Beyond those high-profile cases, however, a bigger concern is the deteriorating operating environment for general digital businesses in India. Their rapid growth is regularly praised, but the mine fields they navigate on a daily basis do not receive enough attention.
it changed with last week razorpay, an eight-year-old Bengaluru startup that acts as a payment gateway. The firm inadvertently started a storm when it became known that it had been forced to supply customer data in a police investigation against Alt NewsA fact-checking website that harasses Prime Minister Narendra Modi’s Hindu right-wing Bharatiya Janata Party.
on 27th June, Mohammad ZubairOne of the two co-founders of Alt News was arrested for hurting religious sentiments. The original complaint was regarding a tweet in reference to an old Bollywood film, which he had sent more than four years ago. Since then, however, the Delhi Police has widened the charges to include alleged violations of a law that prevents nonprofits from accessing foreign funds without registration. A public prosecutor told the magistrate during the bail hearing of the journalist from the technical expert on July 2 that Alt News had received “money through Razorpay from Pakistan, Syria, Australia, Singapore and UAE, which needs further investigation. Is.” all fees.
Alt News website clearly states that it does not accept foreign payments; Furthermore, Fact Checker’s Razorpay gateway only connects to Indian payment instruments such as bank accounts, digital wallets or credit and debit cards. So the police investigation, at least based on what the prosecutor has disclosed so far, is about the foreign location of the instruments used for the payments – which does not prove the donation was from foreigners themselves. Therefore, users of Razorpay are perfectly correct to ask why the firm so readily policed ​​Alt News donor data, potentially making customers victims of harassment for their political views.
The answer is simple: Razorpay had no choice. The police sought the information by using the broad powers available under Section 91 of the Criminal Procedure Code of India. So while the gateway didn’t provide a data dump of everything on customers – such as payers’ tax identification numbers or their physical addresses – it did not share the phone numbers, IP addresses and payment instruments used for transactions at a given point in time. Had to do. Duration. It is impossible for an arbitrator to decline specific demands without risking his license.
Find stories that interest you
A digital service provider has to face serious consequences for not complying with the Section 91 notice. In a blog post, Delhi-based lawyer Abhinav Sekhri explains how Alibaba Group Holding Ltd’s cloud business in the country landed in serious trouble last year. Alibaba allegedly made less than $2,000 by hosting the fraudulent enterprise’s website. But as he did not adequately respond to the data demand of the police team probing the website, his bank account was frozen. Cloud operations were “almost at a standstill” before Alibaba received interim relief from India’s Supreme Court on the date of the third hearing in November, writes Sekhri. To think that Razorpay itself can issue an expedited court order against the Delhi Police notice is wishful thinking, divorced from the reality of doing business in the country.
For companies like Razorpay, there is only one hope: data security The law, which has already been five years in the making. This can help them build trust if service providers are required to provide color codes indicating whether or not a particular piece of personal data obtained by them will be given to police on demand; or if previously at least a court order would be required. Regulated businesses like finance and banking deserve another layer of protection. In Razorpay nuisance, police section 91 notice ideally should have been sent through Reserve
,
RBI has to be satisfied that the data will not be used for any unrelated purpose such as tax raids on Alt News donors. “The role of civil-society organizations in the development of the country cannot be overemphasized,” says Amit Dutta, a technical privacy lawyer in Delhi. “The tendency of governments to conduct non-targeted surveillance has a chilling effect.”
It’s hard to be optimistic about any of this. No matter how strict an Indian privacy law may be on paper, the state is bound to demand a major exemption for itself on grounds of national security. According to an internet security analyst, such a carving would mean that any firm could theoretically obtain sensitive data on its business rivals by launching a police investigation on the competitor’s customer.
Digital startups in India are asking for nothing more than the freedom to run their operations, protect their proprietary data and maintain their reputation with customers. Founders have an additional concern about personal safety: they must not be arrested for obstructing justice in cases where the information they are being sought is inconsistent with the scope of a state investigation, or for its stated purpose. is irrelevant to.
Big Tech in India sometimes grabs headlines for standing up to state redundancies. However, as the Razorpay episode has underlined, the plight of its smaller firms could be the plight – a major vulnerability to both India’s digital economy and its democracy.