the industry to identify and plug gaps in the present policy.
We saw a spate of new drafts being released recently by way of a Digital Information Security in Health Care Act., Committee report on Artificial Intelligence, Committee to regulate online content, Space Activities Bill, Drone Policy, consultations to regulate the Cloud, M2M, among others. While the consultative process of is commendable, the need and timing of each of these drafts is yet to be determined. In this context we must evaluate the steps taken by law makers and suggest a possible approach for regulatory intervention which can be adopted when a new technology gains critical mass to ensure that laws do not act as an impediment to innovation.
- How should law and policy be adopted in the context of the Indian situation--Net neutrality principles as are adopted in developed countries may not necessarily fit in well in the Indian context in an as –is manner without taking into account the development of the infrastructure, the role of telecom operators, development of OTT services, and others.
- Examine what is the likely mischief and whether the current law is sufficient to address that. An example, with the increasing importance of data, data theft, is a possible mischief. Therefore, it is to be evaluated whether the existing provisions of "theft" under the Indian Penal Code adequately address that mischief? Law of tort is often an ignored body of law in India. Several principles such as vicarious liability, negligence, trespass and nuisance can be applied in several instances. E,g, in cases of accidents by driverless cars, the contributory negligence principles under tort may very well apply.
- Focus on implementation of present laws. Given that the government is actively repealing irrelevant laws, before enacting new laws, the focus needs to be addressing issues arising with the implementation of the existing laws. One of the reasons identified for the introduction of a new data protection framework was the fact that the implementation of the existing data protection laws had failed.
- Examining the extent of regulation in line with purpose. When digital payments increased, the risk of misuse of customer funds spawned and therefore a technological solution in the form of two-factor authentication was introduced. However, the establishment of two-factor authentication, the additional imposition of monetary limit to the transactions, may not necessarily be required.
- Intervene only where there is a specific and recognized need to intervene.There must be a demonstrated failure of the industry to act responsibly which warrants governmental intervention. E.g. the RBI in a surprise move recently introduced a data localization requirement for all payment systems. This requirement has taken the entire industry by surprise since it was introduced without any public consultation and there does not appear to be any specific incident or market failure to have precipitated this requirement
- What sanctions should be imposed? Whether the law should impose only civil liability or criminal as well, if there is a point of contention. India is on the cusp of introducing data protection law. One aspect that has been debated is whether the imposition of penal sanctions is required. There has been ideation by a Committee of Experts to allow criminal penalty for violations concerning data protection. However, criminal sanctions will only deter innovation and make businesses risk averse. Professors Elizabeth Pollman & Jordan M. Barry in their paper on Regulatory Entrepreneurship recognize that "if a law provides for the incarceration of the executives of a company that violate it, that may deter the guerrilla growth strategies that some modern regulatory entrepreneurs employ".
- Building capacity. It appears that whenever the government is not comfortable in understanding how a technology works, its first response is to try and ban a technological advancement as was the case with drones in India in 2014. Later the government progressed in its outlook by recognizing the possible benefits / uses of drones and introducing a draft policy in that regard. With several such examples, the RBI's recent directions against virtual currencies seems inexplicable. The mere fact that a technology or business model is possible of being misused cannot be grounds for banning an entire industry, this goes against the ethos of an innovation based economy. Therefore, it is imperative that the regulators, industry participants and technical experts all work together to assuage any concerns before a formal policy is unveiled.
- Are we giving enough clarity to businesses? Two points here. First, more often than not, regulators and law makers make statements indicating an intention to regulate new technology or business models which create uncertainty in the market without any legislative or policy being enacted as was the case with bitcoins and is now playing out with the MIB's plans to regulate online content and news. Second, since technologies are evolving and are often abstruse, capturing them in words is difficult. Therefore, the drafting of the laws and regulations should be carried out by taking assistance of experts in the field.
- Lack of concerted / consolidated efforts to address the overlapping issues.Given that various regulators may get involved in regulating startups, the Government needs to demarcate the jurisdiction of each regulator due to a clear lack of inter-departmental liaising. For the industry, clarity in terms of the regulatory body who they should engage with is crucial. For example, in the past the TRAI and MeitY and now RBI and the Ministry of Health are all looking to regulate data in India, creating confusion in the market.
Therefore, the need of the hour is for the government to rethink its strategy while dealing with emerging technological advancements and new business models. A concerted intra – departmental effort to apply restraint in regulating the unknown and even going as far as allowing businesses to operate in the 'grey' is what we need to give rise to our homegrown startups that can rival the likes of Airbnb, Tesla, Uber, and others which are said to have grown at a scorching pace because they operated in a regulatory grey area! This approach will also force incumbent startups to adopt higher standards of corporate governance that take into account interest of all stakeholder to give confidence to the government to act as an enabler rather than a disruptor.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.