India: The Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules, 2021: Impact On Digital Media

Introduction of the Information Technology Rules:

After years of discussions and debates, the Ministry of Electronics and Information Technology, Government of India has notified new rules under the Information Technology Act, 2000 ("IT Act") for monitoring social media digital media platforms. The new rules, viz. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("Intermediary Guidelines") inter alia aims to serve a dual-purpose: (1) increasing the accountability of the social media platforms (such as Facebook, Instagram, Twitter etc.) to prevent their misuse and abuse; and (2) empowering the users of social media by establishing a three-tier redressal mechanism for efficient grievance resolution. The Intermediary Guidelines have been framed in exercise of powers under section 87(2) of the IT Act and supersede the previous Information Technology (Intermediary Guidelines) Rules, 2011.

Need for Regulating the Social Media Platforms and Digital Media Platforms:

India is claimed to be the world's "largest open Internet society" and attracts many social media companies to do business in India. However, there are a growing number of instances where social media is being used as a tool for violating the dignity of women, settling 'out-of-office' corporate rivalries, inciting malicious or anti-national 'fake news', inciting communal riots through disrespect to religious sentiments, mass circulation of obscene content, financial frauds and recruitment of youth by terrorist organizations. This abuse of social media is compounded due to lack of a robust complaint and redressal mechanism which is inaccessible to the ordinary social/digital media users. It was therefore considered to set in motion a mechanism for consumer complaints and redressal powers in the form of Intermediary Guidelines. The Intermediary Guidelines are intended to be integrated into the existing information technology laws and regulate the social media and digital media platforms within India.

The Intermediary Guidelines are being argued to be "progressive, liberal and contemporaneous"¹ and are intended to balance the myriad concerns of the public related to lack of transparency, accountability and rights of users with the misapprehension relating to curbing the constitutional freedom of speech and expression. The rationale behind the Intermediary Guidelines stems from a plethora of different orders and reports including the Calling Attention Motion on 'Misuse of Social Media platforms and spreading of fake news' admitted in the Rajya Sabha on July 26, 2018, the Hon'ble Supreme Court's order dated December 11, 2018 which observed that the Government of India should frame necessary guidelines to eliminate child pornography, rape etc. for content hosting platforms and other applications; the Hon'ble Supreme Court order dated September 24, 2019 directing the Ministry of Electronics and Information Technology to apprise the timeline in respect of completing the process of notifying the new rules, and lastly, the report of the Ad-hoc committee of the Rajya Sabha dated February 3, 2020 relating to the alarming issue of pornography on social media and its effect on children and society as a whole.

Key Features of the Intermediary Guidelines:

• An intermediary² including a social media intermediary needs to observe the prescribed due diligence measures in the course of discharging its duties. These due diligence measures inter alia include:

• prominently publishing on the website, mobile based application or both, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person.

• the rules and regulations, privacy policy and the user agreement should inform the user of its computer resource not to host, display, upload, modify, publish, transmit, store, update or share any information that inter alia:

• belongs to another person and to which the user does not have a right;

• is defamatory, obscene, pornographic, pedophilic, invasive of another's privacy, including bodily privacy, insulting or harassing on the basis of gender, libelous, racially or ethnically objectionable, relating or encouraging money laundering or gambling or otherwise inconsistent with or contrary to the laws in force;

• is harmful to the child;

• infringes any patent, trademark, copyright or other proprietary rights;

• deceives or misleads the addressee about the origin of the message or knowingly and intentionally communicates any information which is patently false or misleading in nature but may reasonably be perceived as a fact; and

• threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognizable offence or prevents investigation of any offence or in insulting another nation.

• an intermediary, upon receiving actual knowledge in the form of a court order or upon being notified by the appropriate government or agency under the IT Act, shall not host, store or publish any unlawful information which is prohibited under any law for the time being in force in relation to the interest of the sovereignty and integrity of India, security of the state, friendly relations with foreign states, public order, decency or morality, in relation to contempt of court, defamation, incitement to an offence relating to the above or any information which is prohibited under any law for the time being in force.

• where an intermediary collects information from a user for registration on the computer resource, it shall retain the information for a period of 180 days after any cancellation or withdrawal of the registration, as the case may be.

• the intermediary shall, immediately but not later than 72 hours of the receipt of an order, provide information under its control or possession, or assistance to the Government agency which is lawfully authorized for investigative or protective or cyber security activities, for the purposes of verification of identity, or for the prevention, detection, investigation or prosecution, of offences under any law for the time being in force, or for cyber security incidents.

• the intermediary shall report cyber security incidents and share related information with the Indian Computer Emergency Response Team in accordance with the policies and procedures as prescribed under the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.

• A social media intermediary (i.e., an intermediary which primarily or solely enable online interaction between two or more users) is required to comply with certain additional due diligence measure, which inter alia include:

• appointing a chief compliance officer who will be responsible for ensuring compliance with the provisions of the IT Act and rules framed thereunder and will also be liable in any proceedings relating to any relevant third-party information, data or communication link made available or hosted by the intermediary where the officer fails to ensure that such intermediary observes due diligence while discharging its duties under the IT Act and rules framed thereunder.

• appointment of a nodal contact person for 24x7 coordination with law enforcement agencies and officers to ensure compliance with their orders or requisitions.

• publishing a compliance report every month mentioning the details of complaints received and action taken thereon, and the number of specific communication links or parts of information that the intermediary has removed or disabled access to in pursuance of any proactive monitoring conducted by using automated tools or any other relevant information, as may be specified.

• A significant social media intermediary (i.e., an intermediary having registered users in India above such threshold as notified by the Central Government) will inter alia endeavor to deploy technology-based measures, including automated tools or other mechanisms to proactively identify information that depicts any act or simulation in any form depicting rape, child sexual abuse or conduct, whether explicit or implicit, or any information which has been disabled on the computer resource of such intermediary.

• A significant social media intermediary is required to have a physical contact address in India published on its website, mobile based application or both, for the purposes of receiving the communications addressed to it.

• A social media intermediary is required to enable the user who register for the services from India, or use the services in India, to voluntarily verify their accounts by using any appropriate mechanism, including the active Indian mobile number of such users and where any user voluntarily verifies the account, such user shall be provided with a demonstrable and visible mark of verification, which shall be visible to all users of the service.

• A publisher of new and current affairs contents is required to adhere with the provision of the Code of Ethics, annexed with the Intermediary Guidelines. For the purposes of ensuring observance and adherence with the prescribed Code of Ethics by publishers and for addressing the grievances against the publishers, a three-tier grievance redressal structure has been prescribed, as below:

• Level I is the self-regulating mechanism which inter alia appoints a grievance officer who shall be responsible for the redressal of grievances received by him;

• Level II is the self-regulating body, i.e., there shall be one or more independent self-regulating bodies of publishers, which bodies shall inter alia be responsible to oversee and ensure the alignment and adherence with the Code of Ethics, address grievances which have not been resolved by the publishers within the fifteen days' specified period etc.; and

• Level III is the oversight mechanism, i.e., the Ministry of Electronics and Information Technology shall coordinate and facilitate the adherence with the prescribed Code of Ethics by publishers and self-regulating bodies, develop and oversight mechanism for performing the prescribed functions which inter alia include publishing a charter for self-regulating bodies including Code of Practices for such bodies, establishing an Inter-Departmental Committee for hearing grievances, issuing appropriate guidance and advisories to publishers etc.

(vii) A publisher and self-regulating body are also required to make true and full disclosure of all grievances received

by it, the manner in which grievances are disposed of, the action taken on the grievance, reply sent to the

complainant etc.

In the event of non-observance of the rules of Intermediary Guidelines by an intermediary, the provisions of sub-section (1) of section 79 of the IT Act will not be applicable to such intermediary and the intermediary will be liable for punishment under any law for the time being in force including in accordance with the provisions of the IT Act and the Indian Penal Code.

Conclusion:

The Government of India has observed the models prevailing in different countries such as Singapore, Australia, European Union and the United Kingdom when contemplating the extent and nature of the proposed framework for regulating social media and digital media platforms in India. The development of the Intermediary Guidelines is essentially an attempt to develop a quintessential soft-touch, self-regulatory architecture combined with a three-tier grievance redressal mechanism for digital media platforms operating in India. Through the Code of Ethics prescribed under the Intermediary Guidelines, an attempt is also made to regulate the classification of films and other entertainment programs including web series on the basis of the nature of content.

However, compliance with the provisions of the Intermediary Guidelines is likely to be a difficult task for the social media and digital media platforms and is also being argued as an attempt to restrict the freedom of speech and expression. A tightrope balance would be needed to address the issues of protection and safeguarding of rights of victims of social media versus the individual freedom of expression.

Footnotes

1 Press Release dated February 25, 2021 available at https://pib.gov.in/PressReleseDetailm.aspx?PRID=1700749

2 Defined under IT Act as any person who on behalf of another person receives, stores or transmits that record of provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.

LexCounsel provides this e-update on a complimentary basis solely for informational purposes. It is not intended to constitute, and should not be taken as, legal advice, or a communication intended to solicit or establish any attorney-client relationship between LexCounsel and the reader(s). LexCounsel shall not have any obligations or liabilities towards any acts or omission of any reader(s) consequent to any information contained in this e-newsletter. The readers are advised to consult competent professionals in their own judgment before acting on the basis of any information provided hereby.