Lessons from global practices on “zero-rating”: My new report on how regulators have picked 'good' from 'bad' by Amba Kak

I’m excited to announce my latest report on how regulators, globally, have assessed “zero-rating” offers and decided whether or not they violate net-neutrality rules. Read the full report here

Zero-rating, for the uninitiated, is a term of art that refers to charging discounted rates for internet access based on the content being accessed. It initially described content that had “zero” data charges but this discount now comes in a variety of ways — generous, or no data limits applicable to accessing particular content (this could be for a particular service, say “Facebook Free” in Nepal, or a class of services, say for music streaming like the “Music Freedom” offer in the US). It could also mean buying internet access plans restricted to certain sites, like social media internet packs. Most familiar to users in large parts of Asia and Africa was the model that provided entirely free access to a selection of web content — like, “Facebook Free Basics”.

Facebook Free Basics became particularly controversial in India, and eventually, all forms of zero-rating were banned by the telecom regulatory authority (TRAI). Advocates argued that zero-rating offers violated net-neutrality principles by allowing telecom operators to form partnerships with select large content services — allowing these services to reach newer audiences out of reach to smaller, nascent services. This distortion of the level-playing field by creating a cheaper vs. a more expensive tier of internet access based on content was an interference with net neutrality in much the same way that creating fast v. slow lanes, through technical practices throttling or prioritization of traffic, was. Facebook Free Basics, in particular, was purportedly directed at first time internet users, who couldn’t afford using data. But many questioned if this would this lead to the “next billion” equating the internet to a handful of companies rather than the potentially limitless and exploratory internet that was accessible to large parts of the developed world. I did some qualitative research on this subject too — read here, and blogged about here.

By opting for a ban on all such data plans, TRAI stood apart from its European, American and Canadian telecom regulatory counterparts that adopted a case-by-case approach. Under the case-by-case approach the plans were generally allowed, but the regulator would evaluate each zero-rating offer to check if it violated the net-neutrality rule. A relatively new business model, zero-rated plans were considered a deviation from the net-neutrality principle, but one that required further evidence and analysis before any regulatory action could be initiated against them. In contrast, the regulatory bodies in these countries were not hesitant before prohibiting practices such as throttling or blocking of traffic by ISPs, which they considered more straightforward violations of the principles of net neutrality. In the case of zero-rating practices, even some of the staunchest net-neutrality advocates argued that not all forms of zero rating would be harmful to net-neutrality objectives such as user choice and a level playing field.

TRAI emphatically rejected this approach for India, “Once such practices are allowed, it may not be possible to quantify, measure or remedy the consequences in the short to medium term.” It noted that while the case-by-case approach had “intuitive appeal,” the absence of a clear rule would hamper certainty for consumers, curtail innovative new services and expose ISPs to the continual risk that regulators would find their plans illegal. On a practical note, TRAI noted that a case-by-case approach also meant a greater financial and administrative burden.

So how has the case-by-case approach held up in practice? Regulatory authorities in Europe, the US and Canada have, to varying degrees, evaluated the zero-rating plans offered in their markets. They’ve also published detailed reports on how they’ve made these assessments.

It seemed like the right time to reflect on this approach, and whether it has been an effective check on the net-neutrality concerns emanating from zero-rating. In this report, I ask, and attempt to answer:

  1. What are the legal standards applied to assess zero-rating offers in these countries?
  2. What factors featured most prominently in the case-by-case assessments by regulators?
  3. Are there gaps in the regulators analysis?
  4. How can these be bridged?

To the third question, I identified gaps in regulatory analysis that applied to the regulators’ analysis as they reviewed, and responded to zero-rating offers in the market. (In the report I identify which countries’ approach reflects these gaps, and where others set models to emulate.)

  • Although several zero-rated plans were formally open to content services to apply to join, there was inadequate and often superficial investigation into the practical impact on content services seeking to be zero rated. Specifically, are content services aware of the process to apply? What are the search and negotiation costs for content services to actually reach an agreement with telecom operator? How long does this entire process take?
  • Lack of transparency for terms, and relatedly, lack of analysis of terms that may disadvantage certain kinds of content services. For example, are the technical terms overly burdensome? Are encrypted services de facto barred from applying (due to a requirement that techniques of Deep Packet Inspection (DPI) will be applied to differentiate the zero-rated data traffic)?
  • The need for a more stringent approach to affiliated content services directly affiliated with telecom operators. Are these affiliated content services given more favourable terms? For example, when content services have to pay to be part of a zero-rated offer, do affiliated services get a more favourable rate, or not have to pay at all?
  • Inadequate scrutiny on the level of data caps in a particular market — a very low data cap could strengthen the incentive to use zero-rated content exclusively.
  • Rather than a purely conceptual analysis of how the user’s freedom to choose has been impacted by zero-rated offers, the Canadian model of identifying particular demographics that are benefited by certain kinds of offers (and those that may be disadvantaged) is a valuable approach to emulate.

India's regulator endorses net-neutrality, even as the FCC attacks it - lessons & curiosities from this global debate by Amba Kak

This post first appeared as an op-ed in Business Standard - http://www.business-standard.com/article/economy-policy/net-neutrality-trai-has-done-well-to-recommend-hard-coding-it-in-law-117112801376_1.html


We can now say, with some certainty, that the Indian telecom regulator (TRAI)’s support for net-neutrality is among the strongest in the world. The timing could not be more auspicious – TRAI now stands tall alongside European regulators, even as it positions itself in stark contrast to its US counterpart, the Federal Communication Commission, where the Trump appointee Chairman Ajit Pai infamously proposed a roll back of net-neutrality rules last week.

Yesterday, TRAI recommended that internet service providers (including telecom operators) be restricted from engaging in any discriminatory treatment of content or entering into any agreement that has such effect. Discrimination, whether based on the sender or receiver of the content, the protocols used or the equipment being used to access the internet is prohibited.  In addition, TRAI recommends specific rules against blocking, degrading, slowing down or granting preferential treatment to any content.  It’s a recommendation, and not yet a rule, because it is to be implemented by amending the license agreements that govern all providers of internet access – which is under the remit of the Department of Telecom. But by providing the text of the rule, TRAI has paved the way for smooth passage of these amendments by government.

In a sense, this principled commitment to net-neutrality was expected. In 2016, following a highly charged debate with the fate of Facebook’s FreeBasics hanging in the balance, TRAI banned ISPs from charging discriminatory tariffs for data based on the content being accessed. The next obvious question was that of discriminatory speeds – examples of ISPs slowing down or blocking web content seen to threaten their businesses had been the most visible violation for net-neutrality debates globally (think: Comcast throttling BitTorrent). The nitty-gritty of what such a rule should look like is unarguably complex- over the last year TRAI held multiple public consultations– debating tricky issues like defining exceptions to the rule, the treatment of ‘specialised services’ (that have different characteristics from the internet), evolving technologies like Internet of Things (IoT) and how to monitor violations. TRAIs recommendations take a position on each of these, the nuances of which will be debated in the following weeks.

For now, it’s a good moment to step back and identify some highlights from this global advocacy and policy tussle:

  • Rhetoric has been critical to the net-neutrality debate. Just recall  Facebook’s counter-campaign in India to attacks on FreeBasics was that they were in support of “digital equality”, not “net neutrality”. Similarly, in this round of TRAI’s consultation, both sides were using the same rhetoric–innovation and freedom–but as signposts for two very different arguments (and at opposite ends). Those in favour of the net-neutrality rules argue that net neutrality embodies “permission-less innovation” -  preventing ISPs from acting as gatekeepers by potentially charging  internet companies and/or users for preferential access. On the other hand, ISPs, globally, and the current FCC chairman uses the term “internet freedom” synonymously with deregulation of ISPs, on the premise that government interference stifles innovation. In fact the US proposal for repeal is curiously termed “Restoring Internet Freedom”. This debate tracks a classic tension on the role of the state in a ‘free market’. Does a ‘free market’ not require the government to set the rules of fair play?
  • People power:  Net-neutrality exemplifies the pressure that coordinated and sustained public engagement can have on policy issues. Curiously, in their submissions to TRAIs consultation, most Indian telecos declared they support the principles of net-neutrality, and even explicitly support rules against blocking and throttling – “merely” disagreeing on how/whether these should be enforced. Similarly, in the US, major ISPs (Comcast, Charter, AT&T) have come out and vowed that irrespective of the repeal, they would “continue to” adhere to net-neutrality rules. This demonstrates that even ISPs, for whom this deregulatory move would be welcome, were compelled to at least  provide lip service to the principles of net-neutrality. The idea of net-neutrality – and the ‘open internet’ has gained currency with internet users in a way that has made it imperative for regulators and industry to engage.
  • (Unlikely) alliances: Ever since rumours of the net-neutrality repeal surfaced in the US, dominant internet platforms like Google, Facebook, Netflix, Amazon, thousands of start ups, civil society, and grassroots organizations all come out to defend the 2015 Order. This alliance with civil society is noteworthy because it comes at a time when internet platforms are under fire on issues ranging from privacy to fake news. Indeed, it is becoming increasingly difficult to ignore the “gatekeeping” potential of the platforms themselves. So while this might be a somewhat rare moment of strategic alliance, as advocates emphasize that net neutrality is “not about saving Netflix but saving the next Netflix” – and understanding the unique threat ISPs represent to that innovation.
  • Transparency is a necessary but insufficient solution: TRAI’s recommendations emphasize the important role of transparent disclosures in strengthening the enforcement of a net-neutrality rule. However, transparency is often used to negate the requirement of the rule altogether – take Pai’s repeal order which relies on the assumption that if ISPs are transparent about their practices (including net-neutrality violations), users will themselves switch services, and this will discipline ISPs to act in consumer interest. This faith is on flimsy ground – it puts the burden on consumers to recognize and react to net-neutrality violations, while the ISP market (particularly in the US) is often concentrated to a few providers (and in some rural areas, limited to one), besides other reasons why people might even be otherwise reluctant to switch. This is a recurring theme in internet policy debate, and we need more India-specific research - how much competition will be ‘enough’ in the market for internet services? Are there invisible barriers to consumers switching providers?
  • Vertical integration: In India,  examples of telecom operators launching their own content and services has become increasingly common (think: Airtel’s Wynk music service or Jio’s payment wallet JioMoney). Interestingly, in his announcement Chairman Pai argued that net neutrality rules prevent ISPs from “experimenting with business models that could help them compete with online businesses like Netflix, Google, Facebook”. Here, Pai has controversially thrown light on both the ambition and incentive for ISPs to enter into partnerships or merge with content companies. In the US, recently AT&T announced plans to merge with Time Warner (the move is being challenged by the Department of Justice) This vertical integration between what have been traditionally separate markets - and the lack of net-neutrality rules represent a particularly worrisome combination. If ISPs are empowered to “pick winners and losers” on the internet, it is but obvious that they will bet on their own horse.

Developments in the US are a reminder that regulation itself is subject to political vagaries, and changing governments. In its wake, TRAI’s recommendations to hard code net-neutrality into enforceable provisions are welcome - clear articulations of principles, grounded in law, rather that case-by-case decisions evidently have greater resilience and legitimacy in the face of these choppy waters.

PRIVACY AS POWER by Sandhya Visvanathan

Orwell’s dystopic vision was dominated by the central state. He never guessed just how significant a decentralized consumerism might become for social control
— David Lyon

On 24th August 2017, nine judges of the Indian Supreme Court, through six distinct but unanimous decisions in the case of Puttaswamy v Union of India, affirmed that privacy is a fundamental right. Privacy, the judges declared, is the core of human dignity and autonomy – values that are not bestowed on us through the largess of the state, rather which inhere in us by virtue of being human. This strong normative foundation helps, in Nariman J's words, to "recognize privacy interests when we see them".

There could be many ways to read a judgement. A straightforward legal reading would be to isolate the "operative parts" - what will be cited as the precedent laid down by a unanimous 9 judge bench, effectively binding on all Courts of the land for times to come.

Or, we might view this 500+ page judgement and responses to it as a sociological artifact, chronicling a moment in history, reflecting or referencing attitudes towards technology and society, citizen and state and so on. In this latter vein, I focus on the caselaw and examples that judges rely on to animate their concerns around privacy. This includes even musings, expressions of sentiment, excerpts of poetry (Kaul, J!) that might not survive as authoritative pronouncements, but inevitably colour our interpretation of these operative parts.

There is a story to tell here. Case law of the 'past' typically saw the Orwellian State intruding into the individual's private sphere in isolated incidents of overreach. In contrast, in the new data(based) world, these threats are increasingly decentralised, more pervasive, even routine. They lack the maliciousness that helped identify the early cases as clear instances of privacy violations. Sometimes we might even experience new threats to privacy as pleasures, efficiencies or "bargains" to be part of the new digital economy. This in itself does not make the intrusions less dangerous, but it does require some measure of fresh deliberation. I rely on the observations of the judges in Puttaswamy, particularly Kaul J and Chandrachud J, to tease out the different ways in which we can think about these new threats - and new remedies.

I. From Orwellian intrusions to a ‘routine’ loss of power

In previously decided cases, the narrative is often of the Orwellian State overstepping its boundaries to encroach into the personal lives of citizens. Many cases are on state surveillance – like challenges against phone tapping[1]  and domiciliary night visits.[2] Other cases are concerned with state’s coercive power to subject individuals to invasive tests to determine paternity[3], mental health[4] and lie-detector tests.[5] More recently, privacy has been invoked in cases that involve a person’s freedom to make decisions about their own life –challenges against restrictions on termination of pregnancy,[6] certain kinds of employment for women/young men,[7] non-consensual disclosure of HIV status[8] criminalization of sexual orientation.[9] As Justice Chelameswar observes, nobody “would like to be told by the State as to what they should eat or how they should dress or whom they should be associated with either in their personal, social or political life”.

It is Justice Chandrachud and Justice Kaul, then, who dwell on the privacy threats that confront the future. Privacy matters not just in the same way it has for previous decades, but matters differently in this new tech-driven world.

These emerging privacy claims may be best understood in terms of power.  Justice Kaul notes - “Knowledge about a person gives a power over that person. The personal data collected is capable of effecting representations, influencing decision making processes and shaping behaviour. ”  In a similar vein, Justice Chandrachud opines - “The old adage that “knowledge is power” has stark implications for the position of the individual where data is ubiquitous, an all-encompassing presence.”

We need to look closer at the balance of power in routine interactions between the citizen and both state and private sector entities that permeate over lives and process our personal information – ranging from Aadhaar to social media apps. The judges also deliberate on how technology itself might govern in terms of how the internet and, specifically, search algorithms make “forgetting” so difficult, and in the process constrain individuals from starting afresh after past mistakes. Individuals are “entitled to reinvent themselves”, Justice Kaul declares, and “privacy should nurture this ability”.

These emerging threats do not fit comfortably with the kind of Orwellian intrusiveness, or maliciousness that seems to be evoked in cases of wiretapping or forced sterilization. Instead, it is the routine, mundane and decentralized transfer of information in the course of business, leisure, and everyday transactions that enables a new, and indeed a more sophisticated form of control.  In fact, the goal of many of the entities that process personal data, like social media, insurance providers or e-commerce websites, may not primarily be social control at all but instead, profit. How to sell their products better, get more clicks – or as might be the case with news media, to push particular opinions or ideas.  As Nandan Nilekani stated in a recent interview, we were a “data poor country because no one is on the grid” but he explains how this will entirely change in the next five years. Consumers themselves may be willing and even enthusiastic to get “on the grid” (although the validity of consent online is a continuing debate) – but it exposes them to a new range of threats.

Justice Chandrachud’s observations speak deftly to this apparent contradiction. These services can serve to enhance autonomy (he cites “opening up new universes for the bibliophile” and creating “efficient substitutes” to physical stores, among others), and yet requires that we surrender control over our information, in ways that makes us more vulnerable to profiling, manipulation and exclusion.  He notes “In aggregation, they (information silos) disclose the nature of the personality: food habits, language, health, hobbies, sexual preferences, friendships, ways of dress and political affiliation”).

II. Beyond privacy

This ethical terrain is not peculiar to ‘privacy’ or data protection concerns, but is replicated in several other debates in internet policy.  For example, when Facebook launched FreeBasics (free access to a limited section of web content, including their own), to try and “get the next billion online”, critics were quick to rebut the charitable claim of the mission. What does the company get out of it? The low-income, young demographic targeted by the service are predicted to be the “next billion” coming online.  Understanding the consumption patterns and willingness to pay of this large demographic is becoming critical for businesses. And with their inclusion into the internet economy, these data profiles can be both a source of empowerment and disempowerment for the individuals they concern. Social media networks, for example, might be leveraged to create a creditworthiness profile of an individual who might otherwise be summarily dismissed by formal sector banks due to lack of credit history (Several startups are already mushrooming in this space - http://www.bbc.com/news/business-37224847). By the same token, however, social media profiles, if shared with third parties like health insurance or e-commerce, might provide unforeseen inferences to various entities that have the power to adversely affect quality of life.

Or take ‘personalisation’ of news – where algorithms are being deployed to manipulate the news, search results or advertisements the viewer sees with the aim of tailoring content to her interests or preferences. Here too, the practice is not easily vilified- particularly when it is based on demand. If I have an appetite for right-leaning content, algorithms that tailor my information environment accordingly, are merely giving me what I want – the argument goes.  However, these practices also  reinforce existing beliefs rather than providing me diversity of opinions. Is it not taking away from ‘real choice’ – affecting both personal freedom and democratic values?

III. Big brother to little brother(s)?

The contrast between past cases and present experiences is also stark because case law, by constitutional design, focuses on violations by the State. This design is that, generally, fundamental rights can only be asserted against the State. I say ‘generally’ because the issue of whether fundamental rights can be asserted against private actors, and relatedly, whether the “state” can be read more expansively – is subject to evolving and contested jurisprudence. This contestation reflects a larger concern around the increasing role, and power, of private actors on lives of individuals and the community – and finding a legal language to address this.  Since the term state is defined in the constitution to include “other authorities”, a stream of cases interpret this as private bodies being equivalent to the state. While earlier case law suggested performing state-like functions might create this equivalence, more recent cases construe this more narrowly in terms of state “control”.

Interestingly, the 1994 press freedom case R. Rajagopal v. State of Tamil Nadu, stands out from other cases cited by the Court because it clarifies that the State itself has no right to privacy. The publication of the autobiography of a convict (called ‘Auto Shankar’) by a private publisher in a magazine had been restrained – apparently based on a request by the convict himself. The facts revealed however that the police had “forced” the convict using “third degree methods” to request the publishers not to publish his life story.  While the judgment framed this as a case of the freedom of press of the publisher vis-a-vis the right to privacy of the citizen, the Court found that the citizen, Auto Shankar, “had not requested nor authorized” the prison officials to start proceedings to protect his right to privacy.

In contrast, several of the newer examples span across the private and public sector. Apart from the various private actors in the digital economy, Aadhaar is an example of a state programme that exemplifies this tension between claimed efficiencies and pleasures on one hand, and loss of control on the other.  Its extensive use by the private sector also makes a clear public/private distinction illusory.  So, even as the privacy challenges against the project may focus Aadhaar’s ability to strengthen and consolidate the surveillance capacity of the State, the experience of the ordinary citizen as s/he interfaces with Aadhaar may be more mundane – routine but nonetheless vital interactions with the State to obtain welfare services, or more recently, pay taxes and much more.

The problem with databases is not our being watched, controlled or inhibited…rather it is our inability to participate meaningfully in the collection and use of our personal information
— Daniel Solove

IV. Thinking ahead – privacy as power

The dispersed nature of perpetrators and harms in this new data(based) world stand apart from traditional privacy claims. If privacy can be, helpfully, understood as power, then the balance of power in these every day interactions will need to be scrutinized.  Unlike cases of the past like unlawful wiretapping or lie detector tests, simply the restricting or retreating of the violating party may not be the ideal response to a loss of privacy. Instead, we will need nuanced positions that are able to grasp the value of these technologies in every day life – and put in place meaningful limits. As Daniel Solove notes “The problem with databases is not our being watched, controlled or inhibited…rather it is our inability to participate meaningfully in the collection and use of our personal information”.

Setting these limits will not be easy, it involves asking to what extent we are comfortable with interferences in what we read, what we are sold, and what we think. Opting in cannot be read as complete surrender, personal information must be processed in ways that enhance rather than restrict individual freedom – and as a guide to every analysis must be the dignity and autonomy of the individual.


[1] (R M Malkani v State of Maharashtra, 1973)

[2] (Kharak Singh v. Union of India, 1964)

[3] (Bhabani Prasad Jena v Orissa State Commission for Women 2010)

[4] (Maharashtra University of Health Sciences v Satchikitsa Prasarak Mandal 2010)

[5] (Selvi v. Union of India)

[6] (Suchita Srivastava v Chandigarh Administration 2009)

[7] (Anuj Garg v Hotel Association of India 2008)

[8] (Mr X v. Hospital Y),

[9] (Koushal v. Union of India, 2014)