India Case

Governance and political economy

India became independent in 1947, following the partition into two states, India and Pakistan, by Britain. The history of British colonialism continues to shape the political economy of India. The country is governed through a federal parliamentary constitutional republic that operates with a multi-party system. There are eight national parties, including the ruling Bharatiya Janata Party (BJP), and many local parties. As the seventh largest country by area, India is divided into 28 states and 8 union territories. 

Legislation can take place at both the central government and state government levels. However, it is worth noting that the Indian government is, in practice, “quasi-federal” with a strong central government. Constitutionally, the central government can legislate on issues (including telecommunication, which is particularly relevant in this context), while the state legislates on issues including healthcare, policing and so on. It is also important to note that only 3-4% of the overall workforce in India is covered by formal labour protections, statutes, and regulations. The overwhelming majority are in informal forms of work.

In terms of the regulation of AI, As Apar Gupta from the Internet Freedom Foundation in India explained:

“To be clear: there is no regulation at the federal level right now. What there is are essentially policy documents. No ethical or operational guidance has been derived from it. There is no action being taken on the basis of these documents. In the absence of a parliamentary statute, there is an absence of enforceable protections, which are flowing from policy documents. India is a federal country and certain lawmaking powers are reserved for local state governments. Local state governments are wanting to embrace AI for the same reasons the federal government is: to look futuristic, to encourage greater degree of investment, etc. Therefore they may have come out with certain specific AI based policies.”

At present, there is nothing in law or regulation that protects employees against the use of automated decision making tools within a company. 

Government industrial strategy for AI

The industrial strategy of the Indian government is built on a purported aim to create both economic growth and promote social inclusion. NITI Aayog, a government think tank, has produced a series of reports on AI strategy. In 2018, they released the National Strategy on Artificial Intelligence (NSAI). As the highlights of the report explains:

“Given its disruptive nature, it is important that the government should look into its large-scale adoption strategies so as to strike a balance between narrow definitions of financial impact and the greater good. Given this background, NITI Aayog has decided to focus on five sectors that are envisioned to benefit the most from AI in solving societal needs: a) healthcare, b) agriculture, c) education, d) smart cities and infrastructure and e) smart mobility and transportation.”

It includes a discussion of the potential value for AI, but that adoption has so far been driven from by commercial interests. It also notes that there are limited capabilities for AI research in India, identifying start-ups as an important potential driver. Overall, a goal of #AIforAll is identified, in which ‘the government should act as a facilitator and an active promoter while ensuring that it does not crowd out the private sector.’

In 2021, NITI Aayog released a two part report on Responsible AI. In Part 1 - Principles for Responsible AI, Dr Rajiv Kumar notes in the Foreword that:

Since 2018, the deployment of AI in India has only grown, through the support of enthusiastic state governments, research institutions, leading applications from the private sector and a vibrant evolving AI start-up ecosystem. Though AI is often deployed with intentions of improving access and quality and higher efficiency and solving pressing problems, risks and challenges of leveraging AI have also emerged across a number of different areas.

The first part of the report is intended as a roadmap for the responsible adoption of AI, building on the previous report while AI has continued to develop in India. It introduces seven ‘broad principles for responsible management of AI’:

1. Principle of Safety and Reliability
2. Principle of Equality
3. Principle of Inclusivity and Non-discrimination
4. Principle of Privacy and security
5. Principle of Transparency
6. Principle of Accountability
7. Principle of protection and reinforcement of positive human values

In Part 2 - Operationalizing Principles for Responsible AI, the challenges of implementing responsible use of AI are discussed. As Rajiv Kumar notes:

The multi-faceted role of the Government as a policy maker, regulator, and procurer makes it an important stakeholder in the operationalization of the principles. However, it is also important to note that Government interventions alone are not sufficient and it is important for the entire ecosystem to play its role in ensuring to put in place a trusted AI ecosystem.

The following ‘pillars’ are considered for government intervention:

1. Regulatory interventions towards creating a trusted AI ecosystem
2. Policy interventions to enable a responsible AI adoption
3. Awareness and capacity building on responsible AI in the public sector
4. Facilitate alignment of procurement mechanisms with responsible AI principles

While the specific regulatory and policy interventions are not explained, the report motivates the need for these alongside the private sector development of AI. 

What is clear from the reports published so far is that there is an emerging industrial strategy that positions AI as important for the Indian economy. In particular, this involves mediating between local and international companies, as well as balancing the role of the state as both regulator and purchaser of AI.

Relevant features of the economy and labour market

There are approximately 500 million workers in India, making it the second largest labour market in the world after China. The largest sector of employment is agriculture with 152 million workers, non-financial services 136 million, real estate and construction 54 million, manufacturing 27 million, public administrative services 8 million, financial services 6 million, and mining just under 1 million. The labour market is broadly divided into three sectors: rural workers (that make up the majority), the organised sector (a small number, although produce a significant part of overall GDP) and the urban informal sector. 

The “organised sector” is an important distinction as this small part of the labour force are the only workers who are covered by employment protections and regulations. The majority of people working in India are in the unorganised sector. They work in a variety of sectors, including agricultural work, construction, manufacturing, domestic work, street vendors, and so on. It also includes workers with casualised employment relationships. Within the organised sector, the state is a major employer.

There are a range of trade union federations, including teens of thousands of local unions. Often these are affiliated to political parties. Despite the vibrancy of the trade union movement - often marked by large protests and national strikes - the overwhelming majority of workers are not members of a trade union or covered by collective bargaining agreements.

The IT sector - including outsourcing, consultancy, and information technology more widely - employs approximately 4.5 million workers and accounts for approximately 8% of GDP in India. It is therefore an important part of the economy and has been encouraged through state intervention and positive regulation. In particular, key cities across India have become IT hubs, encouraging further growth and development in this sector. 

Regulation and development

The 2011 Information Technology Act

The current legislation that applies to data protection in India is the Information Technology Act, which includes “Reasonable Security Practices and Procedures and Sensitive Personal Data or Information” Rules. These require corporate entities that collect, process, or store personal information to comply with a set of rules. These are fairly limited and include the need for consent and a policy for data that is accessible. Data that is defined as sensitive can only be collected for a lawful purpose and should only be used for that purpose.

The existing regulation is therefore not specific to the use of artificial intelligence, whether in the workplace or more widely. Instead, it is a limited form of data protection that focuses on issues of consent in data collection, with some basic protections against improper or unauthorised disclosures, including data leaks. There is no regulatory body overseeing the Act, meaning that the protections are difficult to enforce in practice. In an employment context, employers can gather data and utilise it without employees consent.

The debate on data protection shifted after the judgement in the Supreme Court of India in 2017. In Justice K.S.Puttaswamy (Retd.) v. Union of India [Writ Petition No. 494/ 2012] it was upheld that privacy is a fundamental right, entrenched in Article 21 (Right to Life and Liberty) of the Indian Constitution. This, in part, led to the developments of the Personal Data Protection Bill, discussed below.

The Personal Data Protection Bill

In 2017, building on the Supreme Court ruling and debates from various government committees over the past decade in India, the Ministry of Electronics and Information Technology established a committee to investigate issues of data protection. The committee submitted the draft Personal Data Protection Bill in 2018. The PDP (Personal Data Protection) Bill was introduced in the Lower House of Parliament in December 2019. The Bill aimed:

to provide for protection of the privacy of individuals relating to their personal data, specify the flow and usage of personal data, create a relationship of trust between persons and entities processing the personal data, protect the fundamental rights of individuals whose personal data are processed, to create a framework for organisational and technical measures in processing of data, laying down norms for social media intermediary, cross-border transfer, accountability of entities processing personal data, remedies for unauthorised and harmful processing, and to establish a Data Protection Authority of India for the said purposes and for matters connected there with or incidental thereto.

At present, this is only a draft proposal and has not moved forward in the years since it was first discussed. 

The PDP Bill contains wide exemptions for government agencies to process citizen’s data in order to carry out their responsibilities. In the 2018 version of the Bill, exemption could only be granted if a four-part test could be met, that the data processing would be “authorised by law”, “in accordance with the procedure laid down by the law”, “necessary”, and “proportionate to the interests being achieved.” This test would be in line with the 2017 Supreme Court Judgement. However, the 2019 version of the Bill removed three of the tests, relying instead only on whether the data processing is “necessary.” While there was debate on the “public order” exemption (Section 35), including suggestions that there be either judicial or parliamentary oversight for these exemptions. The final report did not include any oversight, stating the need to balance national security and the liberty and privacy of an individual. The only reference to Artificial Intelligence is Section 40, which explains: “The Authority shall, for the purposes of encouraging innovation in artificial intelligence, machine-learning or any other emerging technology in public interest, create a Sandbox.”

The Bill has attracted criticism from NGOs and academics. It has also been criticised by Justice BN Srikrishna, who was one of the original proposers of the Bill. He explained that in the process of debate:

They have removed the safeguards. That is most dangerous. The government can at any time access private data or government agency data on grounds of sovereignty or public order.  

In relation to employees, Section 13 specifically discusses employee data in the Bill. The latest version of the Bill allows the processing of employee data without consent based on two grounds: first, when consent is not deemed appropriate, or second, where consent would involve disproportionate effort. This does not include the processing of sensitive data. It allows for the collection of data during recruitment, termination, attendance, provision of services or benefits, or assessing performance. As Sweta Mohandas and Anamika Kundu (2021) from the Centre for Internet and Society have argued, ‘this covers almost all of the activities that require data of the employee.’ Given the differences in how employee data is treated, they continue to explain that ‘the consumer of the same company or service has a greater right to their data than an employee.’ There have been contradictory reports from parliamentary ministers as to the process of moving the Bill forward. If it passes in the next session of parliament, it could come into effect in approximately 2-3 years. 

The Report by the Committee of Experts on Non-Personal Data Governance Framework

In addition to the Bill, there has been a “Report by the Committee of Experts on Non-Personal Data Governance Framework.” The committee was constituted by the Ministry of Electronics & Information Technology, to develop a framework for the governance of Non-Personal Data, as different to the PDP Bill. The Report is now in the second draft stage, after collecting input on the first draft in July 2020.

The report is motivated by the need to share and regulate non-personal data for the “maximum social and economic benefits from data for the society.’ (3.8, v.). The report puts forward an argument for new rules and regulations to manage data. This starts with definitions of different kinds of non-personal data and non-personal data roles. There is the suggestion to identify data principles and custodians, as well as the establishment of “data trusts”, that is “institutional structures, comprising specific rules and protocols for containing and sharing a given set of data.” Finally, the report considers the establishment of “a separate Non-Personal Data Authority” that will act as a regulatory body, differentiated from both the existing Data Protection Authority (DPA), Competition Commision of India (CCI), and sector specific bodies. This is envisaged as having both an “enabling” and “enforcing” role.

Specific policies or interventions at the state level

In addition to the potential Bill and report, there have been various policy documents and at the central government level. For example, the Ministry of Electronics & Information Technology produced four recent reports: “Report of Committee - A, On Platforms and Data on Artificial Intelligence”, “Report of Committee - B, On Leveraging A.I For Identifying National Missions in Key Sectors”, “Report of Committee - C, On Mapping Technological Capabilities, Key Policy Enablers Required Across Sectors, Skilling and Re-Skilling, R&D”, “Report of Committee - D, On Cyber Security, Safety, Legal and Ethical Issues.” NITI Aayog, the public policy think tank of the Government of India, also produced two reports on “Responsible AI”: “Part 1 - Principles for Responsible AI” and “Part 2 - Operationalizing Principles for Responsible AI.” These are general reports into the use and application of artificial intelligence, with only brief mentions of workers.

At the state level, there has been the start of developing specific policies. For example, the state of Tamil Nadu released the “Safe & Ethical Artificial Intelligence Policy 2020”. This is a guidance document, but includes rules for procurement of artificial intelligence by the government. However, it is not clear whether there has been any enforcement of the policy. Other states, including Telangana and Andhra Pradesh have made announcements about wanting to become an “AI state”, but there is less concrete detail about what this would involve in practice.

Implications for the world of work

The context for current discussions around data and the use of artificial intelligence are shaped by previous issues relating to technology in India. In particular, the introduction of Aadhaar. This is a 12 digit number issued by the Unique Identification Authority of India, a government body. It required India residents to undergo a verification process in order to be issued with an Aadhaar number, collecting both demographic and biometric information. It was intended to provide a way to identify and verify a person’s identity, particularly for access to government welfare schemes. It is part of one of the largest government databases in the world.

Critics of the Aadhaar system claim that “what started as a unique identification number to streamline the distribution of welfare to the needy has now turned into an all-pervasive tool that can arm the government with sensitive data of all Indians.” The Ministry of Labour and Employment introduced the e-SHRAM portal to connect unorganised workers to welfare schemes via their Aadhaar number. Privacy concerns have regularly been raised throughout the introduction of the system. As one newspaper investigation reported, it was possible to pay Rs 500 (approximately £5 GBP) to access the Aadhaar system on the black market, with a further Rs 300 to print a counterfeit card. There have been significant data breaches, including 130 million Aadhaar numbers being leaked online.

More recently, new technologies have been introduced to collect data on workers. For example, Accredited Social Health Activists (ASHA) in Haryana have been monitored with technologies like the Shield 360 app, which utilises real time GPS tracking. As one newspaper reported, workers in Haryana opposed the use of the technology, although there are 900,000 ASHA workers across the country. There have been other examples of state agencies outsourcing technology from third party providers. Workplace surveillance is a growing phenomenon in India, particularly in the public sector. In some cases, like with manual scavenging, this intersects with caste-based discrimination. As one report explained, the use of these tools has increased with the Covid-19 pandemic, with little in terms of regulation or protection for employees or workers.

There have been cases of failures of these technologies, particularly in the large workforce of gig economy drivers in India. As Prateek Waghre noted: “even if a technology has 1% or 0.1% error rate, for a population the size of India, that's a significant number of people. What we do with those edge cases is what ultimately defines us as a society.” Indeed, there are major challenges in India for the possibilities of effective regulation of artificial intelligence at work. While there are ongoing discussions and proposals for regulation of personal and non-personal data at the federal state level, these have been time consuming and lengthy debates. There is little in the way of political organisation or worker-focused debate on these issues. One possibility is that a minister may call for the use of artificial intelligence to be stopped in a particular circumstance or apply political pressure on a company until new laws have been passed. 

As Apar Gupta explained: “the path towards legal regulation does not look very optimistic in terms of the content.” He noted the lack of state capacity to either understand or formulate effective strategies for regulation. At present, the main focus is a narrow approach of policy papers, without any legal bearing, that allow for a high level of discretion. Without regulatory bodies, the same ministry making policy is also responsible for its implementation. Prateek Waghre noted that for future regulation, what is “most important is for any kind of legal regulation to derive very closely first, from our constitutional principles. And secondly, to have a level of legal remedy which is available to people which they will need.” Based on previous forms of regulation, there is a limited horizon for effective changes to be implemented any time soon. While there have been legal cases in the high courts concerning employment status in the gig economy, there has been little movement on other issues. Given these employment status cases were settled and did not lead to wider changes in the sector, strategic litigation also appears limited at this stage. It should also be remembered that only 3-4% of the workforce in India are covered by existing employment regulation, meaning even if changes were introduced, they may not cover 96-97% of workers.

Team