The RBI’s Digital Lending Recommendations A Sign of the Road Ahead

The journey to a new general data protection law in India is more than a decade long and has seen several milestones ranging from the reports of Committees headed by Justice A.P. Shah[1], Justice B.N. Srikrishna[2], and a Joint Parliamentary Committee (“JPC”) to draft legislation in 2018[3], 2019 (“PDP Bill”)[4] and 2021 (“DPB”)[5].

While the recent withdrawal of the PDP Bill[6] is seen as a sign of a long and twisted road ahead, regulators in sectors such as banking, financial services and insurance have not had the luxury of taking the scenic route.

Continue Reading The RBI’s Digital Lending Recommendations: A Sign of the Road Ahead?

Policyholder Data Sharing in India

Introduction

With a vision to transform India into a digitally empowered society and knowledge economy, the Indian government[1] launched the Digital India initiative and mindful of its impact, it has been taking several steps to ensure greater accessibility as well as greater safety around internet based services. This, coupled with heightened internet based services and digital connectivity,[2] led the government to launch several digital services[3] and some are remarkably successful – these range from unified payments interface (UPIs) to DigiLocker[4]. According to India Brand Equity Foundation, the rising use of UPIs strongly indicate that more and more people in India are adopting a digital lifestyle[5] – UPI saw its highest ever number of transactions in April 2022 at 5.58 billon, amounting to INR 9.83 trillion. DigiLocker hit the mark of 101 million users on March 19, 2022, evidencing the adoption and success of this initiative[6].

Continue Reading Policyholder – Data Sharing in India – Time for Consent – Based Regime?

FIG Paper

Background:

A Working Group on Digital Lending (“RBI WG”), constituted by the Reserve Bank of India (“RBI”), had published its Report in November 2021. It had made recommendations on (i) the legal and regulatory framework for digital lending; (ii) technology; and (iii) financial consumer protection, implementable over the near-term (up to one year) and medium-term (beyond one year).

Continue Reading FIG Paper (No. 16 – Series 1) – Impact Analysis of RBI’s Recommendations of the Working Group on Digital Lending – Implementation

Payment System Operators New M&A Implications

Background:

On July 4, 2022, the Reserve Bank of India (“RBI”) clarified to all banks and non-bank payment system operators (“PSOs”) that its prior approval would be required for any (a) takeover/ acquisition of control, which may or may not result in change of management; and (b) sale/ transfer of payment activity to an entity not authorised for undertaking similar activity (“Circular”).

Continue Reading FIG Paper (No. 15 – Series 1) – Payment System Operators (PSOs) – New M&A Implications

Of Gambling and Gaming

India’s Ministry of Information and Broadcasting (“MIB”), on June 13, 2022, issued an advisory (“Gambling Advisory”)1 to the media, including newspapers, private satellite television channels and publishers of news and current affairs on digital media, which has been the subject of much discussion and reporting.

Continue Reading Of Gambling and Gaming: A Tale of two Advisories

The Cert-In Cyber Security Directions More Questions Than Answers

On April 28, 2022, the Indian Computer Emergency Response Team (“CERT-In”) under the Ministry of Electronics and Information Technology issued extensive directions to service providers, intermediaries, companies, firms, and government organisations (collectively, “Entities”, and each an “Entity”) specifying various ‘cyber security directions’ that they are required to follow (“Directions”)[1].

Continue Reading The Cert-In Cyber Security Directions: More Questions Than Answers?

FIG Papers

The recent Master Directions issued by the Reserve Bank of India (RBI) on Credit cards and Debit cards – Issuance and Conduct Directions, 2022, dated April 21, 2022, is a consolidation of existing guidelines on the subject, except that it has brought about greater clarity by providing definitions on what is a credit card, credit limit and other related terminologies. In addition, it has spelt out more explicitly the scope of co-branding arrangements and the roles of card issuers and co-branding partners.

Continue Reading FIG Papers (No. 12: Series-1) RBI Master Directions on Credit and Debit Cards

Metaverse

The metaverse and its use-cases

There are many ways to describe the ‘metaverse’: a post-reality universe that allows several users to participate in a shared virtual environment, an immersive 3-D extension of the internet itself, or even as the next frontier of the digital economy. In due course, the metaverse may align itself with its initial usage, as described in Neal Stephenson’s 1992 sci-fi novel Snow Crash, as a vast digital environment where users could interact with each other. While the Metaverse may escape the contours of a universally accepted definition (for some time at least), it will, by present trends, continue to capture popular culture, imagination and increasingly, various aspects of life. As early as 2005, the metaverse had begun to be considered as something more than simply being centered around MMORPGs (or massively multiplayer online role-playing games). Today, the Indian market already bears witness to the proliferation of augmented reality, virtual reality, and elements of the ‘metaverse’ across several B2B, B2C and C2C applications. Indian tech firms and start-ups have been quick to respond.

Continue Reading FIG Papers (No. 11: Series-1) Into the Metaverse: Legal and regulatory considerations in India

Whatsapp Group Admin

The modern genesis of vicariously attributing culpability to a creator or administrator of a WhatsApp group for offensive, defamatory or objectionable content posted by a group member can be found in the recent decision of the High Court of Kerala on February 23, 2022, in the matter of Manual versus State of Kerala and another[1]. The High Court of Kerala has largely followed the bright line laid down by the High Court of Bombay[2], the High Court of Delhi[3] and the High Court of Madras[4] in their previous decisions on this subject. As a rule, most common law jurisdictions have traditionally applied vicarious liability by employing the common law doctrine of respondent superior. It is noteworthy that superior courts have also authoritatively held in successive judgments that vicarious criminal liability can be attributed only if a penal provision of such nature is specifically provided in the underlying statute.

Continue Reading Can the admin of a WhatsApp group be held vicariously liable for an objectionable post by a group member?

Digital Age Warfare

A. Introduction

In this digital age, it may not be out of place to say that data has replaced oil as the most valuable resource. The advancement of technology has led to the emergence of a new species of extortion, where ransom is sought in lieu of data, which is illegally assumed control over. This phenomenon is popularly known as a ransomware attack. A ransomware attack includes a malware that is introduced onto the host’s computer or mobile, thereby encrypting its data, with a subsequent demand for a ‘ransom’ for decryption of the same, to secure its release[i].

Continue Reading Digital Age Warfare: Ransomware Attacks