## Monday, March 19, 2018

### Estimating the impact of the draft drone regulations

by Devendra Damle and Shubho Roy.

The Directorate General of Civil Aviation (DGCA) recently released draft guidelines for regulating civilian drones, for public comments. Clause 12.21.e) of the guidelines establishes a no-fly zone in all areas within 50 km of India's land border. In this article we try to estimate the footprint of this clause on the economic activity in these areas and on the residents.

The draft guidelines lay out the legal requirements for drone operations in India. They include provisions to classify, license, set safety requirements, and operational parameters for drones including drone pilot licensing. One of the provisions: Clause 12.21.e) of the guidelines states:

12.21 No RPA shall be flown:
...
e) Within 50 km from international border which includes Line of Control (LoC), Line of Actual Control (LAC) and Actual Ground Position Line (AGPL);

[The draft guidelines refer to drones as Remotely Piloted Aircraft'' (RPA).]

The drone guidelines are a type of delegated-legislation (regulations are another). The legislature of a modern economy is usually neither equipped, nor has the time to legislate all details of a law. Therefore, the legislature usually creates the broad legal framework, and the authority to fill in the details is delegated to the executive or statutory bodies (like regulators). Since government agencies, unlike legislators, are not elected representatives of the people. Therefore, the regulations/guidelines made by such agencies are not strictly democratic.

To address this democratic deficit, legislatures place certain requirements on government agencies making regulations. Two common requirements are to (i) invite public comments on draft regulations, and (ii) conduct a Cost-Benefit Analysis (CBA). The agency is required to estimate the costs of complying with the regulations, and the benefits arising out of the regulations. Neither inviting public comments nor conducting CBAs is a universal requirement in India. The DGCA, should be commended for inviting public comments on the draft regulations. It has, however, not conducted a CBA of the regulations.

A CBA can sharpen the decision making of a government agency. Even before public consultation is done, a CBA provides the government agency an idea of potential costs and benefits. Consider the way the New Zealand government did a CBA for a proposed regulation on drones. It gave five options for regulation (including ban) and analysed the impact of each one of them. The impact of each option was then measured against the stated objective of the regulation. Another example is the US Federal Aviation Authority's (FAA) proposed regulation on training and licensing of drones. Even on this narrow point the FAA carried out a detailed analysis of the total costs and benefits to society. On the side of costs, the FAA estimates that each pilot will have to spend USD 150 to be trained. This training is expected to result in social benefits of USD 733 million (pessimistic estimate) to USD 9 billion (optimistic estimate) over five years. The FAA provides detailed information about assumptions and methodology for interested parties to do their own calculations.

In this article we try to analyse the impact of one provision of the regulations: the no-fly zone. Such analyses can be used in a CBA of drone regulations.

### Impact of the no-fly zone

It is difficult to predict the impact of any new technology. Before the Internet, mobile phones or GPS became ubiquitous it would have been impossible to predict all the innovative ways they would change human life. Similarly, drones are a disruptive innovation that may have a profound impact on us. To estimate the impact of 12.21.e), we examine three sectors in which drones are already changing established processes or hold great promise to do so: (1) general services to the population, (2) agriculture, and (3) infrastructure monitoring.

General services to the population: Drones will change the way goods and services are delivered to the masses. They might be especially effective in border areas which typically suffer from low connectivity. For example, Zipline, a private company that uses drones to deliver blood to hospitals in the mountainous region of Rwanda, has cut down the delivery-time from 4 hours to 45 minutes. Facebook plans to use drones to provide internet connectivity in remote areas. In urban areas, drones can be used for governance. In Gurgaon, for example, drones are being used to conduct land-use surveys, for assessing property tax, checking encroachments, and urban planning. In the private sector, drone have multiple applications which go beyond the obvious courier and delivery services. For example, private construction companies can use them to monitor construction and maintain a safe working environment. Drone photography and videography are a new source of economic activity, which will be denied to people living in border areas.

Agriculture: Many Indians still derive their income from agriculture and drone technology is already changing agriculture in India. In Karnataka and Haryana, drones are going to be deployed for spraying pesticides on crops. Drones can identify plant disease before any visible signs show and alert farmers or spray crops with appropriate pesticides. In Gujarat, Maharashtra, Rajasthan and Madhya Pradesh insurance companies are using drones for quick assessment of crop damage for crop-insurance payouts.

Infrastructure: Drones can be used for inspection and monitoring of infrastructure projects. The Prime Minister, Narendra Modi, recently suggested using drones to monitor rural road construction projects and to keep illegal mining in check. Power companies are using drones to monitor power lines in remote and inaccessible areas. Similarly, the Gas Authority of India Ltd. is using drones to inspect sections of gas pipelines that pass through difficult terrain. The no-fly zone effectively bans this kind of drone usage in the border districts, many of which have difficult terrain.

### Methodology

Our approach to measuring the impact was mapping the 50 km no-fly zone using geo-spatial analysis, and then, estimating how many people, how many urban areas, and how much land, agricultural area and infrastructure are situated in the zone.

Estimation scheme:

As sub-district level geo-spatial data for administrative borders are not available, we estimate at the district-level for population, agricultural workers, agricultural area, and operational land holdings in the no-fly zone. To account for the lack of sub-district level data we make three estimates: pessimistic, realistic and optimistic. To make our estimates—

1. We split the districts into three categories, based on the percentage area of the district covered by the no-fly zone as: X, Y & Z. Category X districts are those where the no-fly zone covers less than 50% of the land area. For Category Y districts, the coverage is between 50–90%. Category Z are districts where the coverage is more than 90%.
2. For the pessimistic estimates, we assume that the percentage of the population, agricultural workers, agricultural area, and operational land holdings falling in the no-fly zone are the same as the percentage of the district's land area covered by it. For example, if the no-fly zone covers 40% of a district's land area, then we assume that 40% of its total population, agricultural area, and operational land holdings lie in the no-fly zone.
3. For the realistic estimates, we halve the pessimistic estimates for all Category X districts. For Category Y and Z districts we take the same values as the pessimistic estimate.
4. For the optimistic scenario, we use a scheme similar to the realistic estimate, but we halve the pessimistic estimates for Category X and Category Y districts. For Category Z districts we use the same value as the pessimistic estimates.

Data Sources:

For the analysis we used the following openly-accessible data:

The number of districts has increased since 2011, from 640 to the current number of 707. We have considered the population, number of districts, and district boundaries as given in the 2011 Census.

Plotting the no-fly zone

• We made a base-map using state and district borders from Datameet;
• We then added the LoC and LAC, downloaded from the ESRI database and AGPL from Open Street Maps;
• To demarcate all areas in India within 50 km from the land border (and from the LoC, LAC and AGPL in Jammu and Kashmir), we plotted a 50 km inward buffer. This represents the no-fly zone.

Calculating the impact

• We calculated the area of overlap between the no-fly zone and each district, to calculate what percentage of the district's land area is inside the no-fly zone.
• To estimate the population, number of farmers, agricultural area, and operational land holdings in the no-fly zone, we multiplied the respective totals for the district by the percentage of the district's land area lying within the no-fly zone, along with the applicable discounts.
• We used the previously plotted no-fly zone as a filter, to extract urban areas (cities and towns), canals, roads, railway stations and bridges falling in the no-fly zone from the Open Street Maps data dump for all of India (downloaded on 17/12/2017). The operation is analogous to using a cookie-cutter to cut out a shape from a flat piece of dough.

### Results

Here is the data (geo-spatial and tables) to reproduce the results.

The following figure shows the total area of India covered under the 50km no-fly zone.

More than a quarter of India's districts (168 out of 640) across 18 states fall at least partially within the 50 km no-fly zone. In more than 10% of India's districts (65 out of 640) the no-fly zone covers more than 90% of their land area. Of these, 39 districts fall completely inside the no-fly zone. Table 1 shows the population, number of farmers, land area, and agricultural land covered by the no-fly zone.

Table.1: Summary of area covered by the 50 km no-fly zone
Indicator Pessimistic
estimate
Realistic
estimate
Optimistic
estimate
Total % of
India
Total % of
India
Total % of
India
No. of Districts 168 26.21 - - - -
Land Area* 420.88 12.80 - - - -
Agricultural
Area*
122.56 8.89 106.85 7.75 88.98 6.45
Population^ 141.27 10.67 129.22 9.76 115.82 8.75
Cultivators^ 10.95 8.60 9.92 7.79 8.44 6.63
Agricultural Labourers^ 14.25 9.88 13.06 9.05 11.44 7.93
Operational
Land Holdings^
13.35 9.65 12.29 8.88 10.64 7.69
* in '000 sq.km.
^ in millions

As Table 1 shows, 8–10% of the total population of India will be affected by the no-fly zone. It will impact between 6–9% of all the farmers in India. The total affected population in the pessimistic scenario (141.27 million), is greater than the total population of the 75 largest cities in India put together (140.33 million).

Jammu & Kashmir (20 out of 23), and Assam (20 out of 27) have the highest number of affected districts followed by Uttar Pradesh (15 out of 71) and Bihar (14 out of 38). In terms of percentage of total number of districts affected, Mizoram, Sikkim, Tripura are at the top, at 100%. This means that every single district in these states is at least partially by the no-fly zone. These three states are followed by Jammu & Kashmir (91%), Manipur (89%), and Meghalaya (86%).

In terms of percentage of total land area covered, the ban disproportionately affects the northeastern states. Sikkim and Tripura are entirely covered by the no-fly zone. The no-fly zone covers 86% of the land area in Mizoram, more than 60% in Manipur, Arunachal Pradesh and Meghalaya, and more than 50% in Nagaland. These are all small states, which one would expect to have high coverage, but some of the larger states are also heavily affected. The no-fly zone covers nearly 44% of the total area of West Bengal, nearly 39% of Bihar, and nearly 33% of Punjab.

While a large chunk of the population affected by the no-fly zone will be from rural areas and small towns, some large cities will be affected as well. Table 2 gives an overview of the infrastructure and urban areas located inside the 50 km no-fly zone.

Table.2: Urban areas and infrastructure inside the 50 km zone no-fly zone
Item Quantity
State Capitals 4
Agartala, Gangtok, Shillong, Srinagar
Cities (other than state capitals) 9
Towns 325
Canals 3127 km
Railway stations 550
Bridges 3349

As Table 2 shows, a total of 13 cities fall in the no-fly zone. Of these, four are state capitals. Amritsar and Jammu are among the other major cities that fall inside the no-fly zone. A significant amount of infrastructure also lies in it.

With such large areas affected by the proposed ban, it becomes necessary to ponder the costs and benefits of such a blanket ban.

### Drawbacks of blanket bans

These draft regulations will exclude a substantial part of India's population from the benefits of drone technology. An example of a similar blanket ban, based solely on geography, is the Ministry of Defence's map restriction policy of 1967 (revised in 2017). It restricts the sale of high-resolution topographical maps of all border areas to civilians. The restricted zone covers all areas within approximately 80 km of the border, which is nearly 40% of India's total land area. This ban, like the drone ban, was also enacted due to national security considerations. However, with the advent of satellite imaging technology, the same maps are easily available from international vendors. This means the ban is not only redundant, but has also resulted in lost revenue for the Government of India. It also means that foreign nationals have easier access to high-resolution topographical maps of restricted areas in India than agricultural cooperatives, gram panchayats, municipal bodies, companies and Indian citizens residing in these areas.

For the government, a blanket ban seems attractive because it (apparently) requires the least amount of state capacity to enforce. In the case of the no-fly zone, all the government has to do is penalise any person flying drones in the no-fly zone. It does not have to determine whether the drone use was legitimate or not. The government also does not have to invest in setting up offices and systems to license and monitor use. However, blanket bans are also the most expensive form of regulatory intervention. They do not distinguish between legitimate and illegitimate activity, and treat both the same way. In doing so blanket bans impose huge costs on those they regulate.

India's economic history is peppered with instances where blanket bans were imposed, only to later realise they were hampering economic development. Banning entry of foreign investors, financial derivatives, and private participation in banking and insurance are a few notable examples. Thankfully, the country has begun to undo them gradually, but the damage has already been done.

In some cases, India has not taken the ban approach. India did not ban mobile phones and internet near the border. Instead, in many border areas, the government has worked harder to provide last-mile internet and mobile connectivity. While mobile phones and internet also pose national security concerns, the country did not choose to go down the banning route for them.

Similarly, for drones, we might need a more nuanced approach to regulation that tries to balance national security with the legitimate needs of residents in the no-fly zone. For example, even today, farmers in Punjab are allowed to grow crops in no-mans-land, beyond the border fence with Pakistan. The security concerns there are addressed by security checks rather than a complete ban on farming. Farmers in 10 districts of Punjab (situated well away from the same border) will be unable to use drones for agriculture. In Punjab, a state which already suffers from overuse of pesticides, drones can decrease their use by only spraying affected crops. The security concerns, like in the case of farming in no-mans land, can be met with monitored use.

The blanket ban also ignores India's border policy. 33 districts (in Uttarakhand, U.P, Bihar and Sikkim), which lie in the no-fly zone, are on or near the border with Nepal (but not China). Similarly, 12 districts in Assam which are in the no-fly zone are on or near the border with Bhutan (but not China or Bangladesh). India has good relations and an open border policy with both these are nations. Using the same standard (i.e. blanket ban) as the one used for districts on "sensitive borders" is a disproportionate response. It demonstrates a lack of risk-based regulatory approach.

The ban, as it stands is inequitable. It disproportionately affects states sharing a land border with other countries, especially the north-eastern states. If drone technology starts impacting quality of life, persons in the no-fly zone may be deprived of economic opportunities. Such a deprivation is worse when it is done through regulation. Since a regulation is issued by an un-elected government agency; it denies Indians in the no-fly zone their right to participate in the legislative process.

### Conclusion

India needs a regulatory framework for drones. The advent of any new, disruptive technology creates tension between the freedom of people (to use to it, to improve their lives) and national-security concerns. Building state capacity is hard, and building it close to borders is harder. However, bans cannot be a substitute for it. In the case of civilian drones in border areas, closer monitoring, cooperation with border forces, involvement of local authorities, and higher security clearances are some alternative approaches that could better balance the tension. Our drone regulations need to create this balance.

### References

Cost of compliance for clinical establishments, by Manya Nayar and Shubho Roy, Ajay Shah's Blog (September 2017)

India needs drones by Shefali Malhotra and Shubho Roy, Ajay Shah's Blog (June 2016).

A cost-benefit analysis of Aadhaar, National Institute of Public Finance and Policy (November 2012).

The authors are researchers at the National Institute of Public Finance and Policy, New Delhi. We thank Shekhar Harikumar for valuable inputs.

## Sunday, March 18, 2018

### Experimentation that fosters fintech innovation in India

by Renuka Sane and Ajay Shah.

### The problem

Fintech innovation in India has been hampered by financial regulation. Three examples are instructive: the Uber cashless transaction, regulation for pre-paid instruments (PPIs), and the more recent P2P regulations. In each of these situations, regulators (who have the power to write regulations) looked at an incipient industry and chose to write regulations that placed important restrictions upon innovators. The notion that fintech companies are a few new categories of NBFCs', which has been accepted by regulators in India, contains many difficulties.

### Experimentation in public policy

Controlled experimentation can be a valuable tool to support the objectives of public policy or a tool for rational thinking to help formulate public policy. Here are a few examples:

• In many countries, there are geographical regions that are demarcated for drone experimentation. Anyone (even a foreigner) is allowed to go into certain regions in the US, and fly an unregulated drone. These are empty lands where the damage that a drone can do is near zero. There is no connection with the government, or the public policy process, in the activities that take place in this sandbox. All that is done is to give a place for people to fly drones that are otherwise prohibited. This fosters experimentation and (ultimately) the knowledge that will shape regulations in the future.
• Exchanges have a framework where algorithms can be put into fake market settings, in order to help developers test new algorithmic trading software. As with the drones example, there is no connection at all with the rule-making functions of the regulator or the exchange. All that is done is to provide a safe space where software can be tested, and mistakes made, without repercussions either for the experimenter or the overall market. Exchanges in India have been pioneers in this regard on a global scale, and it was a successful innovation.
• There is a sense in which China has used SEZs as a sandbox, to experiment with new concepts in policy. The influence of this sandbox is, however, only intellectual. The policy community sees what worked and what did not work. There is no systematic channel through which policy innovations migrate from the sandbox to the mainland, other than intellectual influence.
• Financial regulators worldwide have been doing experiments with policy initiatives that are put into motion in small pilots. As an example, the US SEC has begun an experiment on tick size for small stocks. The policy initiative is being rolled out for a few firms, and then evidence will be obtained on the impact of the policy change. This is much better than rolling out a policy change for the entire country.

In this article, we think about how mechanisms for experimentation can be developed in India to support fintech innovation.

### A Technology Demonstrator Environment

Can we transplant the drone experimentation or algorithm experimentation into the fintech context? In the drone case, there is some empty land where a misbehaving drone can do little damage. Could we this in finance?

A Technology Demonstrator Environment could be a community (e.g. a university campus) which is designated as a place where innovative firms can experiment with products and processes that are in violation of existing financial law and regulation. The founding premise would be that when a red alert sign is shown to the users at a university campus, they know that they are on their own, and after that are smart enough to fend for themselves.

While this seems to be a plausible idea, it is more complicated than meets the eye.

In this territory, firms would be able to launch products and services that violate financial law but not other laws. There are numerous requirements in the Indian Penal Code, and in local law such as the Maharashtra Money-lending (Regulation) Act and the Maharashtra Protection of Interests of Depositors (in Financial Establishments) Act, that impinge upon fintech firms. Once India has a data protection law, that would constrain firms on questions of privacy. These firms would still need to carefully navigate this legal landscape.

A mechanism would be needed to ensure that persons outside the community do not come in as customers. Participants would need to be given clear disclosure about the risks that they are accepting. Firms would need to impose no risks upon these persons other than the risks that have been willingly accepted.

This will require an institutional structure that will work with technology companies and the end-customers. It is not as simple as drone experimentation where some blank space is opened up for experimentation with unregulated drones. This institutional structure would, however, have no direct link to the regulation-making process at financial regulators, that would pave the way for rollout of products in the mainland.

Such experimentation can help firms refine products and processes. The construction of living working product samples would foster knowledge in the Indian policy community.

### The proposed Fintech Regulatory Sandbox

Many feel that the path to a more supportive regulatory environment lies through building a Fintech Regulatory Sandbox' [example]. The RBI Household Finance Committee Report, 2017 proposed the creation of a sandbox:

Such an institution can provide a structured avenue for regulators to engage with the financial supply side, develop innovation enabling regulations, and holds promise to facilitate the delivery of relevant, customised, and low-cost financial products to Indian households.

How can this be done?

### The concept of the Fintech Regulatory Sandbox

The concept of a regulatory sandbox - a testing ground for new business models - has caught the attention of regulators around the world. Regulators in almost 20 countries are working towards setting up such sandboxes in their jurisdictions. The English word sandbox' is familiar to all, so it helps to make precise what we mean by a regulatory sandbox for fintech innovators.

The Fintech Regulatory Sandbox is similar to the long-established processes that are used in clinical trials and the drug approval process in the pharmaceutical industry. The kind of risks that are intended to be addressed are identified (safety in first stage, efficacy next, and so on). While the onus of clearing these hurdles lies on the innovator, regulators sit with the innovators to provide inputs into the trial design (size of trial, control set requirements, etc). These inputs serve as a baseline for decisioning. In this environment, the entrepreneur has a relatively clearer sight of what risks need to be mitigated to get to her desired outcome.

Turning to finance, according to a report by the UK Financial Conduct Authority (FCA), regulatory uncertainty is a hurdle to innovation. When investors in projects with new ideas are not able to assess risks, valuations become lower, and sometimes innovations get abandoned at an early stage. A regulatory sandbox allows the regulator to work with innovators to ensure that appropriate consumer protection safeguards are built in to their new products and services. The sandbox would enable FCA and innovators to work together to reduce some of this uncertainty.

The traditional regulation-making process works as follows:

Two kinds of impulses come into the traditional regulation-making process: the broad development of knowledge, or a specific request from an innovative firm. The Fintech Regulatory Sandbox is a formal institutional arrangement that is added, upstream of the regulation-making process:

This gives a third pathway into the regulation-making process, the regulatory sandbox. It is important to see that the sandbox sits upstream of the regulation-making process. The outcomes obtained from the sandbox are handled by the regulation-making process, and are thus dependent upon the sound functioning of the regulation-making process. In countries like the UK, the foundations of the regulation-making process have been in place for decades. Hence, when the sandbox was discussed and built in the UK, there was no discussion about the regulation-making process which was a solved problem.

Firms apply to enter the sandbox, and if selected, may be provided with tools that include (i) restricted authorisation (ii) rule waivers (iii) individual guidance (iv) no enforcement action letters to conduct the tests. When doing the tests, the UK FCA works with firms to mitigate potential harm during and after testing - this could be in the form of extra capital requirements, and reviews of the product/advice by other qualified advisors.

What kinds of projects go into a sandbox? Simple fintech ideas, like Uber's cashless payment, or basic P2P systems, obtain regulatory approval directly, through the normal regulatory process, as there is not much complexity there. Most firms approved for the sandbox by the FCA were applying new technological tools to rethink traditional products or services. These included Distributed Ledger Technology (DLT), use of online platforms, APIs and biometrics, and robo-advice for distribution of products.

Projects that entered the UK sandbox had a high chance of obtaining the desired full product launch. According to the FCA status report, about 90% of firms that completed testing in the first cohort are continuing toward a wider market launch following their test. For the majority of firms, the restricted authorisation was turned into a full authorisation following completion of their tests. This has also helped innovators raise finance.

This high probability of successful exit is important in shaping the incentives of firms. The entrepreneur is expected to put down capital to build a product and run it in the sandbox for (say) six months. After this, she expects that the evidence that has been created will be rationally utilised by a regulator, i.e. in a well structured regulation-making process, to evaluate the modifications to regulations that will be required. If such an expectation is not, in fact, present at the outset, firms have little incentive to put resources into experimentation in the sandbox.

The appeal of the sandbox lies in the belief that it allows for testing of subtle implications of new technologies on consumer protection or systemic risk issues. This requires the ability to extrapolate the results of the sandbox experiment to the larger question of risk to consumers in a full scale deployment. It also requires an openness to acknowledge that existing regulations may be unreasonably restrictive given the change in technology, and a responsiveness to changing the regulations when experiments suggest the same.

### Envisioning the Fintech Regulatory Sandbox in India

The first port of call is reforms of the regulation-making process. No matter how well the sandbox works, its results go into the regulation-making process. At present, financial regulators in India, when presented with questions about how regulations should be written, tend to come up with a conservative answer: one that involves creating entry barriers, hampering innovation, micro managing operations, or banning processes or entities from operation, often without an explanation. Regulators rarely do a cost-benefit analysis, or engage in a serious public comments process. There are poor checks and balances surrounding the regulation-making process. This yields low quality regulations. These deficiencies would hamper the extent to which the sandbox would yield useful outcomes.

Hence, process reform in regulation-making at financial regulators in India is required. The regulation-making process needs to be put on a sound institutional foundation with clear identification of areas of regulatory concern, cost-benefit analysis, request for comments from the public, responses to ideas from the public, all under the oversight of the board. This would address a large number of elementary fintech problems, such as the Uber cashless payment, a large number of P2P startups, etc.

After this, we can build the Fintech Regulatory Sandbox. This requires an institutional arrangement with the following elements:

1. Screening applications.
2. Articulating the regulatory concerns associated with a given project.
3. Designing the minimal guard rails that are required for a test rollout.
4. Designing a fair set of tests that will answer the concerns. Ideally determining, up front, the thresholds in the test data that will guarantee approval.
5. Rolling out the innovation in a controlled way (e.g. capped at 50,000 users), and auditing the captured data.
6. Extrapolating from the sandbox to real world deployment.
7. Producing sound documentation packets associated with each experiment.
8. Doing all this in a way that conforms with the rule of law.
9. Feeding the result of each sandbox experiment into the regulation-making process.

### Conclusion

The fintech revolution offers important gains for India. At present, fintech innovation faces regulatory constraints. There is value in obtaining an environment where more experiments take place, which permit firms to innovate and that bring knowledge into the policy process. This can be done using a lightweight Technology Demonstrator Environment, reforms of the regulation-making process and then the establishment of a Fintech Regulatory Sandbox.

Renuka Sane and Ajay Shah are researchers at the National Institute of Public Finance and Policy. We thank Smriti Parsheera, Suyash Rai, Susan Thomas, Ashish Aggarwal, Anjali Sharma, Bhargavi Zaveri, Vimal Balasubramaniam, Sharad Sharma, Lalitesh Katragadda, and Alok Mittal for useful discussions.

## Tuesday, March 13, 2018

### Analysing The Odisha Land Rights to Slum Dwellers Act, 2017

by Jai Vipra.

Slum rehabilitation in India is plagued with issues of dispossession, illegal subletting, corruption and exclusion. In a previous post, I had described the concept of 'working titles', or titles to slum land that provided some, but not all, property rights to slum dwellers, usually tied to provision of municipal services, infrastructure, housing upgradation or credit. Such working titles could avoid the political economy and institutional problems encountered in slum rehabilitation policies in India.

In a welcome move, a working title was created in Odisha, a state where roughly 23% of the urban population (5,00,000 households) lives in slums. The Odisha Land Rights to Slum Dwellers Act was passed in September 2017. The Act has two interlinked objectives: one, to provide tenure security to slum dwellers against the constant threat of eviction or demolition, and two, to create a legal base for improving the liveability of slum dwellings. The Act provides for in-situ rehabilitation in general, and offsite rehabilitation in case of land important for the public interest, land unfit for human habitation, ecologically sensitive land, or heritage land.

The Act creates a working title through the instrument of a Certificate of Land Right, which grants the right to occupy a particular piece of land. This right is heritable but not transferable - the right holder cannot sell, lease or gift it to someone else. It is, however, mortgageable for housing finance, and can be transferred to the relevant financial institution in case of default.

The Act prevents transfer or ownership of more than one such certificate by one person. In the event of a transfer, it is declared null and void, no compensation is paid to the transferee, and the transferer can be fined up to Rs. 20,000 or subjected to one year imprisonment, or both.

### Issues

(1) The Act seems to define slums only to include slums on state government land, which would make the provisioning of land rights practical. However, the drafting on this is unclear and the Act could benefit from a rewording of the following provision:

2 (r) slum or slum area means a compact settlement of at least twenty households with a collection of poorly built tenements, mostly of temporary nature, crowded together usually with inadequate sanitary nd drinking water facilities in unhygienic conditions, which may be on the State Government land in an urban area.

If the Act does not intend to exclude privately owned land, it ought to contain provisions to compensate the current legal owners of such land while granting property rights to slum dwellers.

(2) There is a trade-off that the Act implicitly identifies between providing transferability and protecting slum dwellers from dispossession. The procedure for surrendering a certificate in case a family wants to move to another dwelling outside the slum is not outlined in either the Act or its corresponding Rules. Only the procedure for surrendering a title in case a household owns more than one Certificate of Land Right is outlined. The rationale appears to be that if an option to surrender the rights were to be available, it would create incentives to force slum dwellers to surrender those rights, particularly as the government owns land left over after survey and settlement. While the choice made is fair, it is helpful to underline its consequences - families do not have a way of moving out of the settlement legally and easily.

(3) The Act sets up an Urban Area Slum Redevelopment and
Rehabilitation Committee under the Collector to survey the land, approve a list of residents, and provide certificates. It also creates an Appellate Authority to whom appeals against the decisions of the Committee can be made. Neither the Act nor the Rules prescribe any criteria or manner of selection for this appellate authority, short of stating that the State Government will appoint him or her.

(4) While the pilot in Ganjam focused on community participation, the Act and Rules do not emphasise it as much. The Rules state that the Chairperson of the Committee must serve a notice to slum dwellers to 'appear before him' to point out boundaries, and that even if people do not turn up, they will be bound by the results of the survey. This provision, while in consonance with the Orissa Survey and Settlement Rules, 1962, might be inadequate given the supreme importance of community participation that emerges from examples of working titles from other countries.

The above-mentioned Committee, after the survey process, approves a list of households to whom land rights will be accorded. Land rights are only to be given to landless persons, defined as persons who do not own land and whose families do not own land in that urban area. This provision can possibly be exploited by both slum dwellers and authorities, as it is a difficult claim to prove. Thus community participation at the survey stage becomes doubly important: to control both exclusion and inclusion errors.

Further, communication about what the title means is vital. People can experience decreased tenure security if the nature of the title is not conveyed well. Particularly as this Act requires slum dwellers who are not from economically weaker sections to pay a certain amount for land, there is a risk of long-term slum residents perceiving it as a threat to ownership rights rather than a strengthening of land tenure. The fact that the money collected is credited to a fund only to be used for slum improvement needs to be made clear to the community.

A government media briefing talks about the creation of Slum Dwellers' Associations, but this is not institutionalised policy. In general, whether it is through the Act, the Rules or government record-keeping and institutional learning, the role of community participation needs to be emphasised more.

The government is now looking to implement the Act in all districts of the state, and has conducted training programs for the same. There are certainly questions about the incentives the Act creates to squat on public land, but these have to be answered by other urban as well as rural policy initiatives to manage migration better. Overall, the Act is an encouraging step as it ties slum policy to slum dwellers' issues rather than ideals of a 'slum free city' or practices such as large-scale resettlement. Given the potential working titles have to avoid issues faced by regularisation carried out in the normal manner, it will be worth examining the implementation of this Act so that other states can draw lessons.

Jai Vipra is a reasearcher at National Institute of Public Finance an Policy. The author thanks Anirudh Burman for useful discussions.

### The policy posture as an incomplete contract

by Ajay Shah.

1. A complete contract defines behaviour under all states of nature. In the real world, all contracts are incomplete: the parties are inevitably placed before unforseen situations.. But there is a useful distinction between skimpy contracts (where a small range of possibilities are forseen) and thorough contracts (where behaviour under numerous states of nature is specified).

2. The fundamental feature of policy is that it is a statement about how government will behave in the future, and that can vary by the states of nature. Policy risk is the fear that the government will not, in fact, behave in the future as it has promised to behave today.

3. Private persons face zero policy risk when (a) the decision function of the government is fully specified under all states of nature and (b) there is no possibility of the policy being changed. E.g. it would be nice to have a law that guarantees free trade under all states of nature. However, achieving zero policy risk, and complete policy credibility, is like looking for a complete contract.

4. In the real world, there is policy risk because (a) laws are incomplete contracts (there are unforseen states of nature), (b) because laws embed space for executive discretion and (c) because the law can change. A well drafted law reduces policy risk by writing down behaviour under many states of nature, and reduces executive discretion.

5. No matter how well a law is written, there is always a zone of executive discretion and the possibility that the law will change. Low policy risk, then, comes from trust in the thought process, the policy instincts, of the policy establishment. While lawmakers and the executive have the power to do weird things, we attach low probabilities to those events if and only if we trust the intellectual capacity of the policy elite, and the checks and balances (the due process) that will shoot down bad ideas.

6. Consider protectionism in the US. The law was an incomplete contract, in that there was executive discretion to go back to protectionism on the grounds of national security. But for many decades, that event had a low probability because private persons trusted in the intellectual capacity and instincts of the policy elite. When a new populist regime sweeps aside the traditional policy elite, this confidence is lost.

7. In many countries, the old policy elite has been replaced by new populist regimes. This has given heightened policy risk.

8. Clear thinking on globalisation is the hallmark of professional capability in economics. My posterior distribution of policy capability moves a lot when I see a country that engages in protectionism.

I thank Josh Felman for useful discussions.

## Monday, March 12, 2018

### Loan waivers as fresh start in bankruptcy

Farmer distress is in the news again. The causes of distress may be many - ranging from low productivity on small and marginal farms, crop failure due to weather fluctuations, to low market price due to a bumper harvest. The usual policy response, however, seems to be a loan-waiver announcement. For example, several loan-waivers were announced in the second half of 2017. The stated rationale for loan-waivers is that if debt burdens are alleviated in this one instance, then it provides consumption relief and makes it possible to start the next farming season on a clean state. The assumption seems to be that the problems that caused distress this season, will somehow, not manifest themselves again.

Even if one were to believe that a one time loan-waiver is a solution to problems of agrarian distress, the efficacy of the mechanism depends on its implementation. This article makes the case that it is possible, and even desirable, that the process of loan-waivers be handled through procedures in the personal insolvency sections of the Insolvency and Bankruptcy Code (IBC). The Code which became functional for corporates last year, has still not been made available for individuals. Implementing loan waivers through the IBC would essentially mean that the decision to avail a loan waiver would cease to be a "political decision" applicable to the collective of farmers, and become an "individual's decision".

### Why mass scale loan-waivers are a bad idea?

Ad-hoc loan waiver announcements are usually politically motivated. Their implementation leaves a lot to be desired. For example, a CAG report has demonstrated large scale mismanagement in a previous loan waiver scheme. By December 2017, stories had surfaced about implementation issues in Maharashtra. In January this year, the Punjab government launched its loan-waiver scheme even as farmers protested alleging irregularities in the selection of beneficiaries.

Large scale loan-waivers create moral hazard problems which are detrimental to the development of a credit culture. If debtors expect that there will be a loan-waiver announcement in the future, then there is little incentive to repay on time, as has been demonstrated by empirical research (Kanz, 2016, Chakraborty and Gupta, 2017). Anecdotes suggest that loan-waivers have contagion effects on other sources of credit such as micro-finance. Lenders (other than public sector banks that are forced to lend through priority sector lending targets) become wary of venturing into these markets making borrowers more credit constrained. Credit becomes more expensive for everyone, and not just those who benefited from the waiver.

Waivers also have fiscal consequences - money spent on waivers is not spent on measures that may improve agricultural productivity in the long run. For the costs they impose in terms of the fisc as well as poor development of credit markets, their benefits seem uncertain. It is not clear who is benefiting from the loan waivers, and whether intended beneficiaries are actually getting the waivers.

### Personal insolvency in the IBC

Before we study how waivers would be handled through the IBC, it is useful to understand the processes of personal insolvency in the Code. The IBC has an entire section on personal insolvency which consists of three processes, two of which are similar to that in corporate insolvency. This includes the Insolvency Resolution Process (IRP) wherein the debtor who defaults on loan repayment, proposes an alternate repayment plan to her creditors, and subsequently gets a discharge from her debts. The second is the Bankruptcy Process (BP), wherein the non-exempt assets of the debtor are liquidated to pay off her creditors, leading to a discharge.

Once the personal insolvency sections of the IBC are notified, it would become possible for farmers to approach the courts to ask for a re-negotiation of their debts from their lenders through the IRP. Such a demand may be made by creditors as well. If the IRP fails, farmers could undergo the bankruptcy process. Both these processes do not include an element of a waiver. It is expected that the debtor will make some repayments to the creditor - either through a repayment plan that most likely promises payments out of future wage (or other) income, or through liquidation of the non-exempt personal assets. Such a system disciplines borrowers and brings difficult questions on the feasibility of a particular venture, including low productivity farming, to the forefront. The process also disciplines creditors by constraining them from forceful credit recovery, and by bringing them to the table to re-negotiate with the debtor, and take a haircut on their loans.

### Debt relief in the IBC

The third process, called Fresh Start, aims to provide debt-relief to people who fall below certain asset, income and debt thresholds. The eligible debtor, in this case, the farmer, can trigger this process. On acceptance of the farmer's petition, her debts will be waived off. That is, the creditors will not be able to initiate a recovery process on this debt, and will have to do a write-off. A record of default will be kept by the Insolvency and Bankruptcy Board of India (IBBI) for a certain prescribed time-period, and future creditors will have access to these facts. Thus, the fresh start process provides full waiver to the farmer, while containing moral hazard through a record of default. The decision on whether to avail of the waiver rests with the individual.

### Why a fresh start?

One may wonder why a fresh start at all. If loan waivers are expected to create moral hazard problems, then why make provisions for such a process? There are two good reasons for allowing complete debt relief.

1. Very often the costs of going through an insolvency resolution process or a bankruptcy may be higher than the amount that can be expected to be collected. In such an event it is more efficient for the system to just write-off those loans.

2. Bankruptcy systems often provide an element of social insurance, as it is believed that distress can be the result of circumstances beyond one's control. In the case of personal insolvency, especially, studies in the US have shown that events such as medical emergencies account for a number of financial distress cases. In such circumstances, it might be optimal to provide a mechanism to discharge one's debt without undergoing a resolution process. The provision of insurance might actually encourage households to take debt, and engage in entrepreneurial ventures. This may be true of farmers who may be in distress due to events such as crop failure, and may wish to avail of a write-off of their debts.

### Why is the fresh start better than a loan-waiver?

The fresh start process is superior to the loan-waiver programs as it offers a more systematic way of resolving distress. Each farmer can weigh the trade-offs between obtaining debt relief through the fresh start process, but potentially more expensive credit in the future, versus offering a resolution plan or going through a bankruptcy process for a better credit score. It thus contains the moral hazard problem and might yield better credit markets.

As the application is made by the intended beneficiary, there will be very little possibility of selective provision to beneficiaries, or leakages in administration of the waiver program. The application for a fresh start does not depend on the state government declaring a loan-waiver scheme - it is possible to obtain this in the ordinary course of life. It contains the fiscal problem as the state does not rush in to pay the banks for the loans that have been waived. If the state government still wishes to pay for the waivers, then it can always pay the banks, but use the IBC to actually implement it. In doing so, it still is able to constrain the moral hazard problem as those who avail of waivers will have a record.

### Challenges of implementing fresh start

The advantage of fresh start lies in formalising the process of debt-waiver, and putting the decision in the hands of the farmers who can weigh the consequences of the decision. This may sound simple in theory, but as with most things, may turn out to be difficult in practice for the following reasons:

1. The roll out of the process rests on the institutional machinery of the IBC being in place. This requires setting up new Debt Recovery Tribunals as well as improving their procedure, and training of Resolution Professionals. Farmers in remote villages need a way to access this institutional infrastructure. If the machinery is not in place, then the existence of such a process is moot.

2. The decision to undergo a fresh start may be a complex if one is financially not very savvy. This requires a cadre of credit counselors who work in the interest of the debtors, in advising on the application process as well as on understanding the substantive implications of the Code. There is currently no such cadre of "advisors" who can guide farmers on these decisions.

3. As currently defined, the thresholds for a fresh start eligibility are rather narrow. Only debtors with gross annual income of less than Rs.60,000, assets less than Rs.20,000, debts less than Rs.35,000, and no home-ownership, are eligible to get a complete waiver of debts. It is not clear how many farmers will qualify for a fresh start under these conditions. It might be useful for the government to revisit these thresholds in light of how important fresh start may be for solving the problem of loan distress in India.

4. In an environment where lending to agriculture is politically motivated (see Cole, 2009), large scale use of fresh start might get the banks in further trouble - as on one hand they will be forced to write off these loans, but on the other also forced to lend to farmers through priority sector lending requirements. For the fresh start mechanism to work, we need to move towards a more thorough-going reform in public sector banking in general and agricultural credit in particular.

### Conclusion

Indian agriculture seems to repeatedly encounter large scale agrarian distress. In this environment, the proclivity to announcing farm loan waivers, the inability of waivers to reach intended beneficiaries, while causing adverse consequences on credit culture suggests that we find more efficient ways of resolving this distress. Enacting the personal insolvency sections of the Indian Bankruptcy Code may be a useful mechanism to address this problem. In particular, the provisions on fresh start, which provide a complete waiver of debts, may be extremely useful in providing relief to farmers in a systematic way, and by confronting the problem of loan write-offs, may pave the way for reform in agricultural lending.

Renuka Sane is an associate professor at the National Institute of Public Finance and Policy. I thank Josh Felman and Anjali Sharma for useful comments.

## Tuesday, March 06, 2018

Opacity in the banking sector by Sharat Sabharwal in The Hindu, March 6, 2018.

PNB scam: RBI should regulate using legal, coercive powers and not through requests, entreaties by Rajeswari Sengupta and Shubho Roy in Firstpost, March 5, 2018.

How to build capacity at RBI by Ajay Shah in Business Standard, March 5, 2018.

Two Governments, Parliament And An Expert Body - How ICAI Is More Powerful Than All Of Them by Menaka Doshi in Bloomberg, March 1, 2018.

Sebi cannot duck its responsibility in derivatives ban: Marti Subrahmanyam by Mobis Philipose in Mint, March 1, 2018.

Antisemitism: how the origins of history's oldest hatred still hold sway today by Gervase Phillips in The Conversation, February 28, 2018.

Is there a grand bargain between RBI and public sector banks? by Suyash Rai in The Indian Express, February 28, 2018.

The roots of the current banking crisis by Manas Chakravarty in Mint, February 28, 2018.

The proper functioning of regulatory institutions is central to our economic stability N K Singh in Hindustan Times, February 28, 2018.

Fault lines in the Indian banking industry by Rajrishi Singhal in Mint, February 28, 2018.

Legality of GST's anti-profiteering provision by Adithya Reddy in Mint, February 27, 2018.

Washington society and Team Trump: A year in, the fear and loathing is mutual by Roxanne Roberts in The Washington Post, February 26, 2018.

In the land of make believe, ad hoc responses trump improving our processes by Rahul Jacob in Business Standard, February 24, 2018.

Shame on us: I love the 'mild and nice' Indian media, says Donald Trump Jr in Business Standard, February 24, 2018.

How fascism becomes normalised: The fascist movement that has brought Mussolini back to the mainstream by Tobias Jones in The Guardian, February 22, 2018.

Rot in PSBs Part 3: Nirav Modi scam shows it's time Parliament reexamined banking laws, brought in transparency by Shubho Roy in Firstpost, February 22, 2018.

Are we creeping back to controls on corporate decision making? by Kanika Datta in Business Standard, February 21, 2018.

Budget not a propaganda vehicle, restore its real purpose by Nitin Desai in Business Standard, February 21, 2018.

The Poison We Pick by Andrew Sullivan in NYMag, February 20, 2018.

How the rupee futures trade flew to foreign shores by Gurumurthy K in Business Line, February 19, 2018.

FBI, CIA, and NSA: Don't Use Huawei Phones on Slashdot, February 14, 2018.

Death Star Thinking and Government Reform by Jennifer Pahlka in JoDS, February 5, 2018.

From saving the census to google maps: The U.S. census bureau's tiger system, 1980–2010 by Pallavi Nuka in Innovations for Successful Societies, February 2018. Also see: New thinking on a traditional public good by Ajay Shah in Financial Express, August 8, 2009.

The Great INR Carry Trick by Ananth Narayan on Ananthindianmarkets, January 5, 2018.

Fellowship Announcement 2018 in The NewIndia Foundation.

## Monday, March 05, 2018

### A frugal air quality monitor

by Ayush Patnaik.

### The problem

In many parts of the world, poor air quality has shaped up as a major health hazard. While air quality is traditionally seen as the source of respiratory ailments, there is mounting evidence that low air quality has far reaching impacts upon human health. As an example, it exacerbates the deteriorative illnesses of old age.

Ordinarily, we see clean air as a pure public good. There is little that one person can do about it. However, there is much value for an individual in having a right-now-right-here measure of air quality. As an example:

• Air quality is hyperlocal; it varies quite a bit by small changes in location. A person may choose which room or which floor in a building is better based on the information.
• Physical exercise should be avoided when air quality is worse than certain thresholds.
• The decision to use a mask or not.
• The decision to buy or switch on an air purifier.
• Testing the correct working of an air purifier by examining the air quality at inlet versus exhaust.

To do these things, we need an inexpensive, convenient, portable air quality meter. While there are many dimensions to clean air, for the present purpose, we will focus on solid particulate matter with particle size below 2.5 microns ("pm2.5").

### Solution 1: the Origins Laser Egg

#### Pros

• Shows and logs PM2.5 readings.
• Only two button, power and menu. This makes the Laser Egg easy to operate.
• Connects to wifi and uploads data on a server.

#### Cons

• Costs approximately USD 130. Too expensive for countries with air quality issues.
• It is 288 grams, and not small enough to be carried in a pocket.
• It has to be regulary charged.

### Can we do better?

Everyone walks around carrying a mobile phone, which contains a battery, a CPU, a display, a GPS, and a connection to the Internet. This makes it possible to sharply reduce the cost and complexity of measuring air quality. All that we'd need is a sensor that reads the air quality, and gives this information to the phone. Everything else can be done on the phone.

I chose a sensor, the SDS021, which costs roughly $20. I wrote the software which runs on an Android phone and takes in data from this sensor and displays it. #### Advantages Over The Laser Egg • It costs about$20, which is significantly cheaper.
• It is much lighter and smaller. It fits in a pocket.
• Doesn't have to be charged regularly since it takes power from a phone.
• The data is processed in a phone. Other sensors in the phone such as GPS can be collaborated.

### Instructions

1. Buy this sensor, e.g. from Aliexpress.
2. Buy an adapter to connect into micro USB or USB C , depending on what your phone requires.
3. Install my program Aqui from the Google play store or APK
4. Run the program, plug in the sensor.

### Future development

Aqui is built as an open source system on github. A lot of interesting work can and should be done here:

1. Send data to a central database
2. Maps display of my data juxtaposed with data from other Aqui users
3. Support for diverse sensors.

Ayush Patnaik is student of Physics and Mathematics at Australian National University.

## Thursday, February 22, 2018

### Towards a data protection framework for India

by Vrinda Bhandari, Amba Kak, Smriti Parsheera, Faiza Rahman and Renuka Sane.

### Introduction

The Supreme Court's seminal judgment in the Puttaswamy case recognised privacy to be a fundamental right, rooted in individual autonomy and dignity. It also laid down the normative grounding for a data protection law in India. The Justice Srikrishna Committee constituted by the Government is now faced with the formidable task of drafting a blueprint for India's first comprehensive, cross-sectoral data protection law. The Committee released a White Paper in November, 2017, which covered impressive ground in terms of mapping of key issues and the international landscape on data protection. The Committee also presented its provisional views spanning across issues of jurisdiction, to specific rights of individuals vis-a-vis data controllers, and the enforcement mechanism to make these rights justiciable.

In this post, we discuss some of our key recommendations in response to the Committee's White Paper. We focus here on the following three issues.

• A principles-based primary law: The cross-sectoral nature of the proposed data protection law necessarily merits a principles-based approach for identifying the rights and protections that are suitable for the needs of a range of different stakeholders. The focus of the primary law should therefore be on identifying appropriate principles of data protection, the key areas where specific regulations need to be framed and the bounds within which those powers should be exercised.
• Regulatory structure and governance: The usefulness of the data protection law will depend largely on its effective implementation. This requires the creation of an appropriate regulatory structure with well-defined legal processes. In terms of design, we propose the creation of two new agencies -- a cross-sectoral data protection authority to discharge regulatory and supervisory functions and a redress agency to adjudicate individual complaints under the data protection law.
• Data protection obligations of state agencies: The state is uniquely positioned to access personal data from a variety of sources and use it in ways that can radically alter the relationship between the citizen and the state. Any exceptions and exclusions from the data protection law, including on legitimate grounds such as national security, must therefore be crafted carefully and with appropriate procedural safeguards.

### A principles-based primary law

The scope of the data protection law must extend to all sectors and all entities that collect and process user data, whether in the public or private sector. That said, a one-size-fits-all model also seems ill suited, given the variations in the nature and uses of different types of data in the hands of different categories of data controllers and the potential harms that could result from it. To balance these requirements, we recommend that the primary law must be drafted in a principles-based manner while the nuances of specific data protection requirements applicable in each context can be built more gradually. This can be achieved through context-specific and sector-specific subordinate legislations.

This "principles-based" approach needs to be distinguished from a "rules-based" one, which would typically contain prescriptive details about the specific requirements required to be followed by different persons. To take a simple example, a principles-based approach towards disclosures may state that an entity "should make appropriate disclosures that enable a person to make informed decisions". On the other hand, a rules-based approach may set out not only the exact text of the disclosures, but also their periodicity, font and design. We use the example of "consent" requirement to explain this idea in the context of a data protection law.

The principle of collection limitation demands that there must be a legal basis for the collection of information, and we think consent should be a primary ground for data collection. The idea of consent, or the collection and use of an individual's personal data with their approval, flows from the principle of personal autonomy and is a core element of the right to privacy. However, it is also well recognised that the consent model suffers from many challenges, including problems of consent fatigue, information asymmetry and bounded rationality of users. Yet, we argue that instead of using these reasons as grounds for abandoning consent as a basis of data collection, the law should mandate data controllers to find means to overcome these hurdles. Accordingly, the consent principle could state that "the collection of personal data is subject to the consent of the individual and such consent must be obtained in an informed and meaningful manner". It would then be upon the data controllers to develop and adopt appropriate standards that can overcome the hurdles generally associated with the consent model and for the Data Protection Authority to supplement such efforts through its regulations. Thus, if data controllers were to rely on consent to legitimise their data collection activity, they would have to demonstrate fulfilment of this principle.

Such a principle would logically translate into a requirement of clear and simple notice, which could have different meanings in different contexts. It would also mean that certain types of conduct, for instance consent taken through coercion or in a "take it or leave it" manner, is likely to be seen as a violation of the above principle. Most importantly, having such a principle would nudge data controllers towards the use of privacy enhancing technologies, such as consent dashboards and privacy chatbots like PriBot. It would also compel them to evolve practices that take into account the literacy and language contexts of India.

Apart from consent, however, there should also be scope for other grounds to legitimise data collection. As noted by the Committee, grounds such as compliance with legal requirements and legitimate purposes of data controllers, may also be included. Here too, the law should contain appropriate principles to prevent the misuse of the legitimate purpose criteria, for instance by requiring that there should be a direct nexus between the data being collected and purpose sought to be achieved through it.

### Regulatory structure and governance

While considering various regulatory and enforcement models, the Committee posits a 'co-regulatory approach' as an ideal middle ground between self-regulation and a 'command and control' regime. This is described as a system where the government and industry share the responsibility of drafting and enforcing regulatory standards -- the industry frames code of conducts, which are then approved by the government. We submit that rather than treating the industry as a separate site for framing of standards, an element of co-regulation' should be built into the statutory framework itself -- in the form of an open and participative regulation-making process. Collaborative regulation making has particular value in an evolving and technical field like data protection, which is also driven by strong economic interests.

For the alternative of government endorsing industry codes to be meaningful, and not simply self-serving to the regulated entities, the regulator would eventually have a similarly high burden of supervision and monitoring. We therefore suggest that embedding collaboration in the process of rule-making, rather than effectively conceding that process to regulated entities, is a better approach. Within this framework, each data controller would of course have some flexibility in adhering to the principles laid down under the law or regulations, while remaining liable for penalties and redress for inadequate compliance.

In terms of regulatory design, we propose the establishment of two new statutory agencies:

1. A Data Protection Authority (DPA) that will function as a cross-sectoral data protection regulator. It will be responsible for drafting regulations, assessing compliance by regulated entities and initiating enforcement actions against them.
2. A Data Protection Redress Authority (DPRA) that will be responsible for adjudicating individual complaints and affording appropriate remedies to individuals.

This draws from a similar recommendation made by the Financial Sector Legislative Reforms Commission (FSLRC) in terms of separating regulatory and redress functions in the context of the financial sector. A key objective behind this design is to allow the DPA and the redress agency to focus exclusively on their core functions. This becomes particularly important in light of the principles-based nature of the proposed law. Given the large number of data collectors in the system and the individuals interacting with them, it would be unrealistic to expect the DPA to effectively discharge its regulatory and supervisory functions while also taking up the responsibility of addressing individual complaints. Staffing and financial constrains will inevitably cause one of the functions to suffer.

Another ground for the proposed separation stems from the need to avoid potential conflicts of interest. A large number of complaints on a particular issue would imply that data controllers are not acting in compliance with the legal principles, but it may also imply a failure on the part of the DPA to take appropriate regulatory or supervisory actions to curb such malpractices. It is therefore important that the resolution of any complaints should take place independent of the other core functions of the regulator. There should however be a strong feedback loop between the redress agency and the DPA for transmission of information about the kinds of complaints being received, the entities to which they relate and the underlying causes. This will enable the DPA to address such issues through appropriate amendments to its regulations or by initiating enforcement actions.

Our response to the White Paper also contains a number of other recommendations about the design and functioning of the proposed agencies, many of which draw from the recommendations of FSLRC and the draft Indian Financial Code. This includes suggestions relating to the need for a sound selection process for members of the DPA, separation of powers within the DPA; emphasis on a transparent regulation-making processes (taking into account the expected costs and benefits of proposed measures); and the need for an independent appellate mechanism.

Finally, the law must also facilitate ways to maximise synergies between the DPA and existing sectoral regulators. This interaction becomes especially important in the short run given that it may take some time for the DPA to build capacity and an accompanying body of regulations for different categories of stakeholders. Sectoral regulators could therefore take the lead in framing appropriate standards for their regulated entities, in accordance with the principles under data protection law and in consultation with the DPA. To facilitate such interactions, we recommend that the law should mandate the creation of cooperation mechanisms between the agencies. This may include consultation on framing of regulations applicable to entities in a particular sector; making a reference to the other agency while initiating supervisory actions against a regulated entity and requirement to enter into an MoU to mutually agree on the exact procedures for this coordination.

### Data protection obligations of state agencies

While the daily interactions between users and commercial platforms such as Facebook and Google undeniably lead to many important concerns, the interactions between personal data and the state must be viewed with even greater care. This is due to the distinct nature and magnitude of state power. The state is uniquely positioned to access the data collected both by itself and other private sources, and use it ways that can radically alter the relationship between the citizen and the state. Data can then easily become a tool for surveillance, intimidation, coercion, and harassment, and the data protection law should be cognizant of such concerns.

The chapter on exemptions in the White Paper focuses on the types of activities that may be exempted from data protection principles, including a section on national security. However, it does not highlight the manner in which the exemption would translate into practice, and merely relies on the Puttaswamy decision's indication of national security as a legitimate aim.

While the status of national security as a legitimate aim remains fairly uncontested, we propose that the requirements of necessity and proportionality laid down by the Supreme Court in Puttaswamy need to be embedded in the law while creating such exemptions. The provisions on surveillance and national security also need to take into account development of technology that enables low-cost, mass surveillance, reducing the need to rely on physical and human resources (as noted by Sotomayor J. in United States v Jones). The mechanisms to be considered in this context may include judicial review or parliamentary oversight; other forms of systematic review of executive actions; defined time limits; and clear provisions for appeal. We realise that such principles would also have to be included in allied laws such as the Aadhaar Act and the Indian Telegraph Act.

The regular processing of data by state agencies also raises interesting questions about the appropriate liability and enforcement regime for any breach of the law. We submit that the penalties and compensation requirements under the data protection law should apply equally to public and private entities. However, certain distinguishing factors (such as the source and extent of finances) must be taken into account by the implementing authorities. For instance, the law in the United Kingdom gives the Data Commissioner the ability to impose a civil monetary penalty of up to 500,000 GBP on a data controller, whether a private or public body. The exact amount of penalty is, however, determined by a number of factors, including the impact on the entity being penalised and their ability to pay.

### Way forward

The White Paper is the beginning of an important conversation around data protection in the context of state and non-state actors in India. However, in its attempt to cover such a comprehensive topic, the White Paper does not fully explain its provisional views on some of the important and complex issues being addressed by it. One is further limited by the lack of a draft Bill, in which the nuances of these issues will be fully understood.

To facilitate an informed debate, the Justice Srikrishna Committee has already taken an important first step in terms of organising consultations in major cities. It is now imperative that the Committee publish the responses received, so as to take the conversation forward. Even more importantly, the Committee must hold similar, multiple rounds of consultation after it releases a second White Paper with its final views, along with a copy of a draft data protection law for India. It is only when such a draft would be open to the public for comments and consultation, that we will be able to achieve a truly holistic and comprehensive data protection law.

Vrinda Bhandari is a practicing advocate in Delhi. Amba Kak is a Mozilla Technology Policy Fellow. Smriti Parsheera, Renuka Sane and Faiza Rahman are researchers at the National Institute of Public Finance & Policy.

### CCI's order against Google: infant steps or a coming-of-age moment?

The Competition Commission of India (CCI) recently concluded its six year long investigation into allegations of abuse of dominance by Google in India. It found that Google had utilised its dominance in general web search services to limit user choice (specifically in the context of Google flight search) and impose restrictions on its search syndication partners. It also noted a third violation relating to Google's historic practice of setting fixed positions for a particular category of search results (referred to as "universal results") that were sourced from its other verticals like images, videos and maps. A few months ago, the European Commission had also levied a penalty of Euro 2.42 billion on Google for offering preferential treatment to its comparison shopping service and demoting rival services in its search results.

The consequences for Google in India? CCI has directed Google to (i) desist from assigning fixed positions to universal results; (ii) add a disclaimer while presenting its commercial flight results; (iii) not enforce unreasonable restrictions on syndication partners; and (iv) pay a penalty of Rs. 1.36 billion (USD 21.1 million) for its anti-competitive conduct. To put this in perspective, the penalty translates to less than 0.02% of USD 110.9 billion, Google's worldwide revenues in 2017.

Are these the uncertain first steps of an infant CCI venturing into technology-ville or the coming-of-age moment of a regulator that has learnt to balance innovation and competition in the digital era? This post attempts to answer this question by tracing CCI's analysis on issues of universal results, Google flights and restrictive agreements, highlighting some concerns and summarising the takeaways from this decision.

CCI's order arises from two separate cases filed by online matchmaking portal Matrimony.com and Consumer Unity & Trust Society against Google Inc. and Google India Private Limited. In the course of the investigation, Google Ireland Limited, a key contracting entity for Google's advertising agreements, was also added as a party.

The informants alleged an abuse of dominance by Google in the general web search and search advertising markets in India, with the following specific claims.

• Search bias: Google was using its dominance in the search engine business to promote its own results like videos (YouTube), news (Google News) and maps (Google Maps) in its search results.
• Unfair advertising terms: Google has the largest number of search users which makes it an unavoidable partner for all advertisers who want to target their ads at those users. The informants alleged that Google was using this position to impose unfair and discriminatory conditions on its AdWords customers (advertisers who bid on keywords for ads to be displayed in Google's search results).
• Denial of access: Google was using its dominance in the search and search advertising markets to impose unfair conditions that restricted its partners from contracting with other competing search engines. As a result, it was denying access to the market to competing businesses.

As per the scheme of the Competition Act, 2002 (Act), the complaints were first examined by the CCI to assess their prima facie merit. Finding a prima facie case of abuse of dominance by Google, CCI referred the matter to its investigative arm, the office of Director General (DG), for detailed investigation. The DG's office took about three years to complete its assessment and submitted an investigation report to CCI in March, 2015. It found Google to be guilty on all the counts raised by the informants in addition to a few others that were discovered by it in the investigation process.

### CCI's reasoning and verdict

An abuse of dominance case under Section 4 of the Act requires CCI to establish that the entity in question held a dominant position in a defined relevant market and had abused that dominance through activities like imposing unfair or discriminatory conditions on others, limiting the supply of goods or services in the market, or using its dominance in one market to protect its position in another.

Relevant market analysis

CCI agreed with the findings of the DG that Google was operating in the following relevant markets: (a) market for online general web search services in India and (b) market for online search advertising services in India.

Google contested both these market definitions, arguing instead for a broader relevant market -- the wider the market the lesser the chances of Google being found to be dominant in it. Regarding general web search, Google claimed that it competes with all possible sources of information that can answer a user's specific query (about people, places, recipes, etc.) and there is no separate market for "general web search". This however ignores the fact that there are billions of webpages on the Internet, a majority of which are not known to users. Users therefore commonly rely on search engines to identify new sources of information and even access relatively well known ones. For instance, Alexa's web traffic analytics shows that 66.6 percent of the traffic to Wikipedia, the fifth most popular website in the world, comes through search engines.

Curiously, Google is also reported to have argued that "[b]ecause search is free, Google has no trading relationship with the users of its search service, and so the basis for establishing dominance is absent". CCI rejected this argument, noting that "it is not only flawed but altogether ignores the role of big data in the digital economy". In the multi-sided platform operated by Google, users offer their "eyeballs" and data in exchange for Google's "free" services, which are in turn monetised by Google through advertising revenues. To claim that only services that are directly paid for by users can constitute a relevant market would render large parts of the digital ecosystem outside the purview of competition laws, an outcome that is neither legally tenable nor socially desirable.

The determination of dominant position depends on a number of factors, market share being one of them. CCI's order notes that Google has maintained a high market share in both the relevant markets but does not disclose the exact figures (these are blacked out as confidential information). Publicly available information from statcounter, however, clearly shows that in the period since 2010, Google has consistently held over 96 percent of the market share among search engines in India.

Abuse of dominance

Next, CCI turned to examine the specific allegations relating to the abuse of its dominant position by Google. This is also the point where the Commission significantly digresses from the findings made by its investigation unit. Unlike the DG's report, which found Google to be in violation of the Act on almost all the grounds examined by it, CCI limits its findings to the following three grounds.

1. Fixed positions for universal results:

Findings: Google's search results pages often contain certain "universal results" that are sourced from its other search verticals (See Figure 1 for an example). As per Google, these universal results compete with other generic blue links for the most favourable position on the results page based on their relevance. However, it also admitted that when the service was initially introduced, the display of universal results was limited to certain fixed (1st, 4th or 10th) positions as its systems were not advanced enough to determine the relevant position for such results. CCI dismisses this argument to hold that Google's historic practice of adopting a fixed position for such results was unfair and misleading to its customers who were led to believe that the responses were being ranked solely on the basis of their relevance.

Consequences: Since Google has already discontinued this practice, CCI limits itself to issuing a desist order directing Google not to resort to such position fixing in the future.

2.  Figure 1: Universal image results in response to search term "Kullu"

3. Commercial unit for flight results

Findings: Google also places various "commercial units" in its search results. This refers to a demarcated ad space for displaying sponsored results relating to shopping, hotels and flights. CCI focused in particular on Google's flight unit (See Figure 2 for an example). It noted that Google provides a prominent placement to its flights unit in general search results with a link that takes the user to Google's own specialised flight search service. It found that this practice results in either pushing down or pushing out other competing vertical search services with the result of misleading users and denying them the opportunity to access the other websites.

Consequences: CCI directed Google to display a disclaimer in the commercial flight unit box indicating clearly that clicking on the relevant link would lead to Google's flights page and not the results of any other third party service provider.

4.  Figure 2: Google Flight Unit in response to search term "Delhi to Kullu flights"

5. Restrictions in syndication agreements

Findings: In addition to the search and advertising services offered on Google's own website, it also enters into syndication agreements with other websites to offer its search and advertising services to them. These agreements can either the take the form of standard online contacts or directly negotiated agreements. CCI found that Google imposes certain unreasonable restrictions on its negotiated search intermediation partners -- websites that enter into negotiated agreements to use Google's services on their websites are restricted from implementing any search technologies that are "same or substantially similar" to those of Google. CCI found that this restricts Google's partners from using the services of competing search engines. It thus "creates conditions for extending and preserving Google's dominance in search intermediation".

Consequences: CCI directed Google not to enforce the restrictive clauses in its negotiated direct search intermediation agreements with Indian partners.

As noted above, the DG's investigation had found Google to be guilty on many other counts. This included questions about Google's conduct in relation to its AdWords customers; its practice of allowing bidding on trademarks owned by competitors; and its arrangements with distributors like Apple and Mozilla to make Google the default search engine in their products. CCI, however, disagreed with the DG's findings on all these other counts.

### Some questions and concerns

CCI's decision raises many important issues regarding Google's conduct in the search and search advertising markets. The design of ranking algorithms to provide preferential positions to certain types of results (without sufficient disclosures) and the imposition of unfair restrictions in commercial contracts are certainly critical issues that can have far reaching implications for online competition in India. Yet, despite agreeing with the principles behind these ends, it is hard to ignore some issues with the means adopted by CCI to reach them. This section focuses on the lack of sufficient evidence-based analysis, selective focus on flight search and CCI's own uncertainty about calculation of the penalty, all of which are factors that could expose the order to subsequent scrutiny.

Absence of robust data and evidence

The first issue, which has also been emphasised at length by the two dissenting members of CCI, relates to the absence of robust data and evidence to support the findings against Google. While the discussions in the order are sufficient to develop a strong intuition about Google's anti-competitive conduct, this intuition should ideally have been followed through with supporting data to build a water tight case. Specifically in the context of flight search, the dissenting members point to the absence of actual data about the traffic flows to the Google flight unit or to competing websites, the positions on what these websites actually appear on Google's results page and the impact that it has on consumer behaviour.

We can contrast this with the European Commission's approach in its similar case against Google. In a press release issued in June, 2017, the Commission announced that its order against Google was supported by evidence from various sources, including "(i) significant quantities of real-world data including 5.2 Terabytes of actual search results from Google (around 1.7 billion search queries); and (ii) experiments and surveys, analysing in particular the impact of visibility in search results on consumer behaviour and click-through rates". Based on this evidence, it was able to gauge the precise effects of Google's prominent placement of its comparison shopping service.

• The traffic to Google's comparison shopping service increased 45-fold in the United Kingdom, 35-fold in Germany, 19-fold in France, 29-fold in the Netherlands, 17-fold in Spain and 14-fold in Italy.
• There was a sudden drop of traffic to certain rival websites, to the tune of 85% in the United Kingdom, up to 92% in Germany and 80% in France.

In the present case, it is clear that the dissenting members are not disagreeing with the merits of the case against Google but the absence of sufficient data to make those claims. That being the case, the logical course for the Commission would have been to direct further investigation by the DG on these specific grounds or pursue an inquiry on its own. Both these courses were open to the Commission under Section 26(7) of the Act but their adoption would of course have meant a further delay in an already long pending decision.

Questions about the flight search analysis

The next set of issues revolves around CCI's focus on Google flight search and its prominent display on the search results page as a ground for abuse of dominance. The order examines the impact of the prominent real estate given to Google's flight unit vis-a-vis third-party travel sites like MakeMyTrip.com or Yatra.com and its misleading impact on users. However, as noted here, Google's flight service (at least at present) only offers users the option of comparing flight prices and not of directly making the bookings through Google. Therefore, the market in question is that of flight fare comparison websites and it would accordingly have been relevant to consider the impact on competing fare aggregation sites like "skyscanner" and "farecompare" instead of only those that provide flight booking services. Such an analysis would have also enabled CCI to examine a potential violation of Section 4(2)(e) of the Act, which relates to the use of dominant position in one market to protect its position in another.

Further, the order does not clarify as to why the flight search functionality is more problematic than similar commercial units displayed by Google in response to shopping or hotel related searches in India. In case of shopping results, the Commission makes a passing remark that "Google's display of Shopping Unit may not per se affect the ranking of free search results". In case of hotels, the order states that Google does not offer this feature in India even though a search for hotels on Google's India site does display a commercial unit, which has similar features to its flight search function -- it leads to another Google page that contains advertisements from hotels and hotel booking websites.

Penalty imposed by CCI

Relying on the Supreme Court's decision in the Excel Crop Care case, CCI decided to limit its penalty to Google's "relevant turnover" from India. For this purpose CCI sought information from Google regarding its revenues from different segments of its India operations, which the Commission notes was provided in an unsatisfactory manner. For instance, it is unclear from the order whether the information supplied by Google under the head "Relevant Turnover from Direct Sales in India" was based on (i) the income earned by all Google entities from end-users based in India; (ii) the income earned by Google India Private Limited from advertisers in India; or also (iii) the income earned by Google Ireland, Singapore and others from Indian advertisers.

Unfortunately, CCI acknowledges these infirmities and still goes on to determine the final penalty amount based on the unclear information furnished by Google. Given the criticality of this point, it would have been appropriate for CCI to seek more specific information from Google and, if required, provide further time for the same. It could also have used its statutory powers to elicit this information.

### Conclusion

The Google case is an important development in India's competition jurisprudence on abuse of dominance in multi-sided technology markets. CCI's order acknowledges at the outset that "intervention in technology markets has to be carefully crafted lest it stifles innovation". It also highlights CCI's intent to refrain from interfering in specific product design elements unless the conduct in question is particularly egregious and an intervention becomes necessary to correct certain distortions.

Despite its well intentioned attempts to balance the interests of innovation, competition and consumer welfare, the decision falls short on some counts. Firstly, in an industry centered around click-through-rates, analytics and ranking measurements, the order primarily relies on qualitative and descriptive accounts to establish Google's violations. Secondly, CCI chooses to intervene in certain product design elements (universal results, commercial units) but not in others (like the AdWords ranking mechanism and trademarks bidding policy). While doing so, it fails to offer any broader guidance on the basis for demarcating general product design elements (that could also negatively impact competition) from particularly egregious conduct that merits competition intervention.