Which brings us to UIDAI, or the Unique Identification Authority of India, the dark horse that rose to prominence.
For an organisation that started life as an entity attached to the Planning Commission and tasked with designing the technology for Aadhaar, both the entity and its founder, Nandan Nilekani, hold incomparable sway when it comes to any new moves in tech. So much so that it is viewed as being the organisation wielding most influence. Owing to this influence, Aadhaar authentication has snaked its way into several ministries as a prerequisite to gaining access to basic services, ranging from cooking gas connections to SIM cards to birth certificates, and soon even healthcare.
While UIDAI’s jurisdiction is limited to regulating how Aadhaar functions, the identification system’s growing pervasiveness means it casts a much larger shadow.
The agency’s influence on policy-making is most visible in the inclusion of UIDAI chief Ajay Bhushan Pandey in the Srikrishna committee. “Pandey’s inclusion meant any real reform [on data privacy] with respect to Aadhaar could be kissed goodbye,” said the Bengaluru-based tech lawyer.
However, one move that could lead to conflict for UIDAI in the future is the idea of setting up a Data Protection Authority, or DPA, which was among the Srikrishna panel’s recommendations.
The DPA is expected to monitor data, issue directions, resolve disputes and also issue penalties. It’s a proposal that has got companies spooked. “The DPA is super onerous and super bureaucratic. It’s very arbitrary, and not independent enough, it would easily be the most powerful regulator if set up, as it would cut across all sectors,” said a public policy professional who works at a multinational.
The DPA is envisioned as a super-regulator that will work with other regulators. “The way DPA is proposed, it could be more powerful than UIDAI even at least on paper. It could allow users to complain against UIDAI even,” said the Bengaluru-based tech lawyer.
For now, though, UIDAI’s influence is only growing. It closely works with two entities at the centre of tech policy-making—MeitY and Trai. Wherein lies yet another story.
A mighty trinity?
MeitY covers all things tech. Trai comes in on mobile networks and the internet. Both play a part in data and cybersecurity policies, which is where UIDAI enters the picture too.
UIDAI as we’ve seen, reports to MeitY. And it’s close to Trai, a relationship that has roots in the fact that RS Sharma, the current chairman of the telecom regulator, was earlier chairman of UIDAI. Today, the telecom sector is invariably the first to adopt any new regulations that come from UIDAI. A case in point is the agency’s 18 August circular about facial authentication. Trai first asked the telcos to take up the new protocol in addition to fingerprint and iris scan.
With Trai largely aligned to UIDAI, and UIDAI aligned to MeitY, one could assume that Trai and MeitY are also in sync. But here’s the rub. The two are, in fact, getting into the habit of stepping on each other’s toes.
MeitY has been working on a cloud computing policy since 2013, which it is yet to release. In the meantime, Trai came up with its own version last month. Similarly, MeitY is working on a revision of the 2012 national electronics manufacturing policy. Almost as if to beat MeitY to the chase, Trai has already released recommendations for a local telecom manufacturing policy, on 3 August.
“While they both are mostly on the same page here, it is still not Trai’s business to come with recommendations for these. It is technically DIPP’s domain,” said a Delhi-based tech policy lawyer, referring to the Department of Industrial Policy and Promotion. “Trai is putting a foot in the door because it concerns itself with telcos.”
A quick recap of Trai’s job description here would help. It has the power to set tariffs that telecom firms can charge, as well as interconnection charges that one telco has to pay to another for calls between networks, and regulates quality of service. When it comes to other matters on telecom like licensing, licence fees and revenue sharing, Trai can only make recommendations, says Kunal Bajaj, a consultant at Ameya Tel, a telecom advisory firm. And the regulator takes its recommendation power pretty seriously.