The Protection Of Privacy And Personal Data In Social Media – An Analysis Of The Indian Information Technology Act

The prolific growth of information and communication related technology has spawned myriad social media networking sites. However, the use of these technologies also presents new dangers for the privacy of individuals. Information is at the risk of being gathered without an individual’s knowledge. It may be reused for unauthorized purposes, retained for months and years, passed on to third parties, and published or circulated without permission. Increasingly, data available on social media sites is being used by several entities to track individuals’ preferences, interests, movements, networks and activities. The information that is gathered is widely used, among other things, to customize an individual’s email access as well as webpage that the individual may visit. This raises questions of privacy and data protection.

The Information Technology Act, 2000 (“IT Act”) was focused on the recognition of electronic records and facilitation of e-commerce. The emphasis of the Information Technology (Amendments) Act, 2008 was on Cyber Terrorism and to a significant extent, Cyber Crime. However, it also contains provisions that apply to data protection and privacy. The two statutes are collectively referred to as the IT Act.

The scope of this article is to highlight some of the important provisions of the IT Act relating to data protection and privacy vis-à-vis social media.

Data Protection

The IT Act (section 43) imposes civil penalties in the event of the commission of certain acts without the permission of the owner or person in charge of the computer or computer systems such as: (i) securing access (without permission); (ii) downloading or copying of data stored in a computer or computer system; (iii) introducing computer viruses; (iv) damaging computers and or data stored therein; (v) disrupting computers; (vi) denial of access; (vii) abetting such acts; or (viii) illegal charging for services on another’s account. The IT Act has included two additional violations (i) destruction, deletion and alteration of information residing on a computer and (ii) theft, concealment, destruction, alteration, (or to abet in the theft, concealment, destruction, or alteration), of any computer source code used for a computer resource with an intention to cause damage.

Further, the IT Act holds any “Body Corporate” possessing, dealing with or handling any “sensitive personal data or information” in a computer resource it owns, controls or operates, liable for negligence, if it fails to maintain “reasonable security practices and procedures[i]” and thereby causes wrongful loss or wrongful gain to any person. “Body Corporate” is defined in the IT Act as any company and includes a firm, sole proprietorship (sic) or other association of individuals engaged in commercial or professional activities

Apart from the Civil Penalties contained in the IT Act there also are criminal provisions, a few of which relate to data protection.

The IT Act provides that any act set out under section 43, if committed “dishonestly or fraudulently,” would amount to a criminal offence, punishable with imprisonment of up to three years or fine of a maximum of Rupees Five Lakh (approximately US$ 10,000) or both. The IT Act also makes the receipt or retention of a stolen computer resource or communication device punishable with imprisonment up to three years or with fine up to Rupees One Lakh or both. The term “computer resource” is defined under the IT Act as a “computer, computer system, computer network, data, computer database or software.” This provision applicable to the receiver of stolen computer resources, such as data and software, could prove to be substantially useful when faced with issues of data misuse or theft from a social networking site.

Under the IT Act the onus of implementing “Reasonable Security Practices” is on the business entity. “Reasonable security practices and procedures” are defined as “security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem it.” Therefore, social media sites would be required to show that they have adopted such practices in case there is a violation on their site to help mitigate their liability.

Confidentiality and Privacy

The IT Act provides for the protection of physical or personal privacy of an individual. Also, the IT Act contains provisions against the dissemination of personal information obtained without the individual’s consent through an intermediary or under a services contract, with the intent to cause wrongful loss or wrongful gain. The maximum punishment prescribed for this offence is three years imprisonment, or fine up to Rupees Five Lakhs or both. These provisions protect privacy and personal information to a certain extent. In particular, service providers on the Internet, social networking sites, companies, firms, individuals and other intermediaries need to exercise caution in the collection, retention and dissemination of personal data.

The IT Act makes the dishonest or fraudulent use of a person’s electronic signature or identity, password or any other unique identification feature punishable as theft with imprisonment of up to three years and fine up to Rupees One Lakh.

The statute further makes cheating by impersonation through a computer resource punishable with imprisonment of up to three years and fine up to One Lakh Rupees.

The liability of an intermediary under this section is limited in specific instances, i.e., if he provides access to communication systems for transmission or temporary storage of third party information, data or communication links made available or hosted by him. The intermediary should however observe due diligence and comply with the prescribed guidelines, while discharging his duties.

The IT Act imputes vicarious liability in case of offences by companies and provides substantial and relevant rights allowing victims to seek redress in cases of violations. As most of the offences under the IT Act are cognizable, this provision is a cause for concern for social media entities and their management.

In comparison to the laws of developed nations, India requires laws that define data based on utility and importance. Rules related to data extraction and data destruction needs to be improvised. Stringent and comprehensive laws for the protection of data are the need of the hour. In 2011, the Government of India proposed the “Right to Privacy Bill”. However, we still await the final and conclusive draft of the Bill. Until then, businesses must implement appropriate safeguard policies and maintain an awareness of compliance obligations

Vidhi Agarwal is a partner at LawQuest International, a general practice law firm in Mumbai, India. She with a Masters Degree in Law as well as Commerce is admitted as an advocate to the Bar Council of Maharashtra and Goa. Vidhi may be reached at

Annu Sharma is an Associate at LawQuest. She has completed her LL.B from K.C. LawCollege, Mumbai. She holds a B.Sc Degree from K.C. College of Arts, Commerce and Science. She can be reached at



By Vidhi Agarwal and Annu Sharma






Saving The Starving Artist

The authors and music composers who are left in the cold in the penumbral area of policy should be given justice by recognizing their rights when their works are used commercially separately from cinematograph film and the legislature should do something to help them.

In keeping with the spirit of the above view of Justice Krishna Iyer, both Houses of the Indian Parliament unanimously passed the Copyright Amendment Bill, 2012, bringing about considerable changes to the Copyright Act, 1957 (“Copyright Act”) in relation to, inter-alia, the rights of artists. The Bill received Presidential assent on June 07, 2012 and the Copyright (Amendment) Act, 2012 came into force on June 21, 2012 (“Amendment Act”).


The most significant and much debated provision in the Amendment Act is the right granted to authors and music composers in the works they create. Before the Amendment Act came into force, ownership of the copyright in underlying works in a cinematograph film was deemed to belong to the producer of the film, who is considered the owner of the copyright in a cinematograph film, unless there is a contract to the contrary between the authors / composers and the producer. Producers usually entered into contracts with the authors of the underlying works, getting such authors to assign the entire bundle of rights in such underlying works to the producer. As a result, many felt that such authors and composers were left in the lurch as the producers reaped all the benefits of such underlying works while authors and composers did not get what was rightfully due to them. The cases of shehnahi maestro Bismillah Khan and music composer Ravi have been quoted in the media as examples of how talented artists are deprived of their dues due to lack of legislative protection available to such artists, and therefore do not have the means to even pay for housing and medical care.


The Amendment Act seeks to protect the interest of such artists by including provisions granting certain rights to the authors and music composers of underlying works in a cinematograph film. The authors of underlying works incorporated in a cinematograph film may retain all the rights in their work except to the extent assigned for use in the cinematograph film. The assignment too has been subject to certain safeguards.

The authors of literary and musical works incorporated in cinematograph films, or sound recordings not forming part of the cinematograph film, have the right to receive royalties equal to the royalties received by the assignee of such rights, for utilization of such work in all forms other than communication of the cinematograph film to the public in cinema halls. The author can also assign the right to receive royalties to legal heirs or to a copyright society for collection and distribution. Any agreement that seeks to assign or waive the above right granted to authors of literary and musical works will be considered void.

Further, an assignment is not to be applicable to any medium or mode of exploitation of the work that did not exist or was not in commercial use at the time the assignment is made, unless the assignment specifically refers to such medium or mode of exploitation.

Moreover, an assignment of copyright in any work to make a cinematograph film or sound recording is not to affect the right of the author to claim royalties and consideration in case of utilization of the work in any form other than as part of the cinematograph film in a cinema hall.


The Amendment Act also grants certain rights to performers. Prior to the Amendment Act coming into force, although performers were granted certain rights, once a performer consented to the incorporation of his performance in a cinematograph film, the rights of the performance were deemed to have been waived.

As an initial matter, the Amendment Act has modified the definition of a performer. Earlier, a “performer” included “an actor, singer, musician, dancer, acrobat, juggler, conjurer, snake charmer, a person delivering a lecture or any other person who makes a performance.” The Amendment Act has added a proviso to state that, in a cinematograph film, a person whose performance is casual or incidental in nature and, in the normal course of the practice of the industry, is not acknowledged anywhere including in the credits of the film shall not be treated as a performer except for the purpose of attributing moral rights. Moral rights have been given the nomenclature of ‘Author’s Special Rights’ under the Copyright Act. They include the right to paternity which is the right to claim authorship of the work; and the right to integrity which is the right to restrain or claim damages in respect of any distortion, mutilation, modification or other act in relation to the said work if such distortion, mutilation, modification or other act would be prejudicial to the honour or reputation of the author.

The Amendment Act provides that the performer would have the right to make a sound recording or a visual recording of the performance and the right to broadcast or communicate the performance to the public except where the performance is already broadcast. Once a performer has, by written agreement, consented to the incorporation of his performance in a cinematograph film, he shall not object to the enjoyment by the film producer of the performer’s right therein unless there is a contract to the contrary. However, the performer is entitled to royalties where his performance is put to commercial use.


The Copyright Act recognized certain special rights of the authors of a work. The moral rights of an author include the right to claim authorship of the work and the right to restrain or claim damages in respect of any distortion, mutilation, modification or other act in relation to the work if such distortion, mutilation, modification or other act would be prejudicial to his honour or reputation. The Copyright Act stated that the right to restrain or claim damages as above could also be exercised by the legal representatives of the author (but not the right to claim authorship).

The Amendment Act now permits the legal representatives of the author to also exercise the right to claim authorship of the work.

The Amendment Act also grants performers certain moral rights that were not granted to them under the Copyright Act. For example, the performer has the right to claim to be identified as the performer of his performance, except where omission is dictated by the manner of the use of the performance. The performer also has the right to restrain or claim damages in respect of any distortion, mutilation or other modification of his performance that would be prejudicial to his reputation.


Earlier, the Copyright Act provided that cover versions, if made following the conditions prescribed, were an exception to infringement. The Amendment Act has made it a separate right instead, by granting statutory licenses for such recording. Any person desirous of making a cover version, being a sound recording in respect of any literary, dramatic or musical work, where sound recordings of that work have been made by, or with the license or consent of, the owner of the right in the work, may do so subject to the conditions provided in the Amendment Act. No cover versions can be made until the expiration of five calendar years after the end of the year in which the first sound recording of the work was made. Royalty shall be paid for a minimum of fifty thousand copies of each work during each calendar year in which copies are made.


There are various aspects with respect to the implementation of the above-mentioned rights of artists that remain unclear. The Amendment Act states that the authors of the underlying works will be entitled to receive royalties equal to the royalties received by the assignee of such rights, for utilization of such work in all forms other than communication of the cinematograph film to the public in cinema halls. However, the Amendment Act does not explicitly state who will be liable to pay the royalty to the authors of the underlying works. There is also lack of clarity on who would be liable to pay performers their royalties. Since the authors of the underlying works will be entitled to receive royalties equal to the royalties received by the assignee of such rights, one may assume that the assignee will be responsible for payment of royalties to the authors of underlying works. The assignee could be the producer of the cinematograph film. Or it can be argued that a broadcaster that is exploiting the cinematograph film is responsible for payment of royalties to the authors of underlying works. Still another option could be that it is the responsibility of copyright societies to collect royalties from the assignee and pay the same to the authors of underlying works. However, due to the lack of an express provision in relation to responsibility for payment of royalty, there is considerable confusion on this aspect of the Amendment Act. Therefore, contracts need to be structured and drafted in a manner that addresses these issues of payment of royalties and the rights and obligations of various parties involved.

There is also lack of clarity in the Amendment Act on how the royalty payable to the authors of underlying works is to be calculated. If there are multiple authors of an underlying work, will the royalty be equally divided between each of the authors and the assignee? Or will the assignee be entitled to 50% of the royalties and all the underlying authors share the remaining 50% of the royalties? Also, when there are music and lyric rights in a song, will the music and lyric rights be treated as separate underlying works, and therefore the music composer separately shares the royalty with the assignee for the music right and the lyricist separately shares the royalty with the assignee for the lyrics? None of these questions have been adequately addressed in the Amendment Act. The calculation of payment of royalty to performers too has not been expressly addressed in the Amendment Act.

Also, the Amendment Act has granted moral rights to performers. However, while the Amendment Act states that the legal representatives of authors of a work can exercise the moral rights, there is no mention in the Amendment Act of the legal representatives of performers being entitled to exercise such moral rights.

The Amendment Act will definitely have an impact on the entertainment industry. Producers may have to share their profits with underlying authors or they will need to pass on the responsibility of payment of royalties to the broadcasters. The agreements between broadcasters and producers and the underlying authors will have to be carefully drafted to address the issues of sharing of royalties between various artists and the assignee.    

The Amendment Act has been a step in the right direction to address the issues faced by the authors of the underlying works and to implement the observation made by Justice Krishna Iyer. However, the Indian legislature will need to frame rules to plug the deficiencies in the Amendment Act regarding the implementation of its various provisions.

Seema Sukumar is a Senior Associate

With J. Sagar Associates, based out of Bangalore. She can be contacted at



By Seema Sukumar


Case Notes – Bharat Aluminum Restores Pro-Arbitration Regime

By Dipankar Vig

In its genuine effort to restore the pro-arbitration regime in India, the Constitutional Bench of the Hon’ble Supreme Court of India has delivered a conclusive judgement on the role of Indian courts in international commercial arbitrations rendered in a foreign seat. (“Bharat Aluminum”).

The Arbitration & Conciliation Act 1996 (‘the Act’), an enactment based on the UNCITRAL model has always provided for two regimes of dispute resolution depending on the seat of arbitration. Part-I provides for the domestic as well as international arbitrations where the seat of arbitration is in India and Part-II contains provisions for recognition and enforcement of awards rendered in a foreign jurisdiction.

The Bharat Aluminum case has overruled the apex Court’s earlier interpretation laid down in the case of Bhatia International, which was subsequently upheld in the case of Venture Global Engineering and Indtel Technical Services.

  1. Decision in Bhatia International, Venture Global and Indtel Technical Services

The Bhatia International ruling gave the Indian Courts a right to set aside an award made in a foreign seat. In Venture Global, applying the same principle, the Court set aside a London Court of International Arbitration (‘LCIA’) award rendered in London.

Therafter, in Indtel Technical Services, the Court held that it could appoint arbitrators in the case of a deadlock, even though the arbitration was to be conducted in a foreign seat.

  1. Highlights of the Bharat Aluminum Case
  1. Applicability of Part- I of the Act

The Hon’ble Supreme Court has categoricallly laid down that Part-I of the Act is applicable only to the arbitrations which take place within the territory of India and it would have no application to international commercial arbitrations rendered in a foreign seat. In other words, the Indian Courts will not be allowed to exercise their powers under Part-I of the Act in respect of arbitrations having a foreign seat.

  1. Interim Reliefs by Courts

The Hon’ble Court further held that in a foreign seated international commercial arbitration, no application for interim relief would be maintainable under Section 9 or any other provision, as the applicability of Part-I of the Act is limited to all arbitrations which take place in Similarly, no suit for interim injunction would be maintainable in India, on the basis of an international commercial arbitration with a seat outside India.

  1. No Annulment of Foreign Awards

The Hon’ble Court has clarified that the regulation of conduct of arbitration and challenge to an award would have to be done by the courts of the country in which the arbitration is being conducted. Such a court is then the regulatory court possessed of the power to annul the award.

Previously, a foreign award could be set aside on the ground that its enforcement would be opposed to “public policy”, in the context of Section 34 of the Act. However, subsequent to this judgement, a foreign award cannot be set aside in India under Section 34 of the Act.

  1. Prospective Application

The Hon’ble Court also held that the amended position shall apply prospectively from the date of judgement i.e it shall apply only to arbitration agreements made after September 06, 2012.

By this landmark judgement, the Hon’ble Supreme Court has put an end to the unwelcome judicial interference in foreign seated arbitrations and has put to rest the host of inconsistent judicial decisions on arbitration.

A Look at India’s Employee Privacy Policy in a Global Context


Companies today increasingly employ workers across multiple jurisdictions. For the sake of equality and efficiency a multinational prefers to apply a single uniform set of human resource (“HR”) standards to its entire global employee base. However, HR uniformity becomes difficult when different countries impose different HR laws. These dilemmas are especially troubling in the realm of employee privacy.

This article outlines the approaches to employee privacy pursued in the United States and European Union. Following that is a snapshot of employee privacy in India, which has not yet committed to the U.S. or EU approach. The discussion will examine which policy direction would be most beneficial for India. It will be shown that on balance, India’s best interests will be served by following the U.S. model, which fully protects employee privacy while preserving the regulatory flexibility India needs to attract and retain foreign direct investment.

Divergent Approaches to Privacy: European Union and United States

The European Union’s policy stance is clear: privacy is a human right and government involvement is a must. The European Privacy Directive of 1995 is a guidance document for the 26 EU nations, which all now have their own laws and enforcement arms—Data Protection Authorities. This heavily regulated approach, which requires companies that process data to register their activities with the government, creates serious concerns for multinational companies from the U.S. that operate under a much different, and perhaps more practical, approach.

Nuances between EU countries exist, but generally speaking in Europe employers cannot read workers’ private e-mails, and personal information cannot be shared by companies or across borders without express permission from the data subject. These types of regulations hamstring companies doing business in Europe with unending red tape that may or may not have any actual impact on the given individual, known in E.U. privacy parlance as the “data subject.” In fact, a study from the Ponemon Institute showed that despite the absence of stringent privacy laws in the United States, “U.S.-based multinational firms scored higher than their European counterparts on five of eight common privacy practices, including having a dedicated privacy officer and better data security.”

Data privacy in the United States is regulated in a sector-specific manner. The Federal Trade Commission (FTC) is the lead regulatory agency tasked with protecting consumer privacy rights through its authority to prohibit unfair or deceptive acts or practices. Laws are on the books that do require prior consent for certain personal information. For example, a U.S. employer must obtain the prior written consent of a job applicant to access the applicant’s credit report for purposes of completing the background investigation stage of the hiring process.

The current legal framework surrounding employment privacy law, including the National Labor Relations Act (“NLRA”), helps to refine HR privacy policies and provides ample safeguards against corporate abuse of private, or personal, information. And without a broad-based policy directive from the government, U.S. companies can do a more efficient and effective job of moderating how, when, why and what sensitive personal information is used.

For example, the National Labor Relations Board (“NLRB”) recently released its second report to help guide HR departments when crafting their social media/privacy policies. One point emphasized that such policies must be “narrowly tailored” so as not to prohibit union organizing activity protected under the NLRA. This means that even though the employee may surrender his or her privacy rights to certain information, the way in which the company can use such information is limited.

In the U.S. employee privacy is protected not only by the U.S. Constitution and federal statutes but state constitutions and state statutes. For example, states grapple with the subtleties of when and how an employer may interview job applicants and monitor employee email, Internet use, and physical space.

In the U.S. more than in the E.U., employers have legal obligations that compel them to engage in employee monitoring. For example, a U.S. employer may need to investigate the transmission of an item of sexually-oriented Internet humor among its employees to defend against claims of a “hostile work environment.” Alternatively, an employer may need to install a surveillance camera at a worksite parking lot to guard against potential liability from “security negligence” (the failure to ensure security for employees and others in the workplace).

Even when employer monitoring is not legally required it can be a necessary business practice. Banks commonly use surveillance cameras to guard against robberies. Companies in the business of transporting goods may need to track their vehicles with GPS location monitoring systems.

The U.S. government takes privacy seriously, but its approach differs from the European approach in large part because it relies more on self-regulating corporate codes of conduct. Only when a company deviates from an applicable code will a U.S. government agency intervene with an enforcement action. That way companies have the flexibility they need to adopt privacy policies appropriate for their particular situations.

India’s broader privacy framework

India’s labor laws do not at present address rights surrounding employee privacy, let alone follow the employee privacy policies of the E.U. or U.S. However, general privacy laws were set forth in the Information Technology Act of 2000 (“IT Act”), which provided legal recognition for e-commerce and sanctions for computer misuse. Subsequently, India has passed legislation in 2008 and then again in 2011 to further develop its broader privacy policy objectives.

In an attempt to broaden the enforcement scope of the law, India passed the IT (Amendment) Act of 2008, which incorporates two new sections of the IT Act: most notably, Section 43A to provide a remedy for persons whose personal data is compromised by a security breach.

Under section 43A, “bodies corporate,” which includes a corporation[s], firm[s], association[s], sole proprietorship[s], and any other associations or individuals engaged in “commercial or professional activities,” can be liable for failing to maintain “reasonable security practices and procedures” to protect “sensitive personal data and information.” “Sensitive personal data” was not defined in this Amendment. Furthermore, absent a contract, reasonable security practices and procedures were also not specifically defined and were left for the central government to prescribe. Following these Amendments, Section 43A fell under criticism for its broad definition of “body corporates” and absence of clarity on several other fronts, such as whether an Indian call center was required to obtain a foreign customer’s consent before collecting the individual’s personal data (the answer turned out to be no).

The latest announcement attempted to address some of this criticism, when in August 2011 the Government of India issued the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Data Privacy Rules”).

First, in order for a body corporate to comply with India’s privacy regime, it must implement security practices and procedures which include a “comprehensive documented information security programme and information security policies.” Such policies must contain managerial, technical, operational, and physical security control measures commensurate with the information assets being protected.

Second, the Data Privacy Rules define “sensitive personal data and information” to include:

  • passwords;
  • financial information such as bank accounts, credit and debit card details;
  • physiological and mental health condition, medical records;
  • biometric information;
  • information received by body corporate under lawful contract or otherwise;
  • user details as provided at the time of registration or thereafter; and
  • call data records.

And lastly, India’s Data Privacy Rules also clarify that a body corporate must get the consent from the provider of information and identify the purpose for collecting such data.

Although India has made strides in clarifying its data protection and privacy policies, these efforts are far from complete and comprehensive given the challenges jurisdictions must face with international information exchange through social media and cloud computing.   First and foremost, the Data Privacy Rules are to include Indian companies only. Furthermore, an exemption was added for Indian outsourcing entities under contract with a legal entity outside of India.

Additionally, India’s definition of “sensitive personal data and information” is defined narrowly, and does not include information in the public domain or information accessible under the Right of Information Act. The Data Privacy Rules’ consent requirement is also less stringent than it appears at first glance. Under the rules, a body corporate must only receive consent from the person or entity that provided the information, not from the individual to whom the information relates.

The result is an Indo-centric policy that does not quite yet affect cross-border communication of multinationals. The Data Privacy Rules could be read as the Government of India’s attempt to demur on the issue of privacy protection in the global context. It is no surprise to see India take this stance given the impact such policies have on business, especially multinational companies that exchange information and data on a daily basis from one country to another. If a multinational with operations in a dozen countries were required to comply with a dozen different sets of privacy laws the potential liability and administrative burden would be potentially enormous. The risks may well discourage the company from investing in a certain nation.

India requires a high level of foreign investment to maintain adequate GDP growth. Any new layer of regulation that discourages such investment could be damaging to its overall economy. Therefore it would be strategically wise for the Indian government to keep regulatory burdens such as privacy laws as flexible and streamlined as possible.

Cultural Underpinnings of Privacy Policy

A nation’s culture forms the tenets of its privacy policy. In European nations individuals tend to be more skeptical of corporations than governments. For example, European employees have high expectations of privacy in the workplace, and personal information is preferably kept personal. The European emphasis on worker privacy may be a natural result of its traditionally left-leaning political orientation, which has long supported workers’ rights.

In the United States, by contrast, the culture is relatively more supportive of free enterprise and distrustful of government. Efforts to restrain government power can be traced as far back as the Federalist Papers.  Consequently, expectations of workplace privacy are viewed in a different light in America. For example, an American employer can be found liable for not investigating a claim of sexual harassment by one employee against another. In the context of an employee’s Internet privacy, the expectation is that emails, Facebook posts and Tweets from company computers are not private, and that work computers and mobile devices are monitored. On the other hand, American employers are legally required to maintain strict confidentiality for employee data such as credit reports and health care information, which could be damaging to workers if inappropriately accessed or misused.

So far India’s treatment of privacy protection has not followed the rigid, pervasive, pro-employee regulatory approach of the E.U. This may reflect a cultural preference for the more flexible, contextual, balanced approach of the U.S. If so, India’s instincts are good. As explained above, a fast-growing emerging economy is better positioned to attract foreign investment if it adopts legal standards that investors can readily meet. One way a nation can maintain such reasonable standards is to preserve flexibility in its privacy laws.


Technologies such as mobile telephones, cloud computing, and social networking have blurred the line between workplace and personal activity. As a result, it is now more difficult to safeguard employee privacy while protecting business interests.

One way to resolve this policy challenge is to adopt laws that definitively favor one side or the other. The EU approach does this by favoring employee rights through a strict and highly regulated privacy regime. However, this approach could rapidly multiply a company’s liability without necessarily producing any practical benefits for employees. At the same time, such an approach could discourage companies from investing in the employee-biased countries.

Given the fluid nature of the above technologies and the novel nature of the related issues of workplace privacy, it will take time and thoughtful discussion to strike the right balance between the privacy interests of labor and the business interests of management. In this complex and subtle legal environment a flexible approach would be more accommodating. Self-regulatory corporate codes of conduct, backed by the threat of government enforcement, have worked well to protect privacy so far. As long as these codes are permitted to evolve with changing business needs and privacy expectations they will likely continue to serve us well in the future.

For this reason the U.S. approach seems preferable for a country such as India. By relying on self-regulation implemented through HR policies, India may find that its employees enjoy just as much privacy protection as their counterparts in the EU. At the same time, India would not need to risk alienating foreign investors. Indeed, American and European companies alike could continue to invest in India without fear of increasing their India-based liability or triggering conflicts with their home country laws.

Michael Green is a Manager at the U.S.-India Business Council (USIBC) responsible for the Life Sciences and Legal Services portfolios. Michael can be contacted at  



Michael Green

Caution Isn’t Kosher – Why India Needs To Adopt The IINET Guidelines For ISP Liability

The February 2011 decision of the Federal Court of Australia in Roadshow Films Pty Ltd v iiNet Ltd [2011] FCAFC 23exonerated Australia’s second-largest internet service provider (“ISP”) from claims that it authorized primary copyright infringement of the works of a 34-member rightsholder conglomerate called the Australian Federation Against Copyright Theft. The decision represents a significant breakthrough in the field of liability for an internet-based intermediary (essentially any entity that receives, transmits and/or provides other services with regard to an electronic message over the internet) since-the lead opinion by Judge Emmett puts forward an innovative set of criteria for evaluating intermediary liability of ISPs. Paragraph 257 of Judge Emmett’s opinion captures these criteria in the following words:

“[W]hile the evidence supports a conclusion that iiNet demonstrated a dismissive and, indeed, contumelious, attitude to the complaints of infringement by the use of its services, its conduct did not amount to authorisation of the primary acts of infringement on the part of iiNet users. Before the failure … to suspend or terminate its customers’ accounts would constitute authorisation of future acts of infringement, the Copyright Owners would be required to show that at least the following circumstances exist:

(a) iiNet has been provided with unequivocal and cogent evidence of the alleged primary acts of infringement …

(b) The Copyright Owners have undertaken:

(i) to reimburse iiNet for the reasonable cost of verifying the …infringement alleged and of establishing and maintaining a regime to monitor the use of the iiNet service … and

(ii) to indemnify iiNet in respect of any liability reasonably incurred by iiNet as a consequence of mistakenly suspending or terminating a service on the basis of allegations made by the Copyright Owner.”

These criteria form a good point of departure for Indian copyright law, which is still struggling to answer some basic questions on how liability for copyright infringement should apply to ISPs.

In India, intermediary liability is addressed by the Information Technology (IT) Act, 2000, Section 2(1)(w), whichincludes ISPs in its definition of -‘intermediaries’. Section 79(3)(b) of the IT Act holds ISPs liable only if they have actual knowledge of infringing content or have received a notification to that effect by a government agency and the threshold of due diligence in acting expeditiously to remove content or disable access to it. This permits ISPs to be painted with the same brush as other online intermediaries such as websites, social networking portals and the like, which perhaps answer more faithfully to the definition of intermediaries in this context. This is particularly damaging since it leaves the door open for generalizations and characterizations to be made of ISPs when, certainly in terms of business models and incentive structures, ISPs bear little resemblance to online intermediaries that better fit the definition.- Separating ISPs from other online intermediaries has been fairly successful under 17 U.S.C. § 512(k)(1)(A) in the United States, which segregates ISPs from other types of intermediaries within a broad framework which sets out the conditions in which content posted by intermediaries online will not be considered infringing.

Even allowing for the deliberate vagueness necessary to bring all of Section 2(w) within its sweep, Section 79(3)(b) of the IT Act remains rudimentary at best from a substantive perspective, primarily because it does not recognize the significant compliance costs incurred by ISPs and the genuine dilemma for such service providers of being caught between intellectual property enforcement efforts and potentially losing a large proportion of their customer.

Charting a balanced way forward for the Indian law on intermediary liability is vital in light of Super Cassettes Industries Ltd v. MySpace Inc. 2011 (47) PTC 49 (Del), India’s first substantive decision on intermediary liability, which found the social networking website MySpace liable for authorizing copyright infringement of works by its users on an interpretation of Section 51(a)(ii) of the Copyright Act, 1957. Section 51(a)(ii) saves from infringement an intermediary who is not aware and has no reasonable ground for believing that the communication of the work would be infringing. This “knowledge and reasonable belief” standard (paragraph 47) applied in MySpace highlighted the acute need for a robust substantive standard on intermediary liability.

ISPs need to be more proactive than reactive in confronting copyright infringement and – owe a general duty to assist in copyright enforcement. However, guided by iiNet, this general duty should only extend to cases where other stakeholders such as internet users and the State regulatory agencies are not unreasonably prejudiced, whether on legal, economic or moral grounds. The iiNet guidelines show ISPs a feasible way out of the enforcement problem, especially since the fallout of the decision appears to have enabled ISPs to protect their business interests while complying with the law but making few, if any, changes to their -copyright enforcement commitments.

  1. The iiNet decision

The seemingly onerous demands required by Judge Emmett to be met by copyright holders in order to get ISPs to aid in copyright enforcement indicates that the threshold of ‘authorisation’ – which is understood to be the grant or purported grant of the right to do the act complained of – is being met increasingly easily by ISPs. Indeed, the ingredients of authorisation identified by Judge Emmett in the excerpt from his opinion provided above – (i) the power to-control the means of infringement, (ii) making that means available to others and (iii) failure to take reasonable steps to limit infringement — are more in line with those recently outlined in Twentieth Century Fox v. Newzbin Ltd. [2010] EWHC 608 (Ch) (involving a website service that made copyrighted content available to its users) than those provided over two decades ago in CBS Songs v. Amstrad [1988] 1 AC 1013 (involving tape recording facilities that allowed buyers to create copies of copyrighted musical works), where, arguably, elements of these ingredients were present and yet not held to constitute authorisation.

In place of authorisation, Judge Emmett- correctly recognizes that in order to expect ISPs to side with enforcement rather than infringement, two main concerns need to be addressed. First, the holders’ claims must be based on strong, cogent evidence and not infringement notices, which are assertive and speculative. To this end, they must provide indemnity to ensure that when the ISP pulls the plug on infringing users, it is not held liable for doing the holders’ bidding. This addresses the fact that infringement surveillance mechanisms remain unreliable and terminating internet connections on the basis of mere allegations would violate procedural fairness (P. Yu, ‘The Graduated Response’ (2010) 62 Florida Law Review 1373). Second, ISPs must be compensated for the considerable costs likely to be incurred in surveillance, policing and data retention for the purpose of enforcement. This responds to the concern that enforcing holders’ copyrights would unfavourably skew ISPs’ profit structure, making it difficult to offer low-cost and quality service to users (Yu).

Judge Emmett – also wisely leaves these requirements open-ended by using the words ‘at least the following circumstances’, allowing for flexibility to be built into these requirements over time. The overall standard required to be met by copyright holders is a justifiably high one, indicating judicial cognizance of the extreme (and often disproportionate) nature of the measure of disconnection as an enforcement action (Yu) and a more balanced approach to enforcement by requiring from full confirmation of an infringement before taking enforcement action (see H. Travis, ‘Opting Out of the Internet in the United States and theEuropean Union: Copyright, Safe Harbors, and International Law’ (2008)

84 Notre Dame Law Review 331 -).

  1. Passive-reactive to active-preventive ISPs

The articulation of pre-enforcement requisites to be fulfilled by copyright holders in iiNet could also be seen as going some way towards stabilising the position of ISPs vis-à-vis enforcement obligations. It assumes greater significance in the context of the recent shift from clearly defined ISP safe harbours to a co-operative model of graduated sanctions, which responds to the evolution of ISPs from being passive carriers of information to active managers of content, possessing direct enforcement means (Annemarie Bridy, ‘Graduated Response and the Turn to Private Ordering in

Online Copyright Enforcement’ (2010) 89 Oregon Law Review 81; -; Jeremy de Beer and Christopher Clemmer, ‘Global Trends in Online

Copyright Enforcement: A Non-Neutral Role for Network Intermediaries?’

(2009) 49 Journal of Jurimetrics 375). Indeed, in the present scenario in the U.S. for instance, while there is no affirmative requirement for ISPs to implement technological/monitoring measures to claim safe harbour protection (Yu), it would be difficult to do so without implementing some policy against repeat infringers (Bridy).

Interestingly, this trend has not been instigated purely by pressure from copyright holders. ISPs’ self-interest has also played an important role in the voluntary assumption of these responsibilities in at least two ways—first, the burden imposed by infringers’ file-sharing on ISPs’ network resources and second, the scope for synergy between holders (content suppliers) and ISPs (distribution networks) in offering an integrated product (Yu; de Beer/Clemmer).

  1. When should ISPs owe a duty to prevent infringement?

If indeed ISPs’ self-interest suggests that complying with enforcement demands of copyright holders may not be onerous under some circumstances, the next question is of what these circumstances are. Given that the law protects copyright per se (rather than making protection contingent on a feasibility-of-enforcement analysis), ISPs should owe a general duty of co-operation to assist in copyright enforcement. However, this duty should only extend in circumstances where enforcement does not unreasonably prejudice other parties on legal, moral or economic grounds.

Legal grounds

One set of situations where unreasonable prejudice may be caused to users is where their individual liberties are violated without any procedural safeguards in place (Yu). This would cover cases where a user is disconnected from the internet on the basis of merely alleged infringement, where such a measure is not preceded by a formal notice of infringement, where disconnection is not an ‘appropriate, proportionate and necessary measure’ (Yu) and where the individual does not have an opportunity for judicial redress.

These concerns are addressed by the Digital Economy Act, 2010 (“DEA”) in the UK, which incorporates two important procedural guarantees as part of a graduated response—inserting a three-stage notification process to subscribers under Section 124A of the UK’s Communications Act, 2003 (which, ideally, should coalesce multiple infringements over the relevant period into a single notice rather than direct separate notices for every individual infringement; Bridy) and measures for an independent system for appeals by users (which would ensure fairness by adjudicating each case on its merits; Bridy), including a right to anonymity (Ofcom, Online Infringement of Copyright and the Digital Economy Act 2010:

Draft Initial Obligations Code (28 May 2010) -).

As the DEA implementation strategy correctly acknowledges, the educative and rehabilitative functions of these procedures must also be taken seriously and preliminary infringement notices in particular must outline, in simple language, the nature of the alleged infringement, possible corrective measures and legal options in terms of challenging the alleged infringement (Ofcom Draft Code; Yu).

Further, in line with the iiNet conditions, the DEA recognises that procedural fairness also requires that allegations of infringement should be based on credible evidence and not mere allegations. This is this important from a procedural perspective and anchoring infringement allegations to credible evidence also increases the likelihood that the eventual enforcement measure will be proportional to the infringement (Yu).

To this end, a ‘quality assurance report’ for infringement reports has been proposed, which would require holders to reveal measures taken to assure the integrity, accuracy and legality of evidence of infringement (Ofcom Draft Code). This system would impart sufficient flexibility to allow copyright holders to develop the necessary technical measures while preserving scope for intervention vis-à-vis the substance of the reports, either by Ofcom or by the appellate body (Ofcom Draft Code).

Another legal safeguard that may need to be contemplated relates to the appellate body. Even where infringement notices are based on credible evidence, since the case against the user is of infringement, the adjudicating authority must be willing to consider defences to copyright infringement (Yu). Additionally, given the criticality of internet access to many ISP users, the adjudicating authority should give due weight to the absolute nature of internet disconnection and the possibility for alternative arrangements for internet access (Yu).

These provisions should go a long way towards placating concerns of procedural fairness in the enforcement process, especially if further reforms such as mandatory requirements for ISPs to disclose their copyright enforcement practices (including any invasive technological monitoring measures used) to their users (Bridy). ISPs could then be justifiably required to use the means at their disposal to assist in enforcement.

Economic and moral grounds

There is a further reason for requiring ISPs to assist in copyright enforcement—since ISPs benefit indirectly from infringement (through more users and greater usage) and exercise greater control than in the past over user content, they should also bear fair share of responsibility for assisting with enforcement (Yu; Bridy).

However, this responsibility depends on the ISP’s scale because as unreasonable as it is to allow large ISPs with several thousands of users to be unaccountable for infringement by those users, it is equally unreasonable to require, say, a small ISP to incur significant costs to comply with legislation designed to address infringement which it does not notably contribute to (Ofcom Draft Code).

A balance between these extremes could be attempted along the lines of Section 124C(5) of the UK’s Communications Act under which a moving target threshold can be set to identify ‘qualifying’ ISPs. The flexibility in this measure would ideally allow a regular review of the threshold to ensure that infringing users are not out of the reach of enforcement by migrating to smaller ISPs that perpetually remain below the threshold (Ofcom Draft Code). This is supplemented by Section 124M(3)(a) which allows scope for ISPs to claim costs of enforcement from copyright holders, reflecting another of the iiNet conditions.

While this threshold establishes a workable basis for determining which ISPs should owe a duty to assist in copyright enforcement, there remains the possibility that, in practice, enforcement actions by ISPs will disproportionately target small users. This is because the economic loss to ISPs resulting from these users being bumped off the network for infringement is likely to be far lesser than if large users with deep pockets are disconnected (Yu).

Even if such open discrimination is not practiced, there could be interference by ISPs with the principle of network neutrality (requiring no restrictions on internet content accessible to users) by using technological measures to restrict/prohibit certain types of bandwidth-intensive activities (de Beer/Clemmer). While such measures would broadly appear to be in aid of copyright enforcement, they would do so by unreasonably prejudicing that demographic of users.

To that end, there is a need to ensure that copyright enforcement by ISPs (though more an obligation than a duty in such cases) does not so discriminate between infringers, possibly by strengthening procedural safeguards for users and allowing a broad scope for the adjudicating authority to scrutinise ISPs’ enforcement policies.

Eashan Ghosh graduated with Distinction Honours on the Bachelor of Civil Law (B.C.L.) programme at the University of Oxford in 2011 and is a multiple gold medalist on the B.A. LL.B. (Hons.) programme at the National Law School of India University (NLSIU), Bangalore. He is currently an Associate with Fidus Law Chambers, a leading Indian intellectual property law firm, and practices intellectual property law at the Delhi High Court.



By Eashan Ghosh

Dual Use Technology Under India’s Foreign Trade Policy


The Foreign Trade Policy of India, issued by the Ministry of Commerce and Industry, Government of India, contains provisions for the development and regulation of foreign trade by facilitating imports into, and exports from, India. In furtherance of this objective, the Foreign Trade Policy grants incentives in the form of special focus initiatives and sectoral initiatives. The Foreign Trade Policy also imposes restrictions on the import and export of certain categories of goods, services, and technologies. Export of dual use items is one such area where restrictions are imposed to protect India’s national security and foreign policy goals and objectives, objectives of global non-proliferation, and India’s obligations under treaties to which it is a State party.

In 2010, the Foreign Trade (Development & Regulation) Act, 1992 was amended to include a new chapter dealing with controls on export of specified goods and services. According to the new provisions, no goods, services or technology notified under the legislation shall be exported except in accordance with the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005. The relevant section of this legislation states that no person shall export any material, equipment or technology knowing that such material, equipment or technology is intended to be used in the design or manufacture of a biological weapon, chemical weapon, nuclear weapon or other nuclear explosive device, or in their missile delivery systems.


Pursuant to the above, under the Foreign Trade Policy of India, dual use items have been given the nomenclature of SCOMET i.e. Special Chemicals, Organisms, Materials, Equipment and Technologies. Appendix 3 of Schedule 2 of the Export Policy has put in place a regulatory framework embodying an exhaustive list of goods, services and technology, export of which is subject to fulfilment of conditions contained therein.

The SCOMET list in Appendix 3 has been divided into 8 categories of items. Category 0 in Appendix 3 deals with nuclear material, nuclear-related other materials, equipment and technology. Category 1 deals with toxic chemical agents and other chemicals. Category 2 deals with micro-organisms and toxins. Category 3 deals with material, materials processing equipment and related technologies. Category 4 deals with nuclear related other equipment, assemblies and components, test and production equipment and related technology, not controlled under Category 0. Category 5 deals with aerospace systems, equipment including production and test equipment, related technology and specially designed components and accessories thereof. Category 6 is currently reserved, and Category 7 deals with electronics, computers, and information technology including information security. Each of these categories is further broken down into various sub-categories.

Any person in India desirous of exporting any item mentioned under the SCOMET list has to obtain the requisite license for export from the Director General of Foreign Trade (“DGFT”) unless export is prohibited or is permitted without licence subject to fulfilment of conditions, if any, as indicated for any specific category or item. The licensing authority for items in Category 0 under the SCOMET list is the Department of Atomic Energy and the applicable guidelines are notified by the Department under the Atomic Energy Act, 1962.

Apart from the license required for export of specified goods, services and technology, the SCOMET guidelines also make it mandatory for all companies and their subsidiaries registered in India, and all other business entities operating in India and involved in the manufacture, processing and use of SCOMET items, to obtain permission of the Central Government before entering into any arrangement or understanding that involves an obligation to facilitate or undertake site visits, on-site verification or access to records or documentation, by foreign governments or foreign third parties, either acting directly or through an Indian party.


Application for licence to export items covered under the SCOMET guidelines are considered on a case-to-case basis. Some of the factors considered by the DGFT before granting an export license are the end use of the SCOMET items being exported, credentials of the end user, credibility of the declarations of end use and integrity of chain of transmission of the items from supplier to end user. Further, the DGFT also assesses the export control measures instituted by the recipient state, the capabilities and objectives of programmes of the recipient state relating to weapons and their delivery, applicability to an export licence application of relevant bilateral or multilateral agreements to which India is a party and assessed risk that the exported items will fall into hands of terrorists, terrorist groups, and non-State actors.

There are some exceptions to the requirement of end use certifications. Licences for export of items under the SCOMET guidelines, other than those under Category 0, 1 and 2, solely for purpose of display or exhibition does not require any end use or end user certifications. The guidelines also state that export licence shall not be granted for display or exhibition of technology for items under Categories 0, 1 and 2. Licences for export of items under the guidelines for display or exhibition abroad are subject to a condition of re-import within a period not exceeding 6 months. Exporters can apply for an export licence for such items exhibited abroad, if the exhibitor intends to offer that item for sale during the exhibition abroad, as such sale is not permitted without a valid licence.

The DGFT also has the power to impose additional end-use conditions as may be stipulated in licences for export of items that bear possibility of diversion to, or use in development or manufacture of, or use as, systems capable of delivery of weapons of mass destruction.


One of the items under the SCOMET list on which there has been a lot of debate and discussion is Technology. Appendix 3 defines “Technology” as, follows:

Except as otherwise provided for against any item in the SCOMET List, information (including information embodied in “software”) other than information in the ‘public domain’, that is capable of being used in:

  1. the development, production or use of any goods or software;
  2. the development of, or the carrying out of, an industrial or commercial activity or the provision of a service of any kind.

Explanation: When technology is described wholly or partly by reference to the uses to which it (or the goods to which it relates) may be put, it shall include services which are provided or used, or which are capable of being used, in the development, production or use of such technology or goods.”

Technology under the SCOMET guidelines is not covered in a stand-alone category. While Category 7 does deal with information technology including information security, a review of the sub-categories of Category 7 cover only items like data processing security equipment, authentication and key loader equipment etc. There are references to technology under the other categories of the SCOMET guidelines. For example, under Category 0, technology refers to technology and software for the development, production or use of prescribed substances or prescribed equipment specified in sub-category OA and OB. Under Category 3 dealing with material, materials processing equipment, and related technologies, technology refers to technology for the development, production or use of items in 3A (dealing with stealth materials) and 3B (dealing with materials processing and production equipment, related technology and specially designed components and accessories therefor). Category 5 dealing with aerospace systems, equipment including production and test equipment, related technology and specially designed components and accessories thereof refers to technology related to the development, production, testing and use of items listed in some of the other sub-categories of Category 5.

From a perusal of the above provisions, it can be seen that the SCOMET provisions contain reference to technology is always in relation to development, production or use of a product listed therein. Thus, as mentioned, technology per se is not covered under a separate category but has to be read with a specified product category listed under SCOMET. Therefore, on a plain reading of the SCOMET provisions, it seems that if a product does not fall within the ambit of the SCOMET provisions, technology for the development, production or use of such product is not likely to fall within the purview of the SCOMET provisions.

However, any technology can have many uses. It is possible that an exporter, if a layman, is not likely to forsee all possible uses of the technology. In such a case, if the exporter does not obtain an export license for a certain technology that he is exporting, and one of the uses of that technology is for development of an item falling under the scope of the SCOMET guidelines, the DGFT has the power to impose strict penalties for export of items in contravention of the provisions of the Foreign Trade Policy, which may include confiscation of the items by the adjudicating authority and fines upto five times the value of the items.

The lack of clarity in the SCOMET guidelines on whether technology per se is covered, and how export of technology is to be dealt with, has lead to a lot of confusion amongst exporters. Although the Foreign Trade Policy provides a mechanism for making clarification applications for obtaining clarity on the provisions of SCOMET, clarification applications to the DGFT inevitably get held up for months without any progress or response. While the DGFT has stipulated a time line of 2 months for processing of export license applications, they have not prescribed any timeline for clarification applications. The lack of any obligation on the DGFT to revert within a stipulated time frame provides no relief to an exporter suffering due to the ambiguous nature of the provisions.

Considering the SCOMET guidelines have been included in the Foreign Trade Policy with the intention of protecting India’s national security, we can only hope that all ambiguity on what is included in the SCOMET list is cleared at the earliest.

Seema Sukumar is a Senior Associate, and Garima Jhunjhunwala is an Associate

With J. Sagar Associates, based out of Bangalore. Seema can be contacted at and Garima can be contacted at

By Seema Sukumar and Garima Jhunjhunwala




Social Media And Censorship In India


Lord Salmon L.J., an eminent English jurist, in one of his judgements had stated the following –

The right to fair criticism is part of the birth right of all subjects of Her Majesty. Though it has boundaries, that right covers a wide expanse, and its curtailment must be zealously guarded against. It applies to the judgements of the courts as to all other topics of public importance.

News media and television journalism have been instrumental in propagating the volume of news and views in the world including India for most of the twentieth century. However, in recent years, social media platforms such as Facebook, YouTube, Twitter and blogs have grown in importance not only as an alternative news source but as an effective medium for individuals to post their own views and opinions. While Courts in India have always supported the cause of freedom of speech and expression, they have also emphasized the need for reasonable restrictions on this right to prevent misuse of such social media.



Article 19(1)(a) of the Constitution of India, 1950 (“Constitution”) provides that all citizens have the right to freedom of speech and expression. However, these fundamental rights are not absolute in nature and Article 19(2) of the Constitution imposes reasonable restrictions in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.

Over the years, the judiciary in India has usually scuttled all attempts to hinder this invaluable right of freedom of speech and expression. However, they have simultaneously emphasized that the Constitution does not confer an absolute right to speak or publish, without responsibility. It is not an unrestricted or unbridled license that gives immunity for every possible use of language and provides punishments for those who abuse this freedom.


The act of censorship involves the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient as determined by a government, media outlet, or other controlling body. While censorship of online content is imperative to prevent obscene, indecent, defamatory and disparaging information being made available on the internet, imposition of unreasonable restrictions will be violative of the fundamental right to freedom of speech and expression.

In December 2011, India’s Union Communications and Information Technology minister Kapil Sibal had instructed internet service providers and social media giants including Google, Facebook, Microsoft and Yahoo amongst others to pre-censor online content uploaded by their users.

This move by the Government of India led to widespread dissent and condemnation in the country. The Government later issued a clarification stating that it was committed to freedom of speech and expression and would not take any steps in violation of this fundamental right.


While pre-censorship of mass media has been held to be constitutionally valid by the Supreme Court in the past, the apex court has also observed, in L.I.C. of India vs. Prof. Manubhai D. Shah, (1992) 3 SCC 637, that to stifle, suffocate or gag the fundamental right of free speech and expression would sound a death-knell to democracy and would help usher in autocracy or dictatorship.

The judiciary in the recent case of R. Karthikeyan v. Union of India, W.P. No. 20344 of 2009, a decision rendered by the Madras High Court on April 01, 2010 and in the case of Janhit Manch and Others v. Union of India, PIL No. 155 of 2009, rendered by the Mumbai High Court on March 03, 2010 ruled against the blocking of websites. They refused to direct the Government to take proactive steps to curb access to and police online content, stating that this would place an excessive burden on the right to freedom of speech and expression enshrined under Article 19(1)(a) of the Constitution.

In Secretary, Ministry of Information and Broadcasting, Govt. of India and others v. Cricket Association of Bengal and others, (1995) 2 SCC 161, the Supreme Court of India held –

For ensuring the free speech right of the citizens of this country, it is necessary that the citizens have the benefit of plurality of views and a range of opinions on all public issues. A successful democracy posits an ‘aware’ citizenry. Diversity of opinions, views, ideas and ideologies is essential to enable the citizens to arrive at informed judgment on all issues touching them. This cannot be provided by a medium controlled by a monopoly – whether the monopoly is of the State or any other individual, group or organisation.

The Supreme Court has held that the words ‘freedom of speech and expression’ must therefore be broadly construed to include the freedom to circulate one’s views by words of mouth or in writing or through audio-visual instrumentalities. It includes the right to propagate one’s views through the print media or through any other communication channel, L.I.C. of India vs. Prof. Manubhai D. Shah (1992) 3 SCC 637.


In April 2011, the Government of India notified the Information Technology (Intermediaries Guidelines) Rules 2011 (“Intermediaries Rules”) that prescribe, amongst other things, guidelines for administration of takedowns by intermediaries. An intermediary has been defined under Section 2(w) of the Information Technology Act, 2000 (“IT Act”) as any person who on behalf of another person receives, stores or transmits an electronic record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.

Social networking platforms like Facebook, Twitter, search engines like Google and Yahoo, all of which have revolutionised the online space are included within this definition.

The Intermediaries Rules provide for the standard of due diligence to be exercised by intermediaries, in order to be eligible for an exemption from liability for content hosted on such intermediaries’ websites, in terms of Section 79 of the IT Act, which provides:

“For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.

Explanation – For the purposes of this section –

“network service provider” means an intermediary.

“third party information” means any information dealt with by a network service provider in his capacity as an intermediary.

However, the IT Act also limits the liability of these intermediaries under Section 79 of the IT Act, which states that an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him if the intermediary exercises due diligence while discharging his duties under the IT Act and also observes such other guidelines as the Central Government may prescribe.

As per the Intermediaries Rules, the intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature, about any objectionable information as mentioned above, shall act within thirty-six hours and where applicable, work with the user or owner of such information to disable such information that is in contravention.

Therefore, the Intermediaries Rules casts the onus of the intermediary to censor all material and information to be hosted and made available by them.

The Central Government can also block content under Section 69A of the IT Act. The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 lays down the procedures, guidelines for blocking of the website or information generated, transmitted via internet for the general public.


The right to privacy has been interpreted as an unarticulated fundamental right under the Constitution. Privacy rights are protected under Article 21 of the Constitution. Article 21 states that no one shall be deprived of his life or personal liberty except by procedure established by law and this procedure must be reasonable, fair and just and not arbitrary, whimsical or fanciful.

Indian Courts upheld the right to privacy under Article 21 in the landmark case of Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295, where the Supreme Court held that the right of privacy falls within the scope of Article 21 and observed that the expression “right to life” was not limited to bodily restraint or confinement to prison only but something more than mere animal existence. In this case, the Petitioner was charged in a case of dacoity but was subsequently released as there was no evidence found against him. Thereafter, he was subjected to surveillance under U.P. Police regulations, wherein the police constables used to enter his house during night hours and thereby disturb him. The Supreme Court held that the U.P. Police regulations which authorizes domiciliary visits is void and unconstitutional and upheld the right to privacy of the Petitioner.

Since the concept of privacy is closely connected to data protection, in 2011, the Government of India also notified the “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011” (“Privacy Rules”) under Section 43-A of the IT Act. The Privacy Rules establish the standard of security practices and procedures to be observed by data collectors, and provides for the protection of the privacy of users disclosing data.

The Privacy Rules state that prior permission of the provider of information has to be obtained by the body corporate before disclosure is made to a third party and any third party receiving such information is not entitled to disclose it further.

However, they shall be obliged to share such information without obtaining prior consent from the provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.

While some may argue that because of the above mentioned exception, the Privacy Rules exempt the Government from its obligations, it must be pointed out that the legislation simultaneously also provides safeguards for this right. During the exercise of this exception, the Government agency is required to send a request in writing to the body corporate possessing such sensitive personal data or information stating clearly the purpose of seeking such information. The Government agency is also under an obligation to state that the information so obtained will not be published or shared with any other person.

Social media has been facing a lot of criticism by the governmental authorities in India lately. While some of the actions of the government may be politically motivated, others are because there are a plethora of laws in India that cover a vast variety of issues. Many of these are so ambiguous in nature that any content put up by the social media will get affected by these laws. Some of the laws that may be of concern are as follows –

The Indecent Representation of Women (Prohibition) Act, 1986

This legislation prohibits the “indecent representation of women” through advertisements, or in publications, writings, paintings, figures, or in any other manner. It defines “indecent representation of women” as depiction in any manner of the figure of a woman; her form or body or any part thereof in such way as to have the effect of being indecent, or derogatory to, or denigrating women, or is likely to deprave, corrupt or injure the public morality or morals.

Warnings by the government to social media sites like Facebook and YouTube, court notice to Bollywood actors and cricketers for indecent dancing at the cricket IPL in April 2012, Indian MPs proposing a ban on indecent representation of women on television at a discussion in the Indian Parliament are some incidents in the social media where indecent portrayal of women has been condemned.

The Indian Penal Code, 1860

The Indian Penal Code contains provisions dealing with sedition, obscenity, blasphemy, and defamation, which may be used to sanction those who generate and circulate objectionable content.

The Emblems and Names (Prevention of Improper Use) Act, 1950

This legislation prevents the improper use of certain emblems and names for professional and commercial purposes. It states that no person can use, or continue to use, for the purpose of any trade, business, calling or profession, or in the title of any patent, or in any trade mark or design, any name or emblem or any colourable imitation thereof without the previous permission of the Central Government.

The Prevention of Insults to National Honour Act, 1971

The legislation states that whoever in any public place or in any other place within public view burns, mutilates, defaces, defiles, disfigures, destroys, tramples upon or otherwise shows disrespect to or brings into contempt (whether by words, either spoken or written, or by acts) the Indian National Flag or the Constitution of India or any part thereof shall be liable to imprisonment.


Recent debates on internet censorship in India have focused on the allegedly free for all nature of the internet. There is no doubt that the above mentioned Indian laws prevail on the internet space as well and grants us our constitutional right to free speech and expression but with reasonable restrictions. While some may argue that the current mechanism of internet censorship in India is draconian and unconstitutional, they should also keep in mind that the internet should not be misused for their own private interests, which may be detrimental to the interests of others or the country as a whole. This dichotomy between rights of the people and the statutes in force has to be resolved by way of a harmonious interpretation of the provisions of these statutes. The government and the judiciary should take steps to provide clarifications to remove ambiguity in the above mentioned legislations, to prevent conflicting interpretations by different sections to suit their selfish motives.

Probir Roy Chowdhury is a Senior Associate and Garima Jhunjhunwala is an Associate with J. Sagar Associates, Bangalore. Their practice areas include work in the technology and education sector in India. They may be contacted at and



By Probir Roy Chowdury and Garima Jhunjhunwala


General Anti-Avoidance Regulations: The Indian Journey so far

  1. Background

General Anti-Avoidance Regulations (‘GAAR’) are aimed to target complex and / or peculiar tax avoidance arrangements not dealt directly by the provisions of tax laws. Such tax avoidance arrangements which are artificial i.e. having no commercial substance entered with the main motive of abusing tax provisions.

GAAR has also been termed as codification of the doctrine of substance over form with the objective of deterring occurrence of tax avoidance arrangements rather than per se revenue generation.

GAAR regulations intend to deal with tax avoidance arrangements and not tax mitigation or instances of tax evasion considering that tax avoidance is distinct from tax mitigation and tax evasion. Where, on the one hand, tax evasion is illegal or forbidden by law, tax mitigation is where tax payer takes advantage of a fiscal incentive offered to him by the tax legislation.

The above can be explained by way of an illustration, let us take a situation where Company incorporates its manufacturing division in Special Economic Zone (SEZ) so that it can take benefit of tax holiday offered by the tax statute. It being a fiscal incentive and taking its advantage would amount to tax mitigation. In the same situation, if the company were to manufacture in non-SEZ zone but diverts the manufactured products to SEZ, where no value addition is done, it would be regarded as tax evasion, emanating due to misrepresentation of facts.

Having suggested so, it has been variedly held that tax avoidance arrangements do otherwise affect economic efficacy, fiscal justice and revenue productivity.

With this given conceptual background, the concept of GAAR was first introduced in India through draft Direct Tax Code (‘DTC’), 2009. DTC was introduced with a view to replace the Indian Income Tax Act, 1961, aiming to achieve simplification in terms of language and structure vis-à-vis the extant direct tax provisions. The same along with a discussion paper was released on August 12, 2009 for public comments.

Subsequently, a Revised Discussion Paper was released in June 2010, based upon the initial feedback received and was again made available for public comments.

Thereafter, the Draft of Direct Taxes Code, 2010 (‘DTC 2010’) was placed by the Government of India before the Parliament on 30 August 2010. In specie, DTC 2010 did retain most of the GAAR provisions proposed by DTC 2009. Also other certain enabling provisions were incorporated to effectuate the proposed GAAR provisions.

  1. GAAR-Evolution Process

The DTC 2009 introduced GAAR with a prime objective of its acting as a deterrent against tax avoidance practices. However, a reasonable distinction between legitimate tax minimization and abusive tax avoidance was conspicuously missing in DTC 2009.

The DTC 2009 proposals, inter-alia did suggest that an arrangement shall be presumed to have been entered into, or carried out, for the main purpose of obtaining a tax benefit unless the person obtaining the tax benefit proves that obtaining the tax benefit was not the main purpose of arrangement. The sweeping nature of such presumptive provision ought to have caused undue hardship to the taxpayers entering into genuine transactions and accordingly the entire scheme of GAAR was viewed as counterproductive vis-à-vis commercial efficiency. Also, such provisions would lead to a plethora of litigation, inconsistent with the objective of achieving deterrence of avoidance arrangements.

It was widely suggested that the initial burden of invoking GAAR should be shifted upon the tax authorities.

After receiving several representations from stakeholders, the revised draft DTC 2010 was issued. The 2010 version of DTC was, thereafter, referred to the Standing Committee on Finance headed by former Finance Minister, Yashwant Sinha, which gave its report on March 9, 2012 recommending amendments.

Eventually, the tax proposals for the year 2012 announced vide Finance Bill 2012 on March 16, 2012 introduced GAAR provisions in the existing scheme of Income Tax Act, 1961 (Act) effective April 1, 2012.

The said proposals enunciated vide Finance Bill 2012 were enacted on May 28, 2012.

  1. Salient Aspects of GAAR Proposal

Chapter X-A of the Income Tax Act, 1961, now encapsulates the scheme of GAAR.

The said scheme like in DTC 2009, 2010 does provide wide discretionary powers to the revenue authorities in taxing tax avoidance arrangements’ including the power to disregard entities in a structure, reallocate income and expenditure between parties to the arrangement, alter the tax residence of such entities and the legal situs of assets involved, treat debt as equity and vice versa, etc.

The legislated GAAR provisions were once again criticised for providing wide discretionary power to tax authorities resulting in excessive tax and compliance burden on the taxpayer. Also, the said proposal , along with the retrospective amendments on taxation of indirect transfers did become a subject of intense debate.

Considering the same, implementation of GAAR was deferred by one year.

Subsequently, a committee under the chairmanship of the Director General of Income Tax (International Taxation) was constituted to give recommendations for formulating the guidelines for proper implementation GAAR provisions and to provide clarity on the provisions so as to safeguard taxpayers against their indeterminate use and curb abuse thereof.

The Committee released its draft recommendations on 28 June 2012, the following suggestions/recommendations were made by the committee:

Shifting of initial burden to prove, if, an arrangement leads to “tax avoidance” on the revenue authorities from the taxpayer.

Also, in order to provide relief to small taxpayers, it was suggested to provide a monetary threshold for invoking GAAR provisions. For the sake of consistency and transparency in the procedures, the committee also prescribed statutory forms for making references within the tax departments and time limits for completion of various actions under the GAAR provisions.

Further, it was clarified that GAAR would cover cases not covered by Specific Anti Avoidance Rules (‘SAAR’). Guidelines clarified that in case only a part of the arrangement is impermissible, the tax consequences under GAAR will be limited to only that part of the arrangement.

Various illustrative cases were recommended by committee for sake of clarity as to whether an arrangement would attract GAAR provisions or not.

The said guidelines were issued when there was a change of guard at the office of the Finance Minister with the finance portfolio getting vested with the Hon’ble Prime Minister.

It was somewhat a surprise to observe the reaction of the Prime Minister’s Office to the circulation of the draft guidelines in the public domain, suggesting that the rules were merely “draft guidelines to seek wide ranging feedback and for discussion purpose”. Further, the finance ministry officials did state “Do not read too much into the release of PMO. The PM has not applied his mind on GAAR issues”.

The Government of India constituted an Expert Committee on GAAR to undertake stakeholder consultation to finalize the guidelines for GAAR.

  1. Shome Committee

The expert committee under the chairmanship of Dr. Parthasarathi Shome, noted economist was constituted by Government to undertake consultations and suggestions from stakeholders and general public on the first draft guidelines for GAAR.

The committee did receive suggestions from the stakeholders, professionals in tax advisory, chambers of commerce and industry, foreign investor associations, industrialists, and policy makers in relation to the above recommendations and on based on the feedback issued second draft guidelines for GAAR.

The draft report submitted by Shome committee has suggested deferring the implementation of GAAR by 3 years on the administrative ground as it would require trained tax officers. The tax officers would be required to have specific knowledge since GAAR requires deterrence of avoidance arrangement rather than revenue generation.

Further, the committee in its draft report has emphasized on “investment approach” by suggesting abolishment of tax on gains arising from transfer of listed securities and tax on business income of foreign investors in India. And in order to make good of tax loss, the committee has recommended increasing the rate of security transaction tax.

It recommended that the tax officer would be required to give a detailed reasoning before invoking GAAR, as such the onus of proving shall be of tax authorities.

In order to avoid ambiguity and uncertainty the committee has further recommended that until the tax is abolished as mentioned in the above paragraph, in case a Tax Residency Certificate is issued by government of Mauritius, GAAR provisions shall not apply to examine the genuineness of the residency of an entity set up in Mauritius.

Similarly, where the treaty itself has anti-avoidance provisions, for instance under Indo – Singapore tax treaty, the treaty provisions ought not be substituted by GAAR provisions under the treaty override provisions.

As discussed, the provisions of GAAR envisaged provision of wide discretion & authority to tax authorities, as such it has been constantly feared that it might result in tax exploitation.

It was also felt that tax avoidance should be distinguished from tax mitigation. An exhaustive negative list for the purposes of GAAR should also be specified.

The committee has also recommended introduction of a negative list, not exhaustive, to include:

  • Amalgamations and demergers (as defined in the Act) as approved by the High Court.
  • Intra-group transactions (i.e. transactions between associated persons or enterprises) which may result in tax benefit to one person but overall tax revenue is not affected either by actual loss of revenue or deferral of revenue.
  • Selection of one option out of two or more options offered by law should not be considered to be tax avoidance. For instance:
  • payment of dividend or buy back of shares by a company,
  • setting up of a branch or subsidiary,
  • setting up of a business unit in SEZ or any other place,
  • funding through debt or equity, and
  • purchase or lease of a capital.
  • Timing of a transaction, for instance, sale of property in loss while having profit in other transactions.

To bring more clarity and fairness the committee has in its report has recommended that the investment made by residents or non-residents which are existing as on the date of commencement of GAAR should not brought under the scrutiny of GAAR provisions.

Other salient recommendations of the Shome committee inter alia are:

  • Monetary threshold of Rs. 3 crores (equivalent to USD 5,00,000 approximately) of tax benefit to check the applicability of GAAR provisions.
  • GAAR to cover only those arrangements which have the main purpose of obtaining tax benefit and not those whose one of the main objective is to obtain tax benefit.
  • An arrangement lacking “commercial substance” shall be deemed to include arrangement not having significant business risks or net cash flows apart from tax benefit.
  • In order to ensure high level of independence, the Approving Panel for the purposes of GAAR should have 5 members including chairman. The chairman should be retired judge of the High Court, two members from outside government and persons of eminence from the fields of accountancy, economics or business, two chief commissioner of income tax.
  • As per the existing legislated provisions of GAAR under Finance Act, 2012, whilst determining the commercial substance of an arrangement following factors are considered irrelevant:
  • Time period of existence of an arrangement,
  • Fact of payment of taxes, directly or indirectly, under the arrangement,
  • Fact that an exit route is provided by the arrangement.

The committee has recommended that these test should not discarded as totally irrelevant and may be considered in addition to the other aspects while evaluating the commercial substance of an arrangement.

  • GAAR provisions would not be invoked while processing application for lower tax deduction at source where the taxpayer gives an undertaking to pay taxes in case it is found that GAAR provisions are applicable in relation to remittance during the course of assessment proceedings.

Apart from the above, the committee has also recommended that tax avoidance schemes to be considered for reporting purposes as more likely than not as impermissible avoidance arrangement and be reported in the voluntary tax filing done by the taxpayer.

By and large the Industry and all the stakeholders have hailed the recommendations of the Shome Committee as a welcome relief.


The timing of introduction of GAAR regulations in the given international as well as domestic scenario is viewed regressive. Seemingly, there has been an instantaneous sense of realization that, in the present challenging times, sound tax competitiveness is required.

The policy makers are extremely conscious of flow of International Capital and perhaps have understood that the tax regime has to be conducive with the global environment and the need of the hour is to achieve increase of net Foreign Direct Investment flows into the country. When compared with the 2009 version, significant changes have taken place in the GAAR regulations, which itself suggests that tax policy is being correctly configured at this given juncture.

A variety of measures can be undertaken including initiating structural reforms in the tax system and administration, which can add to revenue productivity.