‘In an increasingly polarized world, power struggles between nation states will play out & in this scenario individuals are going to suffer more attacks on, and loss of, personal data and privacy’ – Ananth Padmanabhan

Ananth Padmanabhan serves as Dean at Daksha Fellowship and as a visiting fellow at the Centre for Policy Research. His research interests are in the fields of technology policy, intellectual property rights, and innovation scholarship. He has authored a leading treatise, Intellectual Property Rights: Infringement and Remedies (LexisNexis, 2012), and co-edited an important volume, India as a Pioneer of Innovation (OUP, 2017). 

His co-authored chapter on Big Data in a recent volume on Regulation in India: Design, Capacity, Performance (Hart Publishing, 2019), is part of a continuing initiative to examine the public law and regulatory dimensions of new technologies. It builds on his understanding of the Indian State and the Supreme Court within the constitutional context, explored through chapters in Rethinking Public Institutions in India (OUP, 2017), and the Oxford Handbook of the Indian Constitution (OUP, 2016). He engages in broader public conversations on the impact of technology through his opinion pieces in Hindustan Times, ThePrint, Livemint, Indian Express, and other print / new media.

Ananth holds masters and doctoral degrees from the University of Pennsylvania Law School.

Q.  Let’s start with some of the most relevant issues in today’s times. You have researched extensively on data governance. As the world is increasingly getting entwined with technology, do you think control of citizens’ data is likely to be used as a political tool by governments? Such questions have been raised across the globe including in India in the context of Aadhaar and the Aarogya Setu app. 

Control over citizen data is already being relied on as a political tool, be it for election campaigning or for policy appeasement and/or exclusion. Some of these outcomes may be unintended or the result of technology failures, but there is increasing evidence to indicate that many such outcomes are on account of plain neglect or even worse, pre-determined through active connivance of state authorities. For instance, with Aadhaar, what was the rationale behind linking this requirement with every service potentially offered by the State? How did a body like the UIDAI, essentially a data custodian, also become the quasi-regulator and even rule-maker of privacy norms? Why did certain private companies benefit from the stack built on top of the Aadhaar database through early API access, and not others? Frankly, answers to each of these questions and many more can be traced to clear political choices by those in power. Many of these questions linger in the case of Aarogya Setu as well: for how long will the collected data be stored, and for what purposes would it be put to use; will private actors be provided access to this data over time for commercial gains; will the data be accessible to multiple Ministries and government departments, and if so, would it enable the creation of a surveillance state?

Q. Coming to the private sector on this same issue of data privacy, one of the big four tech firms — Facebook — not only has access to but controls enormous amounts of private data of a large part of the world’s population. This heavy dependence on a singular entity could have catastrophic consequences for individual and group privacy. Do you think it’s even possible to ‘ensure’ that such a scenario does not arise, and that we can ever start feeling completely secure that data breaches will not, or rather cannot, happen? What kind of human intervention do we need for this in terms of laws? 

The reality we live in is such that we can never fully prevent data breaches. A robust regulatory response is the only workable solution put forth so far that optimally draws the balance between efficacy, business autonomy and trust. When it comes to faulty data processing practices, the right response is broadly along the lines of a data protection law. Whether such law should be modelled on the EU’s General Data Protection Regulation or not is a separate debate. But some kind of legal clarity is required in terms of how these private actors handle our data. The major downside of course is that a regulatory response is only as good as the regulator. For instance, the Personal Data Protection Bill, 2019 in India mandates creating a Data Protection Authority with extensive powers ranging from norm-setting to technical standards-setting to adjudication to penalties. The undesirability of this model notwithstanding, it appears like a poorly thought out design on first glance because of a strong likelihood of unworkability. 

When it comes to rogue actors who hack into databases, the answer is more complex. Many of these incidents, especially high-profile ones such as the Sony, Equifax and Zynga hacks, were orchestrated by transborder actors. It is almost impossible to bring them to justice. In an increasingly polarized world, power struggles between nation states will play out in the form of attacks on each other’s corporations. In this scenario, individuals are going to suffer more attacks on, and loss of, personal data and privacy. I do not see any workable solution in sight. The two leading powers of our day – US and China – do not see eye to eye on foundational norms of internet governance, a clear stumbling block in the formation of any international coalition to meaningfully address these high-level attacks.

Q. In continuation of the above two questions, do you think data breaches can have detrimental effects, either directly or indirectly, on civil and human rights and on the democratic value system in the long run?

Yes, in two distinct ways. One, because opponent states will keep targeting electoral processes, critical infrastructure, information channels and all other resources to disrupt normal public life as well as deprive individuals of their civic and political freedoms. Second, because host states will use these attacks and other forms of attacks as a justification or a ruse to further clamp down on these freedoms, especially over the internet. A good example of the former is the Russian hack that may or may not have led to Trump’s victory but certainly made many people lose faith in the democratic process. An example of the latter is the Ministry of Electronics and Information Technology’s proposed amendment to the Information Technology (Intermediaries Guidelines) Rules, 2011 which attempts to use sledgehammers to crack nuts. In other words, extremely disproportionate responses that put privacy-friendly technology solutions such as encryption at risk!

Q. Talking about another tech giant — Amazon — that runs a monopoly. Amazon has been facing antitrust scrutiny even in the US but is still ruling the roost. What kind of competition laws do countries need in order to correct the kind of imbalance that has been created by a massive firm like Amazon? 

The most important element of this reform of competition law should be centered on data and how tech companies like Amazon can use data dominance to stop innovation from happening. There are several limbs to any such reform: i) creating data sharing models, voluntary or otherwise, that ensure possibilities for new innovators to mushroom; ii) reimagining abuse of dominant position in a manner where the regulator is as much focused on data dominance as it would be on the traditional metric of market dominance; iii) mapping some of the common types of abuse that rely on data dominance for execution of the same; and iv) merger controls to ensure that there is no one master that controls all data through a series of acquisitions. 

Q. How about competition laws in India, where e-commerce operations are expected to multiply in the near future and a lot of indigenous startups are also vying for tech space. Does India have the right kind of laws to ensure a level playing field for all such stakeholders?  

Terms like “level-playing field” often contain very little analytical content for us to frame policy around the same. The real question should be whether anti-competitive harms are caused in the marketplace. If we respect the consumer and their welfare, for instance, it should not be the business of policy makers to micromanage deep discounting. If businesses behave irrationally through such practices, they are bound to fail at some point. The policy conversations we are witnessing at present are a violent reaction to some of the venture capital-backed practices of the 2013-16 period. Let the market correct course rather than we turning to the State to play arbitrator between different kinds of business models. And in that journey, a lot of positive innovation will come through. Of course, if it is centralized innovation, we can take remedial steps to rectify the same through competition law reform of the kind flagged in my response to the earlier question. 

Q. Your doctoral thesis was on digital copyright, and you have also critically examined from a policy perspective ‘innovating/ innovations’ in India. Could you briefly explain the challenges faced by innovators in India on the policy front as well as the IPR front? 

On the policy front, the real issue is that fundamental research is not taken seriously in India. We keep talking, and hosting innumerable conferences, on digital India and the like. We also have some very committed and well-meaning thought leaders like the Principal Scientific Advisor and the Secretary, Department of Science and Technology who understand the gaps as well as the need to promote scientific thinking and foundational research. But for the cup to meet the lip, a lot of financial commitment must be made to such research without too many questions asked or interference in the direction of such research, setting of agenda etc. That freedom is quite absent, thereby making innovation a centralized process that hinges on who you know and who can open doors for you. 

From an IPR perspective, legal enforcement must be geared towards protecting real innovation. Currently a lot of our pending cases are trademark suits, copyright infringement action etc. The number of cases where cutting edge innovation is sought to be protected through patent action are still limited. The Intellectual Property Appellate Board has come under criticism for its limited sittings and inability to cope with the workload. A broken patent enforcement system will naturally result in much less patenting happening in India, as well as limited faith in our legal system to protect R&D invested in pioneering inventions.

Q. You earned your doctorate from the University of Pennsylvania. You are also an alumnus of the NLSIU, Bangalore. What kind of difference have you observed between Indian and Western educational institutions, in general, as far as education in the legal field is concerned? 

The difference is really one arising from an emphasis on applied theory. For the first time, I understood foundations of jurisprudence when taught by my doctoral advisor Prof. Shyam Balganesh. Though the readings were heavy, the pedagogic manner focused on neatly placing even complex theoretical ideas into categories, exceptions and sub-categories of thought. In some sense, what they taught me at UPenn was simply how to think. Even the senior professors there are aware that many of us come with years of work experience in our respective jurisdictions and they wouldn’t perhaps be able to teach us more of our domestic laws. Yet, the program (both masters and a doctorate) carry great value for the conceptual way in which a subject is approached. 

The other big positive, and this is more common to US legal academia, is the emphasis on policy outcomes and consequences when teaching us legal doctrine. US is indeed the birthplace of legal realism, and that shows in the way professors approach law teaching. I had the good fortune to learn technology policy from Prof. Christopher Yoo and Prof. Jonathan Smith, one a leading legal academic and the other an expert in computer science. Recreating this model of learning is going to be tough in India, but something all law teachers and legal education administrators must aspire for.

Q. The Daksha Fellowship for young and mid-career lawyers that you are heading as Dean, Academic Affairs, is cross sectoral and futuristic in nature as it provides a platform for legal practitioners to learn how to link their work with technology-related policy, regulations pertaining to domains such as energy, infrastructure, food, green economy, and alternate dispute resolution — specialisations that are the need of the hour with a lot of potential in the near future. Could you tell us more about the Fellowship, as it is new? And how can more such avenues be built in India to enable lawyers to broaden their horizons and at the same time engage with the evolving needs of a changing world? 

The Daksha Fellowship is a one-year residential program run out of Chennai. It is similar to an LL.M degree program but places greater emphasis on skills over theoretical knowledge. Students will be taught by highly qualified core and visiting faculty, drawn from India and overseas. They will also participate in a variety of workshops and bootcamps to burnish their skills. In a nutshell, the fellowship aims to replicate what the Indian School of Business did for B-school education in India.

There are three pillars guiding our academic vision and pedagogic approach at the Daksha Fellowship: knowledge, expertise, and skills. As part of the knowledge pillar, all our fellows will be trained in finance, accounting, data and decision-making, and in public policy – areas that significantly interact with legal practice. They will also undertake a full course on research methods. 

The expertise pillar will train them in their chosen area of specialization. The technology law and policy specialization will include a wide range of courses from data protection to information technology, and intellectual property rights in the digital age to telecom. The law and regulation specialization will provide a conceptual and historical understanding of regulation, as well as deep-dive into regulatory zones such as energy and infrastructure, real estate, bankruptcy, and the green economy. The disputes resolution specialization will aim to equip our students with both knowledge required to excel as a litigator, and an understanding of emerging trends in this area such as online dispute resolution, arbitration, and mediation and conciliation strategies. 

The skills pillar uses a combination of activities to ensure that Daksha Fellows are well-trained to stand out in the world of work. We will have a Communications Lab running through the year to help them with their writing skills, as well as expression in the digital medium. The Work and Well-being Lab will address other aspects such as leadership qualities, managing the self, critical thinking, and working in teams. In short, our curriculum is designed to enable students go beyond policy and legal frameworks to understanding technology, business practices, and communication in the digital age.

Personally, I would like to see many more such initiatives, not just in legal education, which scrutinize teaching methods that have unquestioningly lingered for several decades. Such critical evaluation is an essential pre-requisite for any student-centric model that guides them to become better problem solvers. 

Q. Do you think artificial intelligence and data analytics can be used in the legal field to bring about more efficiency? If so, then how?

For sure. A big part of our work as lawyers and legal educators is to conduct research. And AI and data analytics can make this process so much more efficient, offer more accurate results as well as compress huge volumes of material into easily comprehensible information. Disputes resolution is another area where pattern analysis can help provide adjudicators with a lot of deep insights, including on case management strategies, reducing delays and even doling out substantive justice. Finally, transactional lawyers have as always been at the forefront of adopting many of these technologies. The results are already there for us to see: conducting due diligence and other time intensive activities have become way more efficient with augmentation and support offered by similar natural language processing solutions.