India’s tryst with Internet intermediary liability started with the passing of Information Technology Act, 2000 (IT Act), about two decades back. Ever since its inception, the nature of intermediary liability was ambiguous to say the least. However, with the framing of rules titled Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (2021 Rules), intermediaries are going to face substantial headwinds regarding compliance and due diligence obligations.
During the initial years of the IT Act, only network service providers were given immunity under the law. By 2008, the case involving the website bazee.com exposed the shortcomings of the IT Act when its CEO was arrested under provisions of the Indian Penal Code and IT Act because of a pornographic video clip uploaded by a user on bazee.com.
This resulted in the 2008 amendment to the IT Act wherein the definition of term intermediary was expanded to cover search engines, online payment sites, etc. The scope of immunity was also expanded to cover liability arising under ‘any law’, vis-à-vis protection only from offences under the IT Act, which was the position prior to the amendment. According to the 2008 amendment, an intermediary could claim immunity if it had no actual knowledge about the unlawful act and if it had complied with the due diligence obligations.
Mandate of the 2021 Rules As far as its application, the 2021 Rules have two parts—one part deals with intermediaries while the other part covers digital media consisting of intermediaries, publishers of news and current affairs content, and publishers of online curated content. Online curated content publishers are digital platforms like Netflix, Amazon Prime and Hotstar that curate a wide spectrum of content and display it on a singular platform.
The 2021 Rules make a clear distinction between various kinds of intermediaries on the basis of its subscriber base. It classifies intermediaries into Social Media Intermediary (SMI) and Significant Social Media Intermediary (SSMI). While the former has less than five million registered Indian users, the latter has five million or more registered Indian users.
According to the 2021 Rules, SSMIs need to observe additional due diligence requirements to claim the immunity/safe harbour available and they are also subjected to stringent residency requirements for compliance officers, nodal contact person, etc. Apart from the two mentioned classes of intermediaries, the 2021 Rules also apply to publishers of news and current affairs content including news aggregators like Dailyhunt and publishers of online curated content like Netflix.
The 2021 Rules attempt to regulate two different types of entities: a) intermediaries and b) publishers. Even though intermediaries were regulated for a long time under the IT Act, this is the first time that publishers are being subjected to rules under the IT Act. Part III of the 2021 Rules provides elaborate requirements for publishers to comply with specific codes of ethics, stringent content take-down requirements and three-tier grievance redressal process where appeals will be heard by an executive inter-departmental committee of bureaucrats from Government of India.
The 2021 Rules also includes a new procedure which empowers the Government of India to direct intermediaries and publishers to delete, modify or block the content. Such blocking of content can be done under two ways a) by following a grievance procedure or b) emergency blocking orders which may be passed without giving a hearing to the concerned parties.
Rule 4(2) and the emerging legal challenges Under Rule 4(2), SSMIs providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer.
Since this provision targets messaging services, it would be applicable to WhatsApp, Signal, Telegram, Snapchat, etc. The requirement to trace and identify users is not in sync with end-to-end encryption technology employed by messaging applications like WhatsApp.
Companies like WhatsApp argue that in the end-to-end encryption system used by them all the messages of users are secured with a lock, and only the recipient and the sender have the special key required to unlock and view them. Since all of this happens automatically, there is no requirement to set up any special secret chats to secure messages of users.
Rule 4(2) has been challenged by companies like WhatsApp in the Delhi High Court on the ground that it infringes upon users’ fundamental right to privacy and freedom of speech under the Indian Constitution.
Concerns are also raised on Rule 4(4) which imposes a duty on SSMIs to use technology-based measures like automated tools to proactively identify information depicting (i) rape, child sexual abuse or conduct (ii) any information previously taken down after a government or court order.
But the important question here is the technological sophistication of these automated tools to distinguish between violent unlawful images and lawful journalistic content. Use of fully automated tools for identifying hate speech, misinformation, etc, can have serious consequences for freedom of speech and expression in the digital world.
But the most important defect the 2021 Rules suffers is with regard to excessive delegation. As per the doctrine of excessive delegation, if the legislature excessively delegates its legislative function to any other authority, delegation of such power will be held unconstitutional. The fundamental principle is that the delegated legislation should be consistent with the parent law i.e IT Act and cannot go beyond its scope.
Like many other important disputes, the validity of the 2021 Rules may also be decided by the judiciary. It is anticipated that the courts will strive for a harmonious construction of the 2021 Rules to regulate social media intermediaries in a manner which is consistent with well-established constitutional principles which have stood the test of time. For India’s social media intermediaries situation may get worse before it gets better.