Search interesting materials

Thursday, February 27, 2020

Base and superstructure: Ideological constraints affecting India’s land markets

by Anirudh Burman.

As a scarce resource, land in India has often been, and will continue to be a source of heightened contestation. This contestation has taken place on the base of the legal framework that regulates land markets. This legal framework enables the state to exercise extensive control over the market. Over the decades, state power has been used extensively in an attempt to restructure socio-economic relations in society.

This legal framework has been successful in fomenting political mobilisation, it has not increased the efficiency of the market in any meaningful manner. If the underlying premises remain unchanged, this feature of our land markets - intensive political contestation without meaningful efficiency or equity gains - is likely to continue. This is likely to become increasingly contentious given the increased dynamism of the Indian economy - rapid urbanisation, diversification of the rural economy, and industrialisation.

During colonial rule control over land was not subject to democratic power. Since 1947, the use and control over land has been under democratic control. However, in these years, the issue of control over land was a huge source of conflict. Radical laws were passed to redistribute agricultural land and to ensure equitable rights for the cultivating class. However, their success was limited. Their implementation gave rise to a spate of litigation, and also led to extreme violence.

For all the frenzied activity over the equitable distribution of agricultural land, and planned urbanisation, the outcomes have been poor. Both agricultural and urban land in India are frightfully expensive. Getting land to set up industry often becomes a political nightmare. The rural economy that is intrinsically tied to land remains woefully stagnant. Migrants to urban areas are unable to afford decent housing, sanitation and safety.

An important dimension of this field is that these outcomes are rooted in the ideological basis on which Indian markets for land rest on. This ideological framework is broadly common across different kinds of land markets in India - rural, urban, industrial. And this framework has developed over the years in a manner that has rigged the land market against those who depend on it the most.

India’s regulatory framework in the land market today resembles that of other sectors like the financial markets and the telecom sector before they were liberalised. Market liberalisation did two things - it limited the scope of government regulation, and reoriented regulation to solving problems that privately-dominated financial and telecom sectors faced. This led to the growth of both these markets, and generated unprecedented benefits for consumers and prosperity for investors.

Similarly, the regulation of rights in land has a strong connection with the size, dynamism and growth of India’s land market. Laws and regulations that impair such rights constrain the land market.

State regulation of agricultural and rural land


Today, the state regulates almost all parts of the agricultural land market extensively. It determines what is agricultural land, and what is not. It determines who can own agricultural land. Many states prohibit non-agriculturalists from buying agricultural land. Others prohibit non-residents of a state from buying agricultural land within the state.

It also places restrictions on other kinds of transfers of agricultural land. For example, land given to the dependents of deceased military personnel cannot be transferred in many states. Through land-ceiling legislation, it lays down how much agricultural land one can own based on its estimation of what constitutes a sufficient amount of land.

Many states in India do not recognise tenancies and prohibit subletting of agricultural land. Others place restrictions on the contracts tenants and owners of agricultural land can enter into. Other regulations place restrictions on leasing and subleasing of agricultural land.

State regulation of towns and cities


Just like agricultural land, state regulation of urban land markets is extensive. In urban areas, the state not only decided who will own how much, and for what purpose, its role starts at the very inception - of deciding when a town should be called a “town” and a city a “city”. While almost all countries adopt some similar framework to regulate land-use, the framework adopted by India has been criticised by many as being too stringent, and one that effectively slows down the process of providing urban facilities like sanitation to rapidly growing new towns.

Conclusion


This restrictive regulatory framework has failed to provide dividends. Property in major Indian cities is more expensive relative to most other major cities in the world. Rural incomes have remained stagnant and required substantial government support. It is therefore time to revisit this regulatory framework (a) by understanding why this framework has failed, and (b) what can be done to reform this framework.


The author is researcher at Carnegie India. This paper was presented at the APU-NIPFP workshop Strengthening the Republic#1, January 11, 2020.

Does synchronization of elections matter? Evidence from India

by Vimal Balasubramaniam, Apurav Yash Bhatiya and Sabyasachi Das.

Many countries across the world hold elections for multiple levels of the government on the same day. Examples include the United States, Brazil, Sweden, South Africa, Indonesia, among others. Importantly, there has been an increasing demand to synchronize elections across tiers of governance in both Europe and India. In India, the Law Commission, and other bodies, highlight that elections are expensive and find that "holding simultaneous elections would be ideal as well as desirable". The implicit assumption in these discussions is that the question of when voters make decisions about their national and state representatives may not affect how they make these choices and consequently, the election outcomes that emerge from them.

In our research, we examine whether synchronized elections in India lead to significant changes in voter behaviour. We refer to an election in India as synchronized if the national election (or general election, GE) and the state election (or, assembly election, AE) occur on the same day. Otherwise, we say that the elections are non-synchronized.

Specifically, we ask the question how the probability that the same political party wins a seat at the Lok Sabha and the Vidhan Sabha changes when elections are conducted on the same day as opposed to on different days. For this, we compare the same assembly constituency over time with synchronized elections against those that happened on different days. For non-synchronized elections, we pair a national election with state elections that occurred after it and before the next national election.

We find that synchronized elections increase the probability that the same political party wins a seat both at Lok Sabha and Vidhan Sabha by 0.089, which is about 21% of the base probability of 0.42. One concern about interpreting this estimate as an effect due to synchronization is that a long time gap between national and state elections for non-synchronized elections may confound our ability to pin down a plausible causal interpretation of this estimate. We vary the time gap between the elections in any given pair of national and state elections from 150 days to 270 days, and our estimates range from 0.15 (for 150 days) to 0.082 (for 270 days). The estimates are, however, not statistically significantly different from each other. Our preferred specification is the one that limits the time-gap to 180 days -- an estimate closer to the lower bound that we find -- to account for qualitative reasoning that provides plausible exogeneity in the scheduling of elections.

Figure 1 below highlights the approach we take to this study with heat maps for the probability of the same party winning both the parliamentary and state constituencies without (Case 1) and with (Case 2) synchronized elections. Synchronized elections increase the probability of a political party winning both the Lok Sabha and Rajya Sabha seats. We show this for the ten states that fall within our sample for our preferred estimate. With the exception of Odisha – which has an opposite pattern – all other states in our sample present an increase in the likelihood of electing the same party.



Case 1: Unsynchronized Elections


Case 2: Synchronized Elections
Figure 1: Prob (Same Party winning both PC and AC)

This significant consequence of synchronized elections may not occur in isolation. We characterize the voting environment and find that the winning margin in any given contest at a constituency is on average no different between synchronized and non-synchronized setup. However, there is an increase in turnout for national elections to level with the average turnout for state elections during non-synchronized elections. This suggests that the fraction that participates in state elections is in general much higher than in national polls.

We explore the potential channels that drive this significant effect of synchronization. We find that synchronized elections reduce split-ticket voting -- the Euclidean distance between the vector of vote shares of political parties in parliamentary and assembly constituencies is significantly lower in synchronized elections. This reduction in split-ticket voting could be both demand and supply-driven.

On the supply side, political parties could homogenize information sets and hold similar campaigns for the two elections when they happen on the same day. They could manage greater engagement with voters on the ground due to economies of scale with campaign resources during synchronized elections. Both these factors could align a voter to a single party. On the demand side, it may be that the cognitive demand to rationalize voting for two different parties in the two elections when they vote for them at the same time is high. This increase in decision complexity may give rise to voting for the same party when elections are synchronized. To explore these motives, we use national and state election survey data collected by CSDS for a representative sample of individuals compiled within two days after every election in India.



Panel A: Voters Decision


Panel B: Election Priorities


Panel C: Voting Consideration


Panel D: Election Issues
Figure 2: Micro-data Evidence

We present the evidence from micro-data in Figure 2. We find that voters spend more time deliberating on elections when they are synchronized (Panel A), voters are less clear about objective functions for electing their representative for the two governments (Panel B). Additionally, we find that voters reduce the dimensionality of their choice by looking at political parties more than individual candidates (Panel C). Lastly, we find that voters are more ambiguous about the issue that matter the most for their choice of the vote (Panel D). These observations strengthen our claim that the cognitive challenges of choosing two candidates at once may not be a trivial constraint, especially in a parliamentary democracy where the elected representative matters to how the citizens voice their concerns to the state. And the objective function for the voter for the two elections is compromised with synchronized elections. Thus, we observe a rise in a simple solution of voting for the same political party during synchronized elections.

A critical reason for support to synchronized elections is the cost of holding elections. Holding elections on different days does have high electoral costs both for the governments to organize the elections and for the political parties to participate in them. The most recent General Election in India in 2019 cost Rs.5,000 crore or about 700 million USD.

Recurring elections not just imply more monetary cost but also the loss of governance time as politicians focus their time on campaigning and bureaucrats remain occupied with election work as opposed to implementing policies and public projects. The deployment of security forces away from their primary objective for electoral purposes also imposes further costs on the state. Lastly, the model code of conduct, it is claimed, affects public policy-making.

Such costs may reduce by holding synchronized elections had there been no impact on voter choice and decisions or on the real economic outcomes in India. Our results imply that a direct consequence of synchronized elections is synchronized representation. A growing body of work on political alignment provides mixed effects on real economic outcomes. Political alignment could increase the transfer of resources from the national government to subnational governments in India (Rao and Singh, 2003; Khemani, 2003). However, more recent work highlights that patronage networks and rent-seeking by local politicians may strengthen in politically aligned areas, leading to inferior public service quality. The development consequences of synchronized elections, therefore, are far from straightforward.

Our paper documents that when voters choose their representatives for Lok Sabha and the Vidhan Sabha matter to election outcomes. The administrative gains from synchronized elections, therefore, need to be weighed against benefits from voters evaluating different tiers of government without any overlapping ambiguity.



Vimal Balasubramaniam is researcher at Queen Mary University, London; Apurav Yash Bhatiya is researcher at University of Warwick, UK; and Sabyasachi Das is researcher at Ashoka University. This paper was presented at the APU-NIPFP workshop Strengthening the Republic, January 11, 2020.

Wednesday, February 19, 2020

Executive discretion in regulating private schools in India: Evidence from Delhi

by Bhuvana Anand, Jayana Bedi, Prashant Narang, Ritika Shah and Tarini Sudhakar.

Students in India are increasingly switching to private schools. For 2017, U-DISE data shows that nearly 40% of students are enrolled in private schools. However, the growth in private schools has been sluggish; between 2012 and 2015, annual growth for private schools hovered around 3% and in 2016, dropped to 1.71% (U-DISE 2016-17).

State education departments play a critical role in the governance of private schools. They write and apply rules, recognise schools, conduct inspections, impose penalties, and resolve disputes. Despite this, there is little to no evidence on how they carry out these functions and their impact on the growth and quality of these schools.

We studied three regulatory touchpoints between the state and private schools -- licensing, inspections and fee regulation -- for Delhi, in a recent paper: Challenges of executive discretion in the regulation of private schools, by Anand et. al., in Anatomy of K-12 governance in India, Centre for Civil Society, 2019.

We used government administrative data, field observations and analysis of the regulatory framework. On close examination, we found instances of excesses in executive discretion. While necessary to an extent, the misuse of discretion can negatively affect public welfare: in this case, school, students and parents.
Discretion in state education departments vis-a-vis private schools appeared in the following forms:

  1. Overreach in the making of rules;
  2. Ad-hoc and arbitrary rule-making;
  3. Poor procedural fidelity and administrative opacity; and
  4. Opaque, inconsistent and subjective exercise of punitive measures.

For example, consider the function of inspection. The Private School Branch of the Directorate of Education is supposed to inspect all private schools every year but only 60 schools are inspected in a year. As we reviewed the approach to the few inspections that do happen, we found that the method does not fulfil the spirit of the Delhi School Education Act and Rules (DSEAR) 1973. Rule 192 states that every inspection of a private school should be “as objective as possible”. The inspection proforma, however, is populated with measures and constructs that cannot be measured objectively. One such question is: did the teacher ask “thought-provoking” and “well-distributed” questions? Not surprisingly, the interpretation of these terms and the recorded answers vary across inspectors and schools (Figure 1). Besides, it is not clear how constructs such as “proper blackboard summary” link to the quality of education.




These inspections are also not typically followed by punitive action. DSEAR 1973 allows the Director to take any action against a non-compliant school but no school has been de-recognised in the last five years in Delhi. While officials cited the fear of student displacement, schools pointed out that they often bribe officials.

What drives this subjective/opaque application of punitive measures? What are the standards of quality? Do the standards adequately measure what they intend to do? What is the consequence of this on schools and quality of education? Where does a school go for appeal? Our research raises questions on the functioning of the state department—pertinent to any debate on education reform. We argue that there is a need for administrative reform and that the coercive power of government on private action ought to be within the constraints of law, guided discretion and due process.


The authors are researchers at the Centre from Civil Society. This paper was presented at the APU-NIPFP workshop Strengthening the Republic #1, January 11, 2020.

Tuesday, February 18, 2020

Applicability of the IBC to public sector enterprises: The case of Hindustan Antibiotics Ltd

by Sudipto Banerjee, Renuka Sane and Karthik Suresh.

Since the enactment of the Insolvency and Bankruptcy Code (IBC) in 2016, the National Companies Law Tribunal (NCLT) has been admitting insolvency cases against public sector enterprises (for example, the Tamil Nadu Generation and Distribution Co. Ltd., the Northern Power Distribution Co. Ltd.). A final resolution order was passed in the case of Burn Standard and Co. Ltd. while liquidation proceedings were ordered in the case of Hindustan Paper Co.Ltd. This suggests that the IBC was being used for resolving defaults by public sector enterprises (PSEs).

The case of Hindustan Antibiotics Ltd. (HAL) has led to uncertainty regarding the applicability of the IBC to PSEs. In this case, the NCLT could not arrive at a decision on the applicability of the IBC to HAL. The dispute was referred to a third member of the NCLT. In the meanwhile, HAL filed a writ petition before the Bombay High Court challenging the constitutional validity of the IBC insofar as it applies to government companies, which was admitted by the Court. This, in effect, has stayed the proceedings before the NCLT. The High Court will now decide on the question of whether the IBC applies to government companies.

This article revisits the dispute and examines the position of PSEs within the ambit of the IBC. It argues that creditors of PSEs (or PSEs themselves) should be able to access the IBC. Removing PSEs from the IBC's purview may lead to delays in resolution, and may close an important route which the government could use for disinvestment.

The dispute

Hindustan Antibiotics Ltd. (HAL) is a central PSE in the business of supplying affordable drugs and antibiotics. The company has been incurring losses since 1993-94. In March 1997, HAL was declared a sick company and placed under the Board for Industrial and Financial Reconstruction (BIFR) which approved a restructuring package in June 2007. However, the company's financial situation continued to deteriorate. In December 2016, the Union Cabinet stated that it will look at options for conducting a strategic sale of HAL, dispose of the surplus land and structure a voluntary retirement scheme (VRS) for its employees. As of January 2020, the strategic sale has not taken place. The company has been unable to pay the salaries of its employees on time.

As a consequence, employees of HAL have filed cases against the company for non payment of salaries and other dues before various courts. Three public sector banks have sent recovery notices to the company under the Securitisation and Reconstruction of Financial Assets and Enforcement of Securities Interest Act, 2002 (SARFAESI Act). Employees have also filed cases before the Controlling Authority under the Payment of Gratuity Act, 1972 for non payment of dues. Three operational creditors including Mr. Harish Pinge, an employee of HAL, filed cases under the IBC before the NCLT.

The impugned order of the NCLT is concerned with the petition filed by Harish Pinge. The company acknowledged the portion of Mr. Pinge's retirement dues but was unable to pay due to its financial condition. When Mr. Pinge approached the NCLT, the company took the view that IBC does not contemplate handling the insolvency resolution process of PSEs and hence the petition was not maintainable.

The NCLT's order

The judicial member took the view that HAL was a central PSE and thus an 'instrumentality of the state'. He held that even if the company is loss-making and is unable to pay its dues, it cannot be closed. This is because it would be unconstitutional for a tribunal to pass an order to close a PSE which is an instrument of the state itself. The relevant paragraph is extracted as follows:.

In view of the above findings, I am of the considered view that CIRP process cannot be initiated against an instrumentality of the state. To say these words I have made an attempt to lift the corporate veil of the Corporate Debtor to see who is behind the same and I found that it is none other than Govt. of India, in the name of President of India. Initiating CIRP process against the Corporate Debtor practically amounts to initiating CIRP process against the Govt. of India which is impermissible under the Constitution/Law. The law makers while enacting the IBC appears to have not envisaged such a situation otherwise they would have exempted Govt. Companies from the CIRP process as the application of the Code on the said Govt. Companies would create a chaos and defeat the very intent for which IBC is brought into existence. At the same time there is also another way looking at it and that is, there is no reason even to expressly exempt the Govt. Companies because it is an instrumentality of the state and de-horsing the corporate character and independent entity, there is everything to say that the Govt. Companies are an instrumentality of the state or rather we can say that there an alter ego of the state itself and the result of the same is that the IBC cannot interfere with the state owned undertakings. In view of the above the point No. (i) and (ii) are answered against the Petitioner as the Petitioner can have an alternate remedy in a civil court or by way of proceeding under Article 226 or 32 of the Constitution of India in an appropriate forum if so advised. (emphasis added)

The technical member held that all PSEs are liable to be subject to the CIRP as prescribed in the IBC in case of a default. He was of the view that PSEs are instruments of the state but the instrumentality argument cannot be used to negate the statutory right of a reditor. Only financial services providers are explicitly excluded from the definition of 'corporate debtor'. He observed that there are lacunae in the government's own process for restructuring PSEs after the closure of Bureau for Reconstruction of Public Sector Enterprises (BRPSE) in 2015 and suggested that adoption of the IBC process is in the best interest of the corporate debtor.

Since the members had disagreed with each other, the President of the NCLT referred the case to a third member in accordance with the Companies Act, 2013. While the proceedings were pending before the NCLT, the company filed a writ petition before the Bombay High Court.

Proceedings before the Bombay High Court

At the Bombay High Court, the petitioner argued that the provisions regarding the definition of 'corporate debtor', 'person' and the provisions which give financial and operational creditors the right to approach the NCLT in case of default are in direct conflict with a) the statutory provisions of Companies Act, 2013 and b) Article 14 of the Constitution of India as far as 'government companies' are concerned.

The High Court held that the NCLT is not the proper forum for deciding on questions of constitutionality. The court referred to the Supreme Court's decision in Hindustan Construction Co. Ltd. v. Union of India where it has was held that that statutory bodies (like National Highway Authority of India) are not limited in liability and are hence not covered in either the definition of 'corporate person' or 'person' under the IBC. The Bombay High Court said that it would look at whether this decision of the Supreme Court has any bearing on government companies as well. Consequently, it imposed a stay on the proceedings before the NCLT.

In the subsequent paragraphs we discuss why the IBC should be applied to government companies as well.

The IBC does not exclude PSEs

The HAL case seems to depend on the interpretation of 'corporate debtor'. Under the provisions of the IBC, 'corporate debtor' means a corporate person who owes a debt to any person. The definition of 'person' includes a company. Most PSEs are registered as government companies under the Companies Act, 2013 and are generally subject to its provisions and rules.

A similar argument was made by the solicitor general in the context of Hindustan Construction Co. Ltd. v. Union of Indiasupra). He admitted (para 58) that government companies are covered in the definition of 'corporate person' under section 3(7) of the IBC. The court did not make a clear pronouncement on this specific issue since the facts of the case were not primarily concerned with it. But we can presume that the solicitor general, being the statutory lawyer of the Union government, has stated the view of the government on the law.

There are specific provisions in the Companies Act, 2013 which exempt government companies from certain requirements. It is a settled principle of statutory interpretation that legislature speaks its mind by use of correct expression and unless there is ambiguity in law, the law has to be read in its literal sense. The literal reading of the provisions does not indicate exemption of PSEs from IBC.

Inference can also be drawn from the earlier legislation like Sick Industrial Companies (Special Provisions) Act, 1985 (SICA) where it was expressly mentioned that the definition of company did not include a government company. This was removed by an amendment in 1993. Further, the IBC substituted the provisions on revival of sick industrial companies and winding up given under the Companies Act, 2013.

The importance of the IBC to PSEs

There are several reasons that the case before the High Court is extremely important.

The IBC is a time bound process which helps preserves the value of the firm and improves recovery. The World Bank's Ease of Doing Business survey reflects this change --- the recovery rate per dollar has increased from 28.6 cents per dollar to 71.6 cents per dollar since the IBC was brought into force. The exclusion of PSEs from this process will be expensive to its creditors, which are often public sector banks. For instance, the report of the Lok Sabha Committee on Public Undertakings observed that for 2016-17, the losses of the top three loss making central PSEs i.e. Air India, BSNL and MTNL accounted for 55.66% of total losses among central PSEs. The annual reports of BSNL (2015-16), MTNL (2018-19) and Air India (2018-19) show that all of their term loans are from public sector banks, except Air India where there is only one private sector bank. Further, if a PSE defaults on its loan repayment, resolution under IBC can help in the process of disinvestment.

The Public Enterprises Survey (2017-18) showed that 71 central PSEs are loss making, out of which 56 showed negative net worth. It is likely that several PSEs may not have been able to service their debts to their financial or operational creditors. Until 2016, these companies were subject to the restructuring process under the BIFR. However, the process of closure has been far from satisfactory. For example, in 2011, the Comptroller and Auditor General of India (CAG) in its report on closure of PSEs stressed on the need of professional insolvency practitioners to ensure maximum value is obtained either from restructuring or closure of the central PSEs. The Public Enterprises Survey (2015-16) showed that BIFR had listed 18 central PSEs for winding up and closure. But as on July, 2019, only two of those companies were actually closed. In the event of a default by a sick company, the IBC can greatly expedite the process of closure.

Conclusion

Under the older laws governing insolvency, due to multiplicity of processes, the High Court often played the role of being the main forum for settlement of claims. We have already seen that the High Courts, acting as the company court, have demonstrated high rates of pendency. For instance, the Official Liquidator in the Bombay High Court reported that out of 1464 cases pending before the court, 739 have been pending for more than ten years. The IBC has been formulated as a complete code for insolvency laws with specified tribunals and an administrative machinery for its enforcement.

We believe that there is nothing in the IBC that precludes its use by PSEs. Using the IBC to resolve the financially insolvent and bankrupt PSEs in a time-bound manner will facilitate and may even help expedite the process of disinvestment by the government. It can also have implications for the policy concerning restructuring and closure of PSEs.

 

The authors are researchers at NIPFP. We thank an anonymous referee for useful comments.

Monday, January 27, 2020

Announcements

Researchers in technology policy

The National Institute of Public Finance and Policy (NIPFP) is looking to hire two researchers interested in the technology policy field, on a full-time basis. In the Technology Policy group at NIPFP, we aspire to carry out cutting edge research and analysis, develop novel ideas and insights, and contribute to policy debates and development of public knowledge on relevant technology policy issues.

While we work on a broad array of issues in the overall landscape of technology policy, at present, our work focuses primarily on telecom policy, privacy, data governance, AI, open source, RegTech, distributed ledger and crypto-currencies, and competition policy.

Some examples of our work in this field include:

  1. Smriti Parsheera, Adoption and regulation of facial recognition technologies in India: why and why not?, Data Governance Network Working Paper 05, December 2019.
  2. Rishab Bailey and Trishee Goyal, Fiduciary relationships as a means to protect privacy: Examining the use of the fiduciary concept in the draft Personal Data Protection Bill, 2018, Data Governance Network Working Paper 04, December 2019.
  3. Vrinda Bhandari and Renuka Sane, A Critique of the Aadhar Legal Framework, The National Law School of India Review, Vol. 31, Issue 1, July 2019.
  4. Rishab Bailey and Smriti Parsheera, Data localisation in India: Questioning the means and ends, October 2018.
  5. Rishab Bailey, Smriti Parsheera, Faiza Rahman and Renuka Sane, Disclosures in privacy policies: does "notice and consent" work?, NIPFP Working Paper No. 246, December 2018.
  6. Smriti Parsheera, Challenges of Competition and Regulation in the Telecom Sector, Economic and Political Weekly, Vol. 53, Issue 38, 22 September 2018.
  7. Rishab Bailey, Vrinda Bhandari, Smriti Parsheera and Faiza Rahman, Use of personal data by intelligence and law enforcement agencies, leap blog, August 2018.
  8. Devendra Damle and Shubho Roy, Estimating the impact of the draft drone regulations, March 2018.
  9. Smriti Parsheera, CCI's order against Google: infant steps or a coming-of-age moment?, leap blog, February 2018.
  10. Suyash Rai, Dhiraj Muttreja, Sudipto Banerjee and Mayank Mishra The Economics of Releasing the V-band and and E-band Spectrum in India, December 2017.
  11. Ajay Shah, Predatory pricing and the telecom sector, April 2017 and Smriti Parsheera, Building blocks of Jio's predatory pricing analysis, April 2017 on leap blog.
  12. Comments on the (Draft) Personal Data Protection Bill, 2018, October 2018 and Submissions to the Justice Srikrishna Committee's White Paper on Data Protection, January 2018.

NIPFP is an exciting workplace where you will be surrounded by interesting people.

The Technology Policy group is an inter-disciplinary team of engineering, law, economics, technology and policy professionals.

The remuneration will be commensurate with the candidate's experience and will be comparable with what is found in other research institutions.

Requirements:

  • You must have a Masters degree, two years of work experience and very strong written and spoken English.
  • You must have a background in science/engineering/technology, public economics or public policy.
  • You must be self-motivated and eager to contribute to public policy debates in the area of technology policy.
  • Keen and demonstrated knowledge in areas relating to the frontiers of science and technology is a must.

Interested candidates may send in their CV, along with a writing sample of upto 10 pages, to: lepg-recruitment@nipfp.org.in

Wednesday, January 15, 2020

Announcements

Centre for Civil Society (CCS) is looking for an Associate Director (Research) based in New Delhi to lead research initiatives on structural reforms in education, regulatory barriers to livelihoods and entrepreneurship, and quality of governance.

About Centre for Civil Society

CCS is an independent think tank based in New Delhi studying structural public policy challenges in India and advocating market-based reform ideas to solve these problems. Our work in education, livelihood, and policy training promotes choice and accountability across private and public sectors. To translate policy into practice, we engage with policy and opinion leaders through research, pilot projects and advocacy.

Over the last many years, CCS’ research team has built a reputation for shining light on the dark recesses of governance: collecting and analysing data through primary surveys, ethnographic studies, public datasets and administrative data, and RTI applications, compiling legal and legislative analysis; testing the validity of innovative governance tools through pilot projects; and proposing a redesign of existing regulatory frameworks.

Examples of our research outputs

  1. In 2019 we studied the regulatory interface between government and private schools by analysing administrative data on licensing, fee regulation and inspections to understand the challenges of starting and operating private schools in northern India.
  2. In 2019, we developed a quality of regulation checklist and are assembling a dataset to measure the volume and complexity of regulation across India.
  3. In 2018 we examined the ground realities of the ease of doing business effort at the state level in Delhi producing 7 distinct papers using a combination of primary surveys, time and motion studies and investigative journalism.
  4. To test if the government was living up to its promise of including street vendors in urban planning and governance, we conducted a deep study of the implementation of the Street Vendors Act in 2017 and 2019 using case law analysis, analysis of state-level data and stakeholder interviews.
  5. We have conducted multiple pilot projects to test the design and application of vouchers for school and skill education, inclusive education using 25% RTE reserved seats, school quality improvement mechanisms etc.
  6. Over the years, we have produced over 150 research papers on the challenges facing micro, small and medium entrepreneurs and issues in education governance using observational studies and primary data collection.

Role profile

The Associate Director (Research) will lead data-driven research initiatives and deliver different types of research output. She will lead and manage high-quality teams oriented towards delivery and impact. She will partner with our advocacy team to effectively disseminate outputs from our research to elected representatives, policymakers, media and other important stakeholders. She will also write funding proposals and manage commitments to donors.

Researchers at CCS have sharp analytical and critical thinking abilities, and curiosity about the interplay between government, citizens, markets and civil society. An ideal team member is energetic, proactive, able to work independently and collaboratively as needed, and possesses both integrity and the humility to seek advice when needed.

Key responsibilities

  • Execute research agenda on education reforms and regulatory barriers to entrepreneurship:
    • Identify knowledge gaps and develop research questions/projects.
    • Ensure research is carried out within defined timelines across multiple projects including:
      • Directing research design and overseeing the implementation.
      • Quality assurance of data collection and analysis.
      • Building relationships with external service providers and researchers.
      • Troubleshooting.
    • Build a journal publication pipeline and ensure research output meets the rigour and relevance for publication in leading journals.
    • Write opinion pieces and commentaries on research undertaken and contemporary issues for newspapers, journals and other relevant publications.
    • Supervise managers/senior managers and associates on particular initiatives.
  • Represent CCS in external forums and present research outputs

Candidate qualifications


Experience and Education

  • At least an MA/MSc in Economics/Statistics/Political Science/Political Economy/Public Policy (PhD is a bonus).
  • 10-12 years of experience:
    • At least 5 years in a research role with a think tank or research institution.
    • At least 5 years of experience managing teams and leading projects.
    • Ability to develop and oversee project budgets, set priorities, plan timelines and meet deadlines, and hire and manage teams.
  • Proficiency and experience in at least three of the following research skills:
    • Running primary surveys (questionnaire design), response coding, and analysis of quantitative responses.
    • Working with datasets (eg. NSSO, CMIE’s household data or Government of India’s U-DISE raw data)
    • Working with government administrative data (IT system logs, inspection reports, grievance logs, etc)
    • Conducting case studies, using ethnographic research methods.
  • Proficiency in using R and LaTex (Python programming skills are a bonus)
  • Should have published reports, and op-eds and in recognised journal(s) on issues relating to structural reforms, governance, education, and/or doing business in India.

Skills

  • Analyzing complex qualitative and quantitative data, crafting possible solutions, and recommending actions.
  • Knowledge of a wide range of research methodologies and techniques, including qualitative and quantitative approaches.
  • Proficiency in high-quality succinct error-free writing in English.
  • Networking with leading researchers in India and around the world.
  • Communicating research content effectively, both orally and in writing, in English, to government partners, policy influencers, team members, researchers, partner organisations and donors.
  • Processing vast amounts of information and generating useful insights quickly and
  • Up to date knowledge of the Indian policy process and political landscape.

Application

Candidates who are qualified should apply using this link. Applicants must attach an updated CV, a cover letter, at least 2 publications (solo or co-authored), and 2 references. Selected candidates will be called for interviews. Qualified candidates should apply on this link.

Monday, January 13, 2020

Fiduciary relationships as a means to protect privacy: Examining the use of the fiduciary concept in the draft Personal Data Protection Bill, 2019

by Rishab Bailey and Trishee Goyal.

The Justice Srikrishna Committee Report of August 2018 (the "Report") introduces the concept of a fiduciary relationship into privacy jurisprudence in India by categorising data processing entities as "data fiduciaries" and individuals as "data principals". The draft Personal Data Protection Bill, 2019 (the "PDP Bill") attempts to operationalise the concept by establishing various rights of data principals and associated obligations on data fiduciaries.

The idea of using the fiduciary concept to protect an individual's privacy rights is not new - traditional fiduciary relationships such as that between a doctor and patient or a lawyer and client, do recognise duties of confidentiality. However, the PDP Bill is one of the first attempts to use the fiduciary framing as a basis for a generic data protection law.

In this context, in a recently released paper, we examine whether and how the fiduciary framing is suitable to develop a generic privacy framework and whether this provides individuals any protections over and above typically seen notice and consent regimes. In particular, we examine:

  1. Whether all data processing entities are in fiduciary relationships with individuals (and therefore whether the fiduciary concept works as the basis for a generic data protection law)?
  2. Whether, in theory, the use of the fiduciary concept can adequately protect an individual's privacy rights?
  3. Whether the obligations imposed by the PDP Bill are similar to the duties expected of traditional fiduciaries?
  4. Whether the fiduciary framing in the PDP Bill has any practical effect?

Before beginning to answer the above questions however, it is relevant to briefly explain what is meant by a `fiduciary relationship'. A fiduciary relationship is one characterised by a high degree of vulnerability between the parties, despite which the weaker party is required to impose trust or confidence in the other (Miller, 2014; Rotman, 2011). In order to protect the beneficiary in such a relationship, the law casts a series of onerous obligations on the more powerful party in the relationship, including importantly, the duties of loyalty and care (Frankel, 2011). This implies that the fiduciary is required to:

  • Ensure that it acts so as to protect or advance the interests of the beneficiary, or to act for the benefit of the beneficiary (Aditya Bandopadhyay, 2011; Jayantilal Mistry, 2015; Treesa Irish, 2010.) The fiduciary cannot normally put itself in a position that may be seen as conflicting with the interests of the beneficiary.
  • Put in reasonable skill (in accordance with general sectoral practice) while handling the affairs of the beneficiary.

The exact formulation of these duties varies depending on the nature of the relationship at hand and the vulnerabilities therein (though the beneficiary's interests must be placed before that of the fiduciary). For instance, trust law appears to cast more onerous duties and limits the fiduciary’s powers in more ways than company law. Often beneficiary’s in a trust relationship will not have any ability to comprehend risks or give proper consent (as may be the case where the beneficiary is a minor). The law therefore puts in place greater protections for a beneficiary of a trust vis-a-vis the trustee - for instance, Section 53 of the Trusts Act, 1882, permits the trustee to purchase the interest of a beneficiary only once a court is satisfied that the transaction is "manifestly to the advantage" of the beneficiary. In the company law context however the law generally recognises that if sufficient disclosures are made, shareholders and other stakeholders can act to protect the company against the erring director.

Are data processing entities in fiduciary relationships with their users?

Indian law requires a fairly high standard of vulnerability/power differential to be met before a relationship can qualify as "fiduciary". Courts have in fact held that relationships where there is no significant power differential are not fiduciary despite the exchange of confidential information therein. There is a catena of case law that holds for instance, that relationships of service provision are not fiduciary in nature, that situations where information is provided under a legal obligation are not covered under fiduciary relationships, that examination authorities are not fiduciaries qua students, that the chief justice is is not a fiduciary qua puisne judges of the Supreme Court, that banks are not fiduciary's to their clients and that the central bank is not a fiduciary qua other banks (Canbank Financial Services, 2004; Aditya Bandopadhyay, 2011; Jayantilal Mistry, 2015; BPSC, 2012; Subhash Chandra Aggarwal, 2010; Naresh Trehan, 2014; Shri Rakesh Kumar Gupta, 2011).

This appears to indicate that the use of a fiduciary framing may not be suitable to cover the breadth of situations that a generic data protection law may need to cover. Many relationships of information exchange that would not qualify as fiduciary could nevertheless require some form of regulation (however light-touch) in order to protect individual autonomy and privacy. For example, the European General Data Protection Regulation (GDPR) applies in certain contexts to processing even by individuals.

On the other hand, Indian courts have in a few instances, allowed separation of fiduciary parts of a relationship from other parts thereof (Union of India, 2009; Canbank Financial Services, 2004). This could imply that a relationship not normally fiduciary in nature, could possibly be considered as such, only with respect to the transfer of information and the expectation of trust created thereby.

Overall, it appears that large data processing entities can certainly be in a position of power with respect to users by virtue of the information that users have to provide to them. Users do tend to expect their data to be used in certain limited ways, and in any event, not to disadvantage them or cause them harm (Punia, Kulkarni, Narayan, 2019). The power enjoyed by these entities can be unilaterally exercised so as to affect the rights and interests of the user (in the form of disclosure, acting on the basis of user profiling, etc.) and there is a social need for protection of user interests in such cases. The information asymmetry in such relationships, in addition to other issues such as the technical and structural concerns of the digital ecosystem, also make it difficult for users to either rely on contract, consumer protection or tort law, etc. to seek remedies. The information asymmetries problem in particular limits the abilities of users to act as autonomous and informed agents while contracting or indeed seeking remedies. The fiduciary concept could therefore prove useful in protecting user rights in the digital ecosystem.

Some, if not many relationships that involve processing of personal data, would not normally fall within the scope of the fiduciary concept. That said, statute could deem certain relationships as being akin to fiduciary relationships, and thereby bring within its scope all necessary actors in the digital ecosystem. Duties can then be imposed that are similar to those in a fiduciary relationship should this be felt necessary to solve a particular social problem. Whether such a relationship can continue to be called "fiduciary" however, is another issue.

Can the concept ensure a sufficient standard of rights protection?

While the breadth of the information fiduciary concept may be narrow in so far as its coverage of relevant entities is concerned, it does permit itself to expansion both in the scope of duties that could be made applicable to entities and indeed the scope of the data that forms the basis for the relationship.

The imposition of a high duty of loyalty and care for instance, could lead to a high standard of rights protection by ensuring that data processing entities can only use data for the benefit or to maximise the gains to the individual concerned. This could mean, for instance, that practices aimed at manipulating individuals based on profiles created using their personal data would no longer be permitted (Dobkins, 2018). Similarly, discriminatory practices that result from an analysis of personal data could also be prohibted (Dobkins, 2018). In fact, it is possible to argue that any monetisation of user data could be prohibited using this concept to the fullest (Balkin, 2016).

The use of the fiduciary concept could also mean that obligations will be imposed irrespective of contractual terms between the parties. The duty of care requirement in a fiduciary relationship could be interpreted to imply security and other related obligations on data processing entities.

Further, the fiduciary concept does not have to be restricted merely to protect "personal data" (i.e. data that relates to or identifies an individual) but can cover all types of data that are exchanged in a unequal relationship, with an attendant expectation of confidentiality (i.e. the data should not be publicly known information). Therefore, the concept could also be used to cast obligations qua the usage of non-personal data gleaned from a user, as well as non-personal data derived from personal data of a user. This has in fact been attempted in two draft American laws - New York's Privacy Act and the federal Data Care Act. Notably, these laws specifically deem data processing entities as fiduciaries thereby requiring them to place their user's interests ahead of their own, and avoid acting in a manner that could be considered unexpected or offensive to a reasonable user. In this context, it is interesting to note the draft PDP Bill does in fact attempt to cover even "inferred" data within its ambit - i.e. information that is gleaned from analysing personal information.

That said, there remain questions as to the efficacy of the concept in protecting privacy rights.

First, commentators have pointed to the dissonance in treating service providers as fiduciaries at all. This is on grounds that the business models of many digital service providers, being based on monetizing user data, can never be squared with the fiduciary concept, which involves the fiduciary placing its interests second to that of the beneficiary (Khan and Pozen, 2018).

While undoubtedly true that fiduciary law requires the interests of the beneficiary to be given precedence over that of the fiduciary, it is worth noting that fiduciary law does recognise multiple standards of the duty of loyalty - based on the asymmetry or vulnerability at hand, the nature of the relationship, the ability of the beneficiary to understand the risks involved, and so on. It does not therefore appear inconceivable for the concept to be made workable. Even implementing a 'best interest' or 'benefit' based framing of obligations may not necessarily lead to a complete bar on targeted advertising or monetisation of user data (though certainly some existing business models may need to be changed).

Second, it is argued that existing law (in the US) - whether in contract or consumer protection law - already requires companies to adhere to standards of fair dealing and good faith and restrains them from acting as con-men (Khan and Pozen, 2018). While existing law does indeed give consumers some remedies against privacy invasive practices, the standard of care and the range of rights/obligations in Indian contract and consumer protection law are significantly limited. Though Indian contract law does prevent fraudulent behaviour, it does not include an express "good faith" requirement as US law does. Indian law only requires insurance contracts to be entered into in "utmost good faith", which entails disclosure of all material facts (Makkar, 2018; Law Commission of India, 2006). Indian consumer protection law too only protects consumers from certain limited harms such as those defined as "unfair trade practices". The recognition of a fiduciary standard can therefore improve rights protection in India by raising the standards of care from that in existing law.

Third, the fiduciary concept applies to information provided in private settings and with an expectation of privacy at the time it is provided. The reliance of the concept on the expectations of users as a standard to gauge the validity of practices can be problematic. It has been argued for instance, that use of this concept lacks any independent normative standard and therefore does not adequately protect privacy rights (Crowther, 2012; Schneir, 2009). Balkin himself notes that the standard he proposes would require users to factor the monetisation of their data into account (Balkin, 2016). This may not be possible for all users.

Given that the concept only applies to data exchanged in private settings, an individual's privacy rights over data can end if voluntarily placed in the public domain at any point of time. However, data protection regimes such as the GDPR continue to recognise certain individual rights over personal data even once made public - for instance, by recognising a right to forget.

Fourth, concerns about the workability of the notice-consent framework as a means to overcome information asymmetry issues remain. As Khan and Pozen point out, the nature of information asymmetry in the digital ecosystem is of a significant order (Khan and Pozen, 2018). It could therefore be argued, that just as trust relationships often do not permit the beneficiary to consent to certain harmful acts (say where incompetent to contract, or where the risk of harm is significant as in the case of a beneficiary's interest being bought by the trustee) there is a need for higher standards of care to be imposed.

Are the obligations under the PDP Bill "fiduciary obligations"?

At the outset, its important to note that the nature and scope of obligations contained in the PDP Bill are indeed broadly similar to those imposed in the fiduciary relationships we have studied (trustee-beneficiary relationships, doctor-patient relationships and company-director relationships). The mechanisms used by the PDP Bill to address the agency problem can be summarised under five broad heads as below:

  • Limitations on the authority/ability of the data fiduciary to act without knowledge of the data principal: Provisions pertaining to purpose limitation, limitations on data collection and storage, informed consent as the primary ground for processing data, right to correct data, etc.
  • Duty of loyalty and care: Requirement for fair and reasonable processing, obligations to secure data and implement privacy by design measures, requirement to ensure obligations flow with the data, etc.
  • Reduction of information asymmetry: Provisions pertaining to notice, high standards of consent, right to access and correct data, transparency (record keeping and disclosure) and accountability related provisions such as requirement to provide various types of information pertaining to the processing to the data principal, conduct data audits, have a data trust score for certain entities, requirement of data breach notification, etc.
  • Standard of care: A reasonable and proportionate standard of care is required by the PDP Bill. Obligations are scaled based on the risks of any particular processing practice, as well as the type of personal data concerned and the nature of entities involved. Notably, greater obligations are imposed on significant data fiduciaries and guardian data fiduciaries.
  • Remedies: Data principals can approach the data fiduciary and then adjudicatory forums for breach of the duties cast on data fiduciaries by the law. Mere breach of the obligations under the law can lead to penal action. The penalties that the draft law imposes are fairly stringent.

However, it must be kept in mind that the PDP Bill imposes a low standard of loyalty. By requiring the data fiduciary to inform the data principal of relevant processing practices, by ensuring purpose limitation, and making it mandatory for processing to be fair and reasonable, the legislation appears to impose a "good faith" standard. Such a standard does not appear to be entirely inconsistent with the fiduciary concept, being similar to the interpretation of fiduciary duties in the context of Indian company law, though it does not offer the same level of protection as the duties cast on trustees.

There is no general requirement in the PDP Bill for the data fiduciary to act in the user's interests, for their benefit or to avoid acting in a manner detrimental to the user. This can be contrasted to the Indian law pertaining to directors, doctors and particularly trusts, which all contain provisions specifically limiting the ability of a fiduciary to act in their own interests or against that of the beneficiary. "Predictability" of processing - which is what the draft law aims at - is not synonymous with processing in the data principal's interests of for its benefit.

Though the Report repeatedly recognises the need for data fiduciaries to act in the "best interests" of the user, this standard is not explicitly included in the law with the general standard applied in the PDP Bill only requiring data fiduciaries to act in a bona fide, diligent and reasonable manner. Notably, the PDP Bill itself uses the phrase "best interest" only once - in the context of protection of children's data.

A lower standard is generally used where it is easier to overcome information asymmetry problems or where social norms otherwise dictate the need to do so (Langbein, 2005). Accordingly, the low standard used in the draft law can be traced to the Justice Srikrishna Committee aiming to balance business and individual interests. It is unclear if this is a sufficient standard of rights protection in the data protection context in view of the various consent related problems in the digital ecosystem and the vast information asymmetries present in a country like India (Punia, Kulkarni, Narayan, 2019; Bailey et all, 2018; Matthan, 2017).

On the other hand, by imposing such a standard, the law puts the onus on individuals to take charge of and actively seek to protect their privacy rights (as opposed to being viewed through paternalistic eyes). Further, the safeguard of the data protection authority being able to step in and prohibit/seek modification of any particularly problematic practice acts as a check on the most pernicious practices of large data processing entities. However, relying on the data protection authority to ban pernicious practices is not the same as requiring the data fiduciary to act in the interests of or for the benefit of the data principal. Empowering the authority in this manner appears to detract from the fiduciary concept in that it enables ex-ante decision making by an executive authority, rather than enabling practices to be adjudicated as being in consonance with (or in breach of) fiduciary obligations by an adjudicatory authority.

In traditional fiduciary relationships informed consent can be used to reduce/waive the obligations on the more powerful entity. However, the law also imposes various safeguards to prevent against abuse. These usually take the form of specific disclosures, and in cases where consent is deemed impossible or insufficient, as in the case with minors in the context of trusts, courts are permitted to step in and act in their interests. The draft law does not specifically circumscribe the ability of the individual to consent to activities that may not necessarily be in his or her interest. This is not per se against the fiduciary concept, though, both academics and courts appear to be hesitant about recognising the entirety of a fiduciary relationship to be voluntary/subject to contractual waivers (Leslie, 2005; Union of India, 2009).

Overall, it can be seen that the PDP Bill does indeed implement duties akin to that in traditional fiduciary relationships. The duties in the draft law do try and ensure that the data fiduciary processes data in accordance with expectations of the data principal / that the data principal is aware of the processing taking place and its effects i.e. that the agency problem in the relationship is reduced.

However, the scope of some of these duties and the standard set by them are not as high as seen in cases of traditional fiduciary relationships such as trusts. One may question whether the standard used in the draft law is appropriate in the privacy context, given the extent of vulnerability in many relationships of information exchange particularly in the digital ecosystem. The difficulty for individuals in comprehending privacy risks, even when complete disclosures are made, may in fact mean that a standard closer to that used in trustee-beneficiary relationships may have been more suitable (this is also the logic behind the concept of 'data trusts' which are increasingly being spoken of as an alternative model of data governance). Further, the nature of exemptions under the draft law, particularly in the context of processing by the State and by employers appears to go against the use of the fiduciary framing in the law. There is a significant power differential in citizen-state and employee-employer relationships, which can only be exacerbated by unchecked processing of personal data.

Why use the fiduciary concept? Does it have a practical effect?

The Srikrishna Committee chooses to utilise the fiduciary framing as the basis for the draft PDP Bill, 2018, in view of the perceived vulnerability of users to data processing entities and the apparent ability of the concept to balance rights protection with business interests. The concept is said to preserve autonomy of individuals while still enabling rights protection.

Given India's constitutional framework does not necessitate a fiduciary framing to avoid constitutional restrictions (as is apparently the case in the US - due to the high standard of constitutional protection for speech rights), it makes sense to use the fiduciary framing if the concept would allow novel data protection related obligations to be imposed.

However, a summary analysis of the draft PDP Bill, 2019, with the GDPR indicates that the two laws are largely similar in terms of the nature of obligations imposed (though the exact scope/contours of the obligations are different based on the specific language used in the laws). Both use largely notice and consent based models to protect user privacy (though this is enhanced and contains safeguards that are not normally present in contract law). Both regimes attempt to ensure individuals are informed of processing activities and that individuals are given control of their personal data not least through principles of purpose limitation, high standard of consent, detailed notice requirements, provisions aimed at reducing information asymmetry, etc.

In addition, it must be remembered that the use of the term "data fiduciary" in the draft law does not in itself imply that the high standards that come with fiduciary obligations are being imposed on all data processing entities. The definitions section in the PDP Bill is not a deeming provision (unlike the definitions provisions in the two US laws referenced previously). The entities that come within the definition in the law would be subject to the (fiduciary like) obligations provided in the PDP Bill itself but would not necessarily be required to adhere to the obligations or standards typically imposed on fiduciaries (for instance, under Section 88 of the Trusts Act).

The use of the phrase "data fiduciary" is largely meaningless from a purely legal perspective. What it does achieve is in terms of its symbolic and signalling value to courts, the general public and businesses.

One may speculate that this could be an important reason in choosing to use the fiduciary concept in the draft law. It is not impossible to imagine that the PDP Bill uses the fiduciary concept to cast the illusion of crafting a new, user-centric privacy framework, without actually changing too much from notice and consent based regimes. The fiduciary concept is something that is used in many legal contexts and is a term that people are familiar with (even if the nuances of this relationship are not very well understood). Doctors, guardians and other such fiduciaries are commonly expected to act in their beneficiary's interests / display a high standard of loyalty towards them. Use of the phrase "data fiduciary" may well lead people to assume or expect that the PDP Bill also imposes such a high standard of loyalty on data processing entities. Use of the terminology could therefore make the Bill more palatable to civil society which craves greater standards of rights protection, thereby making it easier to "sell" the legislation to the general public amongst other stakeholders. The motivation for using the fiduciary concept could also be the need to differentiate the PDP Bill from laws such as the GDPR, particularly in view of the Srikrishna Committee's self-imposed mandate to find a "fourth path" to data protection.

Conclusion

The use of the fiduciary concept to enable data protection is an interesting method used to justify regulation of privacy harming practices in the US constitutional scheme. The application of the fiduciary concept to the data protection context prima facie appears a feasible way to protect user rights due to the duties of care and loyalty expected of fiduciaries.

However, the concept also suffers from certain infirmities. Notably, all data processing entities may not be in fiduciary relationships with individuals. Due to the focus on balancing state, business and data protection interests, the PDP Bill does not confer as high a standard of loyalty and care as may be normally expected in a fiduciary relationship (and in this respect, departs from the discussion in the Report). Unlike the law in the case of doctors, company directors, and particularly trusts, there is no general requirement for fiduciaries to act in the beneficiary's interest or to their benefit (except in the context of children).

Data processing entities will be required to comply with standards of good faith and reasonableness that are akin to the "fair dealing" standards found in contract law in many jurisdictions. This standard is higher than that under current Indian contract and consumer protection law, but is similar to requirements in the insurance industry. Fiduciaries will have to make all material disclosures, and act in accordance with generally accepted industry standards. Practices such as targeted advertising, tracking, etc., will not per se be barred except where children are involved (or where the data protection authority believes that such practices are likely to harm individuals and therefore bars them). The powers granted to the data protection authority to bar certain practices, while possibly useful given the low standards of loyalty cast on fiduciaries, also implies that decisions regarding permitted practices will be made by executive authorities rather than adjudicatory authorities. These issues detract from the fiduciary character sought to be established by the draft law.

But the draft law does, to an extent, meet the aim of preserving autonomy i.e. decision making power of individuals, and reducing inequality in bargaining power. This is primarily done by subjecting data processing entities to strict consent related requirements including by specifying (high) standards for notice and ensuring that consent must be granular. The provisions related to information disclosure, limited data collection, deletion, purpose limitation, data audits and privacy impact assessments, etc., are also vital in reducing the agency problem in the relationship.

However, the same ends could be achieved without using the fiduciary concept at all - as is done in the case of the GDPR. One may speculate that the use of the terminology could be necessitated by the need to differentiate the PDP Bill from the GDPR, or to take an uncharitable view, to make it appear that the law contains a higher standard of rights protection than it actually does.

References

Frankel, 1983:Tamar Frankel, Fiduciary Law, California Law Review, Vol 71, Issue 3, 1983.

Rotman, 2011: Leonard I Rotman, Fiduciary Law's "Holy Grail": Reconciling theory and practice in fiduciary jurisprudence, Boston University Law Review, Vol. 91, Issue 3, 2011.

Sitkoff, 2011: Robert H Sitkoff, An Economic Theory of Fiduciary Law, in Philosophical Foundations of Fiduciary Law, Andrew S Gold and Paul B Miller (eds.), Oxford University Press, 2014.

Langbein, 2005: John H Langbein, Questioning the Trust Law Duty of Loyalty: Sole Interest or Best Interest?, Yale Law Journal, Vole. 114, Issue 1, 2005.

Aditya Bandopadhyay: Central Board of Secondary Education and Anr. v. Aditya Bandopadhyay and Ors., (2011) 8 SCC 497.

Jayantilal Mistry, 2015: Reserve Bank of India v. Jayantilal N Mistry, TC (C) 91/2015, Supreme Court, 2015.

Treesa Irish, 2010: Treesa Irish w/o Milton Lopez v. Central Information Commission and Ors., ILR 2010 (3) Ker 892.

Miller, 2014: Paul B Miller, The Fiduciary Relationship, in Philosophical Foundations of Fiduciary Law, Andrew S Gold and Paul B Miller (eds.), Oxford University Press, 2014.

Frankel, 2011: Tamar Frankel, Fiduciary Law, Oxford University Press, 2011.

Khan and Pozen, 2018: Lina Khan and David Pozen, A Skeptical View of Information Fiduciaries, Harvard Law Review, Vol 133, 2019.

Gellman and Adler-Bell, 2017: Barton Gellman and Sam Adler-Bell, The Disparate Impact of Surveillance, The Century Foundation, 2017.

Crowther, 2012: Brandon T Crowther, (Un)Reasonable expectation of digital privacy, BYU Law Review, Vol. 2012, Issue 1, 2012.

Schneir, 2009: Bruce Schneir, Its time to drop the `expectation of privacy' test, Wired, 2009.

Makkar, 2018: Angad Singh Makkar, Doctrine of Good Faith and Fair Dealing: Lacuna in Indian Contract Law, IndiaCorpLaw, 2018.

Law Commission of India, 2006: Law Commission of India, Unfair (procedural and substantive) terms in contract, 199th Report of the Law Commission of India, 2006.

Punia, Kulkarni, Narayan, 2019: Swati Punia, Amol Kulkarni and Sidharth Narayan, User's perspectives on privacy and data protection, CUTS International, 2019.

Canbank Financial Services, 2004: Canbank Financial Services Ltd. v. Custodian and Ors., (2004) 8 SCC 355.

BPSC, 2012: Bihar Public Service Commission vs. Saiyed Hussain Abbas Rizwi and Ors., (2012) 13 SCC 61.

Subhash Chandra Aggarwal, 2010: Secretary General, Supreme Court of India v. Subhash Chandra Agarwal, AIR 2012 Del. 159.

Naresh Trehan, 2014: Naresh Trehan vs. Rakesh Kumar Gupta, WP (C) No. 85/2010, Delhi High Court, 2014.

Shri Rakesh Kumar Gupta , 2011: Shri Rakesh Kumar Gupta vs. The Central Public Information Officer and The Appellate Authority, Director of Income Tax (Intelligence), CIC/DS/A/2011/001128, CIC, 2011.

Union of India, 2009: Union of India v. Central Information Commission, WP (C) No. 8396/2009, Delhi High Court, 2009.

Pullen, 2007: Berkeley Community Villages Ltd and Anr. v Pullen and Ors., [2007] EWHC 1330 (Ch).

Dobkin, 2018: Ariel Dobkin, Information Fiduciaries in Practice: Data Privacy and User Expectations, Berkeley Technology Law Journal, Vol. 33:1, 2018.

Balkin, 2014: Jack M Balkin, Information Fiduciaries in the Digital Age, Balkinization blog, 2014.

Balkin, 2016: Jack M Balkin, Information fiduciaries and the first amendment, UC Davis Law Review, Vol, 49, Issue 4, 2016.

Balkin and Zittrain, 2016: Jack M Balkin and Jonathan Zittrain, A Grand Bargain to Make Tech Companies Trustworthy, The Atlantic, 2016.

Leslie, 2005: Melanie Leslie, Trusting Trustees: Fiduciary Duties and the Limits of Default Rules, Georgetown Law Journal, Vol. 94, Issue 1, 2005.

Bailey et all, 2018: Rishab Bailey, Smriti Parsheera, Faiza Rahman and Renuka Sane, Disclosures in privacy policies: Does notice and consent work?, NIPFP Working Paper No. 246, 2018.

Matthan, 2017: Rahul Matthan, Beyond Consent: A New Paradigm for Data Protection, Takshashila Discussion Document, 2017.