India: Intermediaries And Their Tryst With The Law

Introduction

While the concept of intermediaries has been on the statute book since 2000, there has lately been an increasing discourse on their responsibilities and regulation. The Information Technology Act, 2000 ("IT Act") defines an intermediary as any person who on behalf of another person receives, stores or transmits an electronic record or provides any service with respect to that record¹. The definition is exhaustive in nature and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.

The power and potentiality of intermediaries such as Facebook, WhatsApp and Twitter is vast and runs across borders. The content on these platforms has the ability to influence vast sections of opinions. The Supreme Court recently rejected the contention of one of the global intermediaries (Facebook) that it is merely a platform which posts third party information and has no role in generating, controlling or modulating that information². In Covid times, there have been some fast-paced developments around the world in relation to the role and management of intermediaries. In February 2021, India ushered in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("IT Rules, 2021") which introduced stringent due diligence measures to be complied by the intermediaries. A slew of petitions have been filed before various High Courts in India challenging the constitutionality of the IT Rules, 2021 on various grounds. The present note discusses the IT Rules, 2021 from the perspective of intermediaries and some recent judgments on their tryst with the law.

Intermediaries and IT Rules, 2021

1. Fresh classification: The IT Rules, 2021 classify intermediaries into 'social media intermediary' ("SMI") and 'significant social media intermediary' ("SSMI"). A social media intermediary is an intermediary which enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services³. A SSMI is a SMI which has over fifty lakh registered users in India⁴. SSMIs are required to have a physical contact address in India published on their websites and mobile based applications for receiving communication addressed to them⁵. The intent behind the above classification appears to be to curb instances of social media manipulation and prevent the dissemination of fake news. It is debatable whether the intermediaries could have been classified by way of the IT Rules, 2021, in the absence of the IT Act providing for such a classification or any rule making power to this effect⁶.

2. Due diligence measures for intermediaries: The need for intermediaries to adhere to due diligence measures can be traced to the IT Act⁷. Part II of the IT Rules, 2021 introduces a range of stringent due diligence measures to be implemented by the intermediaries. Some of the measures to be complied by the SMIs and SSMIs are set out below:

• Defamatory, obscene, pornographic, invasive of other's privacy, insulting on the basis of gender, racially or ethnically objectionable or 'contrary to the laws of India'.

• Infringes any patent, trademark, copyright or other proprietary rights.

• Deceives or misleads a person about the origin of the message or intentionally communicates information which is false or misleading or impersonates any other person.

• Threatens the unity, integrity, defense, security or sovereignty of India, friendly relations with foreign states or public disorder or incites commission of a cognizable offence or prevents investigation of an offence.

• Is false and is published with the intent to mislead or harass a person for financial gain or cause injury to a person.

3. Removal of unlawful information: The IT Rules, 2021 require intermediaries to remove unlawful information from their platforms upon receipt of 'actual knowledge' in the form of a court order or upon being notified by the appropriate government to remove such content¹⁰. This requirement is an embodiment of the principles laid down by the Supreme Court in Shreya Singhal v. Union of India¹¹ which had read down the provisions of law in this regard¹². Intermediaries are now required to remove unlawful information as soon as possible and not later than 36 hours from the receipt of the court order or notification from the appropriate government¹³. Any information which has been removed by an intermediary and its associated records are required to be preserved for 180 days for investigation purposes or for a longer period as required by a court or by a government agency¹⁴. The IT Rules, 2021 tend to overrule the Shreya Singhal judgment by providing that the intermediaries can remove content on voluntary basis or on the basis of the grievances received by them from the users of its platforms¹⁵. Shreya Singhal had recognized that it would be very difficult for intermediaries such as Google, Facebook etc. to remove content on their own as they would have to judge the legitimacy of such complaints from the millions of requests received by them.

4. Grievance redressal mechanism: Intermediaries are required to appoint a grievance officer ("GO") for the redressal of complaints by its users for the violation of the said rules and to establish a mechanism by which the complaints can be made. The details of the GO are required to be published on the website and mobile application of the intermediary. The complaints received by the intermediaries are required to be acknowledged within 24 hours and disposed off within 15 days of their receipt¹⁶. For SSMIs, the GO is required to be a resident of India¹⁷. Till date, intermediaries such as Facebook¹⁸, WhatsApp¹⁹ and Twitter²⁰ have appointed resident GOs under the IT Rules, 2021.

5. Additional compliances by SSMIs: Certain additional compliances have to be observed by SSMIs such as appointing a Chief Compliance Officer ("CCO") who is required to be a key managerial personnel or a senior employee of SSMI. The CCO is required to ensure the compliance of the IT Act and IT Rules, 2021 and shall be liable in any proceedings relating to any relevant third-party information where the CCO fails to ensure the observance of due diligence measures by the intermediary²¹. SSMIs are also required to appoint a nodal contact person resident in India for coordination with the law enforcement agencies²². They are also required to publish monthly compliance reports mentioning the details of the complaints received, action taken on them etc.²³ SSMIs providing messaging services are required to enable the identification of first originators of the information on its computer resources as required by court orders or an order passed by the competent authorities²⁴. WhatsApp, an intermediary which provides messaging services has challenged this requirement under the IT Rules, 2021 on the ground that it will have to break its end-to-end encryption. WhatsApp has contended that this requirement will raise violation of privacy issues. The Indian government has responded to such concerns by stating that it has no intention of violating privacy of users and the originator of information will only be traced as a measure of last resort and where other remedies prove to be ineffective²⁵. This response appears to be in line with international practices²⁶.

6. Safe harbour: Subject to fulfilment of certain conditions under the IT Act, intermediaries are not liable for hosting third party information or data if their role is limited to providing access to a communication system over which the information is made available. As per the IT Act, this immunity or safe harbour is not available if the intermediary has conspired or abetted the commission of an unlawful act or if it fails to remove content from its platform which is being used to commit an unlawful act, upon receiving actual knowledge of a court order or a notification from the appropriate government²⁷. The instances when an intermediary would lose the protection of the safe harbour under the IT Act have now been broadened to include the failure to observe the IT Rules, 2021. Additionally, the IT Rules, 2021 makes the non-compliance of the said rules as a punishable offence under 'any law', including the IT Act and the Indian Penal Code, 1860²⁸. This appears to be intended to instill a fear of compliance among the intermediaries. Interestingly, the relevant rule does not indicate whether the non-compliance should be intentional or done with knowledge in order to attract criminal liability for the intermediary. It is questionable whether the move to impose criminal liability on the intermediaries by way of the IT Rules, 2021 will satisfy the tests of reasonableness and proportionality under the Constitution of India.

Recent judgments

1. Summons to Facebook from the Delhi Legislative Assembly²⁹: On 8 July 2021, the Supreme Court delivered a landmark judgment on the vast powers and responsibilities of the intermediaries. The Supreme Court was considering the challenge made by Facebook India and its Managing Director to the issuance of summons by the Delhi Legislative Assembly for probing Facebook's alleged role in the Delhi riots which occurred in February 2020. The issuance of summons was in response to the various complaints received by the Peace and Harmony Committee of the Assembly alleging intentional omission and deliberate inaction on the part of Facebook to apply hate speech rules and policies which had allegedly led to serious disruption of peace across Delhi. The Supreme Court did not mince words and rejected Facebook's contention that it was merely a platform posting third party information without performing any role itself. The court observed that Facebook's role in posting content is more active and not as innocuous as often presented when dealing with third party content. The court noted the growing concerns expressed by the governments worldwide and the need for greater accountability by the intermediaries which have become power centres themselves. In conclusion, the court rejected Facebook's argument that the Peace and Harmony Committee of the Assembly could not summon the officials of Facebook India in connection with an inquiry related to the Delhi riots.

2. 41-A CrPC notice to Twitter's MD³⁰: On 23 July 2021, the Karnataka High Court quashed a notice under S. 41-A of CrPC, issued by the Uttar Pradesh police to the Managing Director of Twitter India. The notice was issued in connection with an FIR registered by the Ghaziabad police over a video posted on Twitter showing the assault of a Muslim man. The High Court observed that the notice was issued without ascertaining as to whether the MD of Twitter India had any control over the contents posted on Twitter and the police had not received any credible information to this effect. The police was given the liberty to record the statement of Twitter India's MD through virtual mode.

Comment

The underlying philosophy of the IT Rules, 2021 is that the intermediaries are required to exercise a strict vigil on the content posted on their platforms and practice aggressive due diligence measures. While the object of the IT Rules, 2021 to bring in accountability measures for the intermediaries cannot be doubted, the manner in which they are sought to be achieved is questionable. The introduction of the new regime by way of delegated legislation in the form of rules, disregard for the Shreya Singhal judgment by conferring discretion on intermediaries to remove content on voluntary basis, blanket introduction of criminal liability for non-compliance of the IT Rules, 2021, are few issues which will have to be tested on the touchstone of constitutional principles. The strong observations made by the Supreme Court in the Ajit Mohan case on the growing influence of the intermediaries leaves no manner of doubt that their functioning should be regulated as their platforms can be misused to create law and order issues.

India cherishes its commitment to the fundamental right to freedom of speech and expression and exchange of ideas. This commitment will have to be extended to the intermediaries while examining the validity of the IT Rules, 2021. A delicate balance will have to be struck between the compelling state interest to maintain law and order, curb social media manipulation and the need to ensure that the intermediaries do not lose their original character i.e., platforms promoting the exchange of information and free and liberal debates on matters of public importance.

Acknowledgement: The author would like to acknowledge the research and assistance rendered by Amogh Sharma, Trainee at Phoenix Legal, Delhi, for this note.

Footnotes

1. S. 2(1)(w) of IT Act. The Andhra Pradesh High Court in Dr. Chegudi Ashok Babu v. Karunakar Sugguna 2019(6) ALD 215 has held that intermediaries are like third party organizations that offer intermediation services between parties trading amongst themselves and they act as ducts for services offered by a supplier to the relevant consumer.

2. Ajit Mohan & Ors. v. Legislative Assembly, NCT of Delhi & Ors. 2021 SCC OnLine SC 456.

3. Rule 2(1)(w) of IT Rules, 2021.

4. Rule 2 (1) (v) of IT Rules, 2021. The threshold for being considered as a SSMI, i.e., above fifty lakhs registered users in India, was notified by the Ministry of Electronics and Information Technology by its notification dated 25 February 2021.

5. Rule 4(5) of IT Rules, 2021.

6. The IT Rules, 2021 have been made in the exercise of powers under S. 87(1), S. 87(2)(z) and 87(2)(zg) of the IT Act. These provisions do not empower the Central Government to classify the concept of intermediary as defined under the IT Act. In this regard, the Supreme Court in State of Karnataka v. H. Ganesh Kamath (AIR 1983 SC 550) has held that the rule making power under a statute does not enable the rule making authority to make a rule which travels beyond the scope of the enabling act.

7. S. 79(2)(c) of the IT Act.

8. Rule 3(1)(a) of IT Rules, 2021.

9. Rule 3(1)(b)(i) to (x) of IT Rules, 2021.

10. Rule 3(1)(d) of IT Rules, 2021 read with S. 79(3)(b) of the IT Act.

11. (2015) 5 SCC 1

12. The court had read down S. 79(3)(b) of the IT Act and the then Rule 3(4) of the Information Technology (Intermediary Guidelines) Rules, 2011 (now been superseded by IT Rules, 2021).

13. Proviso 2 to Rule 3(1) (d) of IT Rules, 2021.

14. Rule 3(1)(g) of IT Rules, 2021.

15. Proviso 3 to Rule 3(1)(d) of IT Rules, 2021.

16. Rule 3(2) of IT Rules, 2021.

17. Rule 4(1)(c) of IT Rules, 2021.

18. https://en-gb.facebook.com/help/172990116225777

19. https://faq.whatsapp.com/general/security-and-privacy/how-to-contact-the-grievance-officer-in-india

20. https://help.twitter.com/en/rules-and-policies/report-twitter-abuse-india

21. Rule 4(1)(a) of IT Rules, 2021.

22. Rule 4(1)(b) of IT Rules, 2021.

23. Rule 4(1)(d) of IT Rules, 2021.

24. Rule 4 (2) of IT Rules, 2021.

25. https://www.pib.gov.in/PressReleasePage.aspx?PRID=1721915

26. The UK's Secretary of State for the Home Department had along with officials from Australia and United States written a letter to Facebook, asking it to not impose end-to-end encryption without ensuring that law enforcement could obtain lawful access to the content to enable the safety of the public. (See https://www.gov.uk/government/publications/open-letter-to-mark-zuckerberg/open-letter-from-the-home-secretary-alongside-us-attorney-general-barr-secretary-of-homeland-security-acting-mcaleenan-and-australian-minister-f)

27. Section 79(3) of IT Act.

28. Rule 7 of IT Rules, 2021.

29. Ajit Mohan & Ors. v. Legislative Assembly, NCT of Delhi & Ors. 2021 SCC OnLine SC 456.

30. Manish Maheshwari v. State of Uttar Pradesh (W.P. No. 11028 of 2021).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.