CyviaJuris

A Brief Explanation of the IT Rules, 2021

Introduction

It cannot be denied that social media and, by extension, all digital platforms in India are rampant with unregulated content-sharing and an utter lack of accountability. So far, India has had no substantial data protection or data privacy laws to protect its people. This changed with the introduction of the Personal Data Protection Bill, 2019 and the enactment of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which have caused a whole separate set of issues.

The Government of India sent out a notification, in a press note, on the 25th of February, 2021, explaining the need for the new rules, providing justification for their enactment, and briefly stating their salient features. These rules are to replace the Information Technology (Intermediary Guidelines) Rules, 2011. All social media intermediaries are now going to be held accountable for the content being hosted under their platform. 

According to the press note, the new rules are “progressive, liberal and contemporaneous” and aim to “address peoples’ varied concerns while removing any misapprehension about curbing creativity and freedom of speech and expression”. It remains to be seen, of course, exactly how true these statements are.

Regulations for digital content platforms, social media intermediaries, over-the-top (OTT) platforms, and digital news services, are sorely needed. The Government, in its press note, has also provided several good justifications for enacting the IT Rules, 2021. These reasons are – 

  1. The growing menace of the propagation of fake news, leading to chaos.
  2. A rise in cyber-crimes through digital platforms and social media intermediaries such as harassment, abusive language, defamatory and obscene content including morphed images, revenge porn, and so on. 
  3. Misuse of social media by terrorists, and by others spreading disharmony, inciting violence, and disturbing the public order.
  4. Lack of transparency and accountability since there is no grievance redressal mechanism.

Besides the reasons mentioned above, concerns regarding the growing power and influence of large tech companies such as Facebook and Twitter, and the unmoderated and uncensored content hosted by online streaming platforms have also contributed.

Features

In order to understand the changes brought about by the IT Rules, 2021, let’s go through the major points. 

  1. A distinction has been made between social media intermediaries and significant social media intermediaries, based on the number of users on the social media platform. This is to ensure that smaller platforms are not burdened by significant compliance requirements. Intermediaries are entities that store or transmit data on behalf of other persons. Intermediaries include internet or telecom service providers, online marketplaces, and social media platforms. Significant social media intermediary has been defined in the Rules as “a social media intermediary having number of registered users in India above such threshold as notified by the Central Government”. The threshold has been set as fifty lakh registered users.
  2. All social media intermediaries must establish a grievance redressal mechanism for resolving complaints from users. A Grievance Officer should be appointed to deal with the complaints, and they must acknowledge the complaint within 24 hours and resolve it within 15 days.
  3. Significant social media intermediaries are required to follow additional due diligence which include – appointing a Chief Compliance Officer, a Nodal Contact Person, and a Resident Grievance Officer. Besides this, a monthly compliance report must be published, there should be a physical contact address in India, and users must be provided with a voluntary verification mechanism.
  4. Significant social media intermediaries which deal primarily with messaging must allow for identification of the first originator of information. This is required for any offence related to “sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material punishable with imprisonment for a term of not less than five years”.
  5. All intermediaries must take down content that shows individuals in full or partial nudity, or in a sexual act, or in the nature of impersonation, within 24 hours of receiving a complaint for the same.
  6. All intermediaries must ensure not to host or publish any information that is prohibited under any law in India, upon receiving an order by a court or being notified by the Appropriate Government or its agencies.

Issues

Since the launch of the Rules, several petitions have been filed in court, challenging them with complaints of regulatory overreach. Most of these petitions have presented objections from a procedural standpoint, claiming that the Rules are unconstitutional and ultra vires the parent Act. Beyond the procedural issues, there are also several regulatory issues.

Traceability

As mentioned above, significant social media intermediaries that deal primarily with messaging must allow for identification of the first originator of information. If they are located outside Indian territory, then the first inside the territory of India will be considered to be the first originator of the message for the purposes of the clause.

This means that messaging platforms like WhatsApp and Signal must break their end-to-end encryption which is necessary to provide security and privacy to their users. Essentially, they would have to rework their encryption models in order to provide services in India. For those who might argue that traceability can be implemented without breaking end-to-end encryption, it has been shown that such frameworks are vulnerable to spoofing, where an innocent person can be framed as the originator. 

It should also be noted that section 84A of the Information Technology Act states that “the Central Government may, for secure use of the electronic medium and for promotion of e-governance and e-commerce, prescribe the modes or methods for encryption.” The key phrase here is “for secure use”, and it can quite confidently be said that breaking down encryption to allow for traceability is far from secure.

Regulation of Digital News Media and Video Streaming Platforms

Part III of the IT Rules, 2021, is the Code of Ethics and Procedure and Safeguards in Relation to Digital Media. This includes publishers of digital news and current affairs, and online curated content or OTT platforms such as Netflix and Amazon Prime Videos. 

Rule 9(3) lays down a three-tier mechanism for “observance and adherence” to the Code of Ethics, which consists of – 

Level I – Self regulation by the publishers

Level II – Self regulation by the self-regulating bodies of the publishers

Level III – Oversight mechanism by the Government

After the enactment of the Cable Televisions Networks (Regulations) Act, 1995, a Programme Code was created for all cable TV content, which was vague and brought up concerns about censorship. This mechanism under the IT Rules, 2021, now seeks to subject digital media to the same scrutiny as offline media such as newspapers and television by extending the Programme Code to online content. Even stranger is the fact that all of this is being done without any clear laws being enacted, but as Rules under a Parent Act. In fact, due to the three-tier mechanism, the government oversight of digital media shows wider external scrutiny over online content. 

It should also be noted that the scope of the IT Act of 2000 does not cover news media, and thus, the bringing of digital news media under the umbrella of digital content in the new rules seems to be ultra vires the Parent Act. Laws regarding freedom of press already exist in terms of offline news, so this difference between traditional and digital news platforms is discriminatory, at the least. 

Conclusion 

The Government, in its defence, states that digital media companies still do need to be answerable to them and to the public. It also points to the safeguards that have been provided, such as that such an order for traceability should not be passed in cases where “less intrusive means are effective in identifying the originator”. Besides, the companies are not required to disclose the contents of the message, or any information related to other users, but only the identity of the person who was the originator of the message.

It is, however, safe to say that the Rules are vague, due to which social media intermediaries may over-comply with them to escape liability, leading to a serious hampering of free speech and privacy of the users. The Internet Freedom Foundation (IFF) also stated that these rules, if enforced, “would be a tremendous expansion in the power of the government over ordinary citizens, eerily reminiscent of China’s blocking and breaking of user encryption to surveil its citizens.” They have suggested a fresh consultation with experts and the public, with greater transparency. 

Social media intermediaries were to comply with the new Rules from the date of publication. Significant social media intermediaries were to comply within 3 months from the date of notification, which ended on 25th May, 2021. The next day, the Government of India sent a letter to all these intermediaries, asking their compliance status. 

WhatsApp filed a case against the Government of India, contesting the IT Rules, 2021, and more specifically, the traceability aspect. On their website, WhatsApp has also uploaded an article in their Help Centre with the title “What is traceability and why does WhatsApp oppose it?”

Meanwhile, Facebook has agreed to comply with the rules, while Twitter initially gave neither any comment nor showed any inclination to comply with them.

References

  1. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, https://www.meity.gov.in/content/notification-dated-25th-february-2021-gsr-139e-information-technology-intermediary
  2. “How the New IT Rules Take Away Our Digital Rights”, February 2021, https://thewire.in/tech/explainer-how-the-new-it-rules-take-away-our-digital-rights
  3. “How govt’s new IT Rules to ‘track originator of messages’ can affect your privacy”, February 2021, https://www.thenewsminute.com/article/how-govt-s-new-it-rules-track-originator-messages-can-affect-your-privacy-144179
  4. “Unpacking the IT Rules, 2021”, April 2021, https://cprindia.org/news/9646
  5. “IT Rules 2021 explained: Non-compliance will expose WhatsApp, Facebook, Twitter to significant liability”, May 2021, https://www.firstpost.com/india/it-rules-2021-explained-non-compliance-will-expose-whatsapp-facebook-twitter-to-significant-liability-9661461.html
  6. An Update On India’s Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules, 2021”, June 2021, https://www.mondaq.com/india/social-media/1074774/an-update-on-india39s-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021

Leave a comment