Technology Law Analysis

MeiTy seeks public comments on amendments to Intermediary Rules

• On June 6, 2022, MeiTy released draft amendments (“Draft Amendments”) to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules”), seeking public comments. Last date of submission of comments is July 6, 2022.

• The press note accompanying the Draft Amendments indicates that the intent behind the Draft Amendments is to:

  • create an open, safe, trusted and accountable internet;

  • ensure intermediaries providing services in India comply with Indian laws and safeguard Indian citizens’ Constitutional rights, and

  • provide additional forums for grievance redressal, apart from court.

• While the intent behind the Draft Amendments is laudable,

  • the horizonal application of Constitutional rights to private parties is unprecedented;

  • the language of the Draft Amendments is also vague and open-ended;

  • some of the obligations appear inappropriate in relation to intermediaries, and conflict with the concept of intermediaries under the Information Technology Act, 2000 (“IT Act”); and

  • some of the obligations sought to be introduced under the Draft Amendments appear suited for only social media intermediaries/’public facing’ platforms, and not all types of intermediaries. 

• While the press note states that the Draft Amendments will not impact early stage or growth stage Indian companies or startups, the text of the Draft Amendments do not appear to make reference to early stage or growth stage Indian companies or startups. There is no clarity on what is meant by early stage or growth stage Indian companies or startups and which aspects are not applicable to them. E.g. is the refence being made to threshold prescribed for SMI to be considered as SSMI¹?

Background

• The Central Government introduced the updated IT Rules in February 2021. The IT Rules seek to regulate, among others, (a) general intermediaries, (b) a type of intermediary termed social media intermediaries² (“SMI”), and significant social media intermediaries (“SSMIs”)³. The IT Rules replaced the erstwhile Intermediary Guidelines Rules, 2011.

• The IT Rules prescribe due diligence obligations which intermediaries are required to follow in order to avail of ‘safe harbour’ from liability for content on their platforms⁴.

The Draft Amendments

1. Ensuring compliance with user agreements

   The current IT Rules require intermediaries to prominently publish their user terms and conditions on their website/mobile application (“User Terms”). The Draft Amendments require intermediaries to ‘ensure’ compliance with the terms and conditions⁵.

   (a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person and ensure compliance of the same.;

   The scope of the term ‘ensure compliance’ under Rule 3(1)(a) is unclear, i.e.,  it is unclear whether a) intermediaries are required to ensure that users do not publish any content in violation of the terms and conditions (this will amount to pre-filtration), or b) intermediaries are required to simply enforce their terms and conditions, i.e., take down content which has violated their User Terms⁶. The press note accompanying the Draft Rules indicate that the latter interpretation.

   In our view, the amendment should be reworded as “and enforce compliance of the same, should the intermediary notice violation of the terms specified under Rule 3 (1) (b)”

2. Causing users not to host, upload, publish, store, etc. information in violation of User Terms

   Rule 3(1)(b) of the IT Rules require intermediaries to inform users not to host, upload, display, publish, store, etc., certain types of information⁷. The Draft Amendments require intermediaries to ‘cause the user of its computer resource’ not to host, upload, display, publish, store, etc., this information. This is problematic for the following reasons:

   1. Scope of obligation unclear

      How can intermediaries ‘cause’ a user not to publish certain types of information is unclear. The language suggests that the obligation is for intermediaries to preclude users from publishing the aforesaid categories of content, or pre-censor content.

      Intermediaries cannot be required to (i) pre-moderate user content, nor (ii) determine the legality of content, as that will go against the very concept of Intermediaries as envisaged by the IT Act, as discussed above.

   2. Obligation inappropriate in relation to all intermediaries

      Several intermediaries such as cloud service providers, video conferencing apps, private messaging platforms, are not 'public facing' platforms, i.e., the user content on the platforms are not visible to the public, and therefore unlawful user content on such platforms cannot go ‘viral.’.

      Accordingly, obligating such platforms to police user content on their platforms under proposed Rule 3(1)(b) of the IT Rules is inappropriate. This obligation, with due modification, should be limited to intermediary platforms which are ‘public facing,’ i.e., where user content is visible to the public.  

      In our view, this amendment is not required.

3. Taking ‘reasonable measures’ to⁸ ensure accessibility of services, and meeting certain reasonable expectations of users.

   Rule 3(1)(m) of the IT Rules requires intermediaries to take all reasonable measures to ensure accessibility of service to users, along with reasonable expectation of due diligence, privacy and transparency.

   1. Scope of ‘accessibility of services’ unclear

      The meaning of ‘accessibility of services’ is unclear, i.e., whether it refers to (a) accessibility in terms of making services accessible to disabled persons, or (b) access to services by all persons.

      In the Code of Ethics appended to the IT Rules, this terminology is used in relation to disabled persons, i.e., there is a requirement for publishers to introduce measures to ‘improve accessibility of online curated content by persons with disabilities.’

      Accordingly, this language, and the scope of intermediaries’ obligation under this rule should be clarified.

   2. Scope of obligation unclear

      Similarly, the requirement to take reasonable measures to ensure accessibility of services to users, and to meet users’ reasonable expectations of due diligence, privacy, and transparency is unclear, i.e.:

      1. The terminology of ‘reasonable measures’ is vague and does not define the exact scope of obligations.

      2. What are the due diligence obligations required to be carried out? The IT Rules as a whole prescribe due diligence obligations for intermediaries.

      3. What is meant by ‘transparency,’ i.e., what processes are intermediaries required to be transparent about?

      4. What is a ‘reasonable’ expectation of due diligence, privacy and transparency.

      In the case of Shreya Singhal v Union of India⁹, the Supreme Court had struck down Section 66A of the IT Act on grounds of vagueness, (in part). In its current wording, the obligations under these rules do not appear implementable by intermediaries, and may be vulnerable to being struck down for similar reasons.

      The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, impose obligations on body corporates to safeguard certain types of private information. Intermediaries are already required to comply with the SPDI Rules under the IT Rules¹⁰.  Further, since there will be a special legislation in the form of the Personal Data Protection Bill which will comprehensively deal with privacy issues, it is unclear why privacy obligations are sought to be introduced vide these Draft Amendments.

      In our view this provision should not be included as it is vague and does not provide any specific guidance of compliance.

4. Respecting rights accorded to citizens under the Constitution of India

   The Draft Amendments require intermediaries to respect the rights accorded to citizens under the Constitution of India¹¹. The press note accompanying the Draft Amendments also states that one of the principles underpinning the Draft Rules is to ensure intermediaries do not contravene the Indian Constitution in letter and spirit, and the reason for introduction of this insertion is because ‘a large number of intermediaries have acted in violation of constitutional rights of Indian citizens.’

   There has been a plethora of Indian cases which clarify that fundamental rights under the Constitution such as freedom of speech and expression¹², and protection of life and personal liberty¹³ (which has been interpreted to include the right to privacy¹⁴), are only enforceable against the State and instrumentalities of the State. These rights are not enforceable against private entities nor have been applied in case of publication of views on other media. For example, an individual cannot require a private newspaper to publish an article, nor force a private TV channel broadcast their interview, citing the fundamental right to freedom of speech and expression.

   Accordingly, this obligation cannot be imposed on private intermediary platforms (specially by way of rules, under a principal act which does not have such contemplation), nor will such an obligation be enforceable against such platforms.

   In our view this provision should not be included, as in any event, the appeal provisions have been added for user grievance. Or the provision could be reworded as follows:

   While enforcing User Terms, regard may be had to the rights accorded to citizens under the Constitution of India.

5. Takedown Obligations

   The IT Rules require grievance officers of intermediaries to acknowledge complaints for violation of the IT Rules within 24 hours, and dispose of such complaints within 15 days¹⁵.

   The Draft Amendments seek to require intermediaries to address complaints for removal of certain content under the grounds specified under Rule 3(1)(b)¹⁶ within 72 hours, and any other complaints within 15 days. The press note suggests that the reason for introduction of this short timeline is to ensure removal of potentially problematic content expeditiously.  

   1. Obligation should be limited to ‘public facing’ intermediary platforms

      As we have discussed above, this obligation should be limited to ‘public facing’ intermediary platforms. It is inappropriate to introduce this obligation in relation to all intermediary platforms, as several platforms host/store user content which is not visible to the public, and therefore cannot go viral.

   2.  Timeline

      Rule 3(1)(b)  read with Rule 3(2) requires intermediaries to determine complaints relating to violation of User Terms in 72 hours, which may involve making challenging determinations, such as whether content is (i) patently false of misleading (which may require fact-checking), (ii) threatens public order (which may require determination of local sentiment), among others.

      The timeline of 72 hours is too short for intermediaries to make such determinations. This may make intermediaries trigger-happy and excessively take down content, which may impinge upon free speech.

   This obligation should be limited in its applicability to ‘public facing’ intermediaries, and the timeline for compliance should be increased suitably.

6. Appeal to Grievance Appellate Committee

   The Draft Amendments introduce a “Grievance Appellate Committee” to decide appeals arising from decisions of an Intermediary’s Grievance Officer¹⁷. The Draft Amendments indicate that there may be multiple Grievance Appellate Committees, by stating there may be ‘one or more.’

   The Draft Amendments states that the Grievance Appellate Committee will be staffed by a Chairperson and other members as may be appointed by the Central Government¹⁸. The Draft Amendments do not provide any additional clarity on the composition of the Grievance Appellate Committee.

   1. Timelines for Disposal of Grievances

      While appeals must be preferred by any person aggrieved by the decision of a Grievance Officer, within 30 days of receipt of such decision¹⁹, the Grievance Appellate Committee is required to ‘endeavor’ dispose the appeals within 30 calendar days of such appeal being preferred²⁰. There is no strict timeline for the Grievance Appellate Committees to determine appeals.

   2. Self- Regulatory Grievance Appellate Bodies

      It was reported²¹ that government is suggesting that the social media intermediaries could set up their own self-regulated grievance appellate bodies in lieu of a Government committee. It is unclear whether such diverse intermediary platforms will be able to come together to set up self-regulatory bodies with uniform standards.

      We recommend that in order to make this grievance redressal mechanism effective, it is important to impose strict timelines on the Grievance Appellate Committees to decide the appeal within fixed timelines.

   3. Right to Refer Grievances to Grievance Appellate Bodies

      Intermediaries may determine whether content violates their own user terms and conditions. However, if content does not violate their terms and conditions, and user makes a complaint on grounds enlisted under Rule 3(1)(b), then intermediaries should have the ability to refer such questions to the Grievance Appellate Committee and comply with their orders, rather than take decision on the complaint.

   Hence, it is recommended that a right to refer the complaint to the Grievance Appellate Committee be inserted. Such order them will be binding on the intermediary.

Takeaways

With public order issues such as communal tensions, mob killings, etc., arising from viral content on social media, one can understand the intent behind the Draft Amendments. However, there is a disconnect between the intent and the ultimate wording of the Draft Amendments. Excessive policing of content by intermediaries may also have a freezing effect on free speech. Therefore, the Draft Amendments need a considerable re-look to achieve their intent, without excessively burdening intermediaries.

– Tanisha Khanna, Aarushi Jain & Gowree Gokhale

You can direct your queries or comments to the authors

¹ Rule 2(1)(v) defines a significant social media intermediary as “a social media intermediary having number of registered users in India above such threshold as notified by the Central Government”. This threshold was thereafter notified as 50 (fifty) lakh registered users.

² Rule 2(1)(w) defines a social media intermediary as “an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services”

³ Rule 2(1)(v) defines a significant social media intermediary as “a social media intermediary having number of registered users in India above such threshold as notified by the Central Government”. This threshold was thereafter notified as 50 (fifty) lakh registered users.

⁴ Section 79(2)(C), IT Act

⁵ Rule 3(1)(a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person and ensure compliance of the same.;

⁶ Content which:

(i)belongs to another person and to which the user does not have any right;

(ii)is defamatory, obscene, pornographic, paedophilic, invasive of another‘s privacy, including bodily privacy, insulting or harassing on the basis of gender, libellous, racially or ethnically objectionable, relating or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws in force;

(iii) is harmful to child;

(iv) infringes any patent, trademark, copyright or other proprietary rights;

(v) violates any law for the time being in force;

(vi) deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact;

(vii) impersonates another person;

(viii) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting other nation;

(ix) contains software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer resource;

(x) is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person;

⁷ Section 3(1)(b), IT Rules

⁸ Rule 3(1)(m)

⁹ (2015) 5 SCC 1

¹⁰ Rule 3(1)(i)

¹¹ Rule 3(1)(m)

¹² Article 19(1)(a), Constitution of India

¹³ Article 21, Constitution of India

¹⁴ Justice K.S.Puttaswamy(Retd) vs Union Of India

¹⁵ Rule 3(2)(i), IT Rules

¹⁶ Content which:

(i)belongs to another person and to which the user does not have any right;

(ii)is defamatory, obscene, pornographic, paedophilic, invasive of another‘s privacy, including bodily privacy, insulting or harassing on the basis of gender, libellous, racially or ethnically objectionable, relating or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws in force;

(iii) is harmful to child;

(iv) infringes any patent, trademark, copyright or other proprietary rights;

(v) violates any law for the time being in force;

(vi) deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact;

(vii) impersonates another person;

(viii) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting other nation;

(ix) contains software virus or any other computer code, file or program designed to interrupt, destroy or limit the functionality of any computer resource;

(x) is patently false and untrue, and is written or published in any form, with the intent to mislead or harass a person, entity or agency for financial gain or to cause any injury to any person;

¹⁷ Rule 3(3)(a)

¹⁸ ibid

¹⁹ Rule 3(3)(b)

²⁰ Rule 3(3)(c)

²¹ https://economictimes.indiatimes.com/epaper/delhicapital/2022/jun/08/et-front/social-media-cos-can-set-up-redressal-appellate-body/articleshow/92069569.cms?from=mdr