Information Technology Rule, 2021 passed on 25th February 2021 since then it has
sparked the debate about the Right to privacy, Freedom of speech, and
expression, and is the government going to decide now what will their pupils
watch. It deals with modern world problem like fake news, online abuse, online
sexual exploitation, etc., and try to fix the liabilities upon the
intermediaries.
The present article tries to explore every aspect of this rule
which is affecting or will affect the functioning of the social media in the
country but the vagueness of certain provisions and excessive liability on the
intermediaries and the narrow definitions put this rule under scrutiny and need
to revise certain provision.
Introduction
The world is living in the age of the internet from buying groceries online to
selling shares in just one click is truly a miraculous feat achieved by mankind
just like this another boon given by the internet is social media. Distance
doesn't matter anymore it is just a number now people of different religion,
caste, creed, language is interacting with each other and sharing their ideas
and belief.
But just like any other thing social media has also two faces one
which shows us a bright future and the second is pitch dark. Online bullying, Cybercrimes, financial frauds, sexual exploitation, are some examples of many
evils that prevailed in the present time. Countries around the globe are trying
to develop a legal framework to set the liabilities on the people who commit
these crimes.
India also took a big step two decades ago by passing an IT Act
2000 but that act and some other rules passed in the last two decades were not
sufficient to tackle the prevalent problems. That's why the present Indian
government introduced new IT Rules 2021 which try to address the current
scenario but like any other law, it has its triumphs and shortcomings below in
the article author tries to address every aspect of the IT Rule 2021 which
concern social media intermediaries.
History Of Social Media In India
India saw the first glimpse of social media in 2004 when the Orkut was launched
by Google for the public. Orkut become very famous in India despite limited
technological or educational advancement at that time. Google in 2007 launches
Orkut in six different Indian languages i.e., Hindi, Bengali, Marathi, Tamil,
Kannada, and Telugu and within six years after its launch i.e., in 2010 Orkut
had almost a 19millions active users in India.[1]
Then Facebook launched publicly in 2006 and it took the world by storm by 2010
it had almost 24million active users in India and it beat the Orkut and become
the most famous and used social media platform and its streak continues to date.
During the same time frame many other social media platforms like Twitter,
Instagram, WhatsApp, etc launch and become popular among every age group very
rapidly.[2]
The last decade saw the tremendous technological advancement every person has
smartphones in their hand with a fast internet connection and can access social
media at their fingertips that's the reason Facebook, Instagram, and WhatsApp
have the highest number of active users in India and presently India is the
second-largest overall social media consumer in the world with the 639million
active users.[3]
Effect Of It Rules 2021 On Social Media Intermediaries
- Publishing Rules, Policy, and User Agreement:
According to new IT rules, social media intermediaries and significant social
media intermediaries has to publish their rules and regulation, Privacy Policy,
and the User Agreement on their website or their application such that it is
noticeable to the users every time they use the intermediary platform.[4]
These
rules, Privacy Policy, and User Agreement must specifically mention that their
platform would not be used by the users to host, display, upload, modify,
publish, transmit, store, update or share any information that belongs to some
other person to which user has no right, or is defamatory to someone, or
pornographic in nature, or discriminate racially, sexually or religiously or is
harmful to the child, or infringes any copyright or trademark, or violates any
law, or transmit any fake news of any kind, or threaten national security, or
contain any virus.[5]
In new IT Rules, the Intermediaries must send their user's constant reminders
that if they don't follow their policies or rules and regulation then they have
the right to terminate the user account or to remove the information posted by
that user. It means that users will be getting a mail every year at least once
from every social media platform where they have ever registered even just for
fun and not using it currently.[6]
- Removal of content or information from Intermediaries computer
resources:
Intermediaries on whose platform the information is stored, or published
when received an order from the court which has jurisdiction in the matter
or from the government or any competent government agency under clause (b)
of sub-section (3) of section 79 of the IT Act then the intermediaries have
to remove that information if that information is:
- Threat to the sovereignty and integrity of India.
- The danger for the security of the State.
- Can harm friendly relations with foreign States.
- Threat to public order.
- Against decency or morality.
- about contempt of court, defamation, or incitement to an offense.
- Against any law for the time being in force.[7]
Some of these terms are vague and don't paint a clear picture on certain issues
like decency and morality or defamation. Something immoral for someone can be
fine by many others and the same goes for the defamation it gives a lot of power
in the hand of the executive. So, it is very necessary to make a precise and
clear guideline that helps the authority to take its course with precision.
If such information is get published or stored by the intermediaries then they
have to remove that information within thirty-six hours after receiving the
order from the court or the government or any competent government agency.
Removal of such information after receiving an order or voluntarily or under
grievance redressal mechanism does not amount to the violation of clauses (a) or
(b) of sub-section (2) of section 79 of the IT Act.[8]
Any such information which is removed by the intermediaries after receiving the
notice from the courts, or government, or any other competent government
authority or voluntarily upon violation of their policy or by grievance
redressal mechanism must be kept by the intermediaries as evidence without any
alteration for at least one hundred and eighty days or as demanded by the court
or other government agency who are lawfully authorized.[9]
These rules might not affect the big players like Facebook, Twitter, or WhatsApp
but they will put the extra financial burden on the small intermediaries because
they have to develop their infrastructure even more to store the information
which was asked by the authorities and have to hire the more manpower to
maintain that infrastructure. Holding such information for a long time might
cause a data leak which is a threat to the privacy of the user.
However, some relief is provided to the intermediaries in case the information
is temporarily or for a short period is stored automatically on the intermediary
computer resource because of the in-built feature of that computer resource
which doesn't involve any human interference and can't be changed by editing the
algorithm and thus transmitted to another computer resource. In this case,
intermediaries are exempt from the notice which is given by the court or
government or by a competent government agency to host, publish or store the
information which is mentioned above.[10]
- Private data storage and safety:
The social media intermediary must hold on to the information for one hundred
and eighty days which they have collected from the user for his registration at
their computer resources after the user has withdrawn his registration.[11]
India still lacks for effective Data Protection Law so in this view how valid is
this to allow the intermediaries to store the data of the users for one hundred
and eighty days even after they delete their account from the intermediaries platforms. Which law guarantees the safety of this data which is made mandatory
by the government to be stored by the intermediaries.[12]
Intermediaries have to provide data to the government within seventy-two hours
after receiving an order from the competent authorities which are mentioned
above to the government agencies which are lawfully authorized to investigate
the cyber security matters. But the order must be in writing and the reason for
seeking such information must be mentioned.[13]
The intermediaries shall not install or modify their technical configuration
knowingly which changes the default functioning of their computer resources
which violates any rule of law at that time. However, the intermediary may
develop, produce, distribute or employ technological means which will help him
to secure the computer resources and the information stored in them.[14]
The intermediaries should secure their computer resources and the information
stored within by following the reasonable security practices and procedures as
prescribed in the Information Technology (Reasonable Security Practices and
Procedures and Sensitive Personal Information) Rules, 2011.[15]
If any cyber security incidence took place, then the intermediaries should share
the related information with the Indian Computer Emergency Response Team by the
policies and procedures as mentioned in the Information Technology (The Indian
Computer Emergency Response Team and Manner of Performing Functions and Duties)
Rules, 2013.[16]
- Grievance Redressal Mechanism:
Intermediaries shall appoint the grievance officer and publish his name, contact
details, and the mechanism by following which the users or the victims can
register their grievances that violate any provision of IT Rules 2021 on their
website, applications, or both.[17]
The grievance officer must acknowledge the complaint of the griever within
twenty-four hours and resolve the issue within fifteen days. And the orders
received by the intermediaries from the court or the government or any competent
government agency also must be acknowledged by the grievance officer. This rule
increases the work pressure on Grievance Officer. Earlier they have thirty days
to resolve the issue but now the timeline is reduced to fifteen days and they
are the ones to deal with the order received from the authorities.[18]
If the intermediaries receive a complaint in connection with the content which
exposes the private area of the individual, which exposes an individual in
partial or full nudity or which show an individual involved in a sexual act or
transmit or publish electronically morphed images of the individual from the
victim or someone on behalf of the victim then the intermediaries should take
immediate and appropriate action to remove such content within twenty-four hours
after receiving a complaint.[19]
- Additional due diligence followed by significant social media
intermediary:
In addition to the above-mentioned rule of due diligence, significant social
media intermediaries have to follow some additional rule which does not apply to
social media intermediaries. And a time limit of three has been given to the
significant social media intermediaries to comply with these rules.
- Following are the rule that must be complied with by the Significant
Social Media Intermediaries:
- Appointment of the Chief Compliance Officer who should be the resident of
India and he will be responsible for the compliance of the intermediary by
all the rules and the regulation made under this act and will be liable in
every proceeding which proceeds against the intermediaries for the
non-compliance of the rule of the due diligence which is mentioned above.
However, before making them liable they would be given a chance to be
heard.[20]
- The recent tussle between Twitter India and the Government of India has
many aspects one of which is related to the appointment of the Chief
Compliance Officer. Indian government blame Twitter India for non-compliance
with the rule of the land and the matter went to Delhi High Court. Recently,
the war came to an end when the lawyer representing the Government of India
informed the court that Twitter India has appointed the Chief Compliance
Officer, and hence there is no violation of IT Rules 2021.[21]
- Other than the Chief Compliance Officer intermediaries should also
appoint the Nodal contact person who must be the employee of the
intermediary and the resident of India and its job is to coordinate with the
law enforcement agencies and comply with the order made by them by the
law.[22]
- Redressal Grievance Officer should also be appointed who is the employee
of the intermediary and the resident of India whose job is to deal with the
Grievance Redressal which is mentioned above.[23]
- Intermediaries have to publish the compliance report monthly which
should contain the data of how many complaints were received and how many of
them were resolved and the action taken on them and should also mention the
communication link or the part of the information which was disabled by
them.[24]
- The significant social media intermediaries have to enable the
identification of the first originator of the message in case they receive a
judicial order passed from the court with authority over the matter or the
order passed by the competent government agency under Section 69 as per the
Information Technology (Procedure and Safeguards for the interception,
monitoring, and decryption of information) Rules, 2009.[25]
- Enabling such identification means that the intermediaries that use
end-to-end encryption would have to disable it for all of its users whether
they have committed any crime or not this poses a serious threat to the
privacy of every user. WhatsApp recently went to the Delhi High Court to file a lawsuit
against the Government of India that the new IT Rule 2021 violates the
fundamental right of privacy of the people.[26]
- However, such order can be passed only to prevent, detect, investigate,
prosecute, or punishment an offense related to the sovereignty and integrity
of India, the security of the State, friendly relations with foreign states,
or public order, or of incitement to an offense relating to the above or in
relation with rape, sexually explicit material or child sexual abuse
material, punishable with imprisonment for a term of not less than five
years.[27]
- If there is no need to pass an order and the appropriate action could be
taken by the conventional methods then the order should not be passed. And
the intermediaries while compiling with the orders to disclose the first
originator should not disclose the content of the messages of the first
originator or any other information or information of any other users.
- If the first originator is residing outside of India, then the first
person who shares the content for the first time in India will be considered
as the first originator.[28]
- Significant social media intermediaries that provide advertising
facilities to the people who hold copyright, or an exclusive license or
entered into a contract which provides to publicize their product or
information only through that particular social media intermediaries by
which the product or the information reached more and more people by
targeting the specific audience of that information or product and thus
provide financial benefits has to be marked advertised, marketed, sponsored,
owned, or exclusively controlled as per the case.[29]
- Significant social media intermediaries should use AI technology to
remove any unwanted materials on their computer sources like pornography,
child sexual abuse, crime against women, or any other material which was
earlier removed by the intermediaries under clause (d) of sub-rule (1) of
rule 3. And should give a warning that such information has been removed by
the intermediaries to the user who tries to publish such content or try to
access such information.[30]
- However, intermediaries should apply the all necessary and appropriate
technical measures to protect the right of free speech of the user and their
privacy too. The AI should be under continuous human observation following
the mechanism developed by the intermediaries and it should be reviewed
periodically.[31]
- AI Technology is not a fully developed tech it's still a work in
progress and giving such power in the hand of unfinished technology can be
proved dangerous for the right to freedom of speech and expression. Over
censorship is not an alien concept in many instances it has been seen AI has
to curb the posts or comment which doesn't violate or violate little the
policies of the intermediaries.
- AI technology is a self-learning program that uses a vast amount of data
to develop itself to facilitate the AI to examine this data intermediary has
to develop the infrastructure to hold such a vast amount of data which is
very costly and require a lot of manpower.
- AI also is a kind of program which runs on code like any other program
and that code is developed by some human and there is a great chance that it
has flaws and some biases which will affect the decision-making of the AI
and ultimately it will discriminate while censorship. There is no
accountability for the mistake which is made by AI and there is a lack of
transparency in the code writing of the AI. IT Rules 2021 also didn't shed
light on the case of who will be held accountable if the AI done a mistake
or does over censorship and what will be the procedure to overturn this
mistake.
- Significant social media intermediaries should have a physical address
which they should mention on their websites and their mobile applications as
well if they have any.[32]
- Significant social media intermediaries should implement the proper
grievance redressal mechanism by using which user can register their complaints
easily in case if any of the provisions of the rule is violated. Such users
should be provided with the unique ticket number so they can keep track of their
application[33]
- And it is the responsibility of the intermediaries to update
complainants on the action they have taken on their complaint and if no
action is taken then the reason for it.
- Significant social media should allow their user in India to verify
their account voluntarily by using appropriate methods or they can use their
registered mobile number to verify their account. And the intermediaries
should provide every such account with the symbol or mark which should be
visible to all of the other users. Provided that such information should not
be used unless the consent is given by the user.[34]
- If a significant social media intermediary removes any information under
clause (b) of sub-rule (1) of rule 3 on its own accord, then they should
inform the user who has published such information or content why they have
removed such information. And should allow the user to challenge the
decision taken by the intermediary and request the restoration of such
information and it should be decided within a reasonable time.[35]
- The resident Grievance Officer of such intermediaries should make sure
that the grievance redressal mechanism should run smoothly. Ministry can ask for
information from the intermediaries regarding the removal of information
published by the user.[36]
- Compliance with order:
Ministry can pass an order which requires an intermediary which is not a
significant social media intermediary to comply with rule 4 of the IT Rules 2021
if the services of the intermediary are to transmit the information which can
harm the sovereignty and integrity of India, security of the State, friendly
relations with foreign states or public order.
However, a reason to pass such an
order must be in writing.
The assessment of the risk will be done on the service provided by the
intermediaries whether they provide the services in which users can attract each
other or they provide service to publish the content which has a wide range of
users and would result in spreading of such information.[37]
- Non-observance of rules:
Rule 7 of the IT Rule 2021 clearly states that if the intermediaries violate any
rule, then they will be held liable and the appropriate action will be taken
against them according to the law. This rule took away the immunity which was
provided to the intermediaries by section 79(1) of the IT Act 2000.[38]
This rule caused a panic among the intermediaries because not only they would be
stopped from functioning in India they can also be held criminally liable for
the content posted, published, shared, or edited by any other person.
Conclusion
The requirement of law to tackle cybercrime is eminent and it should be done
promptly but it shouldn't be done at the cost of risking the privacy and
security of the people. These laws are promising but still need improvements on
many fronts like definitions should be clearer and the privacy of the users
should be protected more effectively and the effective data protection law must
be enforced.
Use of the Artificial Technology for deciding which content or
information is violating the policy of the law is not effective because AI work
on programming codes and codes can be flawed and AI is a self-learning program
and there is no transparency from which data AI is learning and on what code AI
is built.
End to End encryption is used by the intermediaries to protect the
privacy of the user and to find the first originator of the messaged end-to-end
encryption has to be disabled for all the users this will be a serious threat to
the privacy of the users. We need a law that can guaranty our safety from cybercrime and at the same time protect our privacy and personal data.
End-Notes:
- Venkat Ananth, "The rise, fall and subsequent death of Orkut", The Mint, 30
Sep 2014, available
at: https://www.livemint.com/Consumer/zAYIirsyDYC2ZVcNxGkXcJ/The-rise-fall-and-subsequent-death-of-Orkut.html (visited
on October 23, 2021).
- Ibid.
- Number of social network users in selected countries in 2021 and 2026,
available at: https://www.statista.com/statistics/278341/number-of-social-network-users-in-selected-countries/ (visited
on October 23, 2021).
- Rule 3(1)(a) IT Rules, 2021.
- Rule 3(1)(b) IT Rules, 2021.
- Rule 3(1)(c) IT Rules, 2021.
- Rule 3(1)(d) IT Rules, 2021.
- Rule 3(1)(c) IT Rules, 2021.
- Rule 3(1)(c) IT Rules, 2021.
- Rule 3(1)(e) IT Rules, 2021.
- Rule 3(1)(g) IT Rules, 2021.
- Rule 3(1)(h) IT Rules, 2021.
- Rule 3(1)(j) IT Rules, 2021.
- Rule 3(1)(k) IT Rules, 2021.
- Rule 3(1)(i) IT Rules, 2021.
- Rule 3(1)(l) IT Rules, 2021.
- Rule 3(2)(a) IT Rules, 2021.
- Rule 3(2)(b) IT Rules, 2021.
- Rule 3(2)(c) IT Rules, 2021.
- Rule 4(1)(a) IT Rules, 2021.
- Twitter Communications India Pvt. Ltd. & Ors. V. Union Of India & Ors., Writ Petition(s)(Criminal) No(s). 337/2020.
- Rule 4(1)(b) IT Rules, 2021.
- Rule 4(1)(c) IT Rules, 2021.
- Rule 4(1)(d) IT Rules, 2021
- Rule 4(2) IT Rules, 2021
- Whatsapp LLC v/s. Competition Commission Of India & Anr., W.P.(C) 4378/2021 &
CM 13336/2021.
- Rule 4(1)(c) IT Rules, 2021.
- Rule 4(1)(c) IT Rules, 2021
- Rule 4(3)(a) &(b) IT Rules, 2021
- Rule 4(4) IT Rules, 2021
- Ibid
- Rule 4(5) IT Rules, 2021
- Rule 4(6) IT Rules, 2021
- Rule 4(7) IT Rules, 2021
- Rule 4(8)(a) & (b) IT Rules, 2021
- Rule 3(8)(c) IT Rules, 2021
- Rule 6 IT Rules, 2021
- Rule 7 IT Rules, 2021
Please Drop Your Comments