With the enactment of the Telecommunication Act 2023 (“Act”), there has been a tectonic shift in India’s telecommunication landscape. The Act supersedes the Indian Telegraph Act 1885 and the Indian Wireless Telegraphy Act 1933, with the promise of incorporating a modern framework for regulating the sector. With a series of technological developments and market reforms, a vital question arises: how does the Act balance the burgeoning needs of the telecom industry with the fundamental rights of its users?

Decoding the Telecom Act: Unraveling its Privacy Implications

Growing concerns about privacy and government intrusion stem from the integration of modern surveillance technologies. The lack of transparent accountability further exacerbates these concerns, as involved entities often operate without explaining their actions. This integration gives the government temporary authority over telecom services for national security reasons.

The ambiguity in defining “telecommunication” and “telecommunication services” to include internet services impacts user rights. Section 32 (2) empowers the government to suspend or revoke the authorisation for breach of terms. This authority was present in the Telegraph Act 1885, but lacked the power of suspension, making it more concerning. Section 20 grants the government significant control over telecommunication services, including the ability to seize, intercept and suspend services. Furthermore, Section 19(f) allows the government to notify standards and conformity assessment measures in matters of encryption and data processing. This could be deleterious as it becomes a tool for manipulation. Section 21 empowers the government to use these standards to create a backdoor to read private communications under the guise of national security.

While the government is keen on replacing the antiquated legislation, reference can be made to the Supreme Court judgment K.S. Puttaswamy v Union of India (2018) which enshrined three-fold test for restricting privacy: legality, necessity and proportionality with the fourth prong of procedural guarantee against abuse. From intercepting communications without a warrant under the name of national security to shutting down internet services during vaguely defined “public emergencies”, the Act empowers the government to strengthen its control over the digital domain.

The Act in conflict with Digital Personal Data Protection Act 2023

This recent legislative landscape creates an intriguing conundrum. The Telecom Act 2023 empowers the government to intercept communications under section 20(2)(a) in furtherance of public emergency, while the Digital Personal Data Protection Act 2023 (DPDPA) on the contrary, introduces strong data protection requirements to empower individuals. Consent is emphasised in Section 6(1) as the fundamental component of data processing. The consent must be free, specific and have a definite affirmative action attached to it.

Learning from the best industry practices

To strike a balance between public safety and protection of personal liberty, reference can be made to the UK Electronic Communications (Security Measures) Regulations 2022 and the Telecommunications Security Code of Practice 2022. The Telecom providers are required under Section 105A of Telecommunications Security Code to implement a variety of security controls and conduct proactive risk management measures for security breaches. The Regulations specify that network and service providers must secure their public networks and help third-party suppliers reduce security risks. OFCOM, the UK’s communications regulator, has been granted additional enforcement powers to protect telecom networks and ensure compliance with security obligations.

With an objective to resolve this dilemma, enhanced encryption standards should be mandated for communication services to prevent unauthorised interception. Regular reporting on frequency and kinds of government interception should be established, thus enhancing transparency. Enforcement of warrants or court orders for interception activities will enhance judicial oversight and legal sanctity. User consent should be obtained for interceptions unless informing users would jeopardize investigations or national security. Further, data minimisation principles should be adopted to collect and store only vital personal information. Independent bodies should monitor interception operations to prevent power abuse.

It is essential to address these issues to provide a thorough legislative framework that promotes fair supervision, privacy, and individual rights while simultaneously encouraging the expansion and regulation of the telecom sector. Creating a telecommunications law that genuinely satisfies the sector’s changing demands while respecting constitutional principles requires striking a balance between promoting innovation and defending fundamental rights.