Responsible Technology in a Digital Society:A report on Sector Evolution & Opportunities for funders

Responsible

Technology in a Digital Society

A REPORT ON SECTOR EVOLUTION & OPPORTUNITIES FOR FUNDERS

Executive Summary

The increase in smartphone and internet penetration over the past few years has led to the advent of a new digital society in India, transforming the lives of individuals and their daily interactions with communities, markets, and governments. This has enhanced their access to employment, affordable and personalised products, and state-provided welfare and public services.

However, there are trade-offs that every Indian makes when they interact with technology. In pursuit of its benefits, individuals also become vulnerable to risks arising from these very interactions. For instance, convenient access to personalised services comes at the cost of sharing personal data, and using social media often exposes users to online harassment.

A safe & inclusive digital society is one where individuals are able to reap the benefits of technology, and face minimal harms from its risks. While, there has been considerable focus on ‘Technology for Good’, or leveraging technology to enhance access to employment and services, the recognition and focus on mitigating its harms, or ‘Responsible Technology’, is lagging behind.

As part of the Digital Society initiative, Omidyar Network India has been investing in the development of a thriving Responsible Technology ecosystem. This report reviews how the sector has evolved over the last six years, highlights key enablers of progress, and identifies opportunities for funders and entrepreneurs to drive the sector forward.

We describe the evolution of innovation in the Responsible Technology space across a spectrum starting from recognising and forging a common understanding of the risks and harms, to building consensus on solutions, and finally, scaling up these solutions. We describe this journey through a five-stage framework - ‘Latent’, ‘Nascent’, ‘Emerging’, ‘Mainstream’, and ‘Transformed’.

touchpoints

Inherent in the digital interactions of individuals with the three spheres of society – communities, markets and governments – are nine material risks. In the ‘community’ sphere, users are exposed to misinformation, online harassment and negative impact on mental wellbeing; in the ‘markets’ sphere users are vulnerable to fraud, unauthorised collection and use of data, monopolisation and poor social security benefits; and in the ‘government’ sphere, the use of emerging technologies has raised concerns of exclusion and surveillance.

The sector has made significant strides in addressing these concerns

The sector has moved from being at the ‘Nascent’ stage six years ago, when there were just early discussions among experts, to being between ‘Emerging’ and ‘Mainstream’ stage now, where there is recognition and awareness of these risks, as well as the emergence of solutions. This can be seen in the growing consumer preference for responsible technology products and enhanced policy interest (e.g., DPDP Bill 2022, Intermediary Guidelines etc.).

While we have made steady progress on some areas in need of safeguards, others remain unaddressed

Out of the nine potential risks or harms identified, four stand at the ‘Mainstream’ stage, i.e., there is broad consensus & recognition, and effective solutions and safeguards are being worked upon. For example, when it comes to unauthorised collection and use of data, there has been a fair amount of focus on personal data protection legislation; this has helped drive recognition of privacy as an area of innovation and led to the development of tech-led solutions for data minimisation, and security threat detection.

Four potential risks stand at the ‘Emerging’ stage. For these, there is a growing awareness amongst key decision-makers and mainstream media, but there are few solutions. For instance, there is a growing body of evidence on the negative impact of smartphone use on mental health (e.g., addiction, body shaming, anxiety, depression). However, there are limited solutions that offer safeguards to an individual.

Finally, one risk, surveillance due to emerging technologies, was found to be at the ‘Nascent’ stage. It is currently being discussed among experts and, seemingly, a complete understanding of it is yet to reach a wider audience.

This progress has been spurred by a range of developments, and catalysed by an array of organisations

India has a thriving ecosystem of stakeholders including governments, businesses, the legal ecosystem, media, civil society, and funders, who are working actively to develop the space of Responsible Technology. Over the years, multiple solutions have been designed and implemented, some of which have seen visible impact while others have helped in building the capacity of the overall system.

In some cases, high-profile manifestations of potential risks and harms, grassroots campaigns, and media attention have helped enhance user awareness. Big FM’s Zindagi Mobile radio campaign to build awareness of users on vulnerabilities arising from technology led to a greater privacy consciousness among listeners, and more careful online behaviour, such as checking the veracity of information before forwarding it.

In other cases, large-scale empirical research studies have helped inform policy decisions. For instance, Dalberg’s State of Aadhaar report helped highlight how vulnerable populations found it difficult to access Aadhaar, leading UIDAI to include transgender and homeless populations as a ‘priority population’ for enrolment drives.

Further, civil society engagements with government and global trends have helped drive regulations and spur the development of private sector solutions. For example, IT for Change’s pioneering of ‘community data’ as a concept opened up a new paradigm for data ownership and management and helped shape the MeitY constituted expert committee report on NonPersonal Data Governance Framework.

The report has identified nine potential areas of vulnerability or risks, across different technology

So how can funders help continue to drive this ongoing progress?

The report recommends the use of a ‘multi-tool’ approach to creating sustained impact, based on the level of awareness, presence of regulations and maturity of solutions available.

The potential risks and harms in the ‘Nascent’ and ‘Latent’ stages can benefit from developing a vocabulary to articulate these challenges and building a community of actors who can discuss and help build awareness, and understanding amongst stakeholders. For example, for online harassment, while there is widespread recognition, creating a shared regulatory vocabulary to categorize content will help authorities understand and address grievances. Another example is supporting research to understand the potential and impact of emerging technologies (such as facial recognition) on data protection and privacy, to enable integration of relevant safeguards in deployment of these technologies.

Those in ‘Emerging’ stage require a mix of building consensus through large-scale empirical research that supports a data-driven discourse, direct policy engagement with the government to build their capacity, and engaging campaigns to drive user awareness. For example, supporting policy dialogues to strengthen competition regulation, associated public institutions and safeguards can help combat market concentration and monopolisation challenges. Similarly, funding proof of concept of technology tools and solutions can help tackle challenges such as misinformation as well as mental wellbeing concerns rising due to internet and social media usage, etc.

When potential risks and harms are considered to be in the ‘Mainstream’ stage, it is helpful to support evolution of market-based models. Investing in solutions that enable adoption of responsible data practices by businesses and of protective measures by consumers can be one of the most effective ways to drive impact. For example, investing in startups that support businesses to comply with privacy regulations or offer technologies that enable privacy-by-design for developers.

Across all the pathways, collaborative action among private, public, and nonprofit stakeholders and alignment in their perspectives, incentives, and behaviours will be critical to tackling these challenges. Funders can facilitate such collaboration and focus on the aforementioned pathways to build a safe and inclusive Digital Society in India.

Context

India has witnessed a surge in digital consumption and technology-led innovation over the past decade.

Internet penetration in India has nearly doubled from around 28% in 2016 to 49% in 2022.1 Average data consumption too has increased exponentially from 1.24 GB per month in 2018 to 16.4 GB in June 2022.2 This growth is fuelled by low data tariffs as well as smartphones becoming cheaper and more accessible. 3

The growth in internet access and usage has boosted innovation across diverse sectors such as HealthTech, EdTech, e-commerce, FinTech and digital welfare delivery. India is one of the fastest growing FinTech markets and EdTech users have increased from 45 mn to 90 mn between 2019 and 2020.4 5 Moreover, the government’s strong focus on digitisation of welfare services has connected and provided efficient public services to the country’s vast populace. In 2022, 99% of adults had access to Aadhaar cards and Aadhaar numbers were included in the service delivery database of almost all Public Distribution System (ration distribution) beneficiaries.6

However, with growing digitisation, exposure of individuals to technology risks has the potential to increase.

The past few years have witnessed a steady increase of digital risks such as data breaches, digital financial frauds and online harassment, among others. In 2020, India witnessed an almost five-fold increase in online gender-related abuse. Data breaches increased 26-fold between 2016 and 2021.7 8 Large value (INR 100,000 or more) frauds involving cards and the internet have risen 75% between 2018 and 2022.9 10

Growing adoption of digital products and services, and corresponding growth of technology risks call for strengthening safeguards and responsible technology practices.

Smartphone penetration has more than doubled over the past six years11 We define responsible technology as the adoption of five key principles: 2021

22% 54% 6 Context

About the Report

This research was conducted to understand the evolution of technology risks in India. Through this report we aim to:

1. Build a stronger understanding of technology risks faced by Indians

2. Analyse the evolution of the responsible technology discourse in India

3. Highlight opportunities for philanthropy to invest in responsible technology safeguards

The research, conducted over twelve months, adopted a qualitative approach to study the evolution of the ecosystem.

India’s evolution towards adopting digital society safeguards is a complex process that engages with multiple stakeholders, their diverse perspectives and interactions across various platforms. Given the nascency of this sector, there was limited evidence and data that captured the challenges and opportunities within the ecosystem. As a step towards addressing this lacuna, we interviewed over 40 organisations working in the sector and over 25 experts to understand the ecosystem’s evolution, gaps, and opportunities. This was supported with extensive secondary research covering policy documents, credible press articles, judicial developments and research reports. This study is one of the first attempts in the country to map the evolution of responsible technology efforts over the past six years. Further research by the ecosystem will strengthen the evidence and discourse put forth.

The report has been anchored around the key digital touchpoints for the average Indian digital consumer and the risks associated with such touchpoints. Each chapter covers risks on the basis of the following elements:

• The definition of the risk and its manifestation

• Key developments and trends in mitigating the impact of the risk over the past six years

• Illustrative solutions across the private, public, and nonprofit sectors

• Opportunities for philanthropic investment for building better safeguards in the future

Technology Touchpoints, Benefits and Risks

Technology has transformed the average Indian’s daily interactions with the community, markets and government.

The Indian population has varying patterns of digital consumption, depending on their levels of digital literacy, needs, accessibility and financial stability. Based on this continuum of technology usage and risk perception, we identified key personas and looked at how individuals use technology, what benefits they seek, and what risks they consciously and unconsciously expose themselves to.

Exhibit 1: Key personas, the benefits they seek, and the potential risks they face

PERSONA* BENEFITS SOUGHT POTENTIAL RISKS FACED

Amisha is the Vice President of a leading MNC and lives in Bangalore.

Mahesh lives in Coimbatore. He owns a midsized retail business.

David lives in Raipur and works as a car driver for a digital cab service company.

Sandhya is a micro entrepreneur in the apparel industry and lives in the outskirts of Ranchi.

Shabana is a 19 year old  college student residing in Lucknow.

Kishan is a smallholder farmer in Banswara, Rajasthan.

Manoj is a 39 year old migrant construction worker in Hyderabad.

Shikhar is a 17 year old school drop-out from a low-income neighbourhood in Delhi. Last year, he lost an arm in an accident.

Shanti is a transgender woman living in interior Odisha. She is a folk dancer.

She loves sharing her experiences on social media and uses digital platforms frequently to order goods, plan her work and for other conveniences.

He is an active user of digital payments, and e-commerce platforms. He has listed his business on leading e-commerce platforms.

Working with a digital platform has provided him with a flexible income opportunity. He actively uses digital payment platforms and navigation apps.

Her personal information, internet usage history, and purchase history is available online and she is vulnerable to unauthorised use of this information.

He is vulnerable to the unfair and monopolistic practices of large businesses.

He doesn’t have any accident/health insurance. His working hours and minimum wage are also not fixed. This is largely due to the nature of employment with the digital platform.

She uses digital payment and banking services for her enterprise. Sandhya has limited digital understanding and, hence, is vulnerable to frauds.

She actively uses digital media for educational, communication and content creation purposes.

He uses his family phone for information, connectivity, and access. He has linked his phone number to Aadhaar for welfare services.

He uses his second hand smartphone for online games, social media, and occasionally for remittances.

After dropping out, he uses his second hand smartphone to connect with his social network and for entertainment purposes.

She wants to get access to an Aadhaar card so that she can easily avail government benefits.

* These fictional personas have been developed to provide context on how risks manifest in individual lives.

While accessing online classes and expressing herself on social media, she faces the risk of online misogyny and harassment.

Excessive dependence on unauthentic online sources of information has the potential to mislead him.

He was misidentified due to the algorithms in the new facial recognition technology.

The excessive time spent in the virtual world is posing risks of addiction, anxiety, and sleeping disorders.

She is unable to access welfare schemes like ration distribution.

Over the last decade, technology has unlocked significant benefits for the people of India. However, across the various roles an individual plays in society, there is a trade-off that an individual makes when she interacts with technology.

When we studied each persona and their interactions, it was found that an individual’s digital interactions can be distilled through their interaction with community the (Samaaj), government (Sarkaar) and market (Bazaar). Across these digital touchpoints, individuals derive benefits including connectivity, increased awareness, enhanced livelihood opportunities, customised products, and efficient and transparent government processes. However, in the process, individuals are also exposed to risks of online harassment, misinformation, and data breaches, among others. The figure below represents eight key touchpoints that have significantly changed an average Indian’s life and the key risks that must be mitigated towards building a safe and inclusive digital society.

Access to information

Increased awareness, knowledge, opportunities

Misinformation and fake news

Connectedness

Improved means of community support, connectivity and ability to organise

Online Harassment

Content creation opportunities

Increased avenues for expression and diversity of opinions

Negative impact on mental wellbeing

Digitised services and welfare schemes

Simple, efficient and transparent processes for welfare schemes

Exclusion from digitally delivered services

Touchpoints

Risks Benefits

Affordable and personalised products and services

Customised Products

Non-consensual or unauthorised data collection, sharing and usage

Data security breaches and online frauds

Access to diverse income generation activities through gig economy

Increased avenues for livelihood with flexible work dynamics

Poor social security benefits for gig workers

Integration of businesses through digital platforms

Cheaper and more integrated products

Monopolisation and market concentration

Technologies for safety and law enforcement

Improvement in safety and law enforcement

Risk of surveillance due to emerging technologies

Evolution of efforts to build a safe and inclusive digital society in India

India’s strong digital presence is supported by a complex system consisting of stakeholders across the Samaaj, Sarkaar, and Bazaar continuum.

In the past six years, India’s digital society landscape has evolved into a vibrant ecosystem of actors working towards creating a safer and inclusive world for Indians. These diverse set of stakeholders have played key roles in advancing the responsible technology discourse and relevant solutions. Apart from specific interventions, the capacity of the ecosystem to empower itself, align stakeholders’ perspectives and prepare for mitigating the risks have been key determinants for its evolution journey.

Funders and Investors

Think tanks and civil society organisations

The stakeholders involved in the creation of a digital society include regulators, policymakers, civil society organisations, philanthropic funders, investors, the legal ecosystem, and the technology industry. Multiple interventions, interactions, and external triggers come together to create a systems change over a period of time.

The response to emerging risks arising from new technologies goes through has five-stage evolution. This evolution of a system’s response to new risks requires recognising and forging a common understanding of the risk, building consensus on the resolution of risk, and scaling up of solutions that eventually lead to the obviation of the risk. For instance, growing civil society and consumer awareness, policy discussions on a data protection legislation and changes in business policies to use privacy as a competitive advantage have led to the evolution of the system’s response to “non-consensual data sharing” from a nascent stage in 2016 to mainstream stage in 2022.

A well-funded and governed ecosystem that has the required awareness of risks among stakeholders, is empowered, and has the potential to react to critical events. It also enables efficient interaction and collaboration among all stakeholders which is required to evolve the system’s response to mitigate the impact of risks.

TRANSFORMED

A system with solutions that have eliminated the risk

MAINSTREAM

Legal consensus on the risk among stakeholders. The awareness and consensus often leads to targeted and effective solutions

EMERGING

Recognition of risk by key decision makers and mainstream media. Some early solutions can emerge

NASCENT

Early discussions among experts to highlight the risk

LATENT

Ecosystem is unaware of the existence and extent of the risk

Creating a safe and inclusive digital society requires collaborative action by private, public, and nonprofit stakeholders that interact with each other in an interconnected ecosystem. The response of this ecosystem to new risks evolves over five stages.

Domestic growth in usage of digital products and services through Aadhaar, UPI, and other platforms alongside the increasing number of data breaches and global policy developments like the GDPR have triggered action by regulators and the technology industry. Mainstream businesses are now building privacy-focused products.

User awareness has increased and regulators have also begun strengthening policies (DPDP Bill, IT Act, etc) around digital safety. These strong tailwinds and collective efforts by the regulators, civil society organisations, and the industry have led to a significant evolution of the ecosystem’s response to risks arising from technology.

Ecosystem

Misinformation and fake news

Online harassment

Negative impact on mental wellbeing

Exclusion from digitally delivered services

Risk of surveillance due to emerging technologies

Data security breaches and online frauds

Non-consensual or unauthorised data collection, sharing and usage

Poor social security benefits for gig workers

Monopolisation and market concentration

Limited awareness and no solutions

Covered under IT Act 2008 and 2011

Limited conversations

Widespread awareness; emerging public & private solutions

Emerging private sector solutions

Widespread awareness but limited solutions

Lack of consensus on Aadhaar linkage Constitutional validity of Aadhaar established

Limited usage of newer technologies

Early discussions but limited solutions

Risk recognition limited to experts

Limited risk recognition

Limited risk recognition

Conversations among experts but no solutions

Mainstream media coverage; regulatory & private solutions exist

Increased policy & business solutions (DPDP Bill); rise in consumer awareness

Mainstream media coverage; policy discussions

CCI investigations and policy discussions (ONDC)

Over the last six years, the Indian ecosystem and its response to technology risks has evolved considerably.

Risk Deep Dives

Misinformation and Fake News

Access to the internet has unlocked information access at the last mile, but exposed large sections of population to misinformation and fake news

Increase in internet penetration and consequent access to social media has led to widespread usage of internet for gathering information. On the flip side however, this reliance on social media for information has led to an increase in spread of misinformation and fake news.

Over the past six years, this risk of misinformation has surfaced repeatedly, both within domestic and international contexts of global events such as the Brexit vote, the US elections (2016 and 2021), and the COVID-19 pandemic, all providing opportunities for it’s perpetuation, often leading to drastic consequences.

DEFINITION

Misinformation refers to the unintentional sharing of inaccurate and misleading information.

Fake News is the intentional falsification and fabrication of newsbased information in order to harm or deceive people.15

HOW DOES IT IMPACT INDIVIDUALS?

Kishan is a 57 year old farmer in Rajasthan’s Banswara district. He uses his phone to access news and information to stay updated on current affairs in the country.

Last year, Kishan and his friends received multiple WhatsApp forwards questioning the safety of the COVID-19 vaccine. Believing these messages, they decided not to take the vaccine. Kishan ended up contracting the virus and had to be hospitalised post a severe infection.

This has impacted Kishan’s health as well as his finances.

Over the past six years, the system’s response to misinformation and fake news has evolved from the nascent to the emerging stage. There is a growing recognition of misinformation and fake news online, globally and in India. This has led to growth of regulatory solutions and private sector solutions for fact-checking.

2016 status: There was limited awareness of the role of social media in misinformation. There were no solutions to combat misinformation, however, the experts had been talking about the risk.

2022: There is a widespread awareness and media coverage. While private and public sector solutions have come up to combat misinformation and fake news, there is no legal consensus on definitions and approach to resolve this risk fully.

Key Developments

A proposal to map real identities to social media accounts was discussed during the proceedings.16

Facebook created a factchecking network

This included onboarding a cohort of fact checkers, such as BOOM, Factly, Newsmobile, AFP, and others as partners.17 18

I&B ministry created a FACT check module

The module aimed to monitor online news sources and publicly available social media posts.19

Key Trends

Media scrutiny towards misinformation has increased, resulting in emergence of several fact-checking initiatives in mainstream media

Social media platforms have adopted tech-led solutions to combat misinformation

In 2016, fact checking was considered a niche activity across the media industry. Estimates suggest that there were only three fact-checking initiatives in India in 2018. This number has increased to over ten in 2023. Many leading media houses such as Quint, The Print, India Today also have their own factchecking groups now.21

Since 2016, solutions such as WhatsApp’s ‘forward’ feature which shows that the content is not generated from the sender and Twitter’s ‘manipulated media’ tag have sprung up.22 23 There are also partnerships between social media platforms and fact-checking startups such as Boom for validating the content authenticity.

IT

Intermediary Rules and Grievance Redressal Committee were introduced Guidelines were implemented in 2021 to regulate social media intermediaries and digital media platforms with additional avenues for complaint redressal being introduced in 2023.20

Emergence of targeted regulations to combat misinformation

In 2016, there was no specific regulation targeting misinformation. The introduction of IT Intermediary Rules in 2021 and amendments since then mandate tracing of first originator, measures to ensure compliance with rules and provide additional modes for grievance redressal. While these continue to be discussed, they indicate a growing legislative focus on misinformation.24

INTERVENTION SPOTLIGHT

Radio show ‘Zindagi Mobile’ engaged millions of Indians on the various technology risks including misinformation

With close to half a billion Indians being initiated into the digital space, it is essential that they become more aware of their rights and build their capability to mitigate the inherent risks of technology. To reach this segment, it is essential to look beyond tier I cities and explore communication channels that are accessible in local languages.

To build awareness on the vulnerabilities arising from technology and to help individuals protect themselves from these risks, one of India’s leading radio storytellers Neelesh Misra produced a show on the radio channel, BigFM, called ‘Zindagi Mobile’. The content on the show took an anecdotal form and contextualised the risks within stories that were relatable to its listeners, aiming at those who might have been or might potentially be vulnerable to the risks of technology.

The show reached millions of Indians in five local languages, achieving the number 1 slot in Mumbai, Kolkata and Bengaluru. An independent impact evaluation of the show found that it led to a greater privacyconsciousness among listeners, and more careful online behaviour, such as checking the veracity of information before forwarding it.

Using storytelling to engage listeners, making the risks relatable and contextualised to day-to-day life, and using a channel that provides a wide coverage in local languages were the success factors for BigFM’s successful behaviour change efforts.

1: Access to Information | Misinformation and Fake News

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Despite the increased recognition of misinformation and fake news as a risk, the solutions to combat this risk remain limited. The recognition and awareness is also limited to technocrats and a small section of the population. Our research suggests the following pathways for philanthropic investments to move to the next stage of evolution:

Building consensus through policies, and legal ecosystem.

Piloting private sector solutions that eliminate the trade-offs in diverging priorities of private, public and social sectors.

The table below presents gap areas and illustrative funding opportunities for philanthropy to advance the discourse and pilot solutions to combat misinformation and fake news:

Pathways

Opportunities

Use relatable and vernacular channels such as radio, TV shows , movies and social media to spread awareness and build capability of large sections of population to identify and combat misinformation.

Build strong regulatory / oversight mechanisms and mandates to strike the right balance between misinformation and censorship and for effective grievance redressal.

Fund the proof of concept of technology tools, solutions, and processes that can address misinformation in local idioms and languages.

Online Harassment

One of the most important features of the growing internet penetration in India has been its slowly, but surely, increasing adoption among marginalised groups. Along with a greater access to information, as discussed in the previous section, this growing adoption also contributes to better connectivity among and across these groups, which leads to a heightened ability to organise and support each other. For instance, in 2021, many prospective students belonging to marginalised communities raised fees for their educational programmes, through online

crowdfunding, which would have been unaffordable otherwise.25

However, on the flip side, the internet, especially, social media, provides scope and space for perpetuation of offline biases. According to a survey conducted by Plan International, 58% of women in the Asia-Pacific region have faced online harassment or abuse on social media platforms.26 The recent cases like that of ‘Bois Locker Room’ clearly depict the increase in such cases.27 28

DEFINITION

Online Harassment is a blanket term for all kinds of harassment faced by individuals on the internet. This experience is often witnessed across the lines of one’s own identity, for example women’s misogynistic encounters or casteism faced by Dalit and Adivasi individuals. Online harassment can take various forms such as offensive name-calling, purposeful embarrassment, stalking, physical threats, harassment over a sustained period of time, or sexual harassment.

HOW DOES IT IMPACT INDIVIDUALS?

Shabana is 18 years old, lives in Lucknow and is a first year undergraduate student. She is a kind, helping, socially active and an aware individual.

She uses digital platforms to attend online classes and for connectivity purposes. She prefers sharing her opinions on social media platforms and likes it when her voice is heard.

However, she is not sure about her safety online. Some of her comments have garnered negative attention and people have begun abusing her. One individual even accessed her personal data and images from these platforms and began blackmailing her. She is unsure on how to ensure safety for herself and her family, as the online activities have the potential to have a negative impact on her offline life as well.

Growing use of internet and social media access has helped boost connectivity and opportunities. However, online harassment and abuse are also becoming more widespread and severe. A further strengthening of the legal framework and building of general awareness is called for.

Harassment

Over the past six years, the system’s response to online harassment has continued to move from the emerging stage to an early mainstream owing to strengthening of regulations and growth in private sector solutions to combat the risk.

2016 status: The risk was well understood by all stakeholders. Sections under the IT Act 2008 and 2011 were being used as mandates to solve for the risk of online harassment; Limited private-sector solutions existed in 2016.

2022 status: Private-sector firms have started building solutions that are safer for marginalised and underrepresented groups.

2016 2018 2021 2022 Key Developments

Section 67A of the IT act

Decision in Prajwala v. Union of India

Passing of the IT intermediary & POCSO rules

This clause under the IT Act criminalised publishing or transmitting of any material that contained sexually explicit content.31

During the case, the Supreme Court had ordered the creation of an automated content removal process regarding online child pornography.32

Both the IT rules (2021) and the POCSO guidelines suggested reporting requirement for platforms and legal solutions against child sexual abuse material present online.33 34

Meta’s Oversight Board of external experts continue to review its content decisions Meta’s Oversight Board, which was constituted in 2020 to review content decisions made by Facebook and Instagram has since selected 17 cases related to online harassment for hearing.35

Key Trends

Government focus towards online harassment has increased.

Business involvement in creating solutions to curb online harassment has increased.

In 2016, the sections 67B, 66E, 69A of the IT Act were used to counter growing online harassment. Certain provisions in the IT Act 2011 were also being used. By 2021, the amendment of the IT Intermediary Rules, 2021, has also provided potential solutions. The action on the ‘Bulli Bai’ and ‘Sulli Deal’ cases also suggest increased government and law enforcement focus on the issue.

As opposed to 2016, by 2022, there has been a strengthening of community guidelines by platforms, and a nascent but growing proactiveness to take down offensive content by platforms such as Facebook. Additionally, business models of platforms such as Bumble prioritise women’s online safety.36

2: Connectedness | Online Harassment

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

The risk of online harassment is well understood and aligned on by all stakeholders. Despite this alignment, the solutions ecosystem for solving for this risk has been dispersed, and no single, mainstream solution has yet emerged. Hence, to arrive at an assessment of the effectiveness of existing solutions, and further improving them, our research suggests the following pathways for philanthropic investment:

Aid

Support

The table below presents gap areas and illustrative funding opportunities for philanthropy to further reduce the risk of online harassment :

Pathways

Illustrative Opportunities

While most of the risks are understood, creating a shared regulatory vocabulary for problematic content that is consistent and exhaustive so as to cover largescale issues such as online misogyny and harassment will help improve redressal of complaints.

Support evidence building towards strengthening existing regulations that include related aspects such as morphing of images, into the ambit of the law. Dedicated institutional bodies for resolving online harassment concerns are needed to combat the growing number of online harassment cases.

Fund and support proof of concept for technology add-ons in social media apps for building capacity of Indian users to recognise online harassment and protect themselves. These technologies should be adept at identifying local languages and slang to be able to help users in all ways.

Negative Impact on Mental Wellbeing

Social media has given large sections of the population avenues to connect with each other and express themselves online, but research suggests that these trends have also led to an increase in addiction, sleeping disorders, anxiety and depression especially among the youth

The increase in penetration of social media has provided avenues for individuals to not only connect but also express themselves better. This increase in content creation is visible even in rural areas of India with the influx of farmers, artisans and craftsmen using social media and online content for communication. All this together has led to an Indian content industry valued at USD 19 bn in 2020.37

While social media provides individuals with freedom of expression, it has

also proven to be addictive. The 2019 JAMA network study suggests that teenagers who use social media for more than three hours daily are more likely to experience mental health problems such as depression, anxiety, aggression, and antisocial behaviour.38 These concerns were found to increase during the pandemic as screen time increased significantly.39 This risk has been witnessed and accepted in India but extensive data-based studies are yet to be done.

DEFINITION

Mental Health includes our emotional, psychological, and social wellbeing. It affects how we think, feel, and act. It also helps determine how we handle stress, relate to others, and make healthy choices.45

HOW DOES IT IMPACT INDIVIDUALS?

Shikhar is a 17 year old boy, who lives in a slum in Delhi. Two years ago he had an accident and lost his left arm. His parents are daily wage workers with limited incomes, and in order to manage expenses for his treatment, he had to drop out of school.

To maintain his social network, he uses his second hand smartphone for communication and entertainment purposes. He spends a lot of time on social media platforms creating and sharing content.

Over time, his mobile addiction has started increasing. He eagerly waits for friends and acquaintances to respond to his posts online and gets upset and annoyed if they do not. This is also leading to sleeping disorders.

Over the past six years, the system’s response to mental wellbeing issues has evolved from the latent to the emerging stage. Global researchers and media coverage have led to increased recognition of the risks, but there are limited solutions to combat it.

2016: Limited conversations about the impact of social media and games on addiction or mental health in India.

2022: There is widespread awareness and a growing body of evidence on the impact of smartphone use on mental health, resulting in issues such as addiction, body shaming, anxiety, and depression. However, there are limited solutions to counter this risk.

Key Developments

Blue Whale Challenge and PUBG associated suicides

Several cases of child suicide and self-harm allegedly as a result of Blue Whale were reported in 2017. Suicides, accidents and violent behaviour among youth linked to PUBG addiction were reported in 2019.46 47

Meta Whistleblower leaks

Meta launched new mental health resource centers

Amendments to IT Intermediary Rules

An internal document leak from the company showed it was aware of the harmful mental effects its platforms had on teens.48 49

Meta launched a tool that brings worldwide medical experts onto its platform to raise awareness and provide helpful resources to those in need.50

Draft amendments to the IT Intermediary Rules, 2021, to extend them to online gaming, were proposed. These include KYC obligations for users and industry-led self-regulation to minimise harms.51

Key Trends

Media attention on the deteriorating effect of internet usage on mental health has risen.

Over the past six years, private-sector solutions have increased.

Over the past six years, global media has focused on the growing body of evidence of the linkages between smartphone use and mental wellbeing of adolescents and adults. In India, many celebrities have openly discussed the negative impact of social media trolls and comments on mental health. In a 2021 tweet, the honourable Prime Minister acknowledged that there is an increase in mental stress due to excessive online gaming.52

In 2016, there was limited focus on the impact of tech platforms and smartphone use on mental wellbeing. In 2019, Twitter created a standalone reporting mechanism for Indian users with suicidal/self-harm tendencies. They have also built a repository of authentic resources for ensuring wellbeing.53 Similarly in 2020, Meta also launched mental health helplines and resources catering to local needs.54 Post the 2021 whistleblower leak, Meta launched new mental health resource centres across all its apps. These platforms have also partnered with leading mental health organisations across India for these initiatives.55

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Despite the awareness of mental wellbeing concerns, there are limited solutions and there is no consensus on how to address related concerns. Given the lack of evidence on the impact of smartphone use on Indians and absence of solutions, philanthropic capital can be deployed through the following pathways:

Building consensus through large datasets, policies and, legal ecosystem.

Piloting private sector solutions that eliminate the trade-offs in diverging priorities of private, public and social sectors.

The table below presents gap areas and illustrative funding opportunities for philanthropy to advance the discourse and pilot solutions to safeguard the mental wellbeing of Indian adolescents and adults:

Pathways

Illustrative Opportunities

Conduct credible and pan-India research and collect large-scale datasets on the impact of digitisation on mental wellbeing in the Indian context.

Fund proof of concept for innovative technology solutions that combat wellbeing concerns arising from usage of internet and social media. Major concerns that experts have highlighted include anxiety, addiction, and depression.

Exclusion from Digitally Delivered Services

Digital IDs have streamlined public service delivery and helped reduce corruption in India, but have raised concerns regarding the exclusion of marginalised populations.

With rapid increase in digitisation witnessed in the past decade, there has been a paradigm shift in the way public welfare and service delivery is deployed.56 The establishment of Digital IDs in India by the way of Aadhaar in 2009, overhauled public service delivery by establishing digital identities, streamlining service and scheme delivery. This curtailed corruption and reduced leaks within the system.

However, along with the convenience benefits and reduction in corruption, exclusion related risks have also surfaced.

Since the 2018 Supreme Court judgement which provided constitutional validity to Aadhaar, the number of government schemes and services associated with it has risen exponentially. Despite the increase in services, research shows that a small but significant number of people are unable to access essential public schemes and services due to lack of access to Aadhaar and authorisation. This exclusion is especially prevalent among marginalised populations and communities who need public welfare services the most.

DEFINITION

Exclusion from Service Delivery refers to individuals and groups being denied goods, services, conditions and specific opportunities that will aid acquisition of social, economic and emotional wellbeing.60

HOW DOES IT IMPACT INDIVIDUALS?

~8X growth in Direct Benefit

Transfer transactions through Aadhaar and 2X rise in bank accounts linked to Aadhaar57

Exclusion from welfare services remains prevalent especially among marginalised populations

third-gender residents

in

201958

Shanti is a 40 year old transgender folk dancer and lives in an interior area in Odisha. She makes her living by performing traditional dances in nearby cities.

During the recent lockdowns when all means of livelihood were closed, Shanti was dependent on government services for survival. However, she has been facing multiple challenges in accessing ration and other government services.

All service deliveries are linked to Aadhaar and she has yet not been able to procure an Aadhaar card as she did not have access to required documents with consistent details. The exclusion impacted her wellbeing but she did not have any means to address it.

Over the past six years, the system’s response to digital-ID-linked exclusion has evolved from the emerging to the mainstream stage. New digital IDs have incorporated best practices, and better grievance redressal mechanisms have been set up to address exclusion and other risks linked to digital IDs.

2016 status: There was a lack of consensus among stakeholders about linking of Aadhaar; the period between 2012-2016 saw multiple court cases to prevent mandatory linkage of Aadhaar with welfare schemes.

2022 status: Legal consensus was reached after the Puttaswamy Judgement (2017) on the right to privacy, and after the constitutional validity of Aadhaar was upheld in 2018. The 2018 judgement also clarified that no one could be denied services due to a failure of Aadhaar authorisation.

Key Developments

Creation of Aadhaar Act

Passing of Aadhaar judgement

Passing of Aadhaar and Other Laws Amendment Act

Creation of Health ID and Aadhaar issuance at birth

The Act was passed in the parliament and provided legal backing to Aadhaar.61

Cleared mandatory enrollment of Aadhaar for government welfare schemes.62

The Act provided legal backing to linkage of banks and SIM cards with Aadhaar.63

The Health ID was launched in 2021 and enrollment was initiated along with the COVID vaccinations. Aadhaarlinked birth registration was introduced in 16 states.64 65

Key Trends

There has been rapid growth in the number of government services and schemes linked to digital ID.

Increased efforts for grievance redressal for Aadhaar and linked services

Aadhaar Act was passed in Parliament in March 2016 and subsequently notifications were issued under the Act making Aadhaar mandatory for availing various welfare benefits such as PDS, LPG, MGNREGA, scholarships, pensions etc. This has risen exponentially in the past six years and as of 2022, 300 and 400 schemes of the central and state governments respectively require Aadhaar verification and linkage. The central government’s Ayushman Bharat Digital Mission health ID was launched in 2021.

In 2016, Aadhaar had postal and email-based grievance redressal mechanisms. By 2021, Aadhaar launched a toll free helpline, a chatbot and a resident portal as grievance redressal mechanisms.66 The Unique Identification Authority of India (UIDAI) has also initiated efforts to ease Aadhaar access for sex workers without a domicile certificate.67

In parallel, RBI has also been strengthening Aadhaar enabled payment systems by harmonising Turn Around Time (TAT) and customer compensation in case of failed transactions.68

INTERVENTION SPOTLIGHT

State of Aadhaar provided an empirical underpinning to the debate around exclusion from Aadhaar and led to a broad consensus on certain key issues among stakeholders.

Since Aadhaar was launched in 2009, some experts have highlighted the risk of exclusion from welfare services. There were multiple anecdotal reports of exclusion raised by individuals and civil society organisations.

The State of Aadhaar reports by IDinsight and Dalberg were the first to quantify exclusion issues at an all-India level using credible representative data. The reports took the discussion from small surveys in specific locations, and anecdotes from journalists, to large pulse surveys of 147, 868 households across 28 Indian states and union territories. It also included an in-depth survey with 19,209 households in 16 states, and one union territory which helped identify specific exclusion concerns from Aadhaar and tangible opportunities to address them.

Post the State of Aadhaar 2019 report, UIDAI included transgender and homeless people as ‘priority populations’ for enrolment drives. The report encouraged UIDAI to further increase its focus on improving the Aadhaar updation processes and also emphasised the need for enrollment support in deep rural areas. The effectiveness of food rations’ provisions highlighted in the survey also impacted the doling out of COVID relief packages. Learnings from the report contributed to the shift in the government’s focus from provision of relief packages to food rations during the pandemic.

Creating feedback loops with credible pan-India datasets proved to be an effective pathway in advancing the discourse on exclusion due to digital IDs.

INTERVENTION SPOTLIGHT

International Innovation Corps (IIC) has supported the inclusion of privacy safeguards in the Ayushman Bharat Digital Mission (ABDM) framework.

The Ayushman Bharat Digital Mission (ABDM) aims to support the integrated digital health infrastructure of the country. It seeks to bridge the gap between stakeholders in the health sector by creating digital registries for the three main healthcare stakeholders— healthcare providers (doctors, nurses, ASHA, etc.), healthcare facilities (hospitals, PHCs, etc.) and individuals.

IIC fellows have been working with the ABDM team to facilitate the rollout of the registries by developing strategies and policies to put data privacy safeguards in place. They have helped ABDM develop the Healthcare Information Consent Manager for the registries which is data blind. It also facilitates consensual data sharing and data collection between stakeholders in the health system. They have put privacy safeguards in place such that the system at no point becomes privy to health data, and individual data rests solely with healthcare providers and individuals.

IIC collaborated with the government to incorporate best practices from the GDPR and the Aadhaar exclusion debates. This contributed to the successful launch of ABDM in 2020. The Health ID was launched in September, 2021, and the enrolment was expanded during COVID vaccinations. As of February 2022, 14 crore Health IDs have been generated.

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

With 99% of India’s adult population being covered under Aadhaar, and the Supreme Court passing judgements on preventing denial of services due to authorisation errors, there has been significant progress in mitigating exclusion risks. However, to ensure exhaustive mitigation of the risks and design new IDs effectively, our research suggests the following pathways for philanthropic investment:

Aid implementation of solutions by building feedback loops: Large scale research, grievance redressal mechanisms.

Support implementation of large-scale solutions to mitigate the risks at scale.

The table below presents gap areas and illustrative funding opportunities for philanthropy to further reduce the risk of exclusion for marginalised populations:

Pathways

Illustrative Opportunities

Partner with grassroots organisations to understand the exclusion challenges and fund proof of concept for technology solutions to minimise verification/ authentication errors.

Using the learnings from Aadhaar, conduct data protection impact assessment before linking other digital IDs.

Construct narratives of best practices on digital IDs to build capacity of policymakers for building userfriendly/efficient digital IDs going forward.

Risk of Surveillance due to Emerging Technologies

Over the past few years, new technologies such as GPS tracking, contact tracing, and facial recognition technologies have offered opportunities for improving process efficiency, security, and convenience. However, the absence of adequate regulatory systems has the potential to expose individuals to risks of misidentification and surveillance by both public and private institutions.

Technology has been evolving at a lightning speed over the past few years, resulting in the emergence of drones, AI, biometrics, contact tracing, virtual reality, blockchain, and other new use cases. As a result, innovations such as Facial Recognition Technology (FRT) have been deployed across companies like Meta, initially for photo-tagging, and now for building the Metaverse, to schools and offices to monitor and ensure the safety of students and employees. Leading businesses and even certain Municipal Corporations in India have begun using FRTs for attendance and other efficiencytracking software.

These softwares are also finding use in public law enforcement systems, with the goal of improving efficiency and accuracy. Over the past few years, state police forces in India have started

using FRTs as part of their public video surveillance systems to find missing individuals, prevent crimes, and counter terrorism. Similarly, this technology is also used in Aadhaar authentication, voter identification, and KYC verifications. Contact tracing technology was widely used to control the spread of COVID-19. Deploying these CCTV, drone and FRTbased systems have been helping in creating a safe and efficient society.

However, concerns arise over these technologies, as they currently do not have standards in place to regulate them or certify their quality. This has resulted in the emergence of several risks around data privacy, consent and sharing issues, misidentification, and surveillance by authorities, including employers, institutional heads, technology platforms and law enforcement agencies.

DEFINITION

Surveillance can be understood as the close observation of someone or something in order to gather information or data. The main objective of surveillance is to monitor the activities of an individual and can be used for other purposes too.71

HOW DOES IT IMPACT INDIVIDUALS?

Manoj is a 39-year-old migrant construction worker in Hyderabad. He uses his second-hand smartphone for online games, social media, and occasionally for remittances.

Recently, there was a theft in one of the commercial buildings in Hyderabad. The CCTV footage of the building was used in facial recognition software and the algorithm of the software led to the misidentification of Manoj as the thief.

While Manoj was at work that day, and thus had an alibi, this misunderstanding took some time to get resolved before all formal procedure against him was dropped. It also had a negative impact on Manoj and his family’s wellbeing while he was being investigated.

Over the past six years, experts have started highlighting the potential misidentification and surveillance risks of new technologies if not used responsibly. The system has moved from the latent to the nascent stage. However, there are limited regulatory solutions to mitigate these risks.

2016 status: FRT, contact tracing, drones and other technologies were not being used widely and hence there was limited awareness and discussion on the potential risks.

2022 status: The understanding of risks exists but is limited to experts and no solutions exist. The IT Act is usually cited as the relevant law for the usage of FRTs. However, the laws regarding the usage of biometric data under the IT Act need to be strengthened to address risks effectively.

Key Developments

Use of FRT in offices

Facial recognition for solving crimes

Debates on contact tracing apps

FRT usage during COVID vaccinations

Digi Yatra introduced at airports

A leading IT company installed FRT in one of their offices not only for employee attendance but also to gauge the mood of the employees and hence the workplace.72

NCRB published a Request for Proposal for AFRS, a centralised database of photos and videos of people’s faces to be used by the police in crime prevention and detection.73

Contact-tracing apps like the Aarogya Setu were launched to curb the spread of COVID-19. There were significant debates on the need to mitigate potential risks associated with such software.74

There were concerns expressed on the adequacy of testing and legal vetting processes for the use of FRT for COVID.76

The government launched the Digi Yatra initiative, an FRT-based airline boarding system. In this context, NITI Aayog has called for a codified data protection regime to govern such systems.77

Key Trends

Increase in debates and evidence on potential risks of technologies such as FRT, contact tracing and others.

In 2016, surveillance using emerging technologies was not a key topic for discussion, but this has changed in 2022, especially due to the recent use of these technologies in solving issues such as disease control, crime prevention and detection, employee efficiency, and student activity monitoring. RTIs and petitions have been filed by stakeholders, raising concerns about potential harm from these technologies, especially if the necessary safeguards are not explicitly explained.75

5: Technologies for Safety & Law Enforcement |

Risk of Surveillance due to Emerging Technologies

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

While experts are extensively discussing risks in emerging technologies, the understanding of these risks is yet to trickle down to other stakeholders in the ecosystem as well as to consumers/ individuals. Our research recommends the following pathways for philanthropic investment:

Build a shared understanding of risks and their impact by creating a vocabulary and early evidence of the risks.

Build a community of responsible actors who can discuss and solve complex issues.

The table below presents gap areas and illustrative funding opportunities for philanthropy to further reduce the risk of surveillance due to emerging technologies:

Pathways

Illustrative Opportunities

Conduct and disseminate research among individuals and policymakers to create a shared understanding of the manifestation and magnitude of the potential and risk of FRTs in the Indian context.

Conduct extensive research to understand the impact on data protection for each of these technologies, and create a repository that can be used as a reference before the technologies are adopted for law enforcement in the Indian context.

Fund fellowships or skilling programmes to increase awareness among practitioners (programmers, entrepreneurs, public policy experts), to create a strong community of responsible technology actors.

Data Security Breaches and Online Frauds

Private and public services delivered digitally unlock convenience and efficiency for large populations. However, with more people coming online and sharing their personal information, there is scope for them to become vulnerable to unauthorised access. As a result, financial frauds through digital platforms have increased in the last decade.

While few sectors in India still remain untouched by digitisation, technologies have been opening doors for new and more efficient ways to provide services. One of the biggest sectoral transformations has occurred within the financial sector. As of December 2022, 385 banks participated on the UPI platform. 7.8 bn monthly transactions, worth ~ USD 156 bn were recorded during the month, representing a jump of 35x over the same month in 2018.78 The convenience and high quality service associated with these digital products are driving more and more users everyday toward them.

Along with the benefits associated with these new services and products, there has also been a concomitant rise in vulnerability of individuals’ wealth and livelihood due to the emergence of new, associated crimes. Data breaches and digital frauds such as phishing, identity theft and online shopping frauds have risen exponentially with these sectoral changes. Rapid digital adoption among people, brought about by the COVID-19 pandemic, has exacerbated the frequency of these crimes.79

DEFINITION

Lack of Data Security means exposure of confidential or sensitive information to an unauthorised person either through a breach or otherwise.82

Digital Financial Fraud is the use of digital means for criminal deception or abuse of web-enabled assets that results in financial gain.83

HOW DOES IT IMPACT INDIVIDUALS?

Sandhya is a micro entrepreneur on the outskirts of Ranchi. She works with a Self Help Group (SHG) and has begun using digital banking services.

She had been taking business loans from banks. Some time ago, she came across a digital credit platform that was offering low interest rates with no collateral required. She immediately registered for it and received the required money for her business. However, after a few weeks, she noticed that there had been a number of unauthorised transactions from her account. Her account had been hacked and she had lost all her savings.

She has filed an FIR with the police, however they still have no leads on the criminal. Sandhya was not aware of the dangers of digital banking and frauds due to which she has lost her money.

Frauds

Over the past six years, the system’s response to data security and fraud has evolved from the nascent to the mainstream stage. There has been a rapid growth in private-sector solutions and regulatory interventions to combat fraud and improve data security.

2016 status: Early discussions on cybersecurity issues, but limited solutions and absence of awareness among the masses.

2022 status: Increased data breaches have led to mainstream media coverage of the risk. There has been an emergence of regulatory and private sector solutions.

Key Developments

Indian Banks Data breach

3.2 mn debit cards of various Indian banks were compromised which led to numerous fraudulent activities.84

RBI’s cybersecurity framework for NBFCs

The framework outlined that NBFCs should have a separate cybersecurity policy from a broader IT/ IS policy approved by the board.85

Google Pay launches two step notification

To help users easily identify any suspicious transactions, Google Pay began to send app and SMS notifications at the moment of transaction.86

RBI’s Master Direction on Digital Payment Security Controls

The guidelines mandated multifactor authentication, encryption, digital certificates, and other controls to secure digital payment apps.87

RBI’s directives on grievance redressal & tokenisation of cards

The guidelines mandated Card on File Tokenisation to ensure safety of card details. They have also launched a centralised grievance management helpline.88

Key Trends

The sharp increase in the number of data breaches has increased mainstream media coverage.

Regulatory bodies such as RBI have ramped up cybersecurity efforts.

Rapid growth in private-sector solutions for data security and fraud.

The number of data breaches have increased about 26x to over 1.4 mn incidents in 2021 as compared to 2016. These include large and high-value targets such as Air India, SBI, and BigBasket. in 2018.89 These incidents were actively covered in the media and an analysis of Google trends show a four times increase in search of the keyword ‘cybersecurity’ between 2016 to 2021.

Prior to 2016 there were limited regulations put forth by RBI, but since 2017 it has put forth cybersecurity frameworks for NBFCs, Master Directions on Digital Payment Security Controls and has also issued a set of guidelines that mandate sensitive customer information to be stored in the form of an encrypted ‘token’ to help secure transactions. Parallely, in 2018, UIDAI introduced Aadhaar tokenisation to ensure data security.90

The cybersecurity solution industry has grown at the CAGR of ~40% from 20162021.91 In 2020, 30% of the enterprises used more than 10 solutions.92 Over the past few years, Google Pay has deployed a two-factor payment notifications system, PhonePe removed the UPI collect option and Paytm has launched the card-on-file tokenisation for online shopping.93

6: Affordable and Personalised Products and Services | Data Security Breaches and Online Frauds

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Data security has become a priority concern for both private and public sector stakeholders. The Indian market is currently underpenetrated and relies on OTPs, which are unsecure and have been deemed non-compliant by recent EU payments security standards. To ensure exhaustive mitigation of risk and secure storage and use of data, our research suggests the following pathways for philanthropic investment:

Aid implementation of solutions by building feedback loops: Large scale research, grievance redressal mechanisms.

Support implementation of scale solutions to mitigate the risks at scale.

The table below presents gap areas and illustrative funding opportunities for philanthropy to improve data security:

Pathways

Illustrative Opportunities

Create a strong ecosystem of cybersecurity professionals that work on building a white hat culture, conduct preventive assessments to avoid private sector negligence.

Support capacity building of public institutions and safeguards.

Provide incubation support to innovators where they can test out their innovations and develop proofs of concepts. Incubation support can include tools such as synthetic data assets, Application Programming Interface (API) marketplaces, a coding environment, and access to expert mentors and observers.

Fund and support innovative, easy-to-use encryption and password-less identity and access management products that can serve mid-market clients and promote decentralised data management.

Fund and support digital risk management platforms that help companies detect cybersecurity threats.

Non-consensual or Unauthorised Data Collection, Sharing and Usage

Data-driven businesses have unlocked convenience and personalisation of user experience and services. However, without adequate systems to manage individuals’ personal data, non-consensual and unauthorised use of data has the potential to expose users to various risks.

The past six years have witnessed a growth in data-driven businesses which have provided users with customised products and services. Using data to understand user behaviour has unlocked new opportunities for businesses. These emerging business models have also considerably added to consumer convenience. There has been a 3x growth in the funding of tech-based startups in sectors such as EdTech and FinTech, that have leveraged AI to improve their offerings.

However, with the increased access to personal data for businesses, a lot of user information is at risk of being misused for unauthorised purposes. Third party sharing of user data (including personal data) and targeted advertising hold the potential to infringe upon the privacy of an individual. This despite the enshrinement of the ‘Right to Privacy’ by the Supreme Court in 2017.

DEFINITION

Consent means any freely given, specific, informed and explicit indication of a user’s agreement to their personal data being processed.97

Data Privacy is the idea that individuals should have the freedom to determine how their digital information is collected and used.98

HOW DOES IT IMPACT INDIVIDUALS?

Amisha is the Vice President of a leading MNC and lives in Bangalore. She is a social, outgoing person and loves to share her personal and professional experiences through social media.

Given her busy schedule, she usually prefers convenience and uses online channels for everything— from ordering groceries to planning her vacations and even managing her household activities through internet enabled devices.

Her contact details are easily available online. She has been getting a lot of spam emails and calls from agencies she never interacted with. The frequency of these calls and the fact that her data was shared without her consent is making her feel unsafe and is affecting her mental wellbeing. She is also worried by these targeted feeds and advertisements that are compounding her insecurities and making her feel isolated.

Over the past six years, the system’s response to non-consensual and unauthorised data use has evolved from the nascent to the mainstream stage. There is a growing recognition of data privacy concerns among individuals, businesses, and governments. The deliberations on the data protection bills since 2019 have brought about greater legal consensus on how to mitigate the risks as a result of which leading private-sector firms have started acting on data privacy.

2016 status: Recognition of the risk was limited to the experts. This was visible in the petitions filed during the 2016 WhatsApp privacy policy change.99

Key Developments

Enshrinement of Right to Privacy

In the Puttaswamy judgement, SC upheld the ‘right to privacy’.100

2022 status: The risk is well understood by all stakeholders. While the data protection bill is in its final stages, business solutions have also increased. Increased awareness among consumers was visible during the 2021 WhatsApp privacy policy change.

Passing of GDPR regulations in the EU

Post the Snowden leaks and debates regarding individual privacy, the GDPR was passed in the EU.101

Release of Srikrishna Committee report

The report submitted to MeitY in 2019 was on the basis of the first draft of the PDP bill in 2020 that set out the framework for data protection regulation in India.102

Series of privacy features launched by businesses

Between 2019 and 2021, Google and Apple updated the privacy policies for their platforms. Safari and Firefox also changed their cookie settings.103

Release of Digital Personal Data Protection Bill

The 2019 bill was withdrawn in August 2022 and a new draft Digital Personal Data Protection Bill, 2022 was released for public feedback in November.104

Key Trends

Privacy and data protection measures by businesses have increased

Policy focus on data collection and sharing has increased. A new draft Digital Data Protection Bill is being actively debated.

Awareness on concerns of data collection, sharing and usage has increased.

In 2016, only few forward looking companies such as Snapdeal were talking about the risk of data privacy. By 2021, businesses such as Apple incorporated device privacy as a USP for their products. Experts have also suggested that a lot of cloud service providers are using customer encryption keys. Additionally, cookie settings have also been changed by browsers such as Firefox and Chrome. Privacy-first measures are being seen as a competitive advantage by businesses.105

The AP Shah Committee, 2012, had worked on Aadhaar related privacy concerns but no regulations emerged. In 2016, digital privacy concerns were sparsely covered under the individual clauses of the IT Act. After the Puttaswamy judgement of 2017 and the release of Srikrishna Committee report in 2018, a bill was developed and tabled in parliament in 2019. This was referred to a Joint Parliamentary Committee which submitted its report in 2021. In 2022, the 2019 bill was withdrawn and a new draft was released for public feedback.106 107 108

Reportedly, 122 mn people were using mobile browsers with built-in ad blockers in 2016. There were no visible reactions on privacy concerns then. In 2021, ad blocker usage had grown to ~50% of the population. Individuals have also been voicing their opinions against sharing of personal data, as was seen during the 2021 WhatsApp policy updates.109 110

7: Affordable and Personalised Products and Services | Non-consensual or Unauthorised Data Collection, Sharing and Usage

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

The increasing interest of all stakeholders in ensuring privacy has developed a vibrant ecosystem to solve this risk. However, solutions are limited and the risk is expected to grow with the use of newer technologies such as IoT and AI. Hence, to ensure the sustainable mitigation of risk, and consensual data sharing and usage, our research suggests the following pathways for philanthropic investment:

Aid implementation of solutions by building feedback loops: Large scale research, grievance redressal mechanisms.

Support implementation of scale solutions to mitigate the risks at scale.

Piloting private sector solutions that eliminate the trade-offs in diverging priorities of private, public and social sectors.

The table below presents gap areas and illustrative funding opportunities for philanthropic capital to improve data privacy:

Pathways

Opportunities

Build a pan-India representative dataset of consumer perceptions and requirements to highlight the gaps in data privacy awareness and required solutions. This can enable increased understanding of the concept among users and improve transparency and accountability of existing solutions.

Develop certification or skilling initiatives for programmers to incorporate privacy by design in technology products.

Fund and support open-source solutions that can create technology solutions that address privacy and transparency. These technologies can be aimed towards data minimisation, better identity and access management, and data compliance for businesses (for example, masking personally identifiable information while processing customer data).

Fund and support low cost solutions that enable businesses to implement responsible data practices and ensure compliance with privacy regulations.

Poor Social Security Benefits for Gig Workers

Access to internet has created multiple flexible livelihood opportunities but is also exposing these workers to a risk of poor social security.

The digital platform economy has seen fast-paced growth in India in the past decade. These platforms have opened up varied livelihood opportunities for individuals across demographics. It is expected to provide flexibility in terms of work culture and help in formalising the informal sector.

These new jobs are being dominated by the gig economy workforce, which is limited by its access to skills, the undefined or uncertain nature of employment, uncertain policy support, and lack of social security. Alongside,

out of the four recent labour codes for workers, only the code on social security contains provisions for gig workers.111 However, even these codes are contentious on the cover provided, the role aggregators play, as well as several other crucial parameters.112 This leaves gig workers without any minimum wage, and occupational safety and social security benefits. There have been multiple strikes by app based drivers across different cities between 2017-2022 and no solutions have been reached yet.113

DEFINITION

Gig Work consists of temporary or project-based economic activities outside of standard, long-term employer-employee relationships. This consists of an umbrella of a large group of temporary work which can be either offline or online.116

HOW DOES IT IMPACT INDIVIDUALS?

David lives in Raipur and works as a car driver for a cab sharing platform.

of India’s app based transport gig workforce surveyed have no form of insurance.

His family lives in a village near Bastar and he is the only earning member in his family of five. He also took a loan to buy a secondhand car, which he drives through the platform for his living. He works for 15 hours a day so that he can ensure monetary incentives and send that money home.

India’s implemented laws and legislations provide for

security protections for gig workers.

wage or

One of these days, he met with an accident and faced a medical emergency. Since he did not have a medical insurance, all his savings went in hospital bills. He and his family faced a tough time during his recovery period.

Over the past six years, the system’s response to gig workers’ rights has evolved from the latent to the emerging stage. There is a growing recognition of rights for platform gig workers, globally and in India. Civil society, mainstream media, and regulatory discussions have picked up significantly, but there are limited solutions.

2016 status: The platform economy had not picked up significantly in India. The risk of social security for gig workers had not been well identified and there were no discussions on the same.

2022 status: As the gig economy has grown over the past six years, there have been multiple strikes and related civil society discussions. Mainstream media has covered gig workers’ rights and discussions have picked up in the public sector as well.

Key Developments

Ola and Uber drivers strike

The strike started in Hyderabad and spread across other metro cities. The demand was to ensure better rates and insurance.117

New Social Security Code is passed

For improving the labour laws in the country, the GoI presented and passed the Code on Social Security, 2020 which mentions ‘gig workers’ and ‘platform workers.118

UK Court ruling in favour of gig workers

The UK SC gave a ruling that Uber drivers should be treated as workers and not independent contractors, hence granting them all social security benefits.119

Petition in SC seeking social security

The Indian Federation of App-based Transport workers (IFAT) has filed a petition in the Supreme Court seeking social security benefits from their companies such as Ola. Uber, Zomato, and others.120

NITI Aayog’s report on the Gig Economy

NITI Aayog’s report on ‘India’s Booming Gig and Platform Economy’, acknowledged the challenges faced by gig workers, including the lack of social security and benefits.123

Key Trends

Civil society has actively started discussing the subject and a rights-based vocabulary for gig workers have started to emerge.

There is an increase in policy discussions to provide social security to gig workers.

Back in 2016, very limited discussions on social security of gig workers existed. However, discussions by civil society have been extensive in the recent years, including those with the government. Media houses such as The Ken, Entrackr, Inc42, and others, have also covered issues of minimum wage, workplace conditions and social security for workers extensively.121

In 2016, Indian policies and regulations did not cover any social security for gig workers. However, now the Code on Social Security, 2020 has created the potential of establishing social security measures for gig workers in the sector. The codes have not yet been implemented as the rules are getting finalised.122

8: Access to Diverse Income Generation Activities through Gig Economy | Poor Social Security Benefits for Gig Workers

INTERVENTION SPOTLIGHT

CIS has been supporting the creation of a well governed ecosystem around the issue of gig worker rights.

Technology has shifted the contours of existing jobs and has become a major driver of the gig economy in India. Platform gig workers in India have been facing concerns related to working conditions, wages and other social security issues. There has been a series of strikes between 2017 and 2020 across the country demanding social security cover.

It was in light of these events that the Indian Federation of App-based Transport Workers came into existence in 2019. The Centre for Internet & Society (CIS) worked with the worker associations, IFAT and International Transport Workers’ Federation (ITF) on an evidence-based research study in six cities in India to assess the working conditions of app-based drivers. The study also covered the impact of the pandemic on these platform gig workers.

Based on the research support provided by CIS, IFAT filed a PIL against leading cab and food delivery platforms demanding social security benefits. The petitioners also referred to the recent UK ruling on providing social security benefits to platform workers. The Supreme Court has issued a notice to the central government towards the same.

CIS’ rigorous and credible research helped build early evidence and a vocabulary around the nascent and emergent risks concerning workers’ rights in a digital society.

8: Access to Diverse Income Generation Activities through Gig Economy | Poor Social Security Benefits for Gig Workers

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Despite the increased recognition of concerns of gig workers, legal clarity and solutions to combat this risk remain limited. The recognition and awareness is also limited to technocrats and a small section of the population. Our research suggests the following pathways for philanthropic investment to move the system to the next stage of evolution:

Building consensus through large datasets, policies and, legal ecosystem.

Piloting private sector solutions that eliminate the trade-offs in diverging priorities of private, public and social sectors.

The table below presents gap areas and illustrative funding opportunities for philanthropy to advance the discourse and pilot solutions to protect the rights of gig workers:

Pathways

Opportunities

Conduct credible and pan-India research and datasets on the potential risks for gig-economy workers and disseminate the findings to increase awareness among individuals and decision makers.

Fund organisations that can improve the government’s capacity and strengthen its processes to enable a more efficient implementation of the rules made under the Code on Social Security.

Fund proof of concept for new technology and business models that are worker-first. For example, those who provide social security benefits and in-app support to workers.

Monopolisation and Market Concentration

Rapid digitisation has helped businesses achieve efficiency, market linkages and other benefits. However, the benefits of digitisation have not been accessible to all businesses. Many continue to be exposed to monopolisation and market concentration risks.

In recent years, India has emerged as one of the fastest growing digital economies with 14% of the total app downloads across the world (in 2020).124 Digitisation has changed how business is done, providing 86% of small startups with opportunities to utilise cross-border markets. It has also led to innovative, affordable products and services which are beneficial to consumers, businesses and governments.125

Despite these benefits, there is an increasing risk of monopolisation of the digital economy by a few big players which tends to reduce the benefits that small businesses can reap. This monopolisation is driven by the quantum of data and infrastructure available with businesses, as well as the effects of far-reaching networks forged by the big players. At times, unfair trade practices related to search results and fake reviews have also been witnessed in the ecosystem.126

DEFINITION

Monopolisation refers to attempts by a dominant firm to maintain or increase market control through various anti-competitive practices such as predatory pricing, foreclosure of competition and so on.128

Antitrust laws are regulations that encourage competition by limiting the market power of any particular firm.129

HOW DOES IT IMPACT INDIVIDUALS?

Mahesh lives in Coimbatore. He was working as a Sales Executive in a leading private company till 2020. During the pandemic, he lost his job and eventually started his sustainable disposable crockery venture.

He has listed his venture on all online marketplaces and has also tied up with leading e-commerce platforms. While his business has been doing well in the city, his online experience has not been good. He is not getting any orders through the platforms even though sales of similar products by his competitors on these platforms is high.

He assessed these platforms and realised that his products were listed towards the end of the search list, while products manufactured by subsidiary companies of these platforms were listed among the top 10. This has started to impact his financial stability.

Over the past six years, the system’s response to monopolisation has moved from the latent to the emerging stage. There is a growing recognition of antitrust concerns globally and in India, causing the regulatory focus on market concentration to increase significantly.

2016 status: While the risk had begun to manifest, there were no major discussions around it.

2022 status: Multiple regulatory measures to curb the risk are emerging. Apart from increasing CCI investigations, the discussions on ONDC, and NPD framework have also advanced the discourse on platform/digital economy.

Key Developments

Google fined for ‘Search Bias’

In the petition filed by Bharat Matrimony and CUTS, Google was found to be abusing its dominant power to create a search bias. It was fined ~USD 21 mn.130

Petition against Flipkart in the CCI court

The All India Online Vendors Association filed a petition against Flipkart for using their dominant market position to favour certain sellers.131

Discussion on creation of the ONDC

The Department for Promotion of Industry and Internal Trade is building an Open Network for Digital Commerce (ONDC) to curb digital monopolies and standardise the onboarding of retailers on e-commerce sites.132

Strengthening of anti-trust regime underway

The Standing Committee on Finance submitted its report on anti-competitive practices by leading tech companies. Among other measures, it proposes a ‘Digital Competition Act’ to ensure fairness, transpareny and contestability, and a specialised ‘Digital Markets Unit’ within CCI.133 134

Key Trends

There has been an increase in CCI investigations on large private-sector firms

There has been an increase in platformisation to control monopolisation and unlock broader private sector play

In 2016, discussions around digital monopolisation was limited. Recent years have seen an increase in scrutiny of tech firms by Competition Commission of India (CCI).

In 2018, the CCI fined Google over USD 21 mn for its biased search functionality.135

In 2020, the CCI accepted a complaint against Amazon’s interaction with Cloudtail, owing to allegations on anti-competitive practices. In 2021, the CCI launched an investigation into the new WhatsApp privacy policy. MeitY urged the Delhi High Court to restrain WhatsApp from implementing the privacy policy.136 In 2022, the CCI fined Google in two separate cases and issued directives for changes to Android and Playstore in India.137 138

In 2016, UPI came up as the first effort at platformisation. In 2021, the government of India discussed the creation of an ONDC to ‘democratise digital commerce’. It is an initiative aiming at promoting open networks for all aspects of exchange of goods and services over digital or electronic networks. ONDC is to be based on open-sourced methodology, using open specifications and open network protocols independent of any specific platform.139 The government has also conveyed its apprehensions around e-commerce giants on multiple occasions.140

IT for Change pioneered the concept of ‘community data’ and thereby influenced policy.

Constant and continuous flow of data is an axiomatic feature of the digital age, with an increasing number of services being accessed via digital platforms - from transport and hospitality to retail and finance. Every user interaction with digitally-enabled products or services generates data in the background about the user’s preferences and her digital characteristics, thus amassing vast amounts of granular data about every aspect of daily life. This data, when aggregated, can provide highly accurate, useful and valuable insights about the social and economic interactions taking place in a given community. Unfortunately, though, it is primarily large digital platforms that, by virtue of being at the receiving end of this data, are able to exploit all of its economic value to the exclusion of the communities that generated it. (Communities, here, is intended broadly to include any group bound by common interests or purpose, such as geography, life, livelihood, economic interactions, social interests etc.).

The idea of individual rights in personal data (like privacy) has begun to gain significant acceptance globally. However, collective rights of communities in the aggregate (nonpersonal) data they help generate are yet to be recognised. This, in turn, leads to the misappropriation and misuse of their collective data for the exclusive benefit of a few dominant platform while those who contribute the data – users, business entities, and communities – are largely left in the hands of digital corporations. Therefore, there exists a pressing need to determine the economic rights of groups / communities to their aggregate data and develop frameworks for redistributing its value in a more inclusive and fair manner.

IT for Change applied the Institutional Analysis and Development (IAD) framework, developed by Elinor Ostrom to examine the management of data and digital intelligence resources at the community level. They worked towards treating data and digital intelligence as common pool resources under common property regimes, hence pioneering the concept of ‘community data’.

The concept of community data has been adopted by the draft e-commerce policy and the Kris Gopalakrishnan Committee on the NPD framework. IT for Change is also in discussion with international organisations to develop a global model framework law on community data.

Creating new concepts and vocabulary, and leveraging strong and credible relationships with decision makers were success factors that helped IT for Change shape e-commerce policy and the NPD framework.

9: Integration of Businesses through Digital Platforms | Monopolisation and Market Concentration

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Despite the increased regulatory efforts to ensure fair market competition, the evolving nature of the digital economy is yet to be fully understood by policymakers and other stakeholders. Our research suggests the following pathways for philanthropic investment to move the system to the next stage of evolution:

Building consensus through large datasets, policies and, legal ecosystem.

Piloting private sector solutions that eliminate the trade-offs in diverging priorities of private, public and social sectors.

The table below presents gap areas and illustrative funding opportunities for philanthropy to advance the discourse and prevent monopolisation and market concentration:

Pathways

Opportunities

Conduct credible and pan-India research and build knowledge on the needs, requirements, and opportunities to support local startups, MSMEs, etc.

Support policy dialogues to strengthen the competition regulations, associated public institutions and safeguards.

Pilot and support new technologies that support interoperability and are anti-monopolistic. For example, low cost solutions that help small businesses digitise and be compliant.

Conclusion and Way Forward

Philanthropy can play a catalytic role in creating a safe and inclusive digital society. This can be achieved through collaborative interventions aligned with the stage of evolution of the ecosystem’s response to a particular risk.

Internet penetration is progressing at a fast pace to reach about 900 mn Indians by 2025.141 It is essential to address the potential risks associated with the digital society so that the individuals are able to reap its benefits to the fullest potential. The mainstream technology and philanthropic ecosystem have been actively working on these risks in the last few years. As a result of this work, the Indian ecosystem has evolved significantly. However, much more still needs to be done.

Creating tangible impact in a complex interconnected system requires working collaboratively and building consensus among

all stakeholders. Moreover, different stages of evolution need specific interventions based on the level of awareness, presence of regulations, and maturity of solutions available across the private and public sectors. In early stages, building vocabulary and awareness is helpful, and as the ecosystem gets more mature, piloting solutions and supporting effective implementation of solutions becomes more important. The exhibit below shows the illustrative opportunities that can be deployed in each of the risks to evolve the ecosystem further. RISK

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Misinformation and fake news

Emerging

Use relatable and vernacular channels such as radio, TV shows , movies and social media to spread awareness and build capability of large sections of population to identify and combat misinformation.

Build strong regulatory / oversight mechanisms and mandates to strike the right balance between misinformation and censorship and for effective grievance redressal.

Fund proof of concept of technology tools, solutions, and processes that can address misinformation in local and slang languages.

Online harassment

Mainstream

While most of the risks are understood, creating a shared regulatory vocabulary for problematic content that is consistent and exhaustive so as to cover largescale issues such as online misogyny and harassment will help improve redressal of complaints.

Support evidence building towards strengthening existing regulations that include aspects such as morphing of images, into the ambit of the law. Dedicated institutional bodies for resolving online harassment concerns are needed to combat the growing number of online harassment cases.

Fund and support proof of concept for technology add-ons in social media apps for building capacity of Indian users to recognise online harassment and protect themselves. These technologies should be adept at identifying local and slang languages to help users in all ways.

RISK EVOLUTION STAGE (2022)

Negative impact on mental wellbeing

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Emerging Conduct credible and pan-India research and collect large-scale datasets on the impact of digitisation on mental wellbeing in the Indian context.

Fund proof of concept for innovative technology solutions that combat wellbeing concerns rising due to internet and social media usage, such as anxiety, addiction, and depression.

Exclusion from digitally delivered services

Mainstream

Partner with grassroots organisations to understand the exclusion challenges and fund proof of concept for technology solutions to minimise verification/authentication errors.

Use the learnings from Aadhaar to conduct data protection impact assessment before linking other digital IDs.

Build narratives of best practices on digital IDs to build capacity of policymakers for building better digital IDs going forward.

Risk of surveillance due to emerging technologies

Nascent Conduct and disseminate research among users and policymakers to shared understanding of the manifestation and magnitude of potential and risk of FRTs in the Indian context.

Conduct extensive research to understand the impact on data protection for each of these technologies, and create a repository that can be used as a reference before the technologies are adopted for law enforcement in the Indian context.

Fund fellowships or skilling programmes to increase awareness among practitioners (programmers, entrepreneurs, public policy experts), to create a strong community of responsible technology actors.

Data security breaches and online frauds

Mainstream

Create a strong ecosystem of cybersecurity professionals that work on building a white hat culture, conduct preventive assessments to avoid private sector negligence.

Support capacity building of public institutions and safeguards.

Provide incubation support to innovators where they can test out their innovations and develop proofs of concepts. Incubation support can include tools such as synthetic data assets, Application Programming Interface (API) marketplaces, a coding environment, and access to expert mentors and observers.

Fund and support innovative, easy-to-use encryption and password-less identity and access management products that can serve mid-market clients and promote decentralised data management.

Fund and support digital risk management platforms that help companies detect cybersecurity threats.

RISK EVOLUTION STAGE (2022)

Non-consensual or unauthorised data collection, sharing and usage

OPPORTUNITIES FOR PHILANTHROPIC INVESTMENT

Mainstream Build a pan-India representative dataset of consumer perceptions and requirements to highlight the gaps in data privacy awareness and required solutions. This can enable increased understanding of the concept among users and improve transparency and accountability of existing solutions.

Develop certification or skilling initiatives for programmers to incorporate privacy by design in technology products.

Fund and support open-source solutions that can create technology solutions that address privacy and transparency. These technologies can be aimed towards data minimisation, better identity and access management, and data compliance for businesses (for example, masking personally identifiable information while processing customer data).

Fund and support low cost solutions that enable businesses to implement responsible data practices and ensure compliance with privacy regulations.

Poor social security benefits for gig workers

Emerging Conduct credible and pan-India research and collect datasets on the potential risks for gig-economy workers, and disseminate the findings to increase awareness among individuals and decision makers.

Fund organisations that can improve the government’s capacity and strengthen its processes to enable a more efficient implementation of the rules under the Code on Social Security.

Fund proof of concept for new technology and business models that are worker-first. For example, those who provide social security benefits and in-app support to workers.

Monopolisation and market concentration

Emerging Conduct credible and pan-India research, and build knowledge on the needs, requirements, and opportunities to support local startups, MSMEs, etc.

Support policy dialogues to strengthen the competition regulations, associated public institutions and safeguards.

Fund and support new technologies that support interoperability and are anti-monopolistic. For example, low cost solutions that help small businesses digitise and be compliant.

Retrospective Learnings From Actioning these Pathways

While the actual implementation of the identified pathways depends on the stage of the relevant challenge, a range of overarching considerations can help maximise the impact of last-mile execution.

Use ‘team of teams’ in designing solutions: Changing systems for a particular challenge requires multiple and differential interventions over a sustained period of time. Having a long-term strategic focus on one problem, investing in multiple systems-change pathways for the same, and leveraging diverse stakeholders can result in maximising the impact in the long run. For example, research and evidence-building can be coupled with user behaviour change initiatives to solve issues around nonconsensual data collection, sharing, and usage.

Collaborative work is integral to minimise the benefit and risk trade-offs of digital society: Beyond doubt, the digital society has provided new ways of building efficient communication, systems and processes. Hence, we require solutions that can minimise risks while maintaining the benefits being accrued. This requires multi-stakeholder participation to design holistic solutions. Bringing together dedicated philanthropic funders, investors, researchers, grassroots implementers, businesses, developers, and entrepreneurs will enable a more holistic view. This could be done through the development of issue-specific and stakeholder-specific collectives.

Deepening the end-beneficiary lens in the interventions can enable targeted impact for the pathway: As the usage of digital technologies vary across different individuals and communities, their awareness and access to solutions also varies. This leads to differential vulnerabilities of individuals to the risks of a digital society. Consequently, keeping them in consideration when designing and executing interventions can enable scalable and long-term change in the system. For instance, designing solutions for online harassment would require drawing upon the lived experiences of women and gender minorities, who are trying to make social media platforms safer by filing content moderation requests.

Systems change is non-linear and evolves over a period of time, thus requiring patient capital investments: Systems change occurs in a non-linear fashion. It involves empowering the ecosystem and building its capacity to react to critical events and inflection points. This preparedness of the system can be built by establishing long-term funding streams that are able to reflect on the success of the interventions.

Appendix

Abbreviations

ABDM Ayushman Bharat Digital Mission

API Application Programming Interface

ASHA Accredited Social Health Activist

CAGR Compound Annual Growth Rate

CCI Competition Commission Of India

CCTV Closed-Circuit Television

CERT-IN Indian Computer Emergency Response Team

CIS Centre For Internet & Society

CUTS Consumer Unity & Trust Society

DBT Direct Benefit Transfer

ERT Emotion Recognition Task

EU European Union

FIR First Information Report

FRT Facial Recognition Technology

GDP Gross Domestic Product

GDPR EU General Data Protection Regulation

I&B Information and Broadcasting

IFAT Indian Federation Of App-Based Transport Workers

IIC International Innovation Corps

IT Information Technology

ITF International Transport Workers’ Federation

KYC Know Your Customer

LPG Liquefied Petroleum Gas

MNC Multinational Corporation

MGNREGA Mahatma Gandhi National Rural Employment Guarantee Act

NBFC Non-Banking Financial Company

NPD Non Personal Data

ONDC Open Network for Digital Commerce

OTP One Time Password

PDS Public Distribution System

PDP Personal Data Protection

PHC Primary Health Care

POCSO Protection of Children From Sexual Offences

RBI Reserve Bank Of India

SC Supreme Court

SLP Special Leave Petition

TAT Turn Around Time

UIDAI Unique Identification Authority Of India

UK United Kingdom

UPI Unified Payment Interface

USP Unique Selling Point

Research Participants

We thank all experts who shared their perspectives and inputs throughout the research

• Ms. Jhalak Kakkar, Centre for Communication Governance

• Ms. Petra Sonderegger and  Mr. Swetha Totapally, Dalberg

• Mr. Kiran Jonnalagadda, Hasgeek

• Mr. Anand Venkatanarayanan, DeepStrat

• Mr. Vikram Sinha and Mr. Hemant Adarkar, Artha Global

• Ms. Anja Kovacs, Feminist Futures

• Mr. Parminder Jeet Singh and Mr. Gurumurthy Kasinathan, IT for Change

• Mr. Rishab Bailey and Dr Ajay Shah, Cross Disciplinary Knowledge Data Research

• Ms. Urvashi Aneja, Digital Futures Lab

• Ms. Isha Suri, The Centre for Internet and Society

• Mr. Amber Sinha, Mozilla and Pollicy

• Mr. Nikhil, 21N78E

• Ms. Astha Kapoor and Ms. Suha Mohamed, Aapti Institute

• Mr. Neelesh Mishra, Big FM

• Mr. Emrys Schoemaker, Caribou Digital

• Dr. Pooja Haldea, Centre for Social and Behaviour Change

• Mr. Ronald Abraham, IDInsight

• Mr, Mitul Thapliyal, Microsave

• Mr. Viswanathan Rajendran, AT Kearney

• Ms. Archana Gulati, NITI Aayog

• Ms. Shahana Chatterjee, Shardul Amarchand Mangaldas & Co

• Mr. Sitansu Mahapatra, NIC

• Ms. Yukti Sharma, Ms. Deepika Raman and Mr. Vivek Eluri, IIC

• Dr. Tarunima, Tattle

• Mr. Sandeep Rao and Ms. Shivangi Nadkarni, Arrka

• Mr. Kaushal Mahan, Chase India

• Mr. Anand Krishnan, British High Commission in India

• Mr. Bhagwan Chowdhry, DIRI-ISB

• Mr. Priyank Mathur, Mythos Labs

• Mr. S. Vivek, NLSIU

• Ms. Bishakha Datta, Point of View

• Ms. Karla Bookman, Swaddle

• Mr. Donald Lobo, Tech4Dev

• Mr. Kazim Rizvi, The Dialogue

• Ms. Shriya Sethi, McKinsey

• Mr. Sharad Sharma, World Comics India

• Ms. Aparajita Bharti, Young Leaders of Active Citizenship (YLAC)

• Mr. Amol Kulkarni, CUTS International

• Mr. Ramanjit Chima, Access Now

• Ms. Amrita Choudhury, CCAOI

• Ms. Anushka Jain and Mr. Apar Gupta, IFF

• Ms. Hameeda, Sadbhavana Trust

• Mr. Anirudh Rastogi and Ms. Nehaa Chaudhari, IKIGAI Law

• Ms. Anika Verma and Ms. Nirmala, Breakthrough.tv

• Ms. Shruti Trikanand and Ms. Yesha Tshering Paul, CIS

• Mr. J. Satyanarayana, ex- UIDAI

• Mr. Amlan Mohanty, ex-Google

• Mr. Arghya Sengupta, Vidhi Centre for Legal Policy

About Us

Sattva Consulting is a leading consulting firm in the social impact sector. Sattva works with corporate CSR, foundations, multilaterals, non-profits, and social enterprises on scalable and sustainable solutions for social impact. Sattva works on the ground in India, Africa and South Asia and engages with 500+ organisations across the globe through service offerings in the space of strategic advisory, implementation, CSR advisory, research advisory, impact evaluation, and co-creation of sustainable models. Sattva works to realise inclusive development goals in emerging markets, across thematic areas, including in education, skill development and livelihoods, healthcare, water and sanitation, digital and financial inclusion, environment and climate action, among others.

To learn more, visit www.sattva.co.in, and follow us on Twitter @_sattva and on LinkedIn @Sattva Consulting

Omidyar Network India invests in bold entrepreneurs who help create a meaningful life for every Indian, especially the hundreds of millions of Indians in low-income and lowermiddle-income populations, ranging from the poorest among us to the existing middle class. To drive empowerment and impact at scale, we work with entrepreneurs in the private, nonprofit and public sectors, who are tackling India’s hardest and most chronic problems. We invest in the areas of Advancing Cities, Digital Society, Education & Employability, Emerging Technologies, Financial Inclusion & Wellbeing and Property Inclusivity. Omidyar Network India is part of the Omidyar Group, a diverse collection of companies, organizations and initiatives, supported by philanthropists Pam and Pierre Omidyar, founder of eBay.

To learn more, visit www.omidyarnetwork.in, and follow us on Twitter - @on_india and on LinkedIn at Omidyar Network India

Acknowledgements & Credits

This report was authored by Sattva Consulting and supported by Omidyar Network India (ON India). The authors would like to thank and acknowledge the ON India team - Subhashish Bhadra, Varad Pande, and Shilpa Kumar - for their constant guidance and cooperation. We deeply appreciate the strategic inputs from project advisors - Dr. Arvind Subramanian, Ireena Vittal, and Manish Sabharwal without whose support this report would not have been possible. A special thanks to Vrinda Bhandari, Tanuj Bhojwani, and Sanjay Anandaram for their technical and constructive inputs during the course of this study. We also appreciate the experts and ON India partner organisations for sharing their experiences and inputs. Lastly, we would also like to extend our appreciation to our designers and copy-editors for their contribution towards the design and production of this report.

Published by Sattva in March 2023.

Supported by Omidyar Network India

Authors:

Rathish Balakrishnan, Bhavin P Chhaya, Mansha Balecha, Abhineet Nayyar, Swapna Nixon, Palagati Lekhya Reddy, Khyati Dharamshi, and Aditi Chatterjee.

Advisors:

Dr. Arvind Subramanian, Ireena Vittal, Manish Sabharwal, Subhashish Bhadra, Shilpa Kumar, and Varad Pande.

Design and typesetting:

Harshvardhan Gantha

Copyrights

This work is licensed under the AttributionNonCommercial ShareALike 4.0 International License:

Attribution - You may give appropriate credit, provide a link to the license, and indicate if any changes were made.

NonCommercial - You may not use the material for commercial purposes.

ShareALike - If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

Endnotes

1 India to have 900 mn internet users by 2025, 2022. https://www.livemint.com/news/india-to-have-around-900-million-internet-users-by-2025-report-11659063114684.html

2 The Indian Telecom Services Performance Indicators, Telecom Regulatory Authority of India, 2022. https://www.trai.gov.in/sites/default/files/QPIR_23112022.pdf

3 India ranks lowest on global mobile data cost and that’s great news [here’s how]. International Business Times, 2022. https://www.ibtimes.co.in/india-ranks-lowest-global-mobile-data-cost-thats-great-news-hereshow-839072

4 BFSI – Fintech & Financial Services. Invest India, 2022. https://www.investindia.gov.in/sector/bfsi-fintech-financial-services

5 Facts About Edtech Market Expansion in India. Startup Talky, 2022. https://startuptalky.com/edtech-market-expansion-india/

6 Year-End-Review, Department of Food and Public Distribution, 2022. https://pib.gov.in/PressReleasePage.aspx?PRID=1882759

7 ‘After Covid, cases of online harassment spiked by 5 times’. The Indian Express, 2021. https://indianexpress.com/article/cities/ahmedabad/after-covid-cases-of-online-harassment-spiked-by-5-times-7137386/

8 India Cybersecurity Industry, 2021. https://www.dsci.in/content/india-cybersecurity-industry-2021

9 Reserve Bank of India, Annual Report, 2021-22. https://rbidocs.rbi.org.in/rdocs/AnnualReport/PDFs/0RBIAR2021226AD1119FF6674A13865C988DF70B4E1A.PDF

10 Reserve Bank of India, Annual Report, 2018-19. https://rbidocs.rbi.org.in/rdocs/AnnualReport/PDFs/0ANNUALREPORT2018193CB8CB2D3DEE4EFA8D6F0F6BD624CEDE.PDF

11 Smartphone penetration rate in India 2010-2040. Statista, 2022. https://www.statista.com/statistics/1229799/india-smartphone-penetration-rate/#:~:text=This%20statistic%20shows%20the%20smartphone,from%20 26%20percent%20in%202018

12 Social media usage in India, 2022. https://www.statista.com/topics/5113/social-media-usage-in-india/#dossierContents__outerWrapper

13 Leading countries based on Facebook audience size, 2022. https://www.statista.com/statistics/268136/top-15-countries-based-on-number-of-facebook-users/

14 NCRB data, 2021. https://www.thequint.com/news/webqoof/ncrb-2021-data-shows-42-percent-drop-in-cases-under-ipc-section-505-fake-news

15 Misinformation and Disinformation: Thinking Critically about Information Sources. College of Staten Island, 2021. https://library.csi.cuny.edu/misinformation

16 Action-Packed Hearing in Facebook’s Transfer Petition before the Supreme Court. The Internet Freedom Foundation, 2019. https://internetfreedom.in/action-packed-hearing-in-facebooks-transfer-petition-before-thesupreme-court/

17 How India’s Factly Is Using Technology to Fight Misinformation. Meta Journalism Project, 2019. https://www.facebook.com/journalismproject/india-factly-fighting-false-news-facebook

18 About BOOM. BOOM Live. Accessed 21 March, 2022. https://www.boomlive.in/about-us/

19 I&B To Combat Fake News With FACT Module: Report. MediaNama, 2019. https://www.medianama.com/2019/11/223-fake-news-mib/

20 Regulating Information Technology Intermediaries, 2022. https://www.theindiaforum.in/law/regulating-information-technology-intermediaries

21 Fact-checking vigilantes in India are a bulwark against the move to a ‘post-truth’ world. Scroll.in, 2019. https://scroll.in/article/921613/fact-checking-vigilantes-in-india-are-a-bulwark-against-the-move-to-a-post-truthworld

22 How to forward messages. WhatsApp. Accessed 21 March, 2022. https://faq.whatsapp.com/android/chats/how-to-forward-messages/?lang=en

23 Twitter’s manipulated media policy will remove harmful tweets & voter suppression, label others. TechCrunch, 2020. https://techcrunch.com/2020/02/04/twitters-policy-on-deepfakes-and-manipulated-media-will-only-remove-harmful-tweets-including-voter-suppression/

24 IT Rules 2021: Government notifies three Grievance Appellate Committees to address users’ complaints, 2023. https://timesofindia.indiatimes.com/gadgets-news/it-rules-2021-government-notifies-three-grievance-appellate-committees-to-address-users-complaints/articleshow/97411544.cms

25 Indians from marginalised groups crowdfund for Western education. AlJazeera, 2021. https://www.aljazeera.com/news/2021/6/25/indians-from-marginalised-groups-crowdfund-for-western-education

26 58 per cent young women face online harassment, abuse: Report. Indian Express, 2020. https://indianexpress.com/article/lifestyle/life-style/58-per-cent-young-women-face-online-harassment-abuse-state-of-theworlds-girls-report-plan-international-6706258/

27 ‘Boys Locker Room’ case: 15-year-old held in South Delhi, 10 others identified. The New Indian Express, 2020. https://www.newindianexpress.com/nation/2020/may/05/boys-locker-room-case-15-year-old-held-insouth-delhi-10-others-identified-2139576.html

28 ‘Bulli Bai’, ‘Sulli Deals’: On Being Put Up for ‘Auction’ as an Indian Muslim Woman. The Wire. Mariya Salim. N.d. https://thewire.in/communalism/indian-muslim-woman-auction-bulli-bai

29 Internet Adoption in India - ICUBE 2020. Kantar, pp. 3. 2021. https://images.assettype.com/afaqs/2021-06/b9a3220f-ae2f-43db-a0b4-36a372b243c4/KANTAR_ICUBE_2020_Report_C1.pdf

30 11% Jump In Cyber Crime In 2020, 50,035 Cases : What National Data Shows. NDTV, 2022. https://www.ndtv.com/india-news/national-crime-data-home-panel-report-11-jump-in-cyber-crime-in-2020-50-035-caseswhat-national-data-shows-2761963

31 Number of cyber crimes reported across India from 2012 to 2021, 2022. https://www.statista.com/statistics/309435/india-cyber-crime-it-act/

32 The ‘Purdah’ amendment: Proposed changes to the IT Act could draw a veil over the Indian internet. Scroll.in, 2019. https://scroll.in/article/910601/the-purdah-amendment-proposed-changes-to-the-it-act-could-draw-aveil-over-the-indian-internet

33 Notification dated, the 25th February, 2021 G.S.R. 139(E): the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Ministry of Electronics and Information Technology, 2021. https://www.meity.gov.in/writereaddata/files/Intermediary_Guidelines_and_Digital_Media_Ethics_Code_Rules-2021.pdf

34 Centre notifies new POCSO rules making law for sexual offences against children more stringent. The Economic Times, 2020. https://economictimes.indiatimes.com/news/politics-and-nation/centre-notifies-new-pocso-rules-making-law-for-sexual-offences-against-children-more-stringent/articleshow/74608023.cms

35 Oversight Board cases, 2022. https://transparency.fb.com/en-gb/oversight/oversight-board-cases/

36 Bumble Launces ‘Stand for Safety’ Initiative with Women Safety Guide to Combat Online Abuse. Firstpost.com, 2021. https://www.firstpost.com/tech/news-analysis/bumble-launches-stand-for-safety-initiative-withwomen-safety-guide-to-combat-online-abuse-9457981.html#:~:text=Bumble%20allows%20women%20to%20make,for%20hate%2C%20aggression%20or%20bullying

37

Unlocking the next big opportunity: The rise of online content creators across rural India. Financial Express, 2022. https://www.financialexpress.com/brandwagon/unlocking-the-next-big-opportunity-the-rise-of-onlinecontent-creators-across-rural-india/2413460/

38 Riehm KE, Feder KA, Tormohlen KN, et al. Associations Between Time Spent Using Social Media and Internalising and Externalising Problems Among US Youth. JAMA Psychiatry. 2019;76(12):1266–1273. doi:10.1001/jamapsychiatry.2019.2325

https://jamanetwork.com/journals/jamapsychiatry/fullarticle/2749480

39 What to know about social media and mental health. Medical News Today, 2021. https://www.medicalnewstoday.com/articles/social-media-and-mental-health

40 Digital 2016: Global Digital Overview. Data Reportal, 2016. https://datareportal.com/reports/digital-2016-global-digital-overview#:~:text=3.42%20billion%20internet%20users%2C%20equaling,equating%20to%20 27%25%20global%20penetration

41 Digital Global Overview Report, 2022: https://datareportal.com/reports/digital-2022-global-overview-report?utm_source=DataReportal&utm_medium=Country_Article_Hyperlink&utm_campaign=Digital_2022&utm_ term=India&utm_content=Global_Promo_Block

42 Supra Note 38

43 ADSI Report, 2021: https://ncrb.gov.in/sites/default/files/ADSI-2021/ADSI_2021_FULL_REPORT.pdf

44 Fortis Healthcare, 2019. https://d3frl090092vlr.cloudfront.net/90-women-recognise-body-shaming-as-a-common-behaviour-cites-study-by-Fortis-Healthcare.pdf

45 About Mental Health. Centres for Disease Control and Prevention, n.d. https://www.cdc.gov/mentalhealth/learn/index.htm#:~:text=Mental%20health%20includes%20our%20emotional,others%2C%20and%20 make%20healthy%20choices

46 Blue Whale Challenge is not a hoax: 6 cases reported from different parts of India. India Today, 2017. https://www.indiatoday.in/fyi/story/blue-whale-challenge-kerala-mumbai-bengal-indore-teenagers-suicide-1029837-2017-08-16

47 PUBG Addiction: These Incidents Show How Harmful The Game Is. News18, 2019. https://www.news18.com/photogallery/tech/pubg-addiction-incidents-indicate-the-game-is-more-dangerous-than-one-may-imagine-2306473-8.html

48 The Facebook Whistleblower Report: A Response From Children and Screens. Childrens and screen, n.d. https://www.childrenandscreens.com/the-facebook-whistleblower-report-a-response-from-children-andscreens/

49 Facebook Knows Instagram Is Toxic for Teen Girls, Company Documents Show. The Wall Street Journal, 2021 https://www.wsj.com/articles/facebook-knows-instagram-is-toxic-for-teen-girls-company-documents-show-11631620739?mod=article_inline

50 Facebook Starts New ‘Emotional Health Resource Center’ Amid Concerns Over Kids’ Wellbeing. RepublicWorld, 2021. https://www.republicworld.com/technology-news/apps/facebook-starts-new-emotional-health-resource-center-amid-concerns-over-kids-well-being.html

51 Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. https://www.meity.gov.in/writereaddata/files/IT%20Rules%2C%202021%20with%20proposed%20amended%20 texts%20in%20colour.pdf

52 PM Modi Talks About Violence in Video Games, Is This Bad News For BGMI Fans? MySmartPrice, 2021. https://www.mysmartprice.com/gear/pm-modi-violence-video-games-bad-news-bgmi/

53 Twitter Launches New “Mental Health” Initiatives For Indian Users. RepublicWorld, 2019. https://www.republicworld.com/technology-news/apps/twitter-launches-new-mental-health-initiatives-for-indian-users.html

54 Facebook, Twitter announce mental health resource centres in India. The Times of India, 2020. http://timesofindia.indiatimes.com/articleshow/78593676.cms?utm_source=contentofinterest&utm_medium=text&utm_ campaign=cppst

55 Supra note 48

56 Digital Government Strategies For Transforming Public Services in the Welfare Areas. OECD, 2020. https://www.oecd.org/gov/digital-government/Digital-Government-Strategies-Welfare-Service.pdf

57 UIDAI Annual Report, 2020-21. https://uidai.gov.in/images/UIDAI%20Annual%20Report%202020-21_English_final.pdf

58 State of Aadhar: A People’s Perspective, 2019. https://stateofaadhaar.in/assets/download/SoA_2019_Report_web.pdf?utm_source=download_report&utm_medium=button_dr_2019

59 State of Aadhar: A People’s Perspective, 2019. https://stateofaadhaar.in/assets/download/SoA_2019_Report_web.pdf?utm_source=download_report&utm_medium=button_dr_2019

60 Social Inclusion and Integrated Service Delivery. Nadine Camerone, n.d. https://www.rch.org.au/uploadedFiles/Main/Content/ccch/RT_Seminar_11.5.12_-_N_Cameron.pdf

61 An overview of the legitimacy of the Aadhaar Act by the Supreme Court. IPleaders, 2020. https://blog.ipleaders.in/an-overview-of-the-legitimacy-of-the-aadhaar-act-by-the-supreme-court/

62 Aadhaar: A Quick Summary Of The Supreme Court Majority Order. Quint, 2018. https://www.bloombergquint.com/aadhaar/aadhaar-a-quick-summary-of-the-supreme-court-majority-order

63 Policy Update: Highlights of the Aadhaar and other laws (amendment) Act. Community by Nasscom Insights https://community.nasscom.in/communities/policy-advocacy/policy-update-highlights-of-the-aadhaar-andother-laws-amendment-act-2019.html

64 COVID-19 vaccine beneficiaries were assigned unique health IDs without their consent, The Caravan, 2021. https://caravanmagazine.in/health/covid-19-vaccine-beneficiaries-were-assigned-unique-health-ids-withouttheir-consent

65 Aadhaar enrolment for newborns Report, 2022. https://www.hindustantimes.com/india-news/aadhaar-enrolment-for-newborns-to-be-expanded-in-all-states-soon-report-101665826538660.html

66 Aadhaar Card: Dial 1947 to Find Nearest Aadhaar Centre, Updates and Other Services. News18, 2021. https://www.news18.com/news/business/aadhaar-card-dial-1947-to-find-nearest-aadhaar-centre-updates-andother-services-3936602.html

67 Aadhaar Card for Sex Workers: UIDAI eases rules; informs about special facility. ZeeNews, 2022. https://zeenews.india.com/personal-finance/aadhaar-card-for-sex-workers-uidai-eases-rules-informs-about-special-facility-2441488.html

68 Bank to pay you Rs 100 per day penalty for delay in transaction beyond these limits. The Economic Times, 2019. https://economictimes.indiatimes.com/wealth/save/bank-to-pay-you-rs-100-per-day-penalty-for-delayin-transaction-beyond-these-limits/articleshow/71514416.cms?from=mdr

69 CCTV Surveillance Is Rising in India, World, but Crime Rates Remain Unaffected. The Wire, 2022. https://thewire.in/rights/cctv-surveillance-is-rising-in-india-world-but-crime-rates-remain-unaffected

70 Panoptic tracker: Facial Recognition Systems in India, 2023. https://panoptic.in/

71 Surveillance in India and its Legalities, Accessed Feb 2023. https://www.legalservicesindia.com/article/2162/Surveillance-in-India-and-its-Legalities.html

72 AFRS In India: The Tech Is Ready, But What About The People? Analytics India Magazine, 2020. https://analyticsindiamag.com/afrs-in-india-the-tech-is-ready-but-what-about-the-people/

73 Supra Note 67

74 Facial recognition used to verify vaccine beneficiaries: govt. The Hindu, 2021. https://www.thehindu.com/news/national/facial-recognition-used-to-verify-vaccine-beneficiaries-govt/article35152786.ece

75 Sattva primary interviews

76

Facial recognition used to verify vaccine beneficiaries: govt. The Hindu, 2021. https://www.thehindu.com/news/national/facial-recognition-used-to-verify-vaccine-beneficiaries-govt/article35152786.ece

77 Facial recognition used to verify vaccine beneficiaries: govt. The Hindu, 2021. https://www.thehindu.com/news/national/facial-recognition-used-to-verify-vaccine-beneficiaries-govt/article35152786.ece

78 UPI Live Bank Members, 2023. https://www.npci.org.in/what-we-do/upi/live-members

79 Increase in phishing scams, malware campaigns, fraudulent websites associated with Covid-19. The Economic Times, 2020. https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/increase-in-phishing-scams-malware-campaigns-fraudulent-websites-associated-with-covid-report/articleshow/77763624.cms?from=mdr

80 Supra Note 9

81 5,554 cr digital transactions logged in FY2020-21: Rajeev Chandrasekhar. The Economic Times, 2021. https://economictimes.indiatimes.com/news/economy/finance/5554-cr-digital-transactions-logged-in-fy2020-21chandrasekhar/articleshow/88029640.cms?from=mdr

82 How Data Breaches Happen. Kaspersky. n.d. https://www.kaspersky.com/resource-center/definitions/data-breach

83 Digital Fraud. DDoSPedia An Online Encyclopedia Of Cyberattack and Cybersecurity Terms, Radware. https://www.radware.com/security/ddos-knowledge-center/ddospedia/digital-fraud/

84 3.2 mn debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit. The Economic Times, 2016. https://economictimes.indiatimes.com/industry/banking/finance/banking/3-2-million-debit-cardscompromised-sbi-hdfc-bank-icici-yes-bank-and-axis-worst-hit/articleshow/54945561.cms

85 Cyber Security Framework in Banks. RBI Notification, 2016. https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10435&Mode=0

86 Google Pay to now send SMS alerts for secure transactions. Mint, 2019. https://www.livemint.com/technology/apps/google-pay-to-now-send-sms-alerts-for-secure-transactions-1564584242044.html

87 Master Direction on Digital Payment Security Controls. RBI Notifications, 2021. https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12032&Mode=0

88 Explained: What is tokenisation and why has RBI issued new guidelines?. The Indian Express, 2021. https://indianexpress.com/article/explained/explained-what-is-tokenisation-and-why-has-rbi-issued-new-guidelines-7688122/

89 India’s had its worst year of cyberattacks, but 2023 will see govt & firms ramp up defences, 2022. https://theprint.in/india/indias-had-its-worst-year-of-cyberattacks-but-2023-will-see-govt-firms-ramp-up-defences/1286441/

90 Sattva analysis of RBI regulations

91 Supra Note 8

92 57% Indian companies suffered unexpected downtime in 2020 due to data loss: Study. The Economic Times, 2021. https://economictimes.indiatimes.com/tech/information-tech/57-indian-companies-suffered-unexpected-downtime-in-2020-due-to-data-loss-study/articleshow/81909066.cms?from=mdr

93 Sattva analysis of business solutions

94 Indian AI startup funding study, 2021. https://analyticsindiamag.com/study-indian-ai-startup-funding-in-2021/

95 Indian Tech Startup Funding Report, 2022. https://inc42.com/reports/indian-tech-startup-funding-report-2022/

96 Arrka: State of Privacy Study report, 2021. https://iapp.org/media/pdf/resource_center/state_privacy_apps_websites_india_2021.pdf

97 Glossary. At Internet, n.d. https://www.atinternet.com/en/glossary/consent/

98 Digital Privacy. Wikipedia, n.d. https://en.wikipedia.org/wiki/Digital_privacy

99 Whatsapp-Facebook Privacy. Supreme Court Observer, 2021. https://www.scobserver.in/cases/karmanya-singh-sareen-union-of-india-whatsapp-facebook-privacy-case-background/#:~:text=Case%20Description,messaging%20applications%20such%20as%20Whatsapp

100 Judgment of the Court in Plain English (I): Fundamental Right to Privacy. Supreme Court Observer, n.d. https://www.scobserver.in/reports/k-s-puttaswamy-right-to-privacy-judgment-of-the-court-in-plain-english-i/#:~:text=On%2024th%20August%2C%202017%20a,a%20fundamental%20right%20to%20privacy.

101 What is GDPR, the EU’s new data protection law?, 2018. https://gdpr.eu/what-is-gdpr/ 102 Data Protection Committee Report, Meity, 2017.

https://www.meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf 103 Sattva analysis of tech business policies 104 Digital Personal Data Protection Bill, Public feedback, 2022. https://www.meity.gov.in/writereaddata/files/Notice%20-%20Public%20Consultation%20on%20DPDP%202022_1.pdf

107 Draft Digital Personal Data Protection Bill, 2022. https://prsindia.org/billtrack/draft-the-digital-personal-data-protection-bill-2022 108 Personal Data Protection Bill, 2019. https://prsindia.org/billtrack/the-personal-data-protection-bill-2019

109 India saw 122 mn users of mobile ad blocking software in March 2016: Report. Exchange4Media, 2016. https://www.exchange4media.com/digital-news/india-saw-122-million-users-of-mobile-ad-blocking-software-inmarch-2016report-64815.html

110 Ad Blocker Usage and Demographic Statistics in 2022. BackLinko, 2021. https://backlinko.com/ad-blockers-users#ad-blocking-by-country

112 Inputs to the public consultation on the draft Code on Social Security (Central) Rules, 2020. IT for Change, 2020. https://itforchange.net/sites/default/files/add/Joint-Submission-to-the-Ministry-of-Labour-and-Employment-on-the-Code-on-Social-Security-Central-Rules-2020.pdf

113 App-based cabs announce ‘digital strike’ every Monday, 2022. https://www.thehindu.com/news/cities/Delhi/app-based-cabs-announce-digital-strike-every-monday/article65419554.ece

114 India’s Booming Gig and Platform Economy, NITI Aayog, 2022. https://www.niti.gov.in/sites/default/files/2022-06/25th_June_Final_Report_27062022.pdf

115 Inside the Winter of Discontent for India’s Gig Workers. The Wire, 2021. https://thewire.in/labour/india-gig-workers-protests-pil

116 Adopted from National Conference on Gig Economy: Aligning Consumer Preferences: The Way Forward. Background Note. ASSOCHAM, 2020. https://www.assocham.org/uploads/files/1628143386.pdf

117 Supra Note 93

118 THE CODE ON SOCIAL SECURITY, 2020. The Gazette of India, 2020. https://labour.gov.in/sites/default/files/SS_Code_Gazette.pdf

119 Uber Loses U.K. Court Fight Over London Business Model. Bloomberg, 2021. https://www.bloomberg.com/news/articles/2021-12-06/uber-suffers-another-blow-over-drivers-rights-in-u-k-court#:~:text=The%20 labor%20group%20that%20led,give%20better%20protections%20for%20riders.

120 Social security: SC seeks govt reply on cover for gig workers. Financial Express, 2021. https://www.financialexpress.com/money/social-security-sc-seeks-govt-reply-on-cover-for-gig-workers/2387931/ Endnotes

123 Supra Note 114

124 Harnessing India’s Digital Economy: Private Sector Championing the Cause of Digitalisation. Invest India, 2021. https://www.investindia.gov.in/team-india-blogs/harnessing-indias-digital-economy-private-sector-championing-cause-digitalisation#:~:text=In%202020%2C%20India%20constituted%2014,mature%20economies%20of%20the%20world

125 Supra Note 79

126 A Balancing Act: The Promise and Perils of Big Tech in India. Tandem Research and Omidyar Network India, 2020. https://bigtechinindia.com/#:~:text=They%20have%20achieved%20immense%20scale,often%20 results%20in%20market%20dominance.&text=They%20also%20provide%20essential%20market,a%20digital%20economy%20and%20society

127 The economic impact of Internet in India. The Times of India (2021). https://timesofindia.indiatimes.com/blogs/economic-update/the-economic-impact-of-internet-in-india/

128 Glossary of Statistical Terms. OECD, 2002. https://stats.oecd.org/glossary/detail.asp?ID=3261

129 What is Antitrust? Investopedia, 2021. https://www.investopedia.com/terms/a/antitrust.asp#:~:text=Antitrust%20laws%20are%20regulations%20that,firms%20that%20have%20become%20monopolies.

130 Competition Commission of India fines Google for abusing dominant position, 2018. https://www.cnbc.com/2018/02/09/google-fined-21-million-in-india-for-abusing-dominant-position.html

131 Alleging unfair practices, vendors move CCI against Flipkart. Business Line, 2018. https://www.thehindubusinessline.com/news/alleging-unfair-practices-vendors-move-cci-against-flipkart/article23971837.ece

132 How ONDC seeks to democratize digital commerce. Live Mint, 2021. https://www.livemint.com/industry/retail/how-ondc-seeks-to-democratize-digitalcommerce-11635357057863.html

133 Anti-Competitive Practices by Big Tech Companies, Standing Committee Report Summary, 2022. https://prsindia.org/policy/report-summaries/anti-competitive-practices-by-big-tech-companies#:~:text=The%20 Standing%20Committee%20on%20Finance,’%20on%20December%2022%2C%202022

134 Standing Committee on Finance, 2022-23. https://loksabhadocs.nic.in/lsscommittee/Finance/17_Finance_53.pdf

135 Supra Note 130

136 Sattva analysis of CCI cases and expert interviews

137 Google makes changes to Android and Google Play services in India after CCI setback, 2023. https://www.businessinsider.in/tech/news/google-makes-changes-to-android-and-google-play-services-in-india-after-ccisetback/articleshow/97373147.cms

138 In line with CCI ruling, Google makes changes to Android in India, 2023. https://indianexpress.com/article/technology/google-android-cci-ruling-changes-to-android-play-store-in-india-8404635/

139 ONDC Project, Ministry of Commerce & Industry, PIB, 2022. https://pib.gov.in/Pressreleaseshare.aspx?PRID=1814143

140 Supra Note 92

141 Indian to have around 900 mn internet users by 2025, 2022. https://www.livemint.com/news/india-to-have-around-900-million-internet-users-by-2025-report-11659063114684.html

For more information, scan the QR code below

This report is for informational purposes only and should not be construed as investment or other professional advice. Information has been obtained from sources believed to be reliable but Omidyar Network India does not warrant its completeness or accuracy.