Introduction

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("IT Rules, 2021") were enacted in February 2021, imposing strict due diligence requirements on intermediaries. On various grounds, a spate of petitions were filed in India's High Courts contesting the constitutional validity of the IT Rules, 2021.

In our previous posts here, here and here on the Rules, we had discussed the provisions of the IT Rules pertaining to intermediaries.

The Ministry of Electronics and Information Technology, ("the Ministry") on 1 November, 2021 issued a series of Frequently Asked Questions ("FAQs") to clarify the IT Rules, 2021. The current article examines the FAQs and examines the applicability, due diligence provisions, penalties, and other issues relating to social media intermediaries.

What is a Social Media Intermediary?

The IT Rules, 2021 divide intermediaries into two categories: social media intermediary ("SMI") and significant social media intermediary ("SSMI"). An SMI allows two or more people to engage online by allowing them to produce, upload, share, distribute, alter, or access content through its services. An SSMI is an SMI with more than fifty lakh (five million) registered users in India.

"To qualify as an SMI, the intermediary's primary or single objective should be to enable online interactions," the FAQs say. As a result, a company that serves a main function other than enabling online interactions may not be designated an SMI, according to the FAQs. The Ministry clarifies the phrase "enables online interaction" in the FAQs, stating that such a platform should:

  1. Facilitates socialization/social networking, including the ability of a user to increase their reach and following, within the platform via specific features like "follow"/"subscribe";
  2. Allows users to engage with people they don't know;
  3. Should hold the ability to make material more viral by making it easier to share. In this sense, virality refers to the ability of any material to spread quickly and extensively from one internet user to another.

According to the FAQs, businesses that "enable commercial or business-oriented transactions, give access to internet or search-engine services, e-mail service or online storage service, etc." will not be considered as an SMI. The Ministry reiterated the fifty-lakh registered user requirement, but added that only those users who have registered or created an account with an SSMI will be included toward the total.

FAQs on the Grievance Redressal Team

According to the IT Rules, 2021, SSMIs were given a three-month grace period, beginning February 25, 2021, to comply with the additional due diligence, which requires SSMIs to create a comprehensive grievance redressal team of three officials - a Chief Compliance Officer, a Nodal Person of Contact and a Resident Grievance Officer.

The Ministry clarified that the Chief Compliance Officer and the Nodal Person of Contact cannot be the same person, however the Nodal Person of Contact and the Resident Grievance Officer duties can be shared. Intermediaries should, however, designate different people to serve as the nodal contact person and the resident grievance officer. The Government requires the intermediary to offer different contact information for user complains and requests/orders from the Government or approved Government entities under this rule, the FAQs clarified.

Clarifications on the First Originator Rule, End-to-end Encryption and the Right to Privacy

SSMIs that provide messaging services are obligated to facilitate the identity of the first originators of a message, in accordance with court orders or an order issued by competent authorities. WhatsApp has contested this requirement under the IT Rules of 2021, claiming that it will force it to compromise its end-to-end encryption. WhatsApp claims that this rule would result in privacy violations. The Ministry has replied to these concerns by declaring that it has no intention of compromising consumers' privacy, and that tracing the source of the message will only be done as a last option if other solutions fail.

Would detecting the first sender of a message impair end-to-end encryption in messaging platforms? The objective of this regulation, according to the FAQs, is not to break or weaken the encryption in any manner, but rather to collect the registration data of the message's first Indian originator. The FAQs clarify that the requesting agency will disclose an electronic copy of the message (text, photo, video, etc.) along with a legal order. The hash value of the unencrypted message is a common concept of detection, with similar messages resulting in a common hash (message digest) regardless of the encryption utilised by a messaging platform. The concerned SSMI must select how this hash will be created or stored, and SSMI are free to come up with various technical ways to execute this requirement.

Do the rules have an impact on people's privacy? The IT Rules do not infringe on the right to privacy, according to the FAQs document, because users can ask intermediaries to delete any content that represents them in partial or complete nudity within 24 hours of reporting it. Under the guidelines, intermediaries must also caution users not to upload anything that infringes on the privacy of others. Furthermore, when it comes to the IT Rules' 'first originator' clause or traceability obligation, intermediaries are only required to identify users when a court or competent authority issues an order where the problem involves child abuse, national security, or other issues.

Is the right to free speech and expression impacted by the rules? The IT Rules do not impinge on free speech and expression, according to the FAQs paper, because they were established in line with the constitutional guarantees for freedom of speech, which are included in Articles 19(1) and 19(2).

Conclusion

It is the basic principle of the Information Technology Rules, 2021, that intermediaries are obligated to exert tight vigilance over the material uploaded on their platforms and to implement stringent due diligence processes. While there is no doubt that the goal of the Information Technology Rules, 2021 is to include accountability measures for intermediaries, the way in which this goal is intended to be attained is uncertain. For India, freedom of expression and expression without restriction, as well as the interchange of ideas, are essential rights. During the course of determining the legality of the Information Technology Rules for 2021, these rights will have to be extended to the intermediaries as well. It will be necessary to strike a careful balance between the strong state interest in maintaining law and order and limiting social media manipulation and the need to guarantee that the intermediaries retain their original nature - platforms fostering the interchange of information and open discussions on subjects of public concern.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.