January 22, 2022

Intermediary Guidelines 2021: A Brief Discussion

cyberlaw

Introduction

As we are living in a world driven by technology and the usage of social media and digital platforms has been increased to a large extent. India is claimed to be the world’s largest open internet society which attracts a large number of social media companies to do business in India. But with the growth of this technology number of instances has increased where social media has become a tool through which crimes such as violating the dignity of women, spreading of news which are anti-national or which will incite criminal violence among the public, mass circulation of obscene content, financial frauds, pornography, threat to national security and public order are increased to larger extent. So, to curb all these crimes there was a need of strict guidelines, because of which government released Information technology (Guidelines for Intermediaries and Digital media Ethics Code) Rules, 2021 on 25 Feb, 2021 which is notified under Section 87 of IT Act which supersedes the Information technology (Intermediary guidelines) Rules, 2011.

Who Are Intermediaries?

Section 2(w) of the IT Act defines intermediaries as entities that provide services enabling the delivery of online content to the end user such as ISP (Internet service provider), search engines (like google), DNS providers, Web hosts, interactive websites, cyber cafes etc. So, “with respect to any particular electronic records, means any person who on behalf of another person receives, stores or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.”[1]

Intermediary guidelines 2021

There was one case named “Baazee case”[2] in which Avnish Bajaj CEO of Baazee.com, which is an auction portal, was arrested for an obscene MMS clip that was put for sale on his site by a user. Although the content is not generated by intermediaries but website which hosted the MMS could be held liable for “sale of obscene things”[3] and “publishing of information which is obscene in electronic form”[4]. An appeal was filed by the industry to amend the IT Act, 2000 to provide protection to intermediaries from liabilities which arose from user-generated content. So, in this case Section 79 of IT Act, 2000 was amended to provide safe-harbour protection to intermediaries but they will be conditional upon observing due-diligence while discharging their duties and observing guidelines issued by the government in the form of (Intermediary guidelines) Rules, 2011. But the rules were very unreasonable and arbitrary, violative of freedom of speech and expression, they were “ultra vires”[5] of the parent act so on 25th February, 2021 the new rules of (Intermediary guidelines and Digital Media Ethics Code), 2021 came into effect.

Intermediary Guidelines (Rules), 2021

The 2021 rules classify intermediaries into 3 kinds:

  1. (SMIs) Social Media Intermediaries- Intermediaries whose main function is to enable online interaction between users so that they can create, share, upload or access information using intermediary services.
  2. (SSMIs) Significant Social Media Intermediaries- Social media intermediaries who are having 5 million registered users and cover popular messaging and social media players.
  3. Other categories- other intermediaries such as ISPs, e-commerce, search engines etc.

The guidelines were issued by Ministry of Electronics and Information Technology and failure to comply with the guidelines would take away the indemnity provided to social media intermediaries under Section 79 of IT Act, 2000, which states that any intermediary shall not be held liable for any third party information, data, communication hosted on its platform.

New Compliance for SSMIs

  1. SSMI must appoint a chief compliance officer, who shall be responsible for compliance with IT Act, plus he will be liable for non-compliance of rules.
  2. If SSMI processes any information on its own or for someone else which has a direct financial benefit or if owns any kind of copyright that will limit third party from publishing such information then, it shall be mentioned as advertised or marketed or sponsored or exclusively controlled.
  3. If SSMI is providing messaging services then on a court order they must enable identification of first originator of the message. However that order can only be passed for[6]:
    • Prevention, detection, prosecution, investigation of offences which involves punishment of 5 years or above sentence
    • Offences relating to sovereignty and integrity, state security
    • If the originator is located outside of India then then originator located within India will be disclosed.
    • Maintenance of identity records should be kept for at least 180 days.
  1. SSMIs must have a physical office address in India, for purposes of receiving communication as there was lack of territorial jurisdiction.
  2. SSMIs should enable means for voluntary verification of users who register for intermediary service in India, for example through mobile if user opts for verification then they should be provided with a demonstrable mark of verification.
  3. They are obligated to appoint an Indian resident as nodal contact person for 24*7 coordination so as to ensure compliance with all the guidelines to ensure seamless and prompt coordination between law enforcers and SSMIs and will address complaints within 15 days.
  4. The rules prescribed code of ethics to be observed by publishers of digital media including:
  5. News and current affairs content providers
  6. OTT platforms

News And Current Affairs Content

“includes newly received content about recent events of socio-political, economic or cultural nature which is available over internet”[7].

OTT Content

“means any curated catalogue of audio-visual content, other than news and current affairs content, which is owned by, licensed to or contracted to be transmitted by a publisher of online curated content and made available on demand through subscription”[8].

Requirements Include

 In case of digital media publishers (news and OTT), a three tier grievance redressal mechanism will be made for dealing with complaints:

  1. Self-regulation by publishers
  2. Self-regulation by self-regulating bodies of the publishers
  3. Oversight mechanism by central government

Requirements For OTT

  1. Classifying content with age-appropriated categories
  2. There should be an age verification mechanism and control should be given such as parental controls to users
  3. Improving accessibility of content for disabled persons.
  4. In case of emergencies the authorized officers may examine digital media content and may pass an interim direction for blocking of such content.
  5. The intermediary shall, immediately within 72 hours of the receipt of an order provide information under its control to government agency which is lawfully authorized for investigative activities.
  6. The intermediary shall report cyber security incidents and share information.
  7. The intermediary shall publish a report every month which will contain all the details mentioning complaints received and the action taken on them.

Analysis

  1. Identification of first originator rule does not specify any time line regarding how much old information about messaged can be asked by them and this will lead requirement to retain more personal data which goes against the principle of data minimization. So, time limit should be specified in the rules.
  2. Identification of first originator rule is not compatible for intermediaries which provide end-to-end encryption, it will become vulnerable to spoofing. As these platforms retain minimal user data for electronic information exchange and provide privacy to users. Encryption is very important nowadays because personal data is being used online at a large scale.
  3. The vague definition of “publisher of news and current affairs content” may lead to arbitrariness.
  4. Non-compliance will lead to indemnity to Section 79 of IT Act, 2000 and this could also lead to situations where employees of the platform may be held liable for no fault on their part.

Related Posts

References

  1. https://prsindia.org/billtrack/the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021
  2. https://indianexpress.com/article/explained/intermediary-guidelines-digital-media-ethics-code-facebook-twitter-instagram-7331820/
  3. https://www.mondaq.com/india/social-media/1063198/the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021-impact-on-digital-media-
  4. https://privylawfirm.in/summary-of-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021/

End Notes

[1] Section 2(w)[Information technology Act, 2000]

[2] Avnish Bajaj V. State (NCT) of Delhi, (2004)

[3] Section 292 [Indian Penal Code, 1860]

[4] Section 67 [Information technology Act, 2000]

[5] Ultra vires- beyond the power

[6] Section 69 [Information Technology Act, 2000]

[7] Section 2(1)(m) [Intermediary rules, 2021]

[8] Section 2(1)(q) [Intermediary rules, 2021]

Author- Yashika Dixit (ICFAI Law School, Hyderabad)

Law Library LawBhoomi