On February 25 2021, the Indian government notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which replaced the Information Technology (Intermediaries Guidelines) Rules, 2011.
While the 2011 rules applied only to intermediaries, the new rules have been expanded to cover online news content and over-the-top (OTT) platforms. As per the government, the latest rules are designed to ensure that digital platforms such as social media sites, messaging apps, digital newspapers, and OTTs provide grievance redressal mechanisms to their users.
The social media intermediaries were provided three months, i.e. till May 25 2021, to comply with the rules.
As the deadline for intermediaries to comply with the guidelines was set to expire, a flood of litigation challenging various aspects of the new guidelines has been filed in different courts.
These include the Google search engine claiming they are an ‘aggregator’ and not an ‘intermediary’. Meanwhile, digital newspapers and other digital news platforms have filed a writ to challenge the rules, as they arguably seek to regulate digital news media by imposing a 'code of ethics' and vest the power of interference ultimately with the central government as the chief regulator. News platforms have also argued that the regulation and oversight by the government or its agents cannot be prescribed by the rules when not contemplated by the parent act (in this case, Information Technology Act).
New due diligence rules
The due diligence mechanism by the intermediary, as per the new guidelines, includes:
1. Publishing rules and regulations, privacy policy, and user agreement for access by any person on its website and mobile app and informing them not to host, display, upload, modify, publish, transmit, store, update or share any information that:
Belongs to another person and to which the user does not have a right;
Is defamatory, obscene, pornographic, invasive of another's privacy, or encourage money laundering or gambling or anything inconsistent with or contrary to the laws in force;
Is harmful to the child;
Infringes any patent, trademark, copyright or other proprietary rights;
Deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is false or misleading in nature but may reasonably be perceived as a fact; and
Threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order.
2. Remove the offending content upon receiving actual knowledge in the form of a court order or upon being notified by the government or agency envisaged under Section 79 of the IT Act, within 36 hours of the receipt of a court order.
3. Information that has been removed and disabled by the intermediary shall be retained for 180 days or longer, as it may be required by the court or government.
4. The intermediary shall, within 72 hours of the receipt of an order, provide information under its control or possession, or assistance to the government agency for investigation or cybersecurity activities, for the purposes of prevention, detection, investigation or prosecution, of offences under any law.
Significant social media intermediaries
The difference has been carved out between social media intermediaries (SMI) and significant social media intermediaries (SSMI). The SSMI are classified as those with more than a registered user base of 5 million in India. For the first time, the new rules have put an onus on SMI to put in place a grievance redressal mechanism.
Towards this, the intermediary is required to publish (on its website and mobile app), the name of the ‘grievance officer’ and his contact details, as well as a mechanism for lodging the complaint. Strict timelines have been prescribed for grievance redressal:
Acknowledgement of complaint within 24 hours and adjudication of the complaint within 15 days; and
In case the complaint made is concerning any obscene/nude content, the intermediary is required to bring down the content within 24 hours.
A higher threshold of compliance requirement is required for SSMI. The rules envisage SSMI to:
Appoint a chief compliance officer for ensuring compliance with the IT Act and rules. The officer shall be liable relating to any third-party information, data hosted by that intermediary where he fails to ensure that the intermediary observes due diligence while discharging its duties. The chief compliance officer should be a resident of India;
Appoint a nodal officer for coordination with law enforcement agencies, who should be resident in India; and for the
Appointment of a resident grievance officer, who should also be resident in India.
Furthermore, they are required to publish monthly compliance reports of the complaints filed and decided. They should also deploy automated tools to (a) proactively identify information that depicts any act or simulation depicting rape, child sexual abuse or conduct; and (b) any information which is identical in content to the information that has previously been removed.
Decryption of communication on demand
In general, national security, protection of law and order, and prevention of sexual crimes are why the government asks message service providers such as WhatsApp to identify the first originator of the information.
The SSMI argue there is no way to predict which message will be the subject of such a tracing order. Therefore, it will need to make changes in its app or platform. The new rules have caused a stir among messaging companies such as WhatsApp, Signal, and others. It seems that the new rules put a significant onus on them to comply with demand to provide information about their users' activity.
It further requires them to change their business model and stated policy that all communication on their platform is end-to-end encrypted.
Just as the new rules were to come into the force, WhatsApp filed a writ before the Delhi High Court to challenge the rules. WhatsApp has objected to the traceability clause provided under Rule 4(2) that requires social media platforms to locate "the first originator of the information."
The intermediaries also question the power given to the law enforcement agencies to seek information, and lack of clarity on the words used in the rules ‘sovereignty and integrity of India’, ‘the security of the state’, ‘friendly relations with foreign states’, or ‘public order’ that law enforcement agencies can exploit. Furthermore, in most countries, such orders are backed by a judicial order following due process of law. Thus in some sense, these rules give unfettered powers to the executive to demand decryption
Working towards a common interest
As a business, no social media intermediary wants its platform to be used for criminal activities, distribute pornographic materials, or instigate violence. However, they are concerned about protecting the user's privacy and aim to provide space where an individual has the right to express himself. Thus, it is essential to define further and clarify the rules so that it does not curtail an individual's freedom, which may have a chilling effect on the use of social media.
In addition, from a technical point of view, it may be challenging to introduce traceability without breaking end-to-end encryption. Thus, all stakeholders should work together to find a solution that protects the interest of consumers and intermediaries and ensures that criminal activities are curtailed.
Ranjan NarulaManaging partner, RNA, Technology and IP AttorneysE: rnarula@rnaip.com
