The Information Technology Act, 2000 (“IT Act”) was enacted to facilitate e-commerce by providing legal recognition to electronic transactions. In its original form, the IT Act rendered minimal protection to intermediaries as the term “intermediary” was defined in a very narrow sense to include only those entities which, on behalf of another person, receive, store or transmit any electronic message or provide any service with respect to that message. The IT Act was amended in 2008 (“2008 Amendment”) to include safe-harbour protections against liability to intermediaries and protection of data collected, processed or stored electronically by them. Following the 2008 Amendment, the Central Government of India (“Government”) notified the IT (Intermediary Guidelines) Rules, 2011 (“Rules”) on April 11, 2011 to give effect to the said protections for intermediaries set out under Section 79 of the IT Act, including, prescribing due diligence standards. Moreover, in 2018, the Government also published the draft Information Technology (Intermediary Guidelines) Amendment Rules, 2018 (“Draft Rules”) with a view to curb the misuse of social media and dissemination of fake news, to implement higher levels of compliance and penalties on intermediaries, as well as to enforce traceability of objectionable contents. However, the Draft Rules did not end up being notified by the Government.
Need for the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
With the growing presence of social media and digital platforms over the last few years and outbreak of the COVID-19 pandemic and its consequent lockdowns in 2020, people look to digital platforms to share their opinions and be part of the virtual world where their opinions are heard. However, there was no procedure in place to filter / censor the information which led to increase in fake news and speculations regarding everything. Parallelly, due to nationwide lockdowns, the theatres and cinemas were shut and people resorted to over-the-top platforms (“OTT Platforms”) for entertainment from the safety of their homes. Since more people were attracted to OTT Platforms and there being no guidelines with respect to the content released on OTT Platforms, the Government felt the need to regulate this sector.
Thus, on February 25, 2021, Ministry of Electronics & Information Technology, under Section 87 of the IT Act, notified the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”), suspending the IT (Intermediary Guidelines) Rules, 2011. The Intermediary Rules have segregated intermediaries into two categories i.e. social media intermediary2 (“SMI”) and significant social media intermediary (“SSMI”)3. Further, the Intermediary Rules also regulate the content, content classification and its display on OTT Platforms which was not addressed before in any rules or regulations.
Compliance under Intermediary Rules
Further, as per Rule 3(2) of the Intermediary Rules, every intermediary shall have a grievance mechanism in place and shall publish the details of the grievance officer on its website. The grievance officer shall, within 24 (twenty-four) hours of receiving a complaint, if he / she is of the view that the content is prima facie sexually explicit in nature, remove such content or disable access to it.
Additionally, SSMIs are required to comply with a greater degree of due diligence as stipulated under Rule 4 of Intermediary Rules. Thereunder, an SSMI has to appoint (i) a Chief Compliance Officer, who must be a key managerial personnel of that intermediary and will be responsible for any non-compliance under the IT Act and rules thereunder; (ii) a Nodal Contact Person, who shall be responsible for round the clock coordination with law enforcement authorities and shall ensure that the orders and requisitions sent to the intermediary are complied with; and (iii) a Resident Grievance Officer, who must be a resident in India and shall be responsible for ensuring that the intermediary follows the due diligence requirements relating to the grievance redressal mechanism. Further, an SSMI is required to publish, on a monthly basis, a compliance report containing the details in relation of the complaints which were received and the action taken on those complaints. Moreover, the intermediaries shall also publish the information of contents removed or particular number of links it has disabled in pursuance of proactive monitoring using automated tools. These mandatory requirements, while well intended, may create operational hurdles in relation to social media intermediaries that are SSMI but do not have an office in India.
As per Rule 4(2) of Intermediary Rules, an SSMI providing services primarily in the nature of messaging is required to enable the identification of the first originator of information on its platform if required by a court order or upon an order of the competent authority4 under Section 69 of the IT Act as per the Information Technology (Procedure and Safeguard for Interception, Monitoring and Decryption of Information) Rules, 2009. While such orders can be passed only in connection with limited offences or prevention thereof, matters of wide import have been subsumed under Rule 4(2) of Intermediary Rules. For instance, ‘public order’ is one such ground mentioned thereunder which can be invoked by the competent authority as per its unfettered discretion. Further, the Intermediary Rules state that while tracing the first originator of information, the SSMI shall not be required to disclose the contents of any electronic message, any other information related to the first originator, or any information related to its other users. However, Rule 3 of Information Technology (Procedure and Safeguard for Interception, Monitoring and Decryption of Information) Rules, 2009 permits the Government as well as State Governments to issue directions for interception or monitoring or decryption of information, empowering them to make demands for the contents of the electronic message. Thus, by virtue of the aforementioned powers, these government bodies have the authority to breach any type of end-to-end encryption on the grounds of inter alia public order and state sovereignty, giving rise to privacy concerns.
Admittedly, the Supreme Court in the Puttaswamy5 judgment stated that the fundamental right to privacy is not an absolute right and that the Government can impose reasonable restrictions for legitimate national security concerns. However, the apex court also reiterated that such exceptions must be narrowly tailored and must meet the four-fold test of proportionality prescribed in the judgement i.e. (i) the action must be sanctioned by law; (ii) the proposed action must be necessary in a democratic society for a legitimate aim; (iii) the extent of such interference must be proportionate to the need for such interference; and (iv) there must be procedural guarantees against abuse of such interference. However, to fulfil its obligations under Rule 4(2) of Intermediary Rules will have to resort to snooping on the private communication of its users, which is in flagrant violation of the right to privacy of its users, protected under Article 21 of the Constitution of India.6
Code of Ethics for Digital News and OTT Platforms
Part III of the Intermediary Rules deals with the code of ethics and procedure and safeguards in relation to digital media (“Code”). As per Rule 8 of Intermediary Rules, the Code is applicable to the publishers of news and current affairs content and publishers of online curated content which includes OTT Platforms as well, with the Ministry of Information and Broadcasting (“MIB”) being the administrative authority for the Code. Rule 8 (2) of Intermediary Rules stipulates that the Code is applicable to such digital media organisations that operate in India or make their content available in the Indian territory through systematic business activities7.
Further, as per Para II (Online Curated Content) of the Appendix to the Intermediary Rules, OTT Platforms are inter alia required to classify the published content under certain categorises. OTT Platforms shall ensure that the content which is classified as “U/A 13+” or higher has access control measures and that classified as “A” is restricted to adults and has a reliable age verification mechanism for viewership of such content, in addition to access control measures to restrict minors from accessing such content.
While the rules for governing SMI and SSMI were in discussion since 2018 when the Draft Rules were placed before the public and stakeholders for comments, the Intermediary Rules which have been notified for digital news media and OTT Platforms have just come out of the blue, without any consultation whatsoever with stakeholders. The Union Minister of Information & Broadcasting, Shri Prakash Javadekar, at a press conference8, has admitted that at the time of framing of Intermediary Rules, the Government was not aware of who the digital news media and OTT Platforms were. Therefore, it can be noted that the Government has not complied with the pre-legislative consultation process9 while framing the Intermediary Rules. It is a settled position of law that wherever public consultation is prescribed, it must be done in an effective manner, both quantitatively and qualitatively, so as to make it a meaningful participatory process.10 Recently, Intermediary Rules were challenged in High Court of Kerala for not been issued following the due process under the IT Act and same suffer from excessive delegation of power. In its order dated March 10, 2021, the High Court of Kerala stayed the operation of Part III of Intermediary Rules and held that the State shall not take coercive action for non-compliance of Part III of Intermediary Rules.11 Lexology