Smitha Krishna Prasad[1]*
As many countries move towards regulating to restrictbig tech, there is corresponding debate on how such regulations are assertions of digital sovereignty – and whether such assertions of sovereignty are useful or harmful. However, the use of technology in the administrative state – for government functions and services – can have as much impact as, if not more than, big tech. Governments are developing, buying, and using digital technologies in administrative functions and services as well as building digital public infrastructure (GovTech).
This Article uses India’s GovTech story as a case study to argue that discussions on digital sovereignty must be broadened to address the uses and harms of GovTech and the global movements that promote the use of GovTech in Global South countries. By expanding our understanding of digital sovereignty, we can use the theories associated with sovereignty to shape the values which should guide GovTech programs.
Introduction 104
I. Digital Sovereignty: Between Territorial Control,
Data, and the Borderless Internet 110
II. How Digital Sovereignty is Conventionally Exercised 114
A. Digital Sovereignty through legislation, regulation and judicial action 115
B. International law 120
III. GovTech as the new frontier of digital sovereignty 123
A. Govtech and Digital Public Infrastructure 125
B. GovTech as Digital Sovereignty: Building
and Buying 128
1. India’s GovTech Industrial Complex 129
2. Digital Government Infrastructure 129
i. By and For the Government 129
ii. “Semi-private” 132
C. Program Level Digital Government 136
1. Contextualizing Digital India 140
D. GovTech as a Source of Diplomacy and Soft Power 144
IV. Impact and Concerns 151
V. Conclusion 156
In its relatively short history, concepts of sovereignty regarding the internet and digital technology have moved across a wide spectrum. The United States government built the internet in the 1960s, moving from the state level before integrating into universities and then the private sector.[2] As the state’s role moved from owner to regulator through the 1990s, multistakeholder models were adopted to develop, grow, and govern the architecture that supported the internet.[3] This created a decentralized version of the internet, making it harder to see the state as a strong power in this space. As many scholars point out, this coincided with a common perception that state sovereignty was declining in the face of globalization.[4] Different governments have, however, continued to try to play a role in regulating digital technology and the internet. Indeed, it can be argued that even governments that did not explicitly regulate served their own interests by allowing a decentralized internet.[5] For instance, in the US, industry self-regulation, or private ordering, was prioritized.[6]
Today, many, if not most, states around the world are trying to regulate the private tech industries. Many of these regulatory efforts aspire to use innovative means to effect regulation and ensure compliance typically in a manner that promotes domestic economic interests. Commentary around these issues suggests that we are almost taken by surprise when states assert sovereignty.[7] This is often attributed to the growth of private industry in the tech space in ways that were unimaginable fifteen to twenty years ago. As a result, there has been a controversial debate on the exercise of digital sovereignty by many governments across the world.
Digital sovereignty is often thought of as the extension of traditional notions of state sovereignty (i.e. territorial control) to the online sphere.[8] One recent definition identifies digital sovereignty as “a state’s sovereign power to regulate not only cross border flow of data through uses of internet filtering technologies and data localization mandates, but also speech activities (e.g., combating fake news) and access to technologies.”[9] This definition is rooted in a traditional understanding of state sovereignty that emphasizes territorial control through the use of law and the state’s authority. Such traditional notions of sovereignty are also referred to in statements made by governments. These statements often refer to sovereignty in the context of digital or cyber security and unauthorized intrusions into domestic information and communications infrastructure.[10] Other scholars argue that adopting a broader definition that allows for overlapping sovereign rights will work better with the modular nature of the internet.[11]
While our understanding of what constitutes digital sovereignty is expanding, academic and other work on the subject is still focused on identifying regulatory, policy and, judicial tools as an application of digital sovereignty. Typically, governments use these tools and exercise their digital sovereignty to restrict the reach of the internet, digital businesses, or a foreign government’s use of technology in another state’s jurisdiction. The concept of digital sovereignty emerged most directly from a debate on the use of personal data and data protection regulations to mandate local storage and processing requirements, thereby asserting what is often referred to as data sovereignty. Such regulatory action can be taken to protect a state’s citizens, national security, and to promote domestic industry and values.
The pervasive presence of American big tech companies and their data intensive business models, which heavily focus on the use of personal data, have led to allegations of digital colonialism.[12] Digital colonialism typically refers to practices of western businesses that are exploitative of local populations and resources, including data, in Global South countries.[13] In addition, exploitation can also be seen in the way these businesses, which are often monopolies or duopolies, use their power to restrict the development and growth of local businesses in such countries. Depending on the context in which these practices are discussed, they can also be referred to as data colonialism or, more recently, AI colonialism.[14] In response to these businesses and, in some cases, government practices, many states have come up with increasingly aggressive policies and regulations. These goals often build on a narrative that highlights the need to counter data colonialism using the ideas of data sovereignty and digital sovereignty. However, there is a risk that digital sovereignty could very quickly turn into a form of digital nationalism that focuses not only on protecting citizens but also controlling them.[15] In this context, digital nationalism is typically associated with more restrictive mandates on the use and storage of data as well as the nature of content available; common examples include Chinese and Russian efforts to fragment or splinter the internet.[16] The merits of asserting data sovereignty and digital sovereignty are now also being discussed extensively in academic scholarship.
However, governments do not only interact with technology through law and policy. Governments across the world are now some of the biggest consumers of technology as they increasingly work towards digitalization of their functions. These digitalization efforts can now be said to result in the development of “GovTech” defined by the World Bank as “a whole-of-government approach to public sector modernization that promotes simple, accessible, and efficient government.”[17] When this type of technology is built at scale and akin to infrastructure, it is also considered to be digital public infrastructure that is defined as “a combination of (i) networked open technology standards built for public interest, (ii) enabling governance, and (iii) a community of innovative and competitive market players working to drive innovation, especially across public programmes.”[18] In this Article, I argue that states’ development and use of digital technologies for government functions should be considered in our understanding of digital sovereignty. Throughout this article, I use developments in India over the past few years as a case study to argue for such an expansion. Governments are now using technology in ways that impact citizens and noncitizens in their territories just as much as, if not more than, regulatory and policy actions that address the private tech sector.
These technologies are not just tools for digitization in the name of efficiency or monetary value. States are building or commissioning complex digital technologies (now described as “GovTech”) that in many cases rely on biometric or automated systems to provide government services, administer welfare programs, and engage in law enforcement actions. Many of these technologies could be used as tools to build a surveillance state. They can also be built in ways that, even if inadvertently, deprive individuals of their rights and entitlements in the form of welfare benefits and access to other government services. For instance, GovTech systems may not account for a lack of access arising from an inability of some to use technologies or even social and cultural mores that restrict the actions of marginalized communities.
The use of GovTech by different government agencies and departments can appear unconnected beyond the general goal of digitizing government functions and easing access to public services. However, states also use GovTech strategically to promote innovation and growth of the domestic economy and to address national security concerns. GovTech development and procurement programs often prioritize the participation of the domestic private sector in public services as vendors and consultants. In prioritizing such participation, these government actions can result in reduced government transparency and accountability. Further, governments can strategically build GovTech infrastructures to be used as a base for the industry’s business models. For instance, in India, the national digital identity system that was initially built for the purpose of improving welfare distribution is now widely used across the public and private sectors to authenticate identity. In Estonia, on the other hand, the government has built an e-residency system that specifically invites non-citizens to establish and operate their businesses out of Estonia in a fully digital manner that does not require physical residence in the country.[19] When used in the context of law enforcement and intelligence activities, GovTech can be a critical aspect of national security strategies.
As explained in Part III, GovTech can also be a national strategy for building and becoming a global provider of technological knowledge and resources. A strategic export by a state could involve not only a transfer of technology but also a transfer of philosophies and values embedded in the GovTech systems. When GovTech systems are included in international technology transfer, there is a risk that domestic concerns in the exporting state will replicate themselves in the recipient state. All these actions read together can and should be construed as a manifestation of sovereignty in the digital space.
This article makes two contributions to the existing literature on digital sovereignty using India as a case study. First, it provides a means to classify how governments use and interact with technology. This classification includes two traditional means of state action: regulatory and judicial action (i.e. domestic law making) and participation in international law and related processes. It also includes two types of state action that are yet to be considered in the digital sovereignty debate: first, the development and use of GovTech, and second, the use of such GovTech as a tool of diplomacy.
The second contribution of this article is to show that government uses of technology should be considered an assertion of digital sovereignty. Through this expansion of our understanding of what it means to assert digital sovereignty I hope to add to the body of scholarship on the future of digital sovereignty. The theories and values that have gone hand in hand with sovereignty can be used to shape digital sovereignty. For example, because scholarship often considers the impact of sovereignty on international human rights, digital sovereignty should also be assessed in this context. This is significant for the expansion of theoretical debate but also because the technologies used have real world impacts on the populations they are meant to serve. Establishing and studying the connections between digital sovereignty and GovTech uses can help us develop more avenues towards understanding the benefits, and reducing the harms, of such technologies.
Part 0 of this article discusses the evolution of digital sovereignty by looking at traditional ideas of sovereignty within legal scholarship, their application to the digital sphere, and also the application of other, non-legal concepts of sovereignty in the digital context. Part II outlines the two conventional means by which governments assert digital sovereignty today: domestic regulation and law and participation in international legal processes. The first section discusses the regulatory and judicial approach to digital sovereignty, focusing on the actions that contribute to this approach. The second section elaborates on the way states contribute to international law-making efforts as well as more informal international processes that regulate digital technologies. Part 0 outlines the two sets of state actions that I propose should be considered an exercise of digital sovereignty: the use of GovTech domestically and the use of GovTech capacity as a tool of diplomacy. The first section discusses the evolution of digital government and GovTech initiatives globally and some of the common concerns with the use of such systems. The second section looks to Indian examples to discuss the different ways in which government can embrace technology. This section also situates these developments in the context of digital sovereignty. The third section in Part 0 looks specifically at digital government initiatives in the context of diplomacy and international relations, focusing on the Indian example to illustrate recent developments. Part IV addresses the impact of the assertions of digital sovereignty using GovTech, domestically and internationally.
The concept of sovereignty has several definitions and components. In legal scholarship, the idea of sovereignty typically refers to that of ‘state sovereignty’ – i.e., the control that states have over their territories. State sovereignty can be approached from multiple perspectives such as the ability of a state to remain free of foreign interference[20] or a state’s ability to exert control within its territory.[21] Although two sides of the same coin, these perspectives can differentiate between an outward-looking and inward-looking idea of sovereignty. Some scholars note that sovereignty requires that the addressees of the sovereign’s power ascribe authority to and recognize the legitimacy of the sovereign.[22] For states that adopt a democratic or popular sovereignty political system,[23] the inward-looking aspects of sovereignty reach beyond the control held by one authority and speak to the will and interests of the people.
Similarly, the idea of sovereignty can be considered as either positive or negative. Positive sovereignty is where the state exerts its authority towards achieving certain goals such as development or welfare. Negative sovereignty is where the state exerts its authority towards preventing certain actions including stopping foreign interference, whether by other states or private actors. In post-colonial states in the Global South, these positive aspects of sovereignty can be particularly significant as seen in the debates of the Indian Constituent Assembly charged with drafting the Constitution of India.[24] he call for self-rule (i.e., sovereignty) for the people of India was not merely based on the illegitimate presence of colonial powers.[25] It was equally because the colonial rule was willfully exploitative of the Indian economy. From its early years, independent India’s goals centered around economic development and raising the standard of living in the country.[26]
In the context of the internet and digital technology, questions around sovereignty have come up in what can be thought of as two phases. The first phase focused on whether the borderless internet can and should be regulated, and the role of sovereignty in this context. In the second, current phase, focus has been on what digital sovereignty means and its impact on cross border data flows. In the early years of the internet notions of state sovereignty were already being questioned with the rapid growth of globalization and multinational enterprise. The widespread adoption of a borderless internet further fueled these ideas. By the late 1990s, it was considered “fairly safe to assert that most of the literature in which the exploration of cyberspace has been discussed asserts that the Internet threatens traditional political institutions and perhaps even the very concept of sovereignty itself.”[27] At the same time, legislative and policy efforts as well as court judgments showed that states were trying to regulate Internet activity and, in many cases, succeeding at achieving their immediate goals, even if reactive in nature. Also, global efforts such as the United Nations and several countries’ adoption of the Model Law on Electronic Commerce, proposed by the United Nations’ Commission on International Trade Law (UNCITRAL), suggested attempts to regulate activity on the internet.[28] As some scholars argued at the time, the internet complicates the task of national governance, but “complicating the task of national governance is not the same as undermining sovereignty”.[29] While regulation of digital technology and activity on the internet was possible, such regulation was not thought of as an assertion of “digital sovereignty” until recently.
In recent years, the second phase, we have seen a shift in thinking. Today, discussions about sovereignty and digital technology are marked by what is now often considered the most critical part of the information economy: cross-border data flows. In the past decade or so, many states have taken note of the rapid growth of U.S.-based big-tech companies that use data extracted from their customers across the world to build and improve their products. The data collection and processing practices of these companies have an impact both on the privacy of users as well as local economies of the countries where the companies operate. In addition, states have been concerned about: (i) the regulatory and logistical limits their law enforcement agencies face in obtaining data regarding activities in their jurisdiction from companies registered abroad; and (ii) the potential for foreign intelligence services to access data about a state’s citizens. These concerns resulted in a slew of policy and regulatory efforts to control how individuals’ data is used outside the state. Occasionally, these efforts even went towards restricting such uses as an attempt to promote data sovereignty. Other examples of early assertions of sovereignty over data and the internet include efforts by Russia and China to fragment the internet by walling off access to content on the global internet or data flows in their jurisdictions.[30] These negative exercises of sovereignty over digital technology and the internet were subject to much criticism.
We now have a broader idea of digital sovereignty that includes more expansive regulation of other aspects of the internet and digital technology such as regulation of misinformation and content moderation, or even access to the internet itself. This regulation is not new but is increasingly more aggressive given the sheer variety of digital based technologies, businesses, and harms to individuals, communities, and economies that can be attributed to these technologies. Given these developments, ideas of data and digital sovereignty are increasingly debated among scholars and advocates. Common definitions of both data sovereignty and digital sovereignty are still elusive.
Some scholars define digital sovereignty broadly “to cover a state’s power to regulate not only cross border data flow through uses of internet filtering technologies and data localization mandates, but also speech activities (e.g., combating fake news) and access to technologies.”[31] This idea is rooted in the understanding that sovereignty itself has three elements: (i) supreme control; (ii) over a territory; (iii) independent from other sovereigns.[32] More recent scholarship however, suggests that rather than traditional territorial sovereignty, we could look to the “concept of sovereign rights, which is used to describe the limited nature of the authority that states exercise over maritime areas off their shores”[33] as a framework for understanding sovereignty in the digital world. This framework would “allow for the nature of state power to be tailored to fit various scenarios while protecting the rights of all humanity to enjoy the benefits of a free and open global Internet.”[34]
While legal scholarship typically turns to ideas of the state, territorial borders, regulations, and enforcement to understand sovereignty, others working on the impact of digital technologies focus on sovereignty as an individual or community attribute. Feminist and other critiques, for example, look to the understanding of data as an extension of our bodies and ourselves, rather than simply as an economic resource.[35] In this construct, sovereignty lies with the individual, and a part of this sovereignty is vested with the state – this notion can be extended to data and the digital too.[36]
Another approach to data sovereignty is that taken by indigenous communities worldwide.[37] Indigenous data sovereignty typically involves a demand for an indigenous community to have control over their data in a manner which allows deeper engagement, self-determination, and self-governance. For instance, in the case of the Maori Data Sovereignty Network, this demand is made in line with the indigenous community’s assertion that the tribe itself is deserving of sovereignty.[38] They note that the use of personal data of individuals in the community should be governed by their own laws, given the significant role such data plays in telling the story of the person and their community. In addition to autonomy over their own data, autonomy over the technology and technical infrastructure they use is also significant and allows the community’s own principles and values to be embedded in the technology they use. This call for autonomy is often part of an anti-colonial approach that notes that imposition of profit-driven technologies prioritizes Euro-centric values.[39]
The ongoing debate on digital sovereignty shows that the assertion of digital sovereignty is not inherently positive or negative. Each assertion has differing impacts on different stakeholders. Governance initiatives, even if meant for the public good, can have intended and unintended consequences. In this article, I do not attempt to further define the term digital sovereignty. Rather, I look to the different actions of nation states which may contribute to or serve as assertions of digital sovereignty. The core argument of this article is that digital sovereignty should include digital government initiatives and the state’s use of technology.
Part II will examine the traditionally acknowledged types of digital sovereignty, looking both at States’ domestic actions and international collaborations. Conventional accounts of digital sovereignty typically focus on the exercise of a state’s legislative, regulatory, and in some cases, judicial functions. The best example is laws and regulations that aim to restrict the transfer and use of personal data outside of a state’s territory.
This section explores the two methods that are conventionally considered an exercise of digital sovereignty: (i) domestic legislation, regulation and judicial action; and (ii) international law. Both methods are elaborated upon using developments in India and other regions as examples to explain and explore them.
The first method, the exercise of digital sovereignty through legislative, regulatory, or judicial action in a domestic setting includes laws, regulations, and policies that assert sovereignty over the online domain. This includes court decisions that have an impact on state digital sovereignty – for example, by upholding long arm jurisdictions in statutes or requiring enforcement of judgments across borders through the use of digital technology.
The second method is state action as it relates to international law. Recent attempts to move towards international treaty-based law to govern certain aspects of the internet, such as cybersecurity, are a good example. Similarly, this exercise of digital sovereignty includes both bilateral and multilateral negotiations between states that focus on the digital or online space. This method is often treated as a separate area of study and is not strongly featured in many discussions on digital sovereignty. However, it is bound by traditional notions of sovereignty and the role of the nation state in the international legal and political sphere. Clear examples of successful global treaties that focus on digital, or internet related issues are limited. But these issues are an increasingly integral part of existing international law and amendments, whether it be human rights or trade law.[40] There are several examples of bilateral and multilateral relationships that focus on these issues; for example, in the context of technical infrastructure, or regulation of trade.
Today, most common descriptions of digital sovereignty refer to the use of laws or regulations to assert territorial jurisdiction over an online or digital technology. Digital technologies and online spaces are thought of as “borderless,” given how easily content and data is shared over the internet and the ease with which technology-based businesses can operate across multiple jurisdictions. A first mover advantage, combined with business-friendly domestic policies, has resulted in US and Chinese businesses’ domination of the global internet. Also, these businesses often bring with them the value systems of their jurisdictions. As states see the benefits and problems these businesses and technologies bring to their consumers and the local economy, states have increasingly turned towards regulation to address both. In recent years, India, like many other countries, has taken a somewhat more aggressive approach towards policy and regulation in this space. This section discusses the use of regulatory and policy tools to assert sovereignty over the operation and use of digital technology within a country with examples of efforts made in India.
There are two central issues on which much of this regulation has focused: (i) the protection of personal data and the regulation of cross-border data flows; and (ii) the protection or regulation of speech and content. However, early legislative efforts were sometimes broader, as suggested by the Model Law on Electronic Commerce adopted by the UNCITRAL and the UN General Assembly in 1996.[41] Laws that do not directly seem to regulate data or freedom of speech can still have an impact on one or the other, as well as the use of digital technology in general. Examples include regulation of the telecom industry, consumer protection laws, financial regulation, and health regulations. Although the immediate problems and reactions that states adopt may be different, the concerns underlying these assertions of digital sovereignty are similar: enforcement of domestic law (and the values attached to it), national security, and the growth of the domestic economy.[42]
Personal data protection laws have become almost ubiquitous over the past decade, with over 150 countries reported to have some form of data protection laws in place.[43] While the nature, quality, and impact of these laws may differ, this trend is largely considered a positive development.[44] Globally, the right to privacy is widely considered a fundamental human right under international law, domestic constitutions, and the laws of several countries. Further, the right to privacy is often associated with concepts of dignity and liberty.[45] The protection of personal data and the regulation of the processing of personal data by third parties is considered an essential part of protecting the right to privacy. However, one aspect of data protection laws, the regulation of cross-border data flows, has become controversial with the introduction of data localization requirements.[46] These requirements are the biggest driver of the conversation around data sovereignty and digital sovereignty today.
Aside from hard data localization requirements, privacy and data protection laws play a larger role in the digital sovereignty conversation. With its expansive global influence, the European General Data Protection Regulation (GDPR) has now become one of the foremost examples of the ‘Brussels Effect’ (which refers to the EU’s influence in the regulation of global markets) .[47] Over a 160 countries across the world have adopted data protection laws that are said to borrow from or have provisions similar to the GDPR.[48] Using the values of human rights, and particularly the right to privacy, the European Union has been able to promote its idea of data protection law on a global scale.[49] Two factors have contributed to this: (i) the narrative that the GDPR is the gold standard of privacy law (an often-criticized narrative)[50], and (ii) the requirement for other countries to have a minimum standard of data protection under law in order to have open data flows with the EU.[51]
The EU is not alone in taking this approach. Some scholars suggest that one of the reasons China has built a strong data protection system is to “be in a better position to shape global data governance norms in self-interested ways.”[52] In the past few years, China has indeed pushed for new norms, particularly in the standard setting bodies that support the technical architecture of the internet.[53] Conventional accounts suggest data protection laws arise from democratic states valuing a right to privacy; however, some scholars argue this account fails to hold true regarding China.[54] They suggest that there are other reasons a sovereign nation like China might choose to enforce a data protection law, thereby asserting digital sovereignty. They argue that while on the one hand privacy laws can enhance both global influence and national security, on the other hand the need for privacy laws in China arises from a popular push for privacy protections and the need for the government to secure domestic legitimacy.[55]
Further, in recent years, the EU has explicitly developed an “external agenda of European digital policy” which emphasizes European digital sovereignty.[56] Specifically, the EU has made it clear that developing AI-related law and policy is integral to these efforts.[57] Content moderation is another prominent area. Laws that regulate speech and content online typically seek to replicate domestic legal frameworks on the commonly recognized right to freedom of speech and expression.
While laws restricting speech and online content have not always been associated with ideas of digital sovereignty, they have been controversial. This controversy can be attributed to the wide-ranging differences in the way countries approach freedom of speech, expression, and intellectual property. Early judgments by courts in different countries dealt primarily with the impacts of the borderless nature of the internet and the effects of having a corporation put up the same content online in different countries.[58] Today, there is an increasing effort by states to regulate social media companies and other internet intermediaries to ensure that such entities are in compliance with local speech regulations. This can include (i) notice and take down requirements; (ii) requirements for companies to proactively monitor their platforms for certain types of prohibited speech (for example hate speech or obscene content); (iii) requirements to set up complaint and transparency mechanisms; and (iv) data retention requirements.[59] Particularly in the Global South, such policies are in response to concerns about domestic rule of law in a world where processes are shaped by the private and public sectors in the US, the EU, or China. Other regulatory efforts that are clear exercises of sovereign powers include internet shutdowns,[60] the banning of applications and websites from specific foreign countries,[61] and limiting the kind of companies that can provide essential services in the country, such as telecommunications.[62]
Courts have not been spared the challenges of applying legal and regulatory principles to the ever-changing technology and business models on the internet. In this process, courts have often turned to jurisdictional principles to enforce removal or moderation of content available online. In some controversial cases, courts deemed it within their right to expand the enforcement of these content removal orders well beyond the domestic territories where they operate.[63]
States are now grappling with the complexity of individual and business actions regarding content moderation, as well as the collateral effects. This is true for personal data protection laws, the regulation of speech and content, and the regulation of other actions online, such as financial transactions. In most jurisdictions outside of the US and China, states are dealing with an almost hegemonic presence of companies that do not call that jurisdiction home. With every law, regulation, policy, or court order that affects a business or individual located in a different country, it can be argued that ‘digital sovereignty’ is asserted.
This section is by no means an exhaustive description on the topic of regulatory and judicial actions applicable to tech and internet-based industries. However, these examples serve to elaborate on some of the different approaches taken by governments and courts in exercising digital sovereignty.
Nation states traditionally exercise their sovereignty when they participate in international law-making processes and in the international legal system. However, this participation does not always feature in discussions about digital sovereignty. Like many governmental and regulatory systems, the international legal system has been confronted by the challenges of a global internet and the rapid emergence of new digital technologies for more than two decades. In response, several international institutions and bodies of law have embraced the changes brought by these technologies. Examples include the recognition of access to the internet as a human right, negotiations on the role of cyber security in international law, and digital commerce in trade law. It is clear that, as in the case of domestic legal systems across the world, there is no single answer to challenges posed by digital technology and activities on the internet.
State sovereignty lies at the heart of the international legal system in place today. A sovereign state must meet certain requirements to be recognized as such, and the idea of national sovereignty “underlies international law’s requirement of state consent to treaties and customary international law… it explains why nations respect territorial borders, confer and deny recognition, and honor diplomatic immunity.”[64] At the same time, some hold the opinion that the post-World War II international legal system has posed some challenges to sovereignty “as a result of economic globalization, transportation and communications advances, the rise of nongovernmental organizations (NGOs), and the spread of international human rights law.”[65] Whether in a diminished form or not, the participation of nation states in international law and treaty-making processes is an exercise of sovereignty and should be also recognized in the context of internet and digital technology related processes.
There have been several examples of such processes within the international human rights law regime. In 2016, the United Nations Human Rights Council (UNHRC) adopted a resolution recognizing access to the internet as a basic and universal human right.[66] The resolution noted that the same human rights people have offline must also be protected online. The UNHRC, the Secretary-General of the UN, UN Special Rapporteurs, and several other UN agencies have been engaged in understanding how these offline rights, such as the right to privacy, freedom of speech and expression, and rights against discrimination, should be recognized and protected online. Other examples include the “Christchurch Call”, the international response to the livestreaming of the Christchurch mosque shootings in 2019. The call aims to eliminate terrorist and violent extremist content online, and has developed into a community of governments, online service providers, and civil society organizations.[67]
Outside of international human rights law, there have been two significant international processes focusing on cybersecurity. First, the United Nations Open Ended Working Group on developments in the field of information and telecommunications in the context of international security[68] (OEWG) and second, the Group of Governmental Experts on Advancing responsible state behavior in cyberspace in the context of international security (GGE).[69] There was skepticism about both processes, given that they were led by different States and ran almost in parallel over the past few years, generating non-binding and somewhat conservative outcomes.[70] However, between the two groups, there was participation by and consensus among almost all relevant stakeholders, including all UN member States, which was seen as a step in a positive direction.[71] More recently, a draft text has been agreed upon for a UN Convention on Cybercrime after three years of work. The convention, although controversial in parts, is expected to be adopted by the UN General Assembly in late 2024.[72]
There are also concerns about new patterns in the processes developing the standards and protocols that form the basis for the technical architecture underlying the internet.[73] These multistakeholder, global processes are typically considered neutral ground, as opposed to the politicized issues around content and data. One recent example posing a concern is a proposal made by China to upgrade the existing internet protocol to ensure scalability and to support future technologies.[74] While the proposal was put forward via Huawei, a Chinese company, it is also a clear exercise of the hegemonic norm setting goals discussed in the previous section. There is concern that this new proposal would centralize control over access to services and data flows.[75]
At the bilateral level, the US has in the past included bars on data localization requirements in its trade agreements since such requirements could act as a barrier to trade.[76] These trade agreements were used as a means for the US to promote its stance against assertions of data and digital sovereignty. However, in 2023 the US put an end to this policy due to the “need for domestic policy space on digital economy issues given rapid technological advancement and shifting debates on technology regulation.”[77]
There are several other international processes that contribute to hard and soft law for dealing with the benefits and problems posed by digital technology. These actions are not typically discussed in the context of digital sovereignty since they do not always constitute an assertive form of control over technological use within a jurisdiction. However, it may be beneficial to consider them in this expanded concept of digital sovereignty. The highs and lows of national sovereignty, as understood in the context of international law, have associated impacts on the people these nations ostensibly represent. These histories and developments may be helpful in understanding how ideas of sovereignty can be used to help and protect these individuals.
The third and fourth means of exercising digital sovereignty are not as commonly discussed in this context, but as this article proposes, they should be. The third means of exercising digital sovereignty is the state’s use and ownership of digital technology for government or public functions. While digital government initiatives are increasingly scrutinized in academic and other literature, they are not often discussed as an assertion of digital sovereignty. One possible reason is the disparity in the ways governments approach the subject and the levels of digitization they have been able to achieve in their own administrative offices.[78] Academic and other work typically looks to one country, or a small group of countries, to understand their positive and negative experiences with digital government initiatives. This article also follows this trend, using India as an example.
The fourth means of exercising digital sovereignty relates to international relations between states and a form of diplomatic state action. Specifically, this refers to the use of what was traditionally thought of as “technology transfer” to share and export GovTech. This kind of export of technology can be undertaken with a particular intended impact on diplomatic relations between these states. It could also have a potential impact on human rights, as well as the domestic economy in the states involved. Using India as an example, this section will focus on the global aspirations of India’s digital government, to showcase an assertion of sovereignty outside traditional international treaty law.
The use of India as an example is particularly relevant to this section. India is using digital government initiatives to argue that it is uniquely placed (i) domestically, to provide citizen services and limit existing problems, such as decreasing fraud and corruption in government, making welfare distributions, or addressing concerns regarding the lack of government-citizen engagement[79]; and (ii) internationally as a champion of modernization of government processes in the Global South and an exporter of such technology for the public good.[80] It is critical to note that these initiatives are often controversial domestically, with scholars and activists suggesting that many of these digital government initiatives impinge on citizens’ human rights.[81] These concerns are discussed further in Part IV. It is also important to note that India is not the only example of a country exercising digital sovereignty in this manner, although other jurisdictions might have different goals with their digital government programs. Brazil, for instance, is also building strong digital public infrastructure programs, focusing on projects like financial inclusion, digital identity, and others.[82] Some scholars note that this financial infrastructure is critical to reducing reliance on the global credit and debit card networks and to promoting digital sovereignty.[83] Estonia’s GovTech and digital infrastructure goals are founded in its independence as a nation state and, over the past few decades, the country has “sought a technologically driven solution to post-Soviet economic, social, and political crises”.[84]
In the 90s, while many suggested (and even hoped) that the internet would end the nation state, others argued that the internet could in fact help promote the rule of law and national governance. This argument was rooted in ideas of open government and the benefits of increased access to public information.[85] Today, governments are using the internet and digital technology for far more. Governments across the world are making efforts to digitize their functions – whether it is simply the processes that government employees engage with every day or the services they provide to their citizens and other persons in their jurisdiction.
In many countries, these digitization programs have evolved from mere computerization (using a computer instead of paper) to more complex technological solutions used to engage in standard government functions. The World Bank now uses the term “GovTech”, defined as “a whole-of-government approach to public sector modernization that promotes simple, accessible, and efficient government”.[86] Others focus on the idea of “digital public infrastructure” (DPI), which is often defined as “a combination of (i) networked open technology standards built for public interest, (ii) enabling governance, and (iii) a community of innovative and competitive market players working to drive innovation, especially across public programmes.”[87]
It is only natural that states, like all other actors, would pivot to the use of digital technology, or at least computerization and minimal digitization, because of the benefits these technologies offer. Such actions have been advanced with new developments in artificial intelligence and other technologies that promise more efficiency and value. In the global South, the recent push towards digitization and modernization of government functions is a key element in achieving the Sustainable Development Goals (SDG) laid out in the United Nations’ 2030 Agenda for Sustainable Development.[88]
The World Bank report, “GovTech Maturity Index: The State of Public Sector Digital Transformation,” notes that interest in GovTech initiatives are growing around the world, with over eighty countries having a GovTech agenda in place and forty-three countries having “mature digital government and good practices”.[89] The report shows that while these forty-three countries are leading digital transformation in the public sector with highly visible good practices, few governments record or transparently report the full details of government investments in GovTech initiatives, the results achieved, or the challenges faced.[90]
GovTech systems are used for a range of purposes, of which the most widely discussed are law enforcement and administration of government services and benefits. Governments also often focus on how the latest technologies can be harnessed for their own work. For instance, during the Covid-19 pandemic, states across the world scrambled to build applications for contact tracing and quarantine monitoring within weeks or months of the onset of the pandemic. In less emergent circumstances, there are many examples of the use of biometric-based digital identity systems and automated technologies that assess eligibility of individuals and families for welfare services. In other spheres of government services, digital technologies are used to administer income and other tax regimes, as well as to monitor for compliance with laws and regulations. Automated systems have become popular in the past few years, given the potential for use of artificial intelligence. Many states are developing strategies to harness this technology in different ways.
When these systems are built at (infrastructure) scale, they are often thought of as DPI. This typically includes digital identity systems or, for instance, technologies to facilitate digital payments. Another common feature of DPIs is that they can be used by private actors, even if built by and largely for public sector use.
These systems also come with a range of potential problems. One of the primary concerns voiced by scholars studying these systems is that there can be significant gaps in the translation of law to code.[91] Whether they know it or not, the capacity and biases held by those who design and write the code for these technical systems can be reflected at the time of implementation. This can result in differences in the implementation of programs that negatively affect the beneficiaries. Existing gaps in procedure and legal frameworks are often exacerbated. This can lead to infringement of privacy rights, security breaches, lack of access to government services or discrimination and other issues. These concerns are discussed in more detail in Part IV.
The concerns about GovTech systems are present irrespective of whether these technologies are built and operated entirely in-house or outsourced by government agencies and departments. In many cases, governments tend to procure these systems from private vendors and consultants, often due to a lack of capacity and resources within government. Procurement ecosystems are plagued with problems of vendor lock in and capture. In addition, relying on a handful of private sector actors risks privileging those stakeholders and their values.[92] Further, the information flows generated from the modernized service can lead to the emergence of a new “public domain”.[93] Data collection, processing, and storage methods will need to be reconfigured to account for the hybridization of public sector data management as both public and private actors are increasingly participating in such management.[94] Often, new types of public sector data are being generated from the data; i.e., the raw material being extracted from the public as a result of this hybridization.[95] The generation and processing of such data, whether by public sector agencies or the private sector supporting such agencies, can be concerning in the absence of sufficient regulatory and governance frameworks
As many countries build massive digital identity systems or DPI that then serve as the foundation for digital delivery of welfare or social protection systems, the rise of the “digital welfare state” has been of particular concern.[96] As the Special Rapporteur on extreme poverty and human rights states in the 2019 report on the ‘Digital Welfare State’:
[T]here is a deeply problematic lack of information about the precise role and responsibility of private actors in proposing, developing and operating digital technologies in welfare states around the world. This lack of transparency has a range of causes, from gaps in freedom of information laws, confidentiality clauses, and intellectual property protections, through a failure on the part of legislatures and executives to require transparency, to a general lack of investigation of these practices by oversight bodies and the media. The absence of information seriously impedes efforts to hold governments and private actors accountable.[97]
This section focuses on the third approach to digital sovereignty–the use of digital government initiatives and the role that technology plays in deciding on and effecting domestic policy. First, it discusses the ways in which the Indian government builds and uses GovTech and DPI. This section then concludes with a discussion on why government use of technology, particularly in the form seen in the Indian example, is significant in the context of digital sovereignty.
India, which is in World Bank’s list of forty-three countries “leading digital transformation in the public sector,” has a multitude of examples to show for its journey in digitization of government services over the past few decades. In recent years, this has formalized into a flagship government program called Digital India, which aims to “transform India into a digitally empowered society and knowledge economy.”[98]
The Digital India program focuses on three areas: (i) digital infrastructure as a core utility to every citizen, (ii) governance and services on demand, and (iii) digital empowerment of citizens. The programs and technologies discussed in the following sections relate to efforts that center on the first and second of these three areas. Programs for the third area tend to focus on developing technical infrastructure or education, such as ensuring last mile broadband connectivity and setting up digital literacy programs. Because these programs do not fall under the ambit of GovTech per se, they are out of the scope of this article and will not be discussed below.
India’s digital government projects can be broken up into four broad categories, differing slightly from the Digital India focus areas and some of which are not considered GovTech. The first category is infrastructure projects meant to operate at scale. These infrastructure projects can be further divided into two sub-categories: (a) those projects completely owned and operated by government, and (b) a set of ‘semi-private’ entities in the nature of National Information Utilities that come up and operate with assistance from government but are owned and operated by private entities. The second category is digitization programs that target individual government functions, particularly in the context of citizen services. The third category includes tech-based development and hard infrastructure goals which tend to work towards the digital empowerment of citizens. While this category is more difficult to define, it would include programs like the Smart Cities missions, implementation of smart RFID tags for collecting tolls on highways (FASTag), or last mile broadband and telecommunication services. The fourth category includes digital systems that are specifically for law enforcement, intelligence, and surveillance projects.
These categories are not clear cut, and products and services can overlap in what they offer as well as their impact. For instance, the RFID systems for toll collection could be categorized as large-scale infrastructure and could also allow for surveillance for the purpose of law enforcement. Similarly, many citizen service-oriented programs which depend on personal data could also impact surveillance abilities. However, to limit the scope of study in a meaningful manner, this article focuses on technologies ostensibly meant to achieve the first and second categories described above, i.e., (i) build digital infrastructure as a core utility to every citizen, and (ii) governance and services on demand.
This sub-category looks at projects that are digital infrastructure, are owned and operated by the government, and can be used across different programs and services. Digital India highlights three programs under this infrastructure category: Aadhaar, Bharat Broadband Network, and Common Service Centers.[99]
Aadhaar, India’s unique biometric-based digital identity system is one of the most well-known examples of public and government digital infrastructure. Digital India has described it as follows:
The largest biometrics-based identification system in the world, Aadhaar is a strategic policy tool for social and financial inclusion, public sector delivery reforms, managing fiscal budgets, increase convenience and promote hassle-free people-centric governance. It is unique and robust enough to eliminate duplicate or fake identities and may be used as a basis/primary identifier to roll out several Government welfare schemes and programs for effective service delivery thereby promoting transparency and good governance.[100]
A unique ID number is issued to every applicant under this system. At the time of enrollment, the name, date of birth, gender, address, phone number (and optionally email), a photograph of the individual’s face, fingerprints, and an iris scan are typically collected and recorded against the unique number. An individual can then authenticate their identity by providing a combination of information, for instance, their Aadhaar (i.e. unique ID) number and biometric information.
The Aadhaar system is operated and managed by Unique Identification Authority of India (UIDAI), which is a statutory authority established by the Government of India. The UIDAI operates under the aegis of the Ministry for Electronics and Information Technology (MeitY). The Aadhaar system is regulated by a targeted law – the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (“Aadhaar Act”) – and several regulations under this Act.[101]
While it was initially envisioned as an ID system that would be used to make welfare delivery more efficient, it has now become a ubiquitous ID that is used across government and private services. This function creep has led to many privacy and security concerns, which the Indian government has typically refuted. At the same time, there are concerns that the Aadhaar system doesn’t meet the efficiency standards it boasts of for its original purpose. First, fraud and leakage continue in the welfare systems despite the use of the Aadhaar system.[102] Studies show that there are multiple types of fraud that can lead to leakages in benefits distribution.[103] Scholars note that digital identity systems can only counter identity-related fraud and leakages, while studies show that quantity fraud, such as eligible persons not receiving their full benefits, is the most prominent.[104] These other types of fraud continue despite the Aadhaar system. Second, even where there is no such intentional fraudulent activity, technical problems often plague the systems resulting in the unavailability of benefits and services.[105] These could range from the inability to record a particular individual’s biometrics, to unknown failures in authenticating or linking the Aadhaar system with any third systems needed to receive the service or benefit.[106] Media reports also suggest that there have been several examples of the Aadhaar system numbers being issued in duplicate or for false identities.[107] And third, despite the promise of the Aadhaar system to act as the single consolidated unique identity system, several other government programs now require their own unique identity numbers in the context of healthcare or state-specific eligibility verification for benefits programs.[108]
India is also home to several government-supported private initiatives that aim to provide public digital infrastructure.
These private initiatives follow many aspects of a model proposed by the Technology Advisory Group for Unique Projects (TAGUP), led by Nandan Nilekani, the first chairperson of the UIDAI. The advisory group’s report proposed setting up a number of National Information Utilities (NIU) that would operate as “private companies with a public purpose” to implement public technological infrastructure projects.[109] The goal was to build a system where the “[g]overnment focuses on policy formulation and enforcement, and the NIU on implementation of IT systems” to make essential infrastructure available for the public and foster economic development.[110] These NIUs were meant to be private, typically non-profit companies, with joint ownership by the government and private stakeholders, akin to public-private partnerships but under different nomenclature.
The TAGUP report used the National Payments Corporation of India[111] as an example of what the NIU ecosystem should look like. While the report did not directly lead to a formal policy, it is an important milestone to keep in mind for understanding the ideas that led to today’s Digital India. Examples of infrastructures built or owned by semi-private entities include a payments interface, a system meant to streamline consent for sharing personal data, an open e-commerce platform, and the infrastructure for administering goods and services taxes. These digital infrastructures are often built as a layer on top of which private actors can build and run their businesses.
The Unified Payments Interface (UPI), operated by the National Payments Corporation of India (NPCI) is a prime example of this type of digital government initiative. UPI offers a platform that facilitates instant real-time payments between bank accounts. It runs as an open-source API, allowing mobile applications for payments to use the system and connect multiple bank accounts to enable retail payments.[112]
The NPCI is a private not-for-profit company, established as an initiative of the Reserve Bank of India (the regulator for banking and payment systems in the country), and the Indian Banks’ Association.[113] Shares in the NPCI are held by various banks that are part of the Indian Banks’ Association. The NPCI runs its own mobile application, Bhim, to facilitate UPI transactions.[114] Multiple private companies from the tech and fintech industries also have mobile applications that run on the UPI system. Private players using UPI include global companies like Google, Amazon, and WhatsApp, as well as Indian services such as PhonePe and Paytm. These private players are said to have gained the most from the UPI system.[115] Applications like Google Pay and PhonePe have become ubiquitous, particularly in retail markets, with many smaller vendors accepting payments through these services. This has raised questions about the success of the NPCI’s “public” model.[116] There are also significant privacy and anti-trust concerns with private tech companies gaining large market shares in this space, particularly given the use of sensitive financial information.[117]
The Data Empowerment and Protection Architecture (DEPA) is another example. DEPA is positioned as a framework that allows individuals to have control over how their personal data is used and shared.[118] The system is built on the belief that “agency over data could empower Indians with opportunities to improve their own lives.”[119] The framework was explained in detail in the consultation paper that the NITI Aayog (the public policy think tank for the Indian government) published in 2020. The paper explains DEPA as follows:
DEPA combines public digital infrastructure and private market-led innovation: it creates a competitive ecosystem where any new Consent Manager can plug in to a network of information providers and users without setting up expensive, duplicative, and exclusive bilateral data sharing rails. And it ensures that data sharing occurs by default with granular, revocable, auditable, and secure consent. Consent managers can compete to reach different customer segments with accessible and inclusive modes of obtaining informed consent. They can also experiment with different business models. While consent cannot be the only backstop, it is a powerful first step to empowering individuals with data.[120]
In practice, one of the uses of DEPA is as an account aggregator system for the financial sector. It is supported by the DigiSahamati Foundation, a non-profit private company that is promoted as an “industry alliance,” with account aggregators constituting the membership of this alliance.[121] Account aggregators are regulated by the Reserve Bank of India and act as intermediaries who collect user information from various services and share the information with the requesting financial institution upon authorization from the user.[122] Implementation of the DEPA system is relatively new and different modes of operation are still evolving.
In the e-commerce space, the Open Network for Digital Commerce (ONDC) offers a decentralized open network for e-commerce services, as a response to market monopolization by large players such as Amazon and Flipkart.[123] It unbundles the demand and supply and buying and selling aspects of e-commerce, to ensure that no single actor has complete control of the process. At the same time, it promotes interoperability, so that any mobile applications can operate as consumer and buyer applications and any dedicated businesses can work as a supplier. Although the ONDC is in the early stages of deployment, it is being celebrated as a “force of inclusion” that will allow everyone to participate equally in e-commerce.[124] In one of the most successful use cases for ONDC, it has now onboarded local ride-sharing services that aim to provide drivers with more control, as alternatives to Uber and Ola.[125]
These examples have focused on services used by the public (in this context both individuals and businesses) to interact with each other in different contexts. The Goods and Services Tax Network (GSTN) is an example of government-used digital public infrastructure. The GSTN is the body that operates and manages the IT infrastructure for the administration of the goods and services tax regime in India.[126] It offers a shared platform between the central and state governments, on which users can file taxes, make payments, and undertake other compliance documentation. This platform itself was a key element of a nationwide overhaul of the legal frameworks for goods and services tax, which was previously fragmented across central and state government agencies. The GSTN was set up as a special-purpose vehicle (SPV), with shares held by the Indian government and select private actors, following the NIU model recommended by the TAGUP report.[127] The SPV is registered as a non-profit, private limited company under the Indian law. While the GSTN was one of the few organizations that formally followed the NIU model, this structure was changed close to ten years after its incorporation. In June 2022, privately held shares of the GSTN were transferred to various government entities, and the GSTN became a one hundred percent government-owned company.[128] As it is now fully government-owned, the GSTN offers an interesting study on the NIU model. It also presents an informative perspective as a technical infrastructure that is in itself critical to the overhaul and administration of legal frameworks.
The programmatic digital government plans undertaken by agencies in India cover a wide range of services, schemes, and forms of engagement. On the one hand, this includes platforms that are meant simply for citizen engagement, such as the MyGov platform, or platforms that support digital storage of government-issued documents, such as DigiLocker. On the other hand, there are several examples of IT systems that support the administration of welfare benefits, such as the website of the Department of Food and Public Distribution or the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGA). A baseline tech solution for several of these projects is simply having a website with an effective interactive platform that allows users to engage with the program. However, to ensure service delivery can take place online or through mobile services, many of these projects overlap, and often require the use of other digital government systems, particularly the infrastructure-style systems such as the Aadhaar digital ID.
One well-known example is “Aarogya Setu,” the contact tracing application that the Indian government put together as a part of its response to the COVID-19 pandemic in April 2020. The application required every user to provide information about their location history through GPS and bluetooth, along with personal information to identify themselves.[129] This information was maintained either on the users’ phones or on servers managed by the government. If it was found that a user may have been near an infected individual, then the personal information would be used to contact the user.[130] As with many other contact tracing applications, several questions around privacy and surveillance were raised at the time, given that the application collected location information in addition to other identifying personal information.[131] Security experts also noted that there may be concerns regarding the security of the data collected by the application.[132] These concerns were heightened by the fact that the Indian government mandated the use of the application in several contexts, including at different points of time, for all private and public sector employees.[133] Further, there was no legislative or regulatory framework governing the application and the use of the data it collected. It was also unclear who would have access to this information.[134]
Aarogya Setu is also an important application to study because of how it was built and the people involved in its development process. This mobile application was created within twenty-one days of conception and lacked guidance from a clear governing legal framework, given the circumstances of the COVID-19 pandemic.[135] It was created by the National Informatics Centre (NIC), which is the “technology partner of the Government of India” and operates as a department of MeitY.[136] However, the Aarogya Setu app was not built in-house by the NIC. Rather, it was built in collaboration with volunteers from industry and academia.[137] Given the widespread privacy and surveillance concerns, this information, along with the list of contributors, was disclosed after many questions were raised about the application.[138] However, the details of the relationship between the volunteers and the government remain unclear. At the same time, parts of the code for the application were made open source[139], and a protocol for the use of the application and the data collected through it was put in place as a short-term regulatory framework of sorts.[140]
The DigiLocker service, managed by the National E-Governance Division under MeitY, is more squarely situated within the government. It offers a secure, cloud-based platform that allows users to store, share, and verify important documents that every individual needs.[141] Documents can include drivers’ licenses, ration cards that specify entitlement to food distribution benefits, banking and insurance documents, degree certificates, and documents indicating other educational qualifications.[142]
Individuals can store verified copies of these documents online, in an account that requires an Indian mobile number and an Aadhaar number. The documents can then be accessed through the user’s account either using a web browser or a mobile application. For documents issued by service providers integrated with the DigiLocker system, the documents stored in the DigiLocker act as original copies, and there is no need to produce a physical copy when documents are required to be provided under the law.[143] For example, an individual does not need to carry their physical license and registration documents once the driver’s license or automobile registration issued by the Ministry of Road Transport and Highways or relevant state level departments are verified and stored on DigiLocker and are available on the individual’s mobile device.
OpenForge is another example of GovTech used with the aim of furthering transparency and the quality of GovTech systems. Also run by the National E-Governance Division, OpenForge is an Indian government platform for open collaborative development of e-governance applications.[144] This platform promotes the use of open-source software in government technology, in line with multiple policies that the Indian government has mandating and suggesting the same.[145] By opening up the source code of e-government platforms and applications, the “government wants to encourage collaborative development between Government departments/agencies and private organizations, citizens and developers to spur the creation of innovative e-governance applications and services.”[146] The need for a government platform like OpenForge arises because private platforms that provide similar services, like GitHub, do not focus on government applications. Moreover, many government departments may not be able to use these external private platforms due to restrictions on sharing of code or data on foreign hosted servers.[147]
OpenForge provides two models of collaboration – government to community and government to government.[148] The government to community (G2C) model allows for projects to be created in a public mode. The public mode, subject to the approval of the project administrators, allows any community member to participate in the code development process. In contrast, the government to government (G2G) model is closed or operated in a controlled setting. Only government agencies can participate in the collaborative process of such projects.
Aarogya Setu, DigiLocker, and OpenForge are examples of digital-first programs in varying sectors. In contrast, the Pradhan Mantri Jan-Dhan Yojana (PMJDY) highlights the infusion of technology into other government services. The PMJDY is a national mission for financial inclusion, which aims to ensure that all households in the country have banking facilities, access to need-based credit, insurance, and pensions, and that there is at least one bank account for each household.[149] Every beneficiary of this program also gets debit card that operates on the RuPay system, which is a homegrown card payment network operated by the NPCI. Another goal of the PMJDY mission is to channel all government benefits (from central, state, and local governments) to the beneficiaries’ accounts and push Direct Benefits Transfer (DBT) schemes.
While this program requires several types of financial infrastructure, and financial literacy programs in place, digital technology is seen to play a key role in administering the PMJDY as well.[150] The aforementioned RuPay debit card is one part of such technical infrastructure. In addition, several technical services, such as an electronic know your customer (e-KYC) system with Aadhaar, electronic fund transfers and immediate payment systems based on mobile number and internet banking services, and Aadhaar based payment systems, are all important to the success of the PMJDY scheme.
The above are only a few of the many GovTech programs in place across the Indian government. However, they are indicative of a concerted move that integrates these programs under a specific vision of DPI and GovTech-based services within the country. The following sections discuss the context within which these programs are being built, and in some cases promoted globally, and the impact of these developments.
Strategic government use of technology is not new. While it is likely most prevalent in the context of defense operations, several countries have had policies to support the growth of local industry and now local businesses in the technology and information economy. Historically, these policies have extended to government procurement practices too, with policies that either explicitly or implicitly prioritize procurement and public-private partnerships with local actors.[151] Such practices are widely accepted and have been recognized in geopolitical agreements such as the World Trade Organization’s Agreement on Government Procurement.[152]
In India, even the limited exploration of the subject in the above section indicates that there are different models of state support and ownership in digital government. However, in studying Digital India, it is also important to consider both the historical context and the public narrative around this program which is typically promoted by both government officials and private stakeholders.
From its early years, India’s goals centered around economic development and raising the standard of living in the country.[153] One of the significant ways the Indian government sought to achieve economic development was by establishing the Planning Commission, so that “the best use can be made of such resources as we possess for the development of the nation.”[154] The Indian experience mirrored the global experience at the time in terms of the prioritization of planned economic development. But, one of the reasons the planning of economic development was emphasized was the fear that social and economic inequities would undo the political equality that was gained as an independent country and written into the Constitution of India.[155]
In the early years, the Indian State was dependent on countries like the US, the UK, and the Soviet Union for new technologies in computing and telecommunications.[156] However, through the years, India has always had a fear of foreign imperialism (primarily towards the US) and has adopted a policy of ‘strategic autonomy’ in its relations with other, more powerful economies.[157] India did not simply want to be a recipient of knowledge and technology,[158] but desired to build expertise within domestic institutions, and use economic diplomacy as a “means of achieving broader foreign policy objectives.”[159]
With this historical context on India’s approach to sovereignty in relation to technological development, we look to Digital India as it is today. The interest in homegrown expertise comes through with ideas like Digital India, and narratives around GovTech systems like the Aadhaar system and Aarogya Setu. These show the significance of the role of the state. However, many other factors have changed. Planning is no longer undertaken as it was in the early years. Two decades after the liberalization of the Indian economy, some scholars argue that the state has become marketized.[160] The pro-market approach seen in the public-private Digital India model is a prime example of this new approach regarding the role of the state.[161]
The description in the previous sections, of various digital government programs undertaken by India, shows a clear mix of public and private undertakings that all aim to work together to bring about the vision of Digital India. While on paper, some of these services are public in nature, others that lean towards financial services, for instance, are not. However, in practice, this distinction is muddied.
Many Digital India and digital government initiatives, whether owned by the public sector or not, are considered a part of an amorphous collection known as the India Stack. India Stack is “a set of open APIs and digital public goods that aim to unlock the economic primitives of identity, data, and payments at population scale.”[162] It consists of three layers –identity, payments, and data, centered around Aadhaar, UPI, and DEPA, respectively. It operates on a core vision of building open networks that establish a level playing field for the members of a digital ecosystem. The promise behind this level playing field is an ecosystem where “innovation and creativity are given free rein, so application developers can focus on building the best consumer experiences and products instead of having to worry about infrastructure, permissioning, and access.”[163]
Many aspects of the India Stack can be attributed to iSPIRT – a not-for-profit think tank, staffed by volunteers “from the tech world, who dedicate their time, energy and expertise towards India’s hard problems.”[164] The game plan section of the iSPIRT website goes on to note:
b) iSPIRT believes that India’s hard problems are larger than the efforts of any one market player or any one public institution or even any one think-tank like ourselves. These societal problems require a whole-of-society effort. We do our part to find market players and government entities with the conviction in this approach and help everyone work together.
c) In practical terms, this means that the government builds the digital public infrastructure, and the market participants build businesses on top of it. We support both of them with our expertise. We have iterated this model and continue to improve and refine this model.
d) To play this role we use our mission to align with the Government partners, Market partners and our own volunteers. We believe those who have seen us work up close place their trust in us to work towards our mission. Our long-term survival depends on this trust. All our actions and processes are designed to maintain this trust, and so far if we have any success at all, it can only be seen as a validation of this trust.[165]
This India Stack form of ‘multi-stakeholderism’ is seen as a distinct benefit by many in India. This Article focuses on India Stack’s role in government administration. But it is also seen as a regulatory tool in itself. A NITI Aayog discussion paper on DEPA, in the context of mounting challenges in the regulation of use of personal data, states
Other countries have responded to these challenges by implementing efforts to improve data protection and consent-based sharing (such as Open Banking in the UK or General Data Protection Regulation (GDPR) in the EU), which India can learn from. However, these approaches have not addressed the issue in a manner that is fully relevant to India’s scale and diversity, and to our objectives around accelerating financial inclusion, economic growth, and data democracy. [166]
The NITI Aayog discussion paper goes on to note that in the Indian context, “Legal, market, and technology infrastructure are all needed to bring this to life, with a ‘jugalbandi’ of public and private players: governments offering digital infrastructure as a public good and private players innovating on it to offer better services”.[167]
The clear market orientation of solutions like UPI, and newer parts of the India Stack universe, such as the e-commerce solution ONDC, show that the India Stack is a response to big tech, in addition to being a tool for government administration and regulation. However, as discussed in greater detail in Part IV of this Article, the public nature of these systems raise concerns regarding the manner in which human rights and democratic values are affected.
Further, there remains a lack of clarity in the relationship between the State and the individuals or organizations involved in iSPIRT or the volunteers that built applications like Aarogya Setu. This exacerbates well known problems with opacity and accountability in government procurement. In fact, some argue that this set of amorphous semi-private initiatives, working with clear State support can be considered an alternative to big tech.[168] Their establishment as not-for-profit private entities, leads to them being accountable neither to the State nor the markets.[169]
Digital government, although inherently a domestic effort, is not isolated from the international sphere. Technology transfer from the developed to developing nations has always been considered an important avenue for economic advancement and a key alternative to relying only on industrialization within the receiving economies themselves. Referring more broadly to all types of technology, for example in the fields of agriculture, automobiles, industrial machinery, and even education, the practice of technology transfer often included a transfer of technical know-how.[170] The goal with this kind of transfer was not only to provide access to technology but also to create capacity in the recipient jurisdiction.[171]
Developing countries, like India, have traditionally been recipients of technology transfers. Even where industrial development leads to the production of technology within a developing country, it is typically assembly lines of multi-national corporations based in the Global North.[172] Balanced relationships with knowledge and technology producing countries, such as the US, the UK, and Russia (and the former Soviet Union), have been critical as a result of such dependence.[173] Equally critical is the need to use the capacity brought in through these transfers to encourage home grown technology development and contribution to the domestic knowledge and information economy.[174]
In the context of digital technology, there is a sense that India has been able to move past some of the barriers to home grown innovation and knowledge creation over the last two decades. In private industry, first mover advantage and capital availability result in difficulty of competing with American and Chinese big tech companies. While there is still great emphasis on the need for growth and innovation in the private tech industry in India, one of the ways in which the country seeks to compete is by pushing forward the India Stack and Digital India models. Digital government is one side of this coin, with the goal of offering a level playing field to domestic industry on the other. With this expertise in hand, and the perceived success of the Digital India model, India is now looking outward as the transferor of technology rather than simply the recipient. Digital India and India’s DPI are now being exported globally.
In September 2022, at an event organized by the US-India Business Council, the Indian Finance Minister, Nirmala Sitharaman, reportedly spoke about turning India Stack into a Global Stack at the request of “several countries.”[175] This statement was made in the context of ensuring interoperability and interconnectivity between payment systems across India and Singapore, as well as between India and the UAE by using the UPI system.[176]
In January 2023, India’s Minister of State for Electronics and Information Technology, Rajeev Chandrasekhar, announced that up to seven countries were likely to enter into agreements with India to use India Stack’s digital public goods.[177] Over the past two years, India has signed memorandums of understanding (MoU) with several countries including Armenia, Sierra Leone, Papua New Guinea, Kenya, Trinidad and Tobago, Suriname, Antigua, and Barbados through which different resources for DPI and offerings under India Stack’s collection of applications will be shared with these countries.[178] Some of the digital public goods offered included the DigiLocker platform, “foundational identity programmes such as the Modular Open Source Identity Platform (MOSIP), instant real-time payments system Unified Payments Interface (UPI), Covid vaccination platform CoWIN and Health Stack.”[179]
Conversations around the export of India’s digital government programs have been taking place for a few years now. In 2011, the US White House announced a joint effort with India to build an open-source, open-government platform that would “enable governments around the world to stand up their own open government data sites.”[180] As early as 2016, reports suggested that officials from the Department of Information Technology, the Ministry of External Affairs, and the Telecom Regulatory Authority of India were in conversations to promote the Aadhaar model overseas, a process facilitated by the World Bank.[181] In July 2016, it was reported that Russia, Morocco, Algeria, and Tunisia were interested in replicating the Aadhaar model.[182] These conversations have continued over the years. In 2018, efforts by multiple ministries in the Indian government to export India’s Aadhaar system and the software stack built around it for service delivery were said to be gaining momentum.[183] It was reported that over 20 countries, including Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Sri Lanka had shown an interest in studying and implementing similar systems.[184] In 2021, reports stated that the UIDAI had entered into a collaboration with the World Bank and the United Nations to deploy the Aadhaar model for ID systems outside India.[185] As a part of this effort, the UIDAI was set to establish a dedicated advisory board for this purpose, and the UIDAI was also looking for ‘partners’ from India to help export the Aadhaar model overseas.[186]
Over the past three years or so, the conversation has moved well beyond Aadhaar to other parts of the India Stack and Digital India programs. The India Stack website itself notes that India Stack is a vision for both the world and India.[187] Financial and social inclusion are at the core of this vision.[188]
In 2021, the Indian government announced plans to make its COVID-19 Vaccine Intelligence Network (CoWIN) platform available to all interested countries.[189] The platform would be made available as software licensed by the central government of India, for free, in perpetuity. The CoWIN platform was set up to track administration of COVID-19 vaccines across the country. From a user perspective, the platform provides two main functions: finding an appointment for the vaccine and receiving official documentation of the same. Add-ons include a feature that allows users to provide their passport details and receive the vaccination certificate in a format that is more suitable for international travel where proof of vaccination is required. The user facing CoWIN platform is a part of a larger COVID-19 Vaccine Delivery Management System, which tracks the availability of vaccines from manufacture to distribution to health centers, and eventually the administration of the vaccine to individuals. In 2021, officials noted that seventy-six countries had expressed an interest in adopting the CoWIN platform for their own vaccination drives.[190] The India page of the United Nations Development Program also lists a project along these lines aimed at (i) “expanding the scope of CoWIN for digitalization of other health programmes namely Universal Immunization Programme, RMNCH+A, Non-Communicable disease programme, National Viral Hepatitis Control Programme etc.”; and (ii) “offering CoWIN as a product for global good to countries who are interested in replicating similar digital interventions for management of the CoVid-19 pandemic and beyond”.[191]
On one hand, many of the plans for export focus on replicating Indian systems customized to local needs in other countries. On the other hand, some recent efforts are also geared towards the Indian diaspora and global business needs of Indians. In 2019, the National Payments Corporation of India (which operates the above mentioned Unified Payments Interface (UPI)), reportedly set up a subsidiary to export the UPI system to other countries.[192] The UPI system has been expanded to allow non-resident Indians in several countries, to use their international phone numbers to register with Indian bank accounts and use the UPI system. Some of these countries include the US, Singapore, France, Australia, Canada, Hong Kong, Oman, Qatar, Saudi Arabia, United Arab Emirates, and the United Kingdom.[193] This list of countries is considerably different from the countries that India is looking to help with the export of Aadhaar and other systems. While in the short term these plans focus on helping non-resident Indians, it seems likely, in the long term, they will look to expand the UPI system as a whole to other countries.
As with the Digital India and other digital government programs, there are some clear cases of export by the government, such as Aadhaar, and the more recent memoranda of understanding for the export of CoWIN, or the UPI and DigiLocker systems. Others are less clearly owned by the Indian government but still fall within the narrative of India as an exporter of digital public goods, such as the MOSIP project. MOSIP stands for Modular and Open Source Identity Platform. It is a project housed at the International Institute of Information Technology Bangalore (IIIT Bangalore). It is geared towards helping “governments to either adopt digital ID systems or enhance existing systems, while ensuring complete ownership over their country’s digital infrastructure”.[194] MOSIP offers governments a vendor neutral, scalable platform which can be implemented by governments. However, MOSIP doesn’t offer implementation services itself, or the customizations that a government may need, and instead, directs governments to a partner ecosystem.[195]
MOSIP is hosted at the IIIT Bangalore as a global public good and is funded by the Bill & Melinda Gates Foundation, Tata Trusts, the Norwegian Agency for Development Cooperation (Norad), and the Pratiksha Trust.[196] The project came about when the World Bank approached IIIT Bangalore to develop “an open-source foundational identity system on which national IDs could be built.”[197] In interviews with reporters, MOSIP members have also noted that
the project mainly started due to the success of Aadhaar, which became globally renowned, as many citizen-centric services were based on it. “When the World Bank approached the government for Aadhaar, it could not be shared as it was a proprietary technology. Then, it approached IIIT-B to develop an equivalent of Aadhaar.”[198]
While Aadhaar was built to meet the Indian government’s requirements, MOSIP has been built to be modular and adaptable by governments serving different population sizes, languages, and legal systems. It has also been built keeping in mind the many problems that governments face in procuring technology and with the goal of avoiding issues like vendor lock-in through the use of open-source software. It aims to provide privacy friendly systems.
MOSIP has been referred to by some as Aadhaar in a box.[199] Interestingly, at least one recent report notes that MOSIP team members have tried to distance the project from controversial Aadhaar, given concerns that MOSIP is too similar to the system.[200] The report notes that even so, Aadhaar has still acknowledged as the inspiration for MOSIP, that it was only natural that MOSIP came about in India, and that Indian government officials are “partial to proudly mentioning MOSIP in speeches.”[201]
Engaging with around twenty countries, MOSIP is not only an example of a transfer or export of technology, but also of the more informal outcomes we see from the now global recognition of India’s DPI and GovTech story. The MOSIP team engages with a variety of stakeholders, including international organizations (such as the World Bank), large donor foundations (such as the Gates Foundation), and more technical communities (such as the Digital Public Goods Alliance). These engagements in turn could lead to the MOSIP project having a wider reach. This kind of informal engagement is not limited to MOSIP alone. iSPIRT, the volunteer led non-profit organization behind India Stack, influential individuals involved in Digital India, and in some cases the Indian government itself, are also seen engaging with different stakeholders and often promote India’s DPI story.
In the latest iteration of Digital India’s global aspirations, the Indian government prioritized digital public infrastructure in its G20 leadership in 2023. Reports had indicated that the G20 platform would be used to make India Stack available to the global community.[202] Through the work of the Digital Economy Working Group, the G20 formally recognized the importance of digital public infrastructure in the G20’s New Delhi Declaration of 2023 and adopted a voluntary framework for ‘Systems of Digital Public Infrastructure.’[203] This was the first consensus-based framework that addressed and recognized DPI – said to be a new concept for many at the negotiating table – at a multilateral level. Commentors attribute this success to the efforts made by the Indian government to push this agenda forward. In 2024, the G20 presidency has passed on to Brazil, another country with a strong interest in building DPI[204] that also has an ongoing domestic debate about the need for digital sovereignty.[205]
This article has largely focused on understanding the concepts and relationship between ‘digital sovereignty’ and ‘GovTech’. However, this connection, as with anything that relates to governments and technology today, does not exist in isolation.
Looking at the Indian examples discussed above, many of the Digital India projects are fraught with rights-based challenges. Concerns about privacy, data security, and surveillance are prevalent across the board. These concerns are exacerbated by (i) the absence of a data protection law (while a new law was passed in August 2023[206], it is yet to come into effect, and the new law provides wide-ranging exemptions to government actors); (ii) the increasing use of centralized databases and integrated services with limited transparency and accountability; and (iii) the mix of public and private ventures using this data.[207]
Privacy and data security concerns occur frequently, particularly with hastily implemented schemes. Given the amount of sensitive personal information many Digital India projects demand, this is a critical issue. A recent example is the security incident at the All India Institutes of Medical Sciences (AIIMS) hospital in New Delhi, one of India’s most well-known hospitals.[208] As a public hospital, AIIMS Delhi has been the first to adopt many of India’s digital health programs. In late 2022, less than a month after an announcement that the hospital would soon go completely digital, the hospital was subject to a cyber-attack that brought it to a standstill and compromised the personal information of about thirty to forty million individuals.[209] In October 2023, news reports suggested that Aadhaar related information for eight-hundred fifteen million Indians had been leaked.[210] The information was allegedly sourced from the COVID-19 vaccination database.[211]
Moreover, the lack of openness, transparency, and accountability are concerning, especially for a model that runs on a narrative of openness and interoperability. Some attempts have been made to open source the code behind some of these technologies[212] and the ideology behind working with volunteers is promoted as a push towards openness in itself.[213] However, these efforts are criticized for being insufficient and lacking, even if well-executed.[214] Further, the use of public-private partnerships or the NIU model is indicative of a measured effort to limit the checks and balances embedded into government processes and typically required in order to use public resources.[215]
Nonetheless, the most critical set of problems that comes with the increasing use of digital government initiatives is related to access and discrimination. While critical services are being moved online, and digital tools, such as the Aadhaar ID, are being made mandatory, a digital divide continues to exist in India affecting large groups of marginalized communities. Researchers continue to record the many ways in which this move to digital has affected people’s abilities to access basic needs, such as food and healthcare.[216] These are worrying developments given that some of these services are critical parts of the fundamental rights provided for under the Indian Constitution.[217]
Criticisms on these grounds have often been dismissed in the interests of the larger public good by institutions across the board, including the Supreme Court.[218] The other common response is to refer to program or sector specific regulation and policy. This could range from a privacy policy available on the program website to time-limited ‘protocols’, as in the case of the contact tracing application Aarogya Setu, or legislation as in the case of Aadhaar (passed over 6 years after the Aadhaar program commenced). One of the concerns with such specific responses is that redressal and other adjudicatory mechanisms also often tend to be limited in nature or tailored to the program.[219] In such situations, any issues caused by an overlap between such systems may not be addressed squarely in either statute or regulation and fall through the cracks. This is the result of a regulatory sandbox-like approach to digital government tools implemented at scale for entire populations.
Even if some redressal mechanisms exist, concerns regarding transparency, accountability, and oversight remain, given the way many of these service providers are structured and regulated. Further, a narrative of technological supremacy and the infallibility of technology is built around these systems. In such cases, redressal or regulatory actions could be restrained because of limited understanding of technology, or even the reputational risk of criticizing these programs.
Despite these concerns, plans to expand the digital government system continue at both the national and state levels, affecting everything from how people can access welfare benefits[220] to how they deal with security at airports.[221] With many of these plans now involving the use of facial recognition and automated decision-making, these concerns are intensifying.
The Indian government is not alone in its focus on digitalization of government and digital public infrastructure, and many of the same concerns exist in other countries that are adopting similar technologies. As some scholars note in the context of DPI, it is important to consider the governance conditions and political realities in which such technologies are being implemented, to determine whether these technologies can truly deliver benefits to citizens.[222] These concerns are often placed in the background while the technological innovations these systems offer are celebrated.[223] At other times there is an assumption that fixing gaps in governance capacities is only a matter of providing the right technical support.[224] An increasing amount of public money and resources are being expended on such projects across the world. It is critical to analyze each of them to ensure that they deliver the benefits they claim, and that the tradeoffs that are often involved when they are implemented do not result in more harm than good.
Similarly, many other countries also engage in diplomacy related to the use of GovTech and DPI. Estonia is at the forefront in the context of both given its vast digital government apparatus including an entirely digital model of residency.[225] Most, if not all, public services in Estonia are available online, and the e-residency model goes so far as to provide a digital identity to individuals who are not Estonian citizens but wish to set up a digital business in Estonia remotely. Estonia also exports its e-governance solutions to other countries including through a fund established specifically for this purpose. [226] Over the past decade in the US, multiple teams have been set up at the White House and in federal agencies to promote development and implementation of GovTech. This includes the US Digital Service and 18F at the General Services Administration (GSA).[227] Most recently, the White House’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence asked all federal agencies to appoint a Chief AI Officer and compile information on all potential use cases of such technologies within the agency.[228] While there is no direct reference to the export of US GovTech systems, organizations like USAID are heavily involved in promoting the use of GovTech in different countries. USAID’s digital policy notes that among other things, USAID will work to “[s]trengthen partner capacity for deploying and maintaining digital government investments, such as digital public infrastructure”[229] and has even published a model for digital government.[230] The human rights and governance issues discussed in the Indian context are prevalent across many jurisdictions, including the US and the EU.[231]
The Indian example is relevant because of its position as a developing country that is also often considered an emerging power trying to straddle the global North and South. India has not only managed to build a complex set of infrastructure and applications that is advanced from a technological and market economics perspective, but India is now sharing these resources with other countries in the Global South.
The domestic concerns listed above become more pertinent as more countries adopt similar systems and more populations are affected by them. Compliance with human rights and other obligations in these third countries is, of course, not the responsibility of the Indian government or those exporting these technologies. However, this export of technology is not merely a single transaction. It is not only licensing or sharing of technology but sharing of knowledge and ideology that supports this technology. While in many cases the technology itself is to be shared on an open-source, transparent basis, the technology brings with it an ecosystem of private actors that provide related services, as we see with examples such as MOSIP and India Stack. The efforts to export Digital India are efforts at building a brand and a shared culture of governance that puts technology and tech-solutionism first – blurring the lines between digital governance and digital nationalism.
Over the past few years, the concept of digital sovereignty has become a subject of much debate. Much of this stems from a particular understanding of digital sovereignty, as exercising legal and regulatory control to keep out certain businesses, technologies, or their uses. This Article looks at traditional principles of sovereignty to understand a more holistic notion of digital sovereignty. State sovereignty typically refers to the state’s ability to assert control over a territory (which includes controlling how that territory interacts with those outside it). It could also, however, refer to a broader idea: that this control must be used towards a particular purpose. For instance, in the case of the framework provided by the Constitution of India, this purpose is to ensure the ability to exercise civil and political rights, while enabling the exercise of economic and social rights as well.
This article recommends an expansion in our understanding of what constitutes digital sovereignty. While the use of legal and regulatory frameworks is well recognized, we should add (i) governments’ use of technology to serve their citizens and (ii) inter-state interactions in both law making and diplomacy through technology transfers. This article uses recent developments in the Indian government’s use and control of technology to make this case, recognizing the many potential harms that could arise from these actions. Digital sovereignty (now entrenched in scholarship on technology law) should be understood more holistically and eventually used to further rights-based interests and protect the individuals eventually affected by such technologies.
- *Fritz Family Fellow and SJD Candidate, Georgetown University Law Center. Assistant Professor of Law (on leave), National Law School of India University. I thank Julie Cohen, Anupam Chander, Robin West, Paul Ohm, Chinmayi Arun, participants in the Technology Law and Policy Colloquium, Spring 2023 at Georgetown University Law Center, and participants in the Fellows/SJD Seminar and Workshop, Spring 2024 at Georgetown University Law Center for helpful feedback and conversations that contributed to the article. I also thank Nicole Ela and the editorial team at the Colorado Technology Law Journal for their patience and support. ↑
- . Michael D. Birnhack & Niva Elkin-Koren, The Invisible Handshake: The Reemergence of the State in the Digital Environment, 8 Va. J.L. & Tech. 6, 2003, at 1, 7. ↑
- . See Virgilio Almeida, Demi Getschko & Carlos Afonso, The Origin and Evolution of Multistakeholder Models, 19 IEEE Internet Computing 74 (2015). ↑
- . Birnhack & Elkin-Koren, supra note 1, at 8. ↑
- . Arindrajit Basu, Defending the ‘S Word’” The Language of Digital Sovereignty Can Be a Tool of Empowerment, in New Digital Dilemmas: Resisting Autocrats, Navigating Geopolitics, Confronting Platforms 19, 21 (Steven Feldstein ed., 2023). ↑
- . Giovanni De Gregorio & Roxana Radu, Digital Constitutionalism in the New Era of Internet Governance, 30 Int’l J.L. & Info. Tech.68, 83 (2022). ↑
- . See generally Allie Funk, Jennifer Brody, Reversal of US Trade Policy Threatens the Free and Open Internet, Tech Policy Press (2023), https://techpolicy.press/reversal-of-us-trade-policy-threatens-the-free-and-open-internet [https://perma.cc/ZN9R-H8JV] (last visited Jan 8, 2025) (discussing the unexpected change in US trade policies on cross border data flows and its potential impact). ↑
- . See generally Vivek Krishnamurthy, Anchoring Digital Sovereignty, 25.2 Chi. J. Int’l L. 1, 26 (2024) (discussing the different views that governments have expressed as it pertains to digital sovereignty). ↑
- . Anupam Chander & Haochen Sun, Sovereignty 2.0, Geo. Law Fac. Publ’n and Other Works at 10 (2021), https://scholarship.law.georgetown.edu/facpub/2404 [https://perma.cc/KM2Q-WK9P]. ↑
- . Krishnamurthy, supra note 7, at 30. ↑
- . Id. at 75. ↑
- . See Michael Kwet, Digital Colonialism: US Empire and the New Imperialism in the Global South, 60 Race & Class 3 (2019). ↑
- . See Michael Kwet, Digital Colonialism Is Threatening the Global South, Al Jazeera (Mar. 13, 2019), https://www.aljazeera.com/opinions/2019/3/13/digital-colonialism-is-threatening-the-global-south [https://perma.cc/3AZB-7VBV]; See generally Ulises A. Mejias & Nick Couldry, Data Grab: The New Colonialism of Big Tech and How to Fight Back (2024). ↑
- . See Nick Couldry & Ulises A. Mejias, Data Colonialism: Rethinking Big Data’s Relation to the Contemporary Subject, 20 Tel. & New Media 337 (2019); An MIT Technology Review Series: AI Colonialism, MIT Tech. Rev., https://www.technologyreview.com/supertopic/ai-colonialism-supertopic [https://perma.cc/KZ93-KYD5] (last visited Sep 5, 2024). ↑
- . Anupam Chander & Haochen Sun, Digital Sovereignty as Double-Edged Sword, in Data Sovereignty: From the Digital Silk Road to the Return of the State 72, 75 (Anupam Chander & Haochen Sun eds., 2023), https://doi.org/10.1093/oso/9780197582794.003.0004 [https://perma.cc/542T-MERV]; Krishnamurthy, supra note 7, at 24. ↑
- . See generally Duke University, Lange Lecture 2020 | Mark A. Lemley, The Splinternet, YouTube (Jan. 22, 2020), https://www.youtube.com/watch?v=5MEl4c5BVCw [https://perma.cc/2K7S-8PQ9]; See also Yaqiu Wang, In China, the ‘Great Firewall’ Is Changing a Generation, POLITICO (Sept. 1, 2020), https://www.politico.com/news/magazine/2020/09/01/china-great-firewall-generation-405385 [https://perma.cc/U9F3-K72Y]; See also Chris Stokel-Walker, Russia Inches Toward Its Splinternet Dream, Wired (Apr. 1, 2022), https://www.wired.com/story/russia-splinternet-censorship [https://perma.cc/XP45-KV74]. ↑
- . See GovTech: Putting People First, World Bank, https://www.worldbank.org/en/topic/governance/brief/govtech-putting-people-first [https://perma.cc/LQH3-JCCW]. ↑
- . Digital Public Infrastructure, UNDP, https://www.undp.org/digital/digital-public-infrastructure [https://perma.cc/FUM9-W493]. ↑
- . Helen Margetts & Andre Naumann, Government as a Platform: What Can Estonia Show the World?, Ctr. for Tech. & Global Affs., 19 (Feb. 28, 2017). ↑
- . See Jack Goldsmith, Sovereignty, International Relations Theory, and International Law Book Review, 52 Stan. L. Rev. 959, 965 (1999). ↑
- . Jack L. Goldsmith, The Internet and the Abiding Significance of Territorial Sovereignty, 5 Ind. J. of Global Legal Stud. 475, 476 (1998). ↑
- . Georg Glasze et al., Contested Spatialities of Digital Sovereignty, 28 Geopolitics 919, 934 (2023). ↑
- . See Frank I. Michelman, Brennan and Democracy: The 1996-97 Brennan Center Symposium Lecture, 86 Calif. L. Rev. 399, 402 (1998); Robert Post, Democracy, Popular Sovereignty, and Judicial Review, 86 Calif. L. Rev. 429, 437 (1998). ↑
- 23. See Nikhil Menon, Planning Democracy 5 (2022); See also Constituent Assembly of India (Legislative) Debates, Volume 11, Nov. 25, 1949, available at https://www.constitutionofindia.net/constitution-assembly-debates [https://perma.cc/5YC4-6VJC]. ↑
- . Nikhil Menon, supra note 23, at 5. ↑
- . Id. ↑
- . Henry H. Jr Perritt, The Internet as a Threat to Sovereignty? Thoughts on the Internet’s Role in Strengthening National and Global Governance, 5 Ind. J. Glob. Legal Stud. 423, 423 (1997). ↑
- 27. United Nations Commission on International Trade Law, UNCITRAL Model Law on Electronic Commerce, with Guide to Enactment, 1996, A/CN.9(092)/M622, available at https://digitallibrary.un.org/record/239802?ln=en [https://perma.cc/7E97-V8CA]. ↑
- . Perritt, supra note 26, at 432. ↑
- . See De Gregorio and Radu, supra note 5, at 70; Glasze et al., supra note 21, at 921. ↑
- . Chander and Sun, supra note 8, at 10. ↑
- . Andrew Keane Woods, Litigating Data Sovereignty, 128 Yale L. J. 328 (2018); Chander and Sun, supra note 8, at 9. ↑
- . Krishnamurthy, supra note 7, at 4. ↑
- . Id. at 5. ↑
- . Anja Kovacs, When Our Bodies Become Data, Where Does That Leave Us?, Medium (May 27, 2020), https://deepdives.in/when-our-bodies-become-data-where-does-that-leave-us-906674f6a969 [https://perma.cc/4EMY-6Y2N]. ↑
- . Anja Kovacs & Nayantara Ranganathan, Data Sovereignty, of Whom? Limits and Suitability of Sovereignty Frameworks for Data in India, Internet Democracy Project (Apr. 16, 2019), https://internetdemocracy.in/reports/data-sovereignty-of-whom [https://perma.cc/6CKH-K6W8]. ↑
- . See Te Mana Raraunga, https://www.temanararaunga.maori.nz [https://perma.cc/5672-MDH8] (last visited May 30, 2023); See Maggie Walter et al., Indigenous Data Sovereignty in the Era of Big Data and Open Data, 56 Australian J. of Soc. Issues 143 (2021); Rebecca Tsosie, Tribal Data Governance and Informational Privacy: Constructing Indigenous Data Sovereignty, 80 Mont. L. Rev. 229 (2019). ↑
- 37. See Te Mana Raraunga, https://www.temanararaunga.maori.nz [https://perma.cc/JMR5-89RL] (last visited May 30, 2023). ↑
- . Renata Avila Pinto, Digital Sovereignty or Digital Colonialism?, 15 SUR – Int’l J. on Hum. Rts. 15 (2018); See also Tania Wolfgramm, [Re]Claiming Our Technological Sovereignty Through Co-Creating the Māori Innovation, New Technology, & ICT Sector, Planet Māori, https://dokumen.tips/documents/reclaiming-our-technological-so-reclaiming-our-technological-sovereignty-through.html [https://perma.cc/8DQC-KKM7] (last visited Jan 30, 2024). ↑
- . Examples include the United Nations Open Ended Working Group on developments in the field of information and telecommunications in the context of international security and the Group of Governmental Experts on Advancing responsible State behavior in cyberspace in the context of international security. ↑
- . The Indian government enacted the Information Technology Act, 2000, in line with the Model Law, to facilitate e-commerce and provide legal recognition to digital transactions, documents and signatures, among other things. ↑
- . See Smitha Krishna Prasad, State Sovereignty in the Cyberspace and the Free Flow of Data, in Regulating the Cyberspace: Perspectives from Asia 65, 68 (Gisela Elsner & Aishwarya Natarajan eds., 2020) (discussing these issues in the context of data localization). ↑
- . Graham Greenleaf, Global Data Privacy Laws 2023: 162 National Laws and 20 Bills, 181 Priv. Laws & Bus. Int’l Rep. 1, 2-4 (2023). ↑
- . See generally Graham Greenleaf, Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories, 23 J. of Law, Info. and Sci. 4-49 (2014). ↑
- . Justice K.S. Puttaswamy and Ors. vs. Union of India and Ors., [2017] 10 SCC 1(Ind.). ↑
- . For instance, the Reserve Bank of India, India’s financial regulator has put rules in place to regulate how and when banking and finance companies can take the personal data of their Indian customers outside India. Some drafts of the Indian data protection law, as well as economic policies in India have suggested that this type of restriction might become more universal, although none of these drafts have come into force. For discussion on these proposals see Krishna Prasad, supra note 41; Arindrajit Basu et al., The Localisation Gambit: Unpacking Policy Measures for Sovereign Control of Data in India, The Ctr. for Internet and Soc’y, India (Mar. 19, 2019), https://cis-india.org/internet-governance/resources/the-localisation-gambit.pdf [https://perma.cc/QHT8-65DQ]; Rishab Bailey & Smriti Parsheera, Data Localisation in India: Questioning the Means and Ends 4, (NIPFP Working paper series No. 242, 2018), ↑
- . Nicholas Martin & Frank Ebbers, When Regulatory Power and Industrial Ambitions Collide: The “Brussels Effect,” Lead Markets, and the GDPR, in Privacy Symposium 2022 129, 130 (Stefan Schiffner, Sebastien Ziegler, & Adrian Quesada Rodriguez eds., 2022); Alexandre Veronese et al., The Concept of Personal Data Protection Culture from European Union Documents: A “Brussels Effect” in Latin America?, 9 UNIO – EU L. J. 58, 78 (2023); See Anu Bradford, The Brussels Effect: How the European Union Rules the World 25—65 (2020) (articulating a general discussion on the Brussels Effect). ↑
- . Greenleaf, supra note 42, at 1; Anu Bradford, Globalizing European Digital Rights through Regulatory Power, in Digital Empires: The Global Battle to Regulate Technology 325 (Anu Bradford ed., 2023), https://doi.org/10.1093/oso/9780197649268.003.0010 [https://perma.cc/J7PW-BDLW] (last visited Mar. 14, 2024). ↑
- . De Gregorio and Radu, supra note 5, at 68. ↑
- . Giovanni Buttarelli, The EU GDPR as a Clarion Call for a New Global Digital Gold Standard, 6 Int’l Data Priv. L. 77, 77 (2016); Graham Greenleaf, Global Data Privacy Laws 2023: International Standards Stall, but UK Disrupts, 183 Priv, L. & Bus. Int’l Rep. 8, 8 (2023). ↑
- . Graham Greenleaf, Now 157 Countries: Twelve Data Privacy Laws in 2021/22, 176 Priv. Laws & Bus. Int’l Rep. 1, 1 (2022). ↑
- . Mark Jia, Authoritarian Privacy, 91 U. Chi. L. Rev. 733, 760 (2024). ↑
- . De Gregorio and Radu, supra note 5, at 70-73. ↑
- . See generally Mark Jia, supra note 51. ↑
- . Id. ↑
- . Glasze et al., supra note 21, at 932. ↑
- . Id.; See Frances G. Burwell & Kenneth Propp, The Future of Digital Sovereignty?, in Digital Sovereignty in Practice: The EU’s Push to Shape the New Global Economy 21-29, https://www.jstor.org/stable/resrep44035.6 [https://perma.cc/9KWG-H8DD] (Atlantic Council, 2022). ↑
- . For a discussion on some of these cases, see Jack L. Goldsmith & Timothy Wu, Digital Borders: National Boundaries Have Survive in the Virtual World—and Allowed National laws to Exert Control Over the Internet, Legal Aff. (Jan./Feb. 2006), at 40. ↑
- . Examples include The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Ind.), and European Union, Regulation (EU) 2022/2065 on a single market for digital services and amending Directive 2000/31/EC (Digital Services Act) ↑
- . See Nishant Shah, Digital Infrastructure, Liminality, and World-Making Via Asia| (Dis)Information Blackouts: Politics and Practices of Internet Shutdowns, 15 Int’l J. of Commc’n 2693 (2021). ↑
- . The Indian government has to date blocked over 200 mobile applications that are considered ‘Chinese’. The government has noted that the orders banning these applications (under existing law in India), were issued “based on the inputs regarding these apps for engaging in activities which are prejudicial to sovereignty and integrity of India, defence of India, security of state and public order”. See Ministry of Electronics and Information Technology, Order under Section 69A of the Information Technology Act, (Notified on November 24 2020); see also Justin Sherman, The Problem with India’s App Bans, Atlantic Council (Mar. 27, 2023), https://www.atlanticcouncil.org/blogs/southasiasource/the-problem-with-indias-app-bans [https://perma.cc/DWX7-UWHR]. ↑
- . In 2021, amidst speculation on whether the Indian government would allow Chinese companies like Huawei and ZTE to continue to sell their products in India, particularly as auctions for 5G spectrum approached, the Indian government amended the license conditions applicable to telecom companies operating in the country. Under the new conditions, telecom companies operating under (mandatory) licenses issued by the Indian government, can only procure certain categories of telecom equipment from “trusted sources” approved by the government. These amendments were widely reported to have been made specifically to restrict procurement of telecom equipment from Huawei and ZTE, Chinese companies that supplied equipment to two of India’s three major telecom carriers. See Department of Telecommunications, Ministry of Communications, Amendment to the Unified License for procurement of Telecommunication equipment- reg, File No. 20-27112010 AS-I (Vol-Ill) (Issued on March 10, 2021) (India); see also Aftab Ahmed & Sankalp Phartiyal, India Likely to Block China’s Huawei over Security Fears: Officials, Reuters (Mar. 11, 2021), https://www.reuters.com/article/us-india-china-huawei-idUSKBN2B31PU [https://perma.cc/ATM6-R6NZ]. ↑
- . See Swami Ramdev v. Facebook & Ors, AIR 2020 Del.(India). ↑
- . Goldsmith, supra note 19, at 959. ↑
- . Id. ↑
- . U.N. GAOR, 32nd Sess., Agenda Item 3 at 1, U.N. Doc. A/HRC/32/L. 20. ↑
- . Christchurch Call, https://www.christchurchcall.org/our-work [https://perma.cc/T57Z-FA8N] (last visited Feb. 3, 2024). ↑
- . Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security, Conference-Room Paper of G.A., U.N. Doc. A/AC.290/2021/CRP.2 at 1 (2021), https://front.un-arm.org/wp-content/uploads/2021/03/Final-report-A-AC.290-2021-CRP.2.pdf [https://perma.cc/BP5N-NVEF]. ↑
- . Group of Governmental Experts, United Nations Office of Disarmament Affairs, https://www.un.org/disarmament/group-of-governmental-experts/ [https://perma.cc/7GKJ-ZT24]. ↑
- . See Christopher Painter, The United Nations’ cyberstability processes: surprising progress but much left to do, J. of Cyber Policy, 6(3), 271–276; See also Josh Gold, Unexpectedly, All UN Countries Agreed on a Cybersecurity Report. So What?, Council on Foreign Relations, March 18, 2021. ↑
- . Maj. Gen. (ret.) Dan Efrony, The UN Cyber Groups, GGE and OEWG – A Consensus Is Optimal, But Time is of the Essence, Just Security (July 16, 2021), https://www.justsecurity.org/77480/the-un-cyber-groups-gge-and-oewg-a-consensus-is-optimal-but-time-is-of-the-essence [https://perma.cc/3KVQ-529N]. ↑
- . GAOR on the Draft United Nations convention against cybercrime Strengthening international cooperation for combating certain crimes committed by means of information and communications technology systems and for the sharing of evidence in electronic form of serious crimes, U.N. Doc. A/AC.291/L.15, at 1 (2024).; Tirana Hassan, Upcoming Cybercrime Treaty Will Be Nothing But Trouble, Human Rights Watch, (Aug. 7, 2024, 9:54 AM EDT), https://www.hrw.org/news/2024/08/07/upcoming-cybercrime-treaty-will-be-nothing-trouble [https://perma.cc/F9SJ-S2E7]. ↑
- . De Gregorio & Radu, supra note 5, at 73. ↑
- . See Alex Mueller & Christopher S. Yoo, Crouching Tiger, Hidden Agenda?: The Emergence of China in the Global Internet Standard-Setting Arena (Inst. For L. & Econ., Research Paper No. 23-33, 2023).; De Gregorio & Radu, supra note 5, at 70. ↑
- . De Gregorio & Radu, supra note 5, at 71. ↑
- . Agreement between the United States of America, the United Mexican States, and Canada 7/1/21 Text, Off. U.S. Trade Representative; See Erol Yayboke et al., The Real National Security Concerns over Data Localization, Ctr. for Strategic & Int’l Studies (July 23, 2021), https://www.csis.org/analysis/real-national-security-concerns-over-data-localization [https://perma.cc/3NVT-DYPV]. ↑
- . Danielle M. Trachtenberg, Cong. Rsch. Serv., Digital Trade and Data Policy, (2024). ↑
- . See generally Cem Dener et al., GovTech Maturity Index: The State of Public Sector Digital Transformation (2021), https://openknowledge.worldbank.org/handle/10986/36233 [https://perma.cc/WB3Q-TT2F]. ↑
- . Ministry of Electronics and Information Technology, E-Governance, Press Information Bureau, (2022) (India). ↑
- . See The Indian Model for Digitalization A Blueprint for the Global South?, The National Bureau of Asian Research (2024), https://www.nbr.org/publication/the-indian-model-for-digitalization-a-blueprint-for-the-global-south [https://perma.cc/AHP5-PRMD]. ↑
- . See generally, Anita Gurumurthy et al., Unpacking Digital India: A Feminist Commentary on Policy Agendas in the Digital Moment, Journal of Information Policy, (2016) 6: 371–402; Reetika Khera, Decoding Inequality in a Digital World, The Hindu (2021), https://www.thehindu.com/opinion/lead/decoding-inequality-in-a-digital-world/article34529983.ece [https://perma.cc/LNQ8-843X]. ↑
- . Christian Perrone, Brazil’s Bridges to the Future: How the Country Is Building Digital Infrastructure, Carnegie Endowment for Int’l Peace (Nov. 15, 2023), https://carnegieendowment.org/posts/2023/11/brazils-bridges-to-the-future-how-the-country-is-building-digital-infrastructure?lang=en [https://perma.cc/E8AN-D63E]. ↑
- . See Luca Belli & Min Jiang, Digital Sovereignty in the BRICS: Structuring Self-Determination, Cybersecurity, and Control, (Cambridge Univ. Press, forthcoming 2024), https://cyberbrics.info/digital-sovereignty-from-the-brics-structuring-self-determination-cybersecurity-and-control [https://perma.cc/A75T-JJJG]. ↑
- . Tavi Kotka, Carlos Ivan Vargas Alvarez del Castillo, & Kaspar Korjus, Estonian E-Residency: Redefining the Nation-State in the Digital Era 1-16 (Univ. of Oxford, Working Paper No. 3, 2015), https://www.politics.ox.ac.uk/sites/default/files/2022-03/201509-CTGA-Kotva%20T-Alvarez%20del%20Castillo%20C%20I-Korjus%20K-estonian%20e-residency.pdf [https://perma.cc/T8GT-U8SU]. ↑
- . Perritt, supra note 26, at 432. ↑
- . GovTech, supra note 16. ↑
- . See UNDP’s definition of Digital Public Infrastructure, U.N. Dev. Programme, https://www.undp.org/digital/digital-public-infrastructure [https://perma.cc/D6BK-VFMU] (last visited Dec. 5, 2024). ↑
- . The Sustainable Development Goals provide a blueprint and call for shared action by all countries to end poverty, and improve health and education, reduce inequality, and spur economic growth. They were adopted by all member nations of the United Nations through a resolution of the General Assembly in 2015. See G.A. Res. 70/1, at 14 (Oct. 21, 2015). ↑
- . cem Dener et al., supra note 77, at xiii (this index measures key aspects of four GovTech focus areas—supporting core government systems, enhancing service delivery, mainstreaming citizen engagement, and fostering GovTech enablers). ↑
- . Id. ↑
- . See Deirdre K. Mulligan & Kenneth A. Bamberger, Saving Governance-by-Design, 106 Calif. L. Rev. 697, 741 (2018). ↑
- . Even if a regulatory agency has set goals at a high level through public processes, the private sector has the capacity and motivation to employ (often proprietary and nonpublic) technology to implement and enforce regulation in a way that obscures the specifics of design implementation, the choices made, and even the fact that policy choices are occurring. See Id.; Deirdre K. Mulligan & Kenneth A. Bamberger, Procurement as Policy: Administrative Process for Machine Learning, 34 Berkeley Tech. L.J. 773 (2019). ↑
- . Julie E. Cohen, Between Truth and Power: The Legal Constructions of Informational Capitalism, 48-51, 59-63 (2019). ↑
- . Clement Tonon, GovTech, The New Frontier in Digital Sovereignty 10 (French Inst. of Int’l Rel. Sept. 11, 2020), https://www.ifri.org/sites/default/files/migrated_files/documents/atoms/files/tonon_govtech_digital_sovereignty_2020.pdf [https://perma.cc/GL29-TNGN]. ↑
- . See Cohen, supra note 92, at 48-50 ↑
- . See Rep. of the Special Rapporteur on extreme poverty and human rights, on Its Seventy-Fourth Session, U.N. Doc. A/74/493 (2019). ↑
- . Id. at 20. ↑
- . Achievements Made under Digital India Programme, Press Information Bureau, https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=1885962 [https://perma.cc/PP33-JC93] (last visited January 8, 2025). ↑
- . Digital India, https://web.archive.org/web/20230318003542/https://digitalindia.gov.in/infrastructure [https://perma.cc/Y8C5-DZMU] (last visited Jan 8, 2025) ↑
- . Id. ↑
- . The UIDAI was initially established in 2009 as an office attached to the (then) Planning Commission, and then the Department of Electronics & Information Technology (DeitY) of the then Ministry of Communications and Information Technology. The UIDAI was only established as a statutory authority under the Aadhaar Act in 2016. The Aadhaar system operated without any legislative authority between 2009 and 2016. See Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016; See generally, Rao, U. and Nair, V. (2019) ‘Aadhaar: Governing with Biometrics’, South Asia: Journal of South Asian Studies, 42(3), pp. 469–481. doi: 10.1080/00856401.2019.1595343; See also Vrinda Bhandari & Renuka Sane, A Critique of the Aadhaar Legal Framework, 31 NAT’l L. SCH. INDIA REV. 72 (2019). ↑
- . Reetika Khera, These Digital IDs Have Cost People Their Privacy — and Their Lives, Wash. Post, (Aug. 9, 2018), https://www.washingtonpost.com/news/theworldpost/wp/2018/08/09/aadhaar [https://perma.cc/5F9C-UQJP]; See also Kavita Dattani, “Governtrepreneurism” for Good Governance: The Case of Aadhaar and the India Stack, 52 Area 411, 412 (2020). ↑
- . See Dattani, supra note 101, at 412. ↑
- . Id. at 414. ↑
- . Khera, supra note 101; Dattani, supra note 101; See Kumar Sambhav, Tapasya & Divij Joshi, In India, an Algorithm Declares Them Dead; They Have to Prove They’re Alive, Al Jazeera (Jan. 25, 2024), https://www.aljazeera.com/economy/2024/1/25/in-india-an-algorithm-declares-them-dead-they-have-to-prove-theyre [https://perma.cc/3QBN-YDZ8]; See also Kumar Sambhav, Tapasya & Divij Joshi, How an Algorithm Denied Food to Thousands of Poor in India’s Telangana, Pulitzer Center (Jan. 24, 2024), https://pulitzercenter.org/stories/how-algorithm-denied-food-thousands-poor-indias-telangana [https://perma.cc/V89W-67ZE]. ↑
- . Reetika Khera, Aadhaar Failures: A Tragedy of Errors, EPW Engage (Apr. 5, 2019), https://www.epw.in/engage/article/aadhaar-failures-food-services-welfare [https://perma.cc/SBQ6-ZTM5]. ↑
- . Id. ↑
- . Mudit Kapoor, Unique Health Identification and Aadhaar: A Case for Mandatory Linkage, Ideas For India (Dec. 23, 2016); (In India, an algorithm declares them dead; they have to prove they’re alive; Sambhav, supra note 104.) ↑
- . Tech. Advisory Grp. on Unique Projects (TAGUP), Report of the Technology Advisory Group for Unique Projects 10 (Jan. 31, 2011), https://comtax.uk.gov.in/files/pdf/70_TAGUP_Report.pdf [https://perma.cc/J9W5-HWF3]; See also Smriti Parsheera, India’s Policy Responses to Big Tech: And an Eye on the Rise of ‘Alt Big Tech’,18 Indian J. of L. and Tech. 1, 27 (2022). ↑
- . See TAGUP, supra note 108, at vii. ↑
- . Id. at 12 (the ownership structure of the National Payments Corporation of India has changed since this report was submitted). ↑
- . Product Overview, NPCI: UPI, https://www.npci.org.in/what-we-do/upi/product-overview#:~:text=Unified%20Payments%20Interface%20(UPI)%20is,merchant%20payments%20into%20one%20hood. [https://perma.cc/VM2F-MKGH] (Nov. 6, 2024). ↑
- . About Us, NPCI, https://www.npci.org.in/who-we-are/about-uss [https://perma.cc/B3AE-LE8S] (last visited Nov. 6, 2024). ↑
- . Product Overview, NPCI: BHIM, https://www.npci.org.in/what-we-do/bhim/product-overview [https://perma.cc/PY8R-NSEP] (last visited Nov. 6, 2024). ↑
- . See Parsheera, supra note 108, at 25. ↑
- . Id. ↑
- . Id. at 26; See SC Issues Notice to the RBI, NPCI Among Others, The Hindu (Oct. 16, 2020), https://www.thehindu.com/news/national/sc-issues-notice-to-the-rbi-npci-among-others/article32866455.ece [https://perma.cc/GGK4-V8PH]. ↑
- . NITI Aayog, Data Empowerment And Prot. Architecture (forthcoming Nov. 2020), https://www.niti.gov.in/sites/default/files/2020-09/DEPA-Book.pdf [https://perma.cc/PM54-8ML3]. ↑
- . Id. at 3. ↑
- . Id. ↑
- . About Sahamati, Sahamati, https://sahamati.org.in/what-is-account-aggregator [https://perma.cc/L8PR-42PP] (last visited Nov. 6, 2024). ↑
- . Reserve Bank of India, Non-Banking Financial Company – Account Aggregator (Reserve Bank) Directions 2016, RBI/DNBR/2016-17/46 (Issued on Sept. 2, 2016), http://www.agloc.org/pdf/NBFCAcctAggregator%20Directions-02-09-16 [https://perma.cc/A7HX-73L9]. ↑
- . About Company, ONDC, https://ondc.org/about-ondc [https://perma.cc/T5DB-TGK6] (last visited Nov. 6, 2024). ↑
- . Binu Paul, The ONDC Way: How India’s E-Commerce Sector is Being Disrupted, Business Today, https://www.businesstoday.in/interactive/longread/the-ondc-way-how-india-s-e-commerce-sector-is-being-disrupted-249-31-03-2023 [https://perma.cc/AQK5-3J3H] (last visited Nov. 6, 2024). ↑
- . Ola is a homegrown ride-sharing platform in India that is similar to Uber. ↑
- . Karthik Sundaram, GSTN – The New Network, 28 Nat’l Law Sch. of India Rev. 114, 116 (2016); See also What is GSTN?, The Econ. Times, https://economictimes.indiatimes.com/what-is-gstn/articleshow/58590470.cms [https://perma.cc/BK2Y-TKM6] (last updated May 10, 2017, 1:21 PM). ↑
- . See Sundaram, supra note 125, at 116. ↑
- . IT Strategy, GSTN, https://gstn.org.in/about-us [https://perma.cc/TWU2-92J4] (last visited Nov. 6, 2024). ↑
- . Frequently Asked Questions on Aarogya Setu App, Aarogya Setu, https://cdnbbsr.s3waas.gov.in/s32d405b367158e3f12d7c1e31a96b3af3/uploads/2020/05/2020050579.pdf [https://perma.cc/M3GL-S2KN] (last visited Nov. 6, 2024). ↑
- . Smitha Krishna Prasad, Aarogya Setu App Lacks Clear Legal Backing and Limits, Tends Towards Surveillance, Deccan Herald, https://www.deccanherald.com/specials/sunday-spotlight/aarogya-setu-app-lacks-clear-legal-backing-and-limits-tends-towards-surveillance-835692.html [https://perma.cc/BWR9-MMYA] (last updated May 9, 2020). ↑
- . Andrew Clarance, Aarogya Setu: Why India’s Covid-19 Contact Tracing App is Controversial, BBC (May 14, 2020), https://www.bbc.com/news/world-asia-india-52659520 [https://perma.cc/K3DJ-NJZV]; see also Aditi Agrawal, Aarogya Setu Will Include Telemedicine, Greater Personalisation; May Act as Building Block for India Health Stack, MediaNama (Apr. 22, 2020), https://www.medianama.com/2020/04/223-aarogya-setu-upcoming-features [https://perma.cc/VB8B-R58Z]. ↑
- . Manish Singh, A Security Expert Says India’s Contact-Tracing App Has Flaws; New Delhi Says They Are “by Design,” TechCrunch (May 5, 2020), https://techcrunch.com/2020/05/05/aarogya-setu-app-security-privacy-concerns-india-response [https://perma.cc/KF2U-6UHM]. ↑
- . Aditi Agrawal, Aarogya Setu’s Organizational Chart Included Govt Officials, Pvt Volunteers, as per MEITY Memo from April, MediaNama (Nov. 2, 2020), https://www.medianama.com/2020/11/223-aarogya-setu-organisational-chart-meity [https://perma.cc/5K32-2VCZ]; See also Krishna Prasad, supra note 129 (describing that the Kerala High Court will hear arguments challenging the government’s mandate for Aarogya Setu to be used by public and private sector employees). ↑
- . Smitha Krishna Prasad, Surveillance Without Safeguards In The Pandemic, Article 14 (Apr. 30, 2020), https://www.article-14.com/post/pandemic-in-india-spurs-surveillance-without-safeguards [https://perma.cc/8ZMJ-JDQ6]; See also Krishna Prasad, supra note 129 (stating that the Aarogya Setu app “is governed only by its own privacy policy” without any legal framework to regulate the collection and use of data). ↑
- . See Poulomi Ghosh, Aarogya Setu Developed by ‘Best of Minds’ from Government, Private, Academia; NIC Part of It, Centre Clarifies, Hindustan Times (Oct. 28, 2020), https://www.hindustantimes.com/india-news/aarogya-setu-developed-by-government-and-private-collaboration-centre-clarifies/story-iQyqZTZR4CKZVN5SCB3SLO.html [https://perma.cc/PJL8-Z59G]. ↑
- . National Informatics Centre, https://www.nic.in/ (last visited Jan 8 2025); See Aditi Agrawal, Untangling the web that is Aarogya Setu’s creation, MediaNama (Oct 29, 2020), https://www.medianama.com/2020/10/223-aarogya-setu-creation-2 [https://perma.cc/N3CB-S3SN]. ↑
- . Agrawal, supra note 135. ↑
- . Aarogya Setu Android App, https://github.com/nic-delhi/AarogyaSetu_Android [https://perma.cc/7CW8-WLTG] (last visited May 30, 2023). ↑
- . Id. ↑
- . Ministry of Electronics and Information Technology, Notification of the Aarogya Setu Data Access and Knowledge Sharing Protocol, 2020 in Light of the COVID-19 Pandemic, No: 2(10)/2020-CleS (Notified on May 11, 2020). ↑
- . DigiLocker, https://www.digilocker.gov [https://perma.cc/Z8H9-5SKQ] (last visited Sept. 10, 2024). ↑
- . See DigiLocker – Welcome to NeGD, https://negd.gov.in/digilocker [https://perma.cc/Q74C-D567] (last visited Feb. 3, 2024). ↑
- . About DigiLocker, DigiLocker, https://www.digilocker.gov.in/about/about-digilocker [https://perma.cc/9NLA-HKXB] (last visited Sept. 10, 2024). ↑
- . Open Forge Project, Ministry of Elecs. and Info. Tech., Gov. of India, https://www.meity.gov.in/open-forge-project [https://perma.cc/K6V5-LJXJ] (last visited May 30, 2023). ↑
- . Department of Electronics & Information Technology, Ministry of Communication & Information Technology, Policy on Adoption of Open Source Software for Government of India, F. No. 1(3)/2014 – EG II (Issued in 2014). ↑
- . Ministry of Elecs. and Info. Tech., Gov. of India, supra note 139. ↑
- . FAQs & Customer Support, OpenForge, https://openforge.gov.in/openforge/faq.php [https://perma.cc/SL44-7RTX] (last visited Sept. 9, 2024). ↑
- . About OpenForge, OpenForge, https://openforge.gov.in/openforge/about.php [https://perma.cc/FX3M-ZHXJ] (last visited Sept. 9, 2024). ↑
- . About Pradhan Mantri Jan Dhan Yojana (PMJDY), Dep’t of Fin. Servs., Ministry of Fin., Gov’t of India, https://www.pmjdy.gov.in [https://perma.cc/5PAP-TVW2] (last visited Feb. 3, 2024). ↑
- . See Pradhan Mantri Jan Dhan Yojana (PMJDY) – National Mission for Financial Inclusion, Completes Nine Years of Successful Implementation, Ministry of Fin., https://www.pib.gov.in/PressReleasePage.aspx?PRID=1952793 [https://perma.cc/B7D4-TPB4] (last visited Feb 3, 2024). ↑
- . See generally Buy American Act, 41 U.S.C. §§ 8301–8305 (promoting the purchase of American-made goods in the United States by the federal government). ↑
- . Marrakesh Agreement Establishing the World Trade Organization, Apr. 15, 1994, 1867 U.N.T.S. 154. ↑
- . See Menon, supra note 23. ↑
- . Id. at 8-9. ↑
- . Id. at 10.; See also Constituent Assembly of India (Legislative) Debates, Volume 11, Nov. 25, 1949, available at https://www.constitutionofindia.net/constitution-assembly-debates [https://perma.cc/5YC4-6VJC]. ↑
- . See Pradip Ninan Thomas, Introduction to Politics of Digital India: Between Local Compulsions and Transnational Pressures, 23 (Jan. 2020); David M. Malone, Does the Elephant Dance?: Contemporary Indian Foreign Policy, 86-87 (2011). ↑
- . Strategic autonomy however is not an idea that is exclusive to the Indian State, scholars suggest that other countries have adopted this model of operation in the more recent context of digital sovereignty as well. See, e.g., Thomas, supra note 155, at 23; Malone, supra note 155; Glasze et al., supra note 21. ↑
- . Menon, supra note 23; Thomas, supra note 155. ↑
- . See generally India’s Economy: Its Global Calling Card, in Does the Elephant Dance?: Contemp. Indian Foreign Pol’y , 88 (2011), (Noting that such economic diplomacy programs started as early as 1964 with the establishment of the Indian Technical and Economic Cooperation program). ↑
- . Thomas, supra note 155, at 9. ↑
- . Id. at 9. ↑
- . India Stack, https://indiastack.org [https://perma.cc/YS9N-YDGC] (last visited May 30, 2023). ↑
- . Open Networks, India Stack, https://indiastack.org/open-networks.html [https://perma.cc/K6DU-YXUC] (last visited May 30, 2023). ↑
- . Our Game Plan, iSPIRT, https://ispirt.in/who-we-are/our-game-plan [https://perma.cc/GKC9-V67H] (last visited May 30, 2023). ↑
- . Id. ↑
- . NITI Aayog, supra note 117 at 11. ↑
- . The term ‘jugalbandi’ literally translates to ‘entwined twins’ and is most commonly used to refer to a musical ‘duet’ performance. See NITI Aayog, supra note 117 at 13. ↑
- . See Parsheera, supra note 108 at 31-32. Referring to M.S. Sriram, ‘Public Investments and Private Profit’ in Reetika Khera (ed), Dissent on Aadhaar: Big Data Meets Big Brother (Orient BlackSwan, 2019), 197 ↑
- . See id.; For instance, these entities are not subject to the Right to Information Act, 2005, the Indian equivalent of the Freedom of Information Act in the US. ↑
- . For more discussions on technology transfers, see e.g., Kamal Saggi, Trade, Foreign Direct Investment, and International Technology Transfer: A Survey 17 The World Bank Rsch. Observer 191-235 (Sept. 2002), https://academic.oup.com/wbro/article-abstract/17/2/191/1690468 [https://perma.cc/NV5J-FQAW] (last visited Sep 10, 2024); David G. Ockwell et al., Key Policy Considerations for Facilitating Low Carbon Technology Transfer to Developing Countries, 36 Energy Policy 4104 (2008); David B. Audretsch, Erik E. Lehmann & Mike Wright, Technology Transfer in a Global Economy, 39 J Tech. Transfer 301 (2014). ↑
- . Ockwell et al., supra note 169. ↑
- . Manas Chatterji, Technology Transfer in the Developing Countries, 281 (2016). ↑
- . See Malone, supra note 155. ↑
- . Id.; see e.g. Menon, supra note 23. ↑
- . Soumya Duggal, India Stack Likely to Soon Become the Global Stack: Sitharaman, Entrepreneur (Sept. 7, 2022), https://www.entrepreneur.com/en-in/news-and-trends/india-stack-likely-to-soon-become-the-global-stack/434845 [https://perma.cc/Q9AR-3VU2] (last visited Apr 4, 2023). ↑
- . Id. ↑
- . Suraksha P., Seven Countries to Sign up for India Stack’s Digital Public Goods: MoS IT Rajeev Chandrasekhar, The Economic Times, https://economictimes.indiatimes.com/tech/technology/seven-countries-to-sign-up-for-india-stacks-digital-public-goods-mos-it-rajeev-chandrasekhar/articleshow/97274552.cms [https://perma.cc/2HWL-6YP4] (last updated Jan. 24, 2023). ↑
- . Cabinet approves MoU between India and Kenya on cooperation in the field of sharing successful Digital Solutions implemented at Population Scale for Digital Transformation, Pmindia, https://www.pmindia.gov.in/en/news_updates/cabinet-approves-mou-between-india-and-kenya-on-cooperation-in-the-field-of-sharing-successful-digital-solutions-implemented-at-population-scale-for-digital-transformation [https://perma.cc/5NQG-YRXW]; Aarathi Ganesan, Full List: Which Countries Have Signed India Stack MoUs Since June 2023?, MEDIANAMA (Aug. 18, 2023), https://perma.cc/GNQ6-JWQ8; India signs MoU with Trinidad and Tobago for sharing India Stack solutions, ETGovernment.com, https://government.economictimes.indiatimes.com/news/technology/india-signs-mou-with-trinidad-and-tobago-for-sharing-india-stack-solutions/102808692 [https://perma.cc/JVQ3-KE5Q] (last updated Sep. 17, 2023); India signs MoU with Colombia on sharing open-sourced digital public infrastructure, ANI News, https://www.aninews.in/news/business/business/india-signs-mou-with-colombia-on-sharing-open-sourced-digital-public-infrastructure20240217084710 [https://perma.cc/M95P-QPRH] (last updated Feb. 17, 2024). ↑
- . See Suraksha P., supra note 176. ↑
- . Steven VanRoekel & Aneesh Chopra, Data.gov Goes Global, The White House President Barack Obama (Dec. 5, 2011, 9:29 AM), https://obamawhitehouse.archives.gov/blog/2011/12/05/datagov-goes-global [https://perma.cc/322R-76XJ]. ↑
- . Amrit Raj & Jain Upasana, Aadhaar Goes Global, Finds Takers in Russia and Africa, mint (Jul. 9, 2016, 12:45 PM), https://www.livemint.com/Politics/UEQ9o8Eo8RiaAaNNMyLbEK/Aadhaar-goes-global-finds-takers-in-Russia-and-Africa.html [https://perma.cc/M86K-WDN2]. ↑
- . Id. ↑
- . Jayadevan PK, India’s Latest Export: 20 Countries Interested in Aadhaar, India Stack, FactorDaily (Jan. 10, 2018), https://factordaily.com/aadhaar-india-stack-export/ [https://perma.cc/3A2L-ZG8V]. ↑
- . Id. ↑
- . Alessandro Mascellino, UIDAI Enters Collaboration with World Bank to Export Aadhaar Digital ID Architecture, Biometric Update (Dec. 3, 2021, 12:31 PM), https://www.biometricupdate.com/202112/uidai-enters-collaboration-with-world-bank-to-export-aadhaar-digital-id-architecture [https://perma.cc/L6FQ-9FJ7]. ↑
- . Id. ↑
- . India Stack, https://indiastack.org/index.html [https://perma.cc/WXN3-WAU7] (last visited Feb 3, 2024). ↑
- . Id. ↑
- . Himani Chandna, CoWin Goes Global, 76 Countries Want to Use India’s Covid Vaccination Platform Software, ThePrint (Jul. 5, 2021, 10:02 AM), https://theprint.in/health/cowin-goes-global-76-countries-want-to-use-indias-covid-vaccination-platform-software/689817 [https://perma.cc/EQN7-BPKK]; EXPLAINED: Why India Is Offering CoWIN To Other Countries. How Will They Use It?, News18 (Jul. 7, 2021, 06:41 AM), https://www.news18.com/news/explainers/explained-why-india-is-offering-cowin-to-other-countries-how-will-they-use-it-3928919.html [https://perma.cc/2DR5-NQYP]. ↑
- . Himani Chandna, supra note 188. ↑
- . Winning Over COVID (CoWIN), United Nations Development Programme, https://www.undp.org/india/projects/winning-over-covid-cowin [https://perma.cc/E4DD-67JT] (last visited May 31, 2023). ↑
- . Ashwin Manikandan, NPCI Sets up Subsidiary for Exporting UPI to International Markets: RBI Governor, The Econ. Times (Dec. 16, 2019, 2:53 PM), http://economictimes.indiatimes.com [https://perma.cc/L42J-XEA5]. ↑
- . NRIs can now set up UPI on their international mobile numbers: List of supported countries, The Ind. Express (Jan. 19, 2023, 8:34 AM), https://indianexpress.com/article/technology/nri-upi-on-international-mobile-numbers-list-of-supported-countries-8375685 [https://perma.cc/RE4V-GTNH]; DH Web Desk, UPI in France: How It Will Work, All You Need to Know, Deccan Herald (Jul. 14, 2023, 8:19 AM), https://www.deccanherald.com/business/upi-in-france-how-it-will-work-all-you-need-to-know-1236966.html [https://perma.cc/G42U-34SV]. ↑
- . The MOSIP Project, http://prod-website-903390823.ap-south-1.elb.amazonaws.com/mosip_project [https://perma.cc/LWP6-CLSL] (last visited January 8, 2025). ↑
- . For example, see Country Partners, MOSIP, https://www.mosip.io/country_partners [https://perma.cc/E7LJ-352W] (last visited Feb 3, 2024). ↑
- . MOSIP, supra note 193. ↑
- . Suraksha P., A Foundational ID System to Give Identity to Millions across the Globe, The Econ. Times (Sep. 4, 2022), https://economictimes.indiatimes.com/tech/information-tech/a-foundational-id-system-to-give-identity-to-millions-across-the-globe/articleshow/93969853.cms?from=mdr [https://perma.cc/G8U3-9D8Q]; Jahnavi T. R, IIITB Develops Platform to Provide Aadhaar-like Digital Identities for Nine Countries, The Hindu (Jan. 3, 2023), https://www.thehindu.com/news/national/karnataka/iiitb-develops-platform-to-provide-aadhaar-like-digital-identities-for-nine-countries/article66333821.ece [https://perma.cc/CC2R-ZMR4]. ↑
- . Suraksha P. supra note 196. ↑
- . See Aaron Martin, Aadhaar in a Box? Legitimizing Digital Identity in Times of Crisis, 19 Surveillance & Soc’y 104, 105 (2021). ↑
- . Frank Hersey, Maturing MOSIP Enjoys ID4Africa Limelight as It Expands Its Partnerships and Vendors Flock, Biometric Update (Jun. 20, 2022, 4:14 PM), https://www.biometricupdate.com/202206/maturing-mosip-enjoys-id4africa-limelight-as-it-expands-its-partnerships-and-vendors-flock [https://perma.cc/8ED6-QHQU]. ↑
- . Id. ↑
- . Sharinee L. Jagtiani & David Hagebölling, India’s G20 Presidency: Decoding the Digital Technology Agenda, The Diplomat (Jan. 30, 2023), https://thediplomat.com/2023/01/indias-g20-presidency-decoding-the-digital-technology-agenda [https://perma.cc/Q6UF-MD9X]. ↑
- . G20 New Delhi Declaration (Sep. 10, 2023), https://www.mea.gov.in/Images/CPV/G20-New-Delhi-Leaders-Declaration.pdf [https://perma.cc/66JD-FFHU]. ↑
- . George Ingram & Priya Vora, Brazil’s G20 opportunity: A consensus on digital data, Brookings (Jan. 9, 2024), https://www.brookings.edu/articles/brazils-g20-opportunity-a-consensus-on-digital-data [https://perma.cc/F5F8-LN9H]; Perrone, supra note 81. ↑
- . See Luca Belli, BRICS Countries to Build Digital Sovereignty, in CyberBRICS: Cybersecurity Regulations in the BRICS Countries 271 (Luca Belli ed., 2021), https://doi.org/10.1007/978-3-030-56405-6_7 [https://perma.cc/U4X7-JTG5] (last visited Sep 10, 2024); Belli and Jiang, supra note 82, at 4. ↑
- . The Digital Personal Data Protection Act, 2023 (Ind.). ↑
- . Parsheera, supra note 108, at 27. ↑
- . Smriti Parsheera, Finding a Place for Privacy in India’s Health Digitization Landscape, Ctr. for the Adv. Study of Ind. (March 13, 2023), https://casi.sas.upenn.edu/iit/smritiparsheera [https://perma.cc/V9M9-8MNV]. ↑
- . Id. ↑
- . PII Belonging to Indian Citizens, Including their Aadhaar IDs, Offered for Sale on the Dark Web, Resecurity (Oct. 15, 2023), https://www.resecurity.com/blog/article/pii-belonging-to-indian-citizens-including-their-aadhaar-ids-offered-for-sale-on-the-dark-web?s=08 [https://perma.cc/EB78-XCQ7]; Aadhaar Details of 81.5 cr People Leaked in India’s ‘Biggest’ Data Breach, Hindustan Times (Oct. 31 2023), https://www.hindustantimes.com/technology/in-indias-biggest-data-breach-personal-information-of-81-5-crore-people-leaked-101698719306335.html [https://perma.cc/ZS7W-PS2B]. ↑
- . Hindustan Times, supra note 209. ↑
- . Ishan Patra, Aarogya Setu app is Now Open Source: What Does it Mean?, The Hindu (May 28, 2020, 11:35 AM), https://www.thehindu.com/sci-tech/technology/aarogya-setu-app-is-now-open-source-what-does-it-mean/article31689459.ece [https://perma.cc/29UP-Z726]; Features of Aadhaar, Unique Identification Auth. of Ind., https://www.uidai.gov.in/en/my-aadhaar/about-your-aadhaar/features-of-aadhaar.html [https://perma.cc/774J-YW83] (last visited May 30, 2023). ↑
- . See Regina Mihindukulasuriya, ‘All about Helping Rajni’ — Tech Gurus at iSPIRT Quietly Power India’s Digital Revolution, ThePrint (Jun. 25, 2022, 9:00 AM), https://theprint.in/india/all-about-helping-rajni-tech-gurus-at-ispirt-quietly-power-indias-digital-revolution/1007652 [https://perma.cc/7BU3-KJB4]. ↑
- . See Smriti Parsheera, Stack Is the New Black?: Evolution and Outcomes of the ‘India-Stackification’ Process, 52 Comput. L. & Sec. Rev. 105947, 105947 (2024); Letter from Udbhav Tiwari et al., to Ministry of Electronics and Information Technology, Gov. of Ind., Mozilla’s Comments in Response to the Public Consultation on India’s Strategy for National Open Digital Ecosystems (NODE) (May 31, 2020), https://blog.mozilla.org/netpolicy/files/2020/05/India-NODE-Consultation-Mozilla-Response-31052020.pdf [https://perma.cc/EYA7-6HKN]. ↑
- . Parsheera, supra note 108, at 31. ↑
- . Khera, supra note 105; Reetika Khera, supra note 80; See Sambhav, et al., supra note 104. ↑
- . The Supreme Court of India has read the right to food and right to healthcare into the right to life provided for under Article 21 of the Constitution of India. Further, food security through the availability of subsidized food is guaranteed under the National Food Security Act, 2013. See National Food Security Act, 2013 (Ind.); Kajal Bhardwaj, et al., The Right to Health: A Winding Road to Actualization, Equity and Access: Health Care Stud. in Ind., 361 (2018). ↑
- . Puttaswamy v. Union of India 1 SCC 1 (2019) (India). ↑
- . The Supreme Court struck down a provision of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, which prevented individual citizens from initiating criminal proceedings for offences under the law. The provision only allowed the Unique Identification Authority of India, the agency that issues digital IDs and administers Aadhaar system to make such a complaint. See Id. at 409. ↑
- . For example, see the plans for implementing an ‘Integrated Social Information System’ in the state of Karnataka at Centre for e-Governance, Department of Personnel & Administrative Reforms (e-Governance). Government of Karnataka, Kutumba, https://kutumba.karnataka.gov.in/en/Index/AboutUs [https://perma.cc/QM84-TT5J] (last visited Jan 8, 2025). ↑
- . National Portal of India, https://www.india.gov.in/spotlight/digi-yatra-new-digital-experience-air-travellers [https://perma.cc/GTL6-NKLC] (last visited May 30, 2023). ↑
- . Julie Zollman, et al, Citizen Experiences with DPI: Kenya’s Digital ID Transition, Ctr for Fin. Inclusion, August 2024, at 5. ↑
- . Id. at 4. ↑
- . Id. at 6. ↑
- . For instance, see Margetts and Naumann, supra note 18. ↑
- . Estonia to Share its E-governance Know-How, e-Estonia (Mar. 19, 2019), https://e-estonia.com/global-digital-society-fund [https://perma.cc/XAJ7-XVCE] (last visited Sep 10, 2024). ↑
- . U.S. Digit. Serv., https://usds.gov/ [https://perma.cc/BG7T-HBTA] (last visited Sep 10, 2024); Gen. Serv. Admin., https://18f.gsa.gov [https://perma.cc/KT2Y-RAPG] (last visited Sep 10, 2024). ↑
- . Exec. Order No. 14,110, 3 C.F.R. §10 (2023). ↑
- . USAID Digital Policy: 2024 – 2034, USAID, at 13. ↑
- . Digital Government Model, USAID, https://www.usaid.gov/sites/default/files/2024-02/USAID_Digital_Government_Model_1.pdf [https://perma.cc/SET2-A53S]. ↑
- . See for example Mulligan & Bamberger, supra note 90 at 702; See generally Virginia Eubanks, Automating Inequalitym, (St. Martin’s Publishing Group 2018); Naomi Appelman, et al., Social Welfare, Risk Profiling and Fundamental Rights: The Case of SyRI in the Netherlands, 12 J. of Intell. Prop., Info. Tech. & E-Commerce. L. 257, (2021). ↑