IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021: Critical Analysis
Updated: Aug 4, 2021
“The way things are supposed to work is that we're supposed to know virtually everything about what they [the government] do: that's why they're called public servants. They're supposed to know virtually nothing about what we do: that's why we're called private individuals.”
― Glenn Greenwald
India is a Parliamentary Democracy, which means that in order for an executive action to be Constitutional and hence valid, it should have its source from the ‘Law’ or must have legal backing. In addition to this, there should also be some further checks on the exercise of the executive powers in order to see that the executive acts are within their ambit and are not exercised abusively, illegally, or ostensibly.[i] Thus, the executive action must not be excessive in nature but within the permissible ambit as granted in the parent Statute.Hence, the powers of the executive are co-extensive with the legislative power[ii] and so the executive cannot make any law which is ultra vires to the Constitution or the enabling act.[iii]
However, in this technologically advanced and modern era, where the powers and the functions of the executive have increased, there is always room for the misuse of power or their arbitrary usage[iv], something that we can witness and is clearly evident from the Centre’s new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, (hereinafter IT Rules) which are not only excessive in nature so as to amend the essential features of the parent act, i.e., the Information Technology Act, 2000,(hereinafter IT Act) but they are also prima facie unconstitutional as they violate Articles 14, 19(1)(a) and 21 of the Indian Constitution.
The IT Act elaborates that ‘intermediaries’ must observe due diligence while discharging their duties, and also observe such other guidelines as prescribed by the Central Government. Thus, while exercising its powers under Section 87 of the IT Act, 2000, the Government of India has notified the aforesaid IT Rules. These replace the prior provisions under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2011. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 is a secondary or subordinate legislation formulated by the Central Government of India along with the Ministry of Electronics and Information Technology (MeitY) and the Ministry of Information and Broadcasting (MIB).
The legal rationale given by the Government for these new rules is the judgment given by the Supreme Court in the recent Prajawala Case[v] where the Supreme Court took suo moto cognizance and had observed that the Government of India may frame necessary guidelines to eliminate child pornography, rape and gang rape imageries on content hosting platforms and other applications.
What are Social Media Intermediaries?
Social Media Intermediary has been defined under the Section 2(w) of the IT Rules, as “an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.”
Therefore, an intermediary is any service provider which transmits, hosts, and publishes user content and at the same time does not in any way changes the information published and thus, does not hold any editorial control over it. These include all the social media platforms, email providers, or any other web service that allows the posting and publishing of non-editorialized data by its users.
Under these new rules, the intermediaries have been differentiated between ‘Social Media Intermediaries’ and ‘Significant Social Media Intermediaries’. All the social media intermediaries having more than 50 Lakh users will be categorised in the latter group and thus will be most affected by these new rules.
The new IT Rules are set to affect these social media intermediaries as they have introduced a new set of compliances to be followed by these social media intermediaries while operating in India. May 25, 2021 was the last day set by the Government of India to comply with these new rules, while most of the social media intermediaries agreed, some like ‘WhatsApp’ declined to do so and also filed a case against the Government of India citing the unconstitutionality of the new IT Rules.
What is Safe Harbour Protection?
Safe Harbour Protection refers to the immunity that is offered to these social media intermediaries for any third-party information, data, or communication link made available or hosted on its platform, provided they comply with certain conditions set out by the Government. This protection is granted to the social media intermediaries under the parent Act being the IT Act, 2000.
Section 79 of the IT Act, 2000 states that an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him if it follows the following conditions-
(a) the function of the intermediary is limited to providing access to a communication system over which ‘information made available by third parties’[vi] is transmitted or temporarily stored or hosted;
(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;
(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.
Further, Section 79 also states that the immunity provided will not hold good in the following cases-
(a) if the intermediary has conspired or abetted or aided or induced, whether by threats or promise or authorise in the commission of the unlawful act;
(b) if upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource, controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
Thus, the safe harbour protection is not an absolute protection but a conditional one. The need for protection from the repercussions of the users was felt after the case of Avnish Bajaj v. State[vii] where not just the user but also the CEO of the online content hosting website by the name of bazee.com were held liable for the content published by the user of which the CEO had no knowledge. Though after certain amendments the recourse of safe harbour protection was included.
In a later case, the same point was reiterated that the intermediary has no way of knowing whether certain content is or isn’t in violation of certain law or not, and therefore, they only become liable for taking down content for which they have received information from the appropriate government or by an order of a court of a competent jurisdiction of being in violation of a law.[viii]
The New Notified Rules
While the requirement for due diligence is the same for the social media intermediaries and the significant social media intermediaries (Rule 3(1)), the latter will have the requirement of maintaining additional due diligence under the new rules.
Some of the important rules to be followed by all intermediaries are as follows-
Setting up of Grievance Redressal Mechanism. (Rule 3(2)(a))
Intermediaries must ensure the Online Safety of Users especially Women Users and shall remove or disable access within 24 hours of the receipt of complaints. (Rule 3(2)(b))
Intermediaries must remove and should not host or publish any information which is prohibited under Rule 3(1)(b) upon receiving actual knowledge in the form of a Court order or notified by the Government or its agencies. (Rule 3(1)(d))
Some of the Additional Due Diligence to be followed only by Significant Social Media Intermediaries:
Appoint a Chief Compliance Officer who shall be responsible for ensuring compliance with the Act and Rules. (Rule 4(1)(a))
Appoint a Nodal Contact Person for 24x7 coordination with law enforcement agencies. (Rule 4(1)(b))
Appoint a Resident Grievance Officer who shall perform the functions mentioned under the Grievance Redressal Mechanism. (Rule 4(1)(c))
All these people should be a resident of India.
Publish a monthly compliance report mentioning the details of complaints received and the action taken on those complaints, as well as the details of content removed proactively by the significant social media intermediaries. (Rule 4(1)(d))
Significant social media intermediaries providing services primarily in the nature of messaging shall enable the identification of the first originator of the information. (Rule 4(2))
Apart from these rules, a new Ethics Code has been introduced by the name of Digital Media Ethics Code relating to Digital Media and OTT Platforms. These include the following-
The OTT platforms are required to self-classify their content in one of the following heads-
Apart from this, platforms would be required to implement parental locks for content classified as U/A 13+ or higher, and reliable age verification mechanisms for content classified as “A”.
Publishers of news on digital media would be required to observe Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television Networks Regulation Act.
A three-level grievance redressal mechanism has been established under the rules with different levels of self-regulation.
Criticism of the New Rules
These new rules have been criticised not just by the social media intermediaries but also by the public alike. Following problems can be identified within the new IT Rules:–
1. Flawed Consultation- The Ministry of Electronics and Information Technology while preparing the draft rules invited public participation through a notice dated 24/12/2018 and received just a paltry 171 comments. In a country with one of the largest populations and in a process where the stakeholders are themselves in crores, 171 is a pitiful figure. The Ministry also received 80 counter comments to these comments. The responsibility for low participation can be attributed not just to the government for not creating an ample amount of awareness but also to the citizens for not taking part in the democratic process.[ix]
2. Traceability Clause- Traceability clause refers to the forcing of the social media intermediaries to break end-to-end encryption and disclose the information about who sent a particular message first. This would inordinately be detrimental to the privacy of the users. Contained in Rule 4(2), messaging apps can be compelled through a court order or by the Executive or even its agencies to identify and provide with the information of the first originator of the information.
This would lead to a new form of mass surveillance, as in order to trace one message, the services would have to trace every message as it would have no ways of prior determination as to which message the government would want information about.
This would lead to a slippery slope of false cases and investigations of all kinds as even if you sent a message or a picture to check its authenticity or shared it out of some other concern, you would still be identified as the originator of the message.
3. Excessive in nature- The executive actions must derive their power or legitimacy from the legislation, or in other words, from the laws made by the parliament but in the present case, Section 87 of the parent statute, that is the IT Act, which gives the Central government the power to make rules did not originally include under its ambit 'digital media' and 'news publishers' which the IT rules have extended to include.[x] Thus, by including digital media the executive has amended the essential feature of the parent statute by extending the scope, thus making the executive action ultra-vires to the enabling act.
Also, the subordinate legislation would be considered excessive when the legislature has granted it unbridled discretionary power[xi], which we can witness in the present case, as there is an absence of any checks-balance, rules, or standards to guide the executive on how it should exercise its power. Thus, the discretion left with the executive is uncontrolled. For instance, the power exercised by the Centre in deciding the threshold of users based on which additional due diligence would apply was vast. In addition to this, the vagueness of the term 'public order' and ‘material risk of harm’ and the vast powers of the government as per Rule 3, 4, and 6 to ‘order any intermediary’ under the IT Rules also confer too wide a discretionary power to the government.[xii]
4. Ultra-vires to the Constitution- Lastly, the IT Rules are ultra-vires to the Constitution as well because an executive action cannot infringe the right of the citizens unless it is backed by a parliamentary law. Noticeably, the executive action of removing the content of the person within 36 hours[xiii] without giving a chance for a fair hearing, is against the principle of audi alterum partum as well as the right to freedom of speech and expression (Article 19(1)(a)).
Further, the traceability requirement[xiv] to identify the originator of a message infringes and undermines the right to privacy (Article 21). The grievance redressal mechanism as per Rule 11-14 where the Ministry of Broadcasting and Inter-Departmental Committee are made the final adjudicator against the principle of nemo judex in causa sua.[xv]
The Supreme Court in the case of Maneka Gandhi v. UOI held that for a law to be considered violative of Article 19 and Article 21 it should also be arbitrary and thus violates Article 14.[xvi] This is because Article 14 of the Constitution aims to strike arbitrariness from all the State actions hence ensure Rule of Law.[xvii] Hence, for a restriction on the rights guaranteed under Art.19(1) to be reasonable can be determined only by a fair hearing while a restriction on right to life and liberty under Article 21 could only be done by due procedure established by law, thus a just and fair procedure. Hence, a restriction can be reasonable only when it impinges the right of the citizens based on a fair, just, and impartial hearing to ensure the rule of law and the principles of natural justice, as it strikes down the chances of arbitrariness, which in the present case is certainly absent.
In addition to Article 14 and Article 19(1)(a) of the Constitution, the IT rules further violate the Right to Privacy of the users, guaranteed under Article 21, as it puts traceability requirement on the significant social media intermediaries, thereby, putting an obligation on them as per Rule 4(2) to identify the first originator of the prohibited content on the order of the court or the government, which is in contradiction to the ruling of Supreme court in the case of K.S. Puttaswamy v. UOI.[xviii] Thus, this is problematic because there is no procedural safeguard as the reason of such order will be inaccessible in the public domain which reduces the transparency and accountability as the government can use this provision to bypass the judicial process and thus violate the right of privacy of the citizens by impinging the sanctity of end-to-end encryption.[xix]
5. Lastly, the non-compliance of these rules by the social media intermediaries will lead to them being held liable under the Indian Penal Code according to the provisions of the 'Safe Harbour Protection' under Section 79 of the IT Act. Thus, they can be held liable for any criminal activity done by any user on these platforms.
Thus, as is clear from the discussion above that the basic problem with respect to these new rules is that they attack the privacy of the users, something that we all as users of different social media intermediaries hold dear. There is both an intrinsic and instrumental value to privacy and the steady increase in censorship will lead to a proportionate decline in user privacy.
The intermediaries will have no alternative but to comply as the immunity that they enjoy will be available only as long as they comply with these regulations. Since this legislation is such that will change the way how the internet is accessed by the millions of users in India, such greater surveillance is a matter of grave concern for everybody.
Therefore, the present approach of the government which going by its objectives seems like an extolling venture, but a closer look at these rules shows the overreach that is being committed and can have rather damaging effects on how we view our virtual life.
[i] SP Sathe, Administrative law, 7th edition, chapter 1, pg 5. [ii] SP Sathe, Administrative law, 7th edition, chapter 1, pg 25. [iii] SP Sathe, Administrative law, 7th edition, chapter 1, pg 87. [iv] Supra at 1. [v] (2018) 17 Supreme Court Cases 79. [vi] For the purpose of this section, the expression "third party information" means any information dealt with by an intermediary in his capacity as an intermediary. [vii] (2005) 3 CompLJ 364 Del. [viii] Kent RO Systems Limited & Anr. v. Amit Kotak & Ors., 2017 SCC OnLine Del 7201. [ix] Press release on Press Information Bureau by the Ministry of Electronics and IT, https://pib.gov.in/PressReleseDetailm.aspx?PRID=1700749, last accessed on 2nd June,2021. [x] Explainer: why India’s new rules for Social media, news sites are anti-democratic, unconstitutional, https://scroll.in/article/988105/explainer-how-indias-new-digital-media-rules-are-anti-democratic-and-unconstitutional, last accessed on 1st June, 2021. [xi] SP Sathe, Administrative law, 7th edition, chapter 1, pg 24. [xii] Supra at 7. [xiii] Rule 3(d) of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. [xiv] Rule 4(2) of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. [xv] IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, https://sflc.in/analysis-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021, last accessed on 1 June, 2021. [xvi] Maneka Gandhi v. UOI (AIR 1978 SC 597). [xvii] SP Sathe, Administrative law, 7th edition, chapter 1, pg 187. [xviii] K.S. Puttaswamy v. UOI, AIR 2017 SC 4161. [xix] Rule 3(d) of The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
Author: Ayushi Srivastava, Paralegal at S&D Legal Associates; and
Kalyani Roy, Intern at S&D Legal Associates.