Blog Details

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, were issued by the Ministry of Electronics and Information Technology, and they replaced the Information Technology (Intermediaries Guidelines) Rules, 2011.

COMPOSITION 

The regulations are separated into three sections, the first of which deals with various definitions related to the rules. Part 2 of the rules covers the due diligence procedure for social media intermediaries, and part 3 covers news and current affairs content providers as well as OTT platforms.The Article will try to dissect the rule for the social media intermediaries only.

CONSTITUTIONAL AND PUBLIC POLICY PROBLEMS

The rules address due diligence and grievance redressal processes for social media intermediaries, however there is one major flaw in the document. New types of organisations are being formed under the Intermediary guidelines 2021, with the first being social media intermediaries [Rule 2(w)] and the second being substantial social media intermediaries [Rule 2(v)]. And, on the 26th of February, the Ministry of Electronics and Information Technology issued a gazette notification stating that an intermediary with more than 50 lakh registered users will be considered a significant social media intermediary, and that significant social media intermediaries will be subject to different sets of obligations. However, [Rule 6(1)] poses a dilemma since it allows the ministry to require any social media intermediary to observe all of the standards that apply to important social media intermediaries. This is extremely problematic since the ministry can implement this rule at its discretion, and intermediaries will be forced to comply with a slew of regulations that might stymie their operations.

The issue with the Intermediary Recommendations 2021 begins with their development; these guidelines were developed under section 87 of the Information Technology Act 2000. However, in retrospect, the information technology act was intended to give legal legitimacy to electronic data and, with the exception of two locations, it has no provisions for controlling online content (In cyber terrorism [Section 66F] and child pornography [Section 67B] ). The new intermediary standards, on the other hand, took a step further and attempted to regulate the material that is available on the Internet, which might be called excessive delegation. It should be noted that the Indian political system is based on separation of powers, with the legislature making laws and the executive enforcing them. However, the supreme court has already held in the case of Additional District Magistrate (Rev.) Delhi Administration v Shri Ram that rules and regulations should be made by the legislature.

But the most serious flaw in the Intermediary guidelines is [Rule 4(2)], which pertains to significant social media intermediaries and their obligation to disclose the name of the message's first originator if a court order or a competent authority order is issued under Section 69 of the Information Technology Act 2000.

The apex court ruled in the historic decision of  K.S Puttaswamy v. Union of India that the right to privacy is a fundamental right under article 21. Not only that, but the Supreme Court has ruled that the right to privacy encompasses the right to anonymity as well, in Central Public Information Officer, Supreme Court v. Subhas Chandra Agarwal. 

The requirement to identify the first source of information will devastate the concept of privacy in India because, in order to comply with this rule, a significant social media intermediary must track the first source of each message because they will never know which message will be subject to a court order. This clause will deprive citizens of their right to privacy and anonymity.

The Puttaswamy decision establishes a standard by which the government can infringe on a person's basic right to privacy.

• Legality and the existence of the law - The Intermediary Guidelines are not a piece of legislation enacted by the legislature. It's merely a piece of law, and it's well outside the bounds of parent legislation.

• The need requirement - the supreme court stated that the law should protect against arbitrary governmental action while defining the necessity criterion. In this scenario, even if a competent authority issues an order under the Information Technology Act of 2000, the Intermediary must comply. As a result, an arbitrary governmental action can occur without court supervision.

• Proportionality requirement - It is obvious that in order to comply with this criterion, intermediaries must build a system that allows them to trace the source of each communication, as they have no way of knowing which messages may be subject to a court order. As a result, millions of people's right to privacy is being violated in order to apprehend a possible culprit. To what extent is this proportional? In the case of Ram Jethmalani v. Union of India, the Supreme Court stated that citizen basic rights should not be compromised in order to solve a systemic problem. And while the government is attempting to find a way to apprehend a suspected culprit, millions of people's fundamental rights are being jeopardised.

[Rule 4(2)] not only violates the right to privacy, but also violates Article 19's right to free speech and expression. It will have a chilling effect on all legitimate speech, as citizens will be hesitant to talk freely if their private conversations may be recorded and used against them later. Not only does the central government have the power to impose due diligence on intermediaries under section 79 of the information technology act of 2000, but forcing intermediaries to fundamentally alter their platform (such as WhatsApp, which uses end-to-end encryption) is outside the scope of due diligence. Also, while the preamble of the Information Technology Act of 2000 mentions “uniformity of the law”; one is not aware of any nation that requires its intermediate to locate the message's initial source.

Also covered by [Rule 4(2)] are major social media intermediaries that provide messaging services. The issue is that most websites and applications today offer messaging in a different format. So, will this regulation apply just to those who provide primary messaging services, or will it also apply to those who provide auxiliary messaging services?

In certain ways, the Intermediaries Guidelines 2021 compel social media intermediaries to perform under stricter deadlines. The intermediary should act on a takedown procedure within 36 hours under the Intermediary guidelines 2011 [Rule3(4)], however the entire process of taking down should be completed within 36 hours under the Intermediary guidelines 2021 [Rule3(1)(d)]. Furthermore, there was no deadline for providing information to law enforcement agencies in the Intermediary Guidelines 2011, [Rule3(1)(j)] in the Intermediaries Guidelines 2021 requires the intermediary to provide information to law enforcement authorities within 72 hours. The issue is that, when working under a tighter deadline, intermediaries may remove certain content just to satisfy the guidelines without doing adequate due diligence, thus chilling the right to free speech and expression.

In addition, under [Rule 3(2)(b)] of the intermediary rules 2021, if any individual files a complaint about any obscene material linked to him being distributed (Nude photographs, altered image), the intermediary must take down such information within 24 hours. The government's action is admirable, but the timeframe set is too short.

Not only that, but according to the intermediary guidelines 2021 [Rule 3(1)(h)], the personal data protection bill 2019 does not go hand in hand with the intermediate recommendations. The data retention period has been doubled to 180 days for investigation purposes, and the data should be preserved even after the user has deleted the account. However, according to [Section 9(1)] of the personal data protection bill, data fiduciaries are not allowed to keep data for longer than is necessary, and it must be deleted once the processing of data is completed. Furthermore, the data principle has the right to be forgotten under [Section 20] of the law, which limits the data fiduciary's ability to use personal data if it has fulfilled its purpose or the data principal has withdrawn consent. However, even if you cancel your account, your data will be maintained for 180 days, which is a complete violation of your right to be forgotten. The [Rule 3(1)(h)] of the intermediate guidelines 2021 violates both of these provisions.

Another hidden issue in the Intermediary Guidelines 2021 is [Rule 4(4)], which discusses the use of automated techniques to identify content connected to rape and child sexual abuse.

To begin with, it only discusses rape and child sexual abuse, not other types of graphic content. Furthermore, automated technologies are not yet smart enough to distinguish between sexually explicit material and journalistic reporting. For instance, Facebook's automatic filter once flagged a photo of a napalm girl from the Vietnam War as child sexual assault. This sort of automated technology is still in its infancy, and depending on it might have a chilling impact on Article 19's right to free speech and expression. There's also a risk that this automated tool could introduce certain social prejudices in determining what is and isn't obscene.

Another issue in the 2021 intermediary rules is that [Rule 4(7)] requires large social media intermediaries to offer optional account verification. Any acceptable method with an active cell phone number can be utilised in this procedure. Because the proper procedure has yet to be determined, the government may compel you to link your Aadhar card to your social network account. Consider transferring your governmental ids to a private firm without a suitable data protection bill since India still does not have a personal data protection legislation because the PDP bill is still stalled in the standing committee. And this isn't only a guess. The Tamil Nadu government moved to the Supreme Court in 2019 with a plea to link all social media accounts with Aadhar cards in order to combat false news, but the motion was denied.

In addition, the Intermediary rules state that major social media intermediaries must now establish a grievance redressal team in India [Rule 4(1)].

• To begin, [Rule 4(1)(a)] states that you should have a chief compliance officer whose job it is to ensure that the firm complies with all of the information technology Act 2000's requirements. This individual should be a senior employee in the organisation and a resident of India.

• Second, [Rule 4(1)(b)] states that you shall have a Nodal contact person whose job is maintaining regular communication with law enforcement organisations. This individual must be an employee of the firm and a resident of India.

• Thirdly, [Rule 4(1)(c)] states that you shall have a local grievance redressal officer whose job is resolving any concerns received by the firm. This individual must be an employee of the firm and a resident of India.

The issue is that this onerous compliance requirement may jeopardise Article 19(1)(g) of the constitution's freedom to free commerce and profession. Companies like GitHub or Bitbucket, which provide code repository services and have millions of users in India, operate in a neutral manner, with all services being virtual. However, under this regulation, they must now hire three full-time officials in India, which is unnecessary. Instead, these organisations would have to either lower the number of registered users in India to below 5 million — or build up operations here, which would be a difficult undertaking.

Conclusion 

It is clear that the Intermediary Guidelines, 2021 not only go beyond the scope of the Information Technology Act of 2000, but also present some significant constitutional and public policy challenges. Instead of enacting regulations under the Information Technology Act, separate legislation should be enacted to govern social media intermediaries. In this situation, a new bill could be considered and discussed in both the Lok Sabha and the Rajya Sabha, and all of the constitutional and public policy issues might be resolved effortlessly, allowing for a fine balance between privacy and public order.