Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021: Finding Settled Shores? – By Abhinav Mathur

June 29, 2021

Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Rules) was introduced on 25^th February, 2021 by the Central Government in suppression of the Information Technology (Intermediaries Guidelines) Rules, 2011. Much anticipated, the new Rules were brought in with an intention to provide clarity on the vexed area surrounding the liability and obligations of Intermediaries.

The Rules provide due diligence obligations which are required to be performed by the Intermediaries. Before moving further, it is imperative to define the contours of the Intermediary. The Rules have bifurcated Intermediary into 2 classes viz. Social Media Intermediary (SMI) and Significant Social Media Intermediary (SSMI) based on user registration. Intermediaries having more than 50 lakh users are classified as SSMI. Under the Rules, Intermediary is defined as a platform which enables online interaction between users for creation and sharing of information.

Due Diligence Obligations

The Intermediary shall prominently publish, on its website or mobile-based application, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person. Further, it is mandatory for the Intermediary to inform the user not to host, display, upload, modify, publish, transmit, store, update or share any information that is prohibited under the Rules. Further, it is obligated that the Intermediary shall, not later than seventy-two hours of the receipt of an order, provide information under its control or possession, or assistance to the Government agency which is lawfully authorised for investigation. The Rules also cast obligation on Intermediaries, upon receiving actual knowledge in the form of an order from a court or notification from Government authority that certain information hosted by it is prohibited information, to remove or disable access to such information within 36 hours of the receipt of such order or notification.

In addition to the obligations imposed on Intermediaries, SSMI, which is a distinct class, have an additional requirement to appoint three officers with different responsibilities. The officers are:

Mechanism for Digital Media

Evolvingly, the Rules impose various obligations on digital media entities which carry out systematic business of making content available within India. These digital media entities would essentially include publishers of news and current affairs and publishers of online curated content (Publishers), who shall adhere to a Code of Ethics (Code) prescribed under Part III of the Rules. Interestingly, even foreign news publishers with an online presence in India shall be regulated by this Code. Part III envisage three-tier structure for addressing the grievance regarding content published by Publisher. Level I will be the self-regulating structure wherein Publisher shall establish grievance redressal mechanism and shall appoint grievance officer who will be entrusted for addressing the grievances. If a grievance is not redressed by Grievance Officer within 15 days, the grievance is automatically escalated to Level II which is the self-regulating body of one or more Publishers or their associations. Further, at Level III, the Rules provide for the establishment of an Inter-Departmental Committee which shall hear grievances from the decision of the self-regulating body or other complaints about violation of the Code. It is imperative to note that the said committee will comprise of representatives of different ministries viz. Ministry of Information and Broadcasting, Ministry of Women and Child Development, Ministry of Law and Justice, etc.

Rule 7 deals with the punitive measure which states that where an intermediary fails to observe these Rules, the safe harbour provision enshrined under Section 79 of the IT Act shall apply to such Intermediary and consequently Intermediary shall be liable for punishment under any law for the time being in force including the provisions of the IT Act and the Indian Penal Code.

Rule 4(2) – Major bone of Contention

Rule 4(2) is one of the most debatable amongst other Rules. It casts obligation on the Intermediary to identify the first originator of the information on its computer resource as required by the judicial order passed by the Court. The aforesaid Order can be passed for the purposes of prevention, detection, investigation, prosecution or punishment of an offence related to the sovereignty and integrity of India, security of the State, friendly relations with foreign States, or public order. Now, these big words are subject to the judicial interpretation. The said Rule further provides that the Order shall not be passed in the cases where less cumbersome means are available for identifying the originator of information.

Another interesting provision of the aforesaid Rule is that where the first originator of any information on the computer resource of an intermediary is located outside the territory of India, the first originator of that information within the territory of India shall be deemed to be the first originator of the information. 

Analysis

While the objectives of the Rules are sacred, it is onerous to justify the provision of traceability requirement by Intermediaries on the vexed grounds. There are roundabouts that even though the traceability requirement is implemented in letter and spirit, it is difficult to track the mischief of the real culprit. So, it is not a cakewalk to come closer to the actual ‘originator’ of the offending content.  Further, the problem does not come to an end here as in the event first originator of the offending content is located beyond the boundaries of India, then in that event the first originator of that information or offending content within the territory of India shall be deemed as the first originator of that offending content. Putting it simply, if X forwarded the message (content prohibited in India) received from Y (who is sitting outside India), then by virtue of operation of law and limited wherewithal to track Y outside the locales of India, X would be facing the music of law and would be liable of all the consequences which Y should have ideally faced.

Traceability concept of the Intermediaries may work in the event they break their fundamental and much sold principle of end to end encryption. It is near to impossible that Intermediary giants who are operating at the global level will forgo their most valued feature of end to end encryption for Indian users. Consequently, Intermediaries may lose interest in the Indian market and may end up shutting down their operations.

Following the traceability system and breaking the encryption would prejudice the privacy aspect of users. Ensuring privacy of users is one of the most important aspects of the Intermediaries which enable Intermediaries to hold the trust of their users. Moreover, fear of identification and sanction may lead to the chilling effect on the Freedom of Speech and Expression as Individuals will be reluctant to share information. Further, considering the amount of data/messages generated on the platforms of the Intermediaries, it will be highly unlikely that Intermediaries will be keen to break the encryption concept solely for the Indian market.

The combination of these stipulations tilted more in favour of the government, irrespective of whether its takedown request is legitimate or not. An Intermediary under the threat of criminal sanction is heavily incentivised to helplessly comply with a government order than exercise the due care and restraint it could under a normal scenario. This may lead to rampant government censorship. 

It is vital to note that the IT Act does not contemplate digital news and publisher of online curated content. Thus, the act of covering digital news and online curated content under the Rules tantamount to executive overreach and thus not permissible within the constitutional framework.

Way Forward

The Freedom of Expression and Privacy are interpreted as basic and quintessential principles by the Judiciary. Looking in entirety, the Rules aim to strengthen the overall legal framework for the Intermediaries. However, one may not rule out the possibility of prejudicing the privacy and Freedom of Expression of individuals. Rule 4(2) seems to be problematical as it will all boil down to the interpretation of the Judiciary with regard to the broad grounds for traceability of information. Further, tracing the originator of information would undermine the commitment to free and secure communication that underpins data protection principles and cybersecurity best practices. The Intermingling of Executive is also a cause of concern for effective and transparent regulation of digital media. Courts are already witnessing  a series of challenges being filed, questioning the sanctity of the Rules. With all hullabaloos around, one thing is sure that the Intermediaries and media giants should prepare themselves for a more tightened legal framework in the time to come.

****

Abhinav Mathur is Associate Partner in Chir Amrit Legal LLP, Jaipur

Disclaimer: The views or opinions expressed are solely of the author.