to instantly read 150+ free stories & 250-word summaries of all our stories

The Nutgraf : Surely, comrades, you don’t want the IT Act back?


2019 is nearly over.

As I look back, I realise that it’s mostly been a good year for us at The Ken. Across all fronts. I hope it was the same for you. Write back and tell me the best thing that happened to you this year. I’ll share some of it in this newsletter next week.

Last week, the Indian Parliament was in sharp focus, thanks to the controversial Citizenship Amendment Bill. Lots of debate. Lots of coverage. Lots of analysis.

However, in the midst of this, another bill got less attention – one that has far-reaching implications for all of us.

Let’s dive in.

The Data Protection bill gets personal

Last week, the Government of India finally placed the Personal Data Protection Bill in Parliament.

Then the murmurs began.

Nearly everyone associated with and affected by the bill was upset. Technology companies. Industry bodies. The US India business council. The Standing Committee for Information Technology in Parliament.

Hell, even the guy who wrote the original version of the bill was unhappy.

Just another day in India.

If you haven’t been following this, let me give you a quick recap.

Private goes Public

For a long time, India’s technology, data and rules of access were governed exclusively by two acts, written a century apart—the Telegraph Act 1885, and the Information Technology Act 2000.

Both laws are fairly wide and give the government and its agencies overreaching powers to access personal data, tap phones and surveil India’s citizens.

There have been big changes though. In no small part, thanks to a 92-year-old man named K S Puttaswamy. In 2012, Puttaswamy, a retired judge, filed a petition in the Supreme Court challenging the validity of Aadhaar, India’s national biometric identification program. Aadhaar, he felt, could not be made mandatory for claiming public services since it could be misused and was a violation of privacy.

Finally, in 2017, the Supreme Court ruled that the Right to Privacy was included in the list of fundamental rights guaranteed by the Constitution.

Viewed through the lens of this judgement, a lot of laws started to look shaky. Some were even struck down.

At the same time, the nature of data was getting complicated, and becoming into a resource, to be used, processed and deployed by companies and governments.

So the Indian government said, fine, let’s look at this whole thing afresh.

Around the same time as the judgement, they created a committee led by a gentleman named Justice B N Srikrishna, a former judge of the Supreme Court of India. The committee included experts tasked with the job of creating a data protection framework for the country, and to “identify key data protection issues in India and recommend methods of addressing them.”

They took a year and came out with some recommendations and a draft bill.There were several provisions, but here are the two big ones:

It made user consent a crucial step for data collection.

To collect data, businesses needed to seek consent from users. This consent had to be free, informed, specific and clear. Consent could be withdrawn at any point, and data providers had to delete data on request. All quite nice.

It made data localisation mandatory.

From an earlier story,

The draft bill mandates that any entity collecting and processing data—including Big Tech like Google and Facebook and other such businesses—must store at least one copy of personal data within the country. Additionally, the processing of any sensitive personal information—like biometric data, passwords or health data, for example—can only be done within India’s territorial boundaries.

Some would even call it unreasonable.

It placed restrictions on the state.

On the question of access to data, the draft bill made one important exception, particularly in the matter of the state collecting the data.  Here’s the relevant part.

Processing of personal data in the interests of the security of the State shall not be permitted unless it is authorised pursuant to a law, and is in accordance with the procedure established by such law, made by Parliament and is necessary for, and proportionate to, such interests being achieved.

Processing of personal data in the interests of prevention, detection, investigation and prosecution of any offence or any other contravention of law shall not be permitted unless it is authorised by a law made by Parliament and State Legislature and is necessary for, and proportionate to, such interests being achieved.

If the state wants to access personal data of citizens, go create a law first, said the Srikrishna Committee.

This is pretty strong stuff.

Not everyone agreed. In fact, some felt that the draft bill didn’t go far enough. In a quote to BloombergQuint, Smriti Parsheera, a technology policy consultant at National Institute of Public Finance and Policy, said,

“They’ve also said enforcement agencies need to carry out surveillance in a fair and reasonable manner after permission is sought, the security of the data must be maintained and there should be accountability. This is a step up from what happens currently but it is not enough”

It took a year for the Srikrishna Committee to submit its report. Finally, in July 2018, it submitted its report to the law minister Ravi Shankar Prasad. Several expected the bill to be placed before the Parliament in a few months.

Instead, the Indian government sat on the bill for the next one and a half years.

Public goes Private

It was quite unclear what was going on after the Srikrishna Committee submitted the Bill, but one thing was evident – there was a significant amount of secrecy around it.

  • For a few months, the government invited comments on the draft Bill. It received a ton of suggestions. None of them were made public.
  • It drafted a bill and cleared it in the Cabinet last week. Again, the bill itself was not made public. 
  • Finally, the day before it was tabled before the Parliament, the bill was leaked to the press by a few members of the Parliament.

And we got a chance to see it.

Unsurprisingly, there were changes. Even more unsurprisingly, the changes benefited one party above all – the state itself.

Rohan Venkataramakrishnan summarised it best in his fantastic newsletter, The Daily Fix at Scroll:

Though even last year’s draft gave the government plenty of power to access personal data, it still required any such moves to at least be “necessary and proportionate”, as per the Supreme Court’s understanding of the right to privacy. The bill in Parliament removes that test.

In fact, it even allows the government to demand that companies hand over “non-personal data” to “enable better targeting of delivery of services or formulation of evidence-based policies by the Central Government”, essentially treating data as a resource that the government has free access to.

And the members of the Data Protection Authority, which will oversee the regulation of data practices, will now only be appointed by the executive, rather than a committee including the judiciary and independent experts.

That’s bad enough.

But then it gets worse.

The new bill also gives the government the power to exempt any government agency from all or any provisions of the Act if it believes that such exemptions fall under grounds like “in the interest of sovereignty and integrity of India”

So the Indian government is essentially saying – if we decide that this law doesn’t apply to us, it doesn’t. Oh also, gimme all your non-personal data.

Also, remember that entire data localisation stuff? Those gave some concessions. Now data under some categories need not be stored exclusively in India and can be processed abroad.

Finally, just to hammer home the point, they ensured that the bill skipped the Standing Committee for Information Technology in Parliament and handed it over to a separate Joint Committee instead. In what I am sure is a complete coincidence, the Standing Committee is chaired by Shashi Tharoor, a leader of the Opposition Party.

I could write more about the irony of shepherding a data protection and privacy law with skullduggery, misuse and abuse of procedures, but I’ll let Justice Srikrishna, the original writer of the bill share his thoughts.

This is what he said yesterday in an interview about the new bill.

“The Select Committee has the right to change this. If they call me, I will tell them this is nonsense. I believe there should be judicial oversight on government access,” said Justice Srikrishna.

Later, he added,

“It will weaken the bill and turn India into an Orwellian State.”

The bill is expected to come for a vote in the Parliament by February next year.

Airtel’s duopoly premium

Vodafone-Idea, India’s 3rd private telecom operator, would have been an ideal merger target for Bharti Airtel, its 2nd operator.

Because Vodafone-Idea has a lot of “postpaid” subscribers, i.e. those who pay their bills each month instead of adding money to their accounts ahead of usage, aka “prepaid.” Surajeet Das Gupta in the Business Standard writes,

“Vodafone Idea has over 311 million customers, of whom 7.3 per cent are postpaid subscribers — the biggest such share among telecom companies. These customers, according to analysts, account for 20 per cent of its revenues.

In contrast, Airtel has 5.6 per cent of its customers on postpaid; it has put together a strategy to become the largest player in this segment.”

Also, because Vodafone-Idea still has a lot of 2G users.

“Second, the bulk of Vodafone Idea customers use 2G phones and only a few of them use data. Based on the latest figures, the company has around 200 million 2G customers, of whom only 38 million use data.

Analysts say it will be easier for Airtel to woo these customers as they can shift seamlessly to its 2G network without changing handsets or even SIM cards (they can port out).”

Unfortunately, Indian telecom regulations do not allow such a merger, as it will create too dominant a player. And possibly lead to a monopolistic situation.

Then came along India’s Supreme Court, imposing a ginormous multi-billion-dollar backdated license fee on all telecom players. Vodafone-Idea’s share alone was over $6 billion. In three months.

Kumar Mangalam Birla, chairman of Aditya Birla Group which co-owns Vodafone-Idea was categorical this week.

“But, at the same time, if you ask me specifically, it is true we will shut shop if we don’t get relief. Because there is no company in the world that can pay that kind of fine in three months; it just doesn’t work like that,” Birla told the Hindustan Times Leadership Summit.

If Vodafone-Idea “shuts shop”, the biggest gainer will be…Bharti Airtel.

Somewhere, investors seem to have already factored that in.

“The end of the telecom tariff war after five years has catapulted the Bharti Airtel stock to among the world’s best performing telecom stocks. With 55.8 per cent returns since the beginning of the year, it has become the third-best performer among the stocks of service providers and equipment makers, show data from Bloomberg.”

P.S. I suppose it would not be surprising if we see some regulation soon from the telecom regulator that dictates how Vodafone-Idea’s subscribers would need to be distributed among the remaining players.

Not so good on the other foot

The SoftBank of 2017 was the apex investor of the venture capital ecosystem. Rival venture capitalists feared its $100-billion war chest and virtually limitless cheque books. Even entrepreneurs running the world’s largest and most successful startups feared it.

“Early last year, Cheng Wei, founder and chief executive of the Chinese ride-hailing juggernaut Didi Chuxing, tried to resist taking money from legendary investor Masayoshi Son. Cheng told the SoftBank Group chief he didn’t need the cash because his company had already raised $10 billion, according to people familiar with the matter. Fine, Son said, then suggested he might direct his support to one of Didi’s rivals. Cheng relented and took the investment: $5 billion in the largest fundraising round ever for a tech startup.

Son pulled a similar maneuver in November, publicly warning Uber Technologies that if he didn’t get the deal he wanted, his backing would go to archrival Lyft. Uber also took the money in a $9 billion investment unveiled last week.”

Such a nice business. A pity if all our money were to land in your archrival’s hands. Not so good for you.

“Anthony Tan, who co-founded the Grab taxi-hailing service, recalls first meeting Son a few years ago when the Japanese billionaire was considering investing in his startup. As the two chatted, Son mentioned his early support for Ma, then an unknown school teacher who is now the richest man in China. “Years ago, Jack Ma sat there,” Tan recalls Son telling him. “Anthony-san, you take my money. It’s good for you. It’s good for me. If you don’t take my money, not so good for you.

Like so many others before and since, Tan took Son’s money.”

How quickly the world has turned, because the SoftBank of 2019 has its back to the wall. Its WeWork debacle—investing $14 billion into a company that finally ended up being worth $8 billion—has replaced all its mystique with desolation. Each week seems to reveal yet another valuation loss.

On Monday, The Wall Street Journal reported that it was selling its $300-million stake in dog-walking startup (yes, d-o-g w-a-l-k-i-n-g) Wag back to the company, at a valuation “well below” the $650 million valuation it had invested into in 2018.

On Friday, another SoftBank investee company, OneConnect, a cloud-based fintech software company listed on the New York Exchange at a valuation of $3.7 billion. OneConnect’s valuation last year when it raised $750 million from SoftBank and others was $7.5 billion.

And investors are punishing SoftBank’s stock with a vengeance. They’ve turned so bearish on SoftBank since August that they now value a company that has a stake worth $128 billion in China’s Alibaba at a mere $82 billion. That would be like walking into a bank with $1000 in your pocket and your banker telling you that you were only worth $750.

An analyst from investment banking company Jefferies Group called this a “decoupling” of SoftBank and Alibaba.

SoftBank is thus considering selling the equivalent of its family silver—Alibaba shares.

But as investment after investment sours for SoftBank (to be sure, it still also has numerous investments which have appreciated in valuation), the unanswered questions are piling up.

What went wrong? Was its investing philosophy all wrong? Was its execution? Were its people not savvy enough? Or did it lack adequate governance and controls? Was a $100-billion fund being run purely on Masayoshi Son’s gut?

Without firm answers for these questions and a different strategy for the future, investors will continue to view SoftBank’s words with suspicion.

But it’s possible investors of a different kind might be viewing SoftBank with interest – activist hedge funds.

“Masayoshi Son’s SoftBank Group is worth significantly less than the sum of its parts. For an activist investor with plenty of cash and the stomach for a fight, it could be the trade of a lifetime.

Son’s $82 billion tech-to-telecom conglomerate ticks the boxes for pushy shareholders like Dan Loeb’s Third Point Management or Paul Singer’s Elliott Management. There’s poor governance: Son is both chief executive and chairman and makes investments in cash-burning companies like WeWork partly based on his ability to “feel the force”. Performance is weak too. SoftBank shares have returned minus 15% over the past six months, including dividends.”

The hunter is starting to look like the prey.

Chris Lane, an analyst at research firm Sanford C. Bernstein, though believes that SoftBank could still have the “last laugh”.

“Despite the huge embarrassment WeWork has been for SoftBank this year, we suspect SoftBank will have the last laugh when they bring the company back to market in a few years — bigger and profitable.”

Lane is at least being consistent. Because, in 2017, he had called SoftBank a “tech-focused Berkshire Hathaway

“So why don’t we hear about the sage of Tosu (Son’s hometown in Saga Prefecture) or Tokyo (where he lives)? Whereas investors trust [Warren] Buffett’s instincts and understand his value investing approach, they fear Masa’s big bets on the future.”

That’s about it from me. All credit to Rohin for the Airtel and the Softbank sections.