TikTok - Time For A New IT Framework

On 29 June 2020, the Indian government announced a ban on 59 Chinese mobile apps (including TikTok and WeChat), citing national security concerns. The ban has been imposed against the backdrop of a recent violent border clash and heightened tensions between India and China.

The Indian government's decision appears to have been motivated by both legitimate data privacy concerns and political strategy. Concerns have been expressed for some time now that these apps may significantly invade privacy and collect vast quantities of data about their users (and the Indian government has been viewing data as a national asset for some time now). The measure is also widely seen as retaliatory in part.

In order to take this step, the Ministry of Electronics and Information Technology (the MeitY) invoked section 69A of the Information Technology Act, 2000 (the IT Act) along with the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 (the Rules).

Pursuant to section 69A of the IT Act and the Rules, the MeitY is empowered to issue directions for blocking public access to any online information that may pose a threat to the sovereignty, integrity, security and defence of India. Orders to block such access usually require certain procedural steps to be followed, such as an examination of the relevant complaints by a designated committee and providing the relevant parties with an opportunity to be heard. However, these steps can be avoided in an emergency by an interim order passed by the Secretary, Department of Information Technology (which was the case here). Although such an order needs ratification by a designated committee, it is highly unlikely to be overturned.

Reports suggest that the app companies have now been given an opportunity to appear before the committee and make submissions but will likely be put to a high test to demonstrate that they do not misuse or share data with governments. In addition, there are stringent confidentiality requirements under the Rules regarding complaints and action taken, so the information available to the app companies regarding the complaints made against them may well be limited. The blocking order could be challenged in Indian courts, but in this event, the courts would need to balance the contentions of the app companies against national security concerns.

For a while now, the Indian government has shown that it intends to give high priority to cybersecurity and data protection, but the legal and regulatory framework currently lags far behind. The IT Act is now over 20 years old - an expert committee is to be formed to propose a new law in this regard but has not yet been constituted. In addition, the government has made it abundantly clear that it views Indian data as sovereign, but the new personal data protection law has been a long time coming. In this regard, these recent steps may serve to bolster the justification for the localisation requirements and broad government powers in relation to personal data that were contained in the last publicly available draft of the data protection bill.

In closing, it will be interesting to see if the ban has a ripple effect globally. There have been reports overnight that the US is considering a similar ban on Chinese social media apps. Other countries around the globe may also follow suit in attempting to establish national boundaries on online information.

(Anuj Bhatia is a Partner at Platinum Partners, Delhi.)

Disclaimer: The opinions expressed within this article are the personal opinions of the author. The facts and opinions appearing in the article do not reflect the views of NDTV and NDTV does not assume any responsibility or liability for the same.