On Draft Amendment to The Information Technology (Intermediary Guidelines and Digital Media Ethics) Rules 2021
Background
The Ministry of Electronics and Information Technology (“MeitY”) published the proposed draft amendment to The Information Technology (Intermediary Guidelines and Digital Media Ethics) Rules 2021 ( “IT Rules, 2021”) on 6th June 2022 and in pursuance a public consultation meeting was held on 23rd June 2022.
Timeline: The draft amendment is open for public consultation and comments can be submitted within 30 days, i.e., by 6th July 2022.
Suggesting that “certain infirmities and gaps exist in the current rule vis-a-vis Big Tech platforms”, MeitY has proposed the amendments to IT Rules 2021 to address these challenges and gaps highlighting that these amendments will not impact early stage Indian companies or start-ups.
Proposed Amendments
[1] Due diligence by an intermediary: In the draft amendment to the IT Rules 2021, the first set of amendments are the insertions in rule 3(1) under the mechanism of due diligence by intermediaries in IT Rules 2021. The proposed amendments requires intermediaries to ensure that users comply with requirements in rule 3(1)(a), i.e. the rules and regulations, privacy policy and user agreement for access or usage of its computer resource published by the intermediary on its website. The insertion in rule 3(1)(b) of the IT Rules 2021 makes the intermediaries accountable to “inform the rules and regulations, privacy policy or user agreement of the intermediary to the user and shall cause the user of its computer resource” not to host, display, upload, modify, publish, transmit, store, update or share any information as laid down in sub-clauses (i) to (x) of the clause (b) under sub-rule (1) of rule 3. The addition of draft rule 3(1)(m) lays down that “the intermediary shall take all reasonable measures to ensure accessibility of its services to users along with reasonable expectation of due diligence, privacy and transparency.” Lastly, the addition of rule 3(1)(n) requires intermediaries to respect “rights accorded to the citizens under the Constitution of India”.
IT Rules 2021 |
Draft Amendment |
3.(1) Due diligence by an intermediary: An intermediary, including social media intermediary and significant social media intermediary, shall observe the following due diligence while discharging its duties, namely:—
(a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person;
(b) the rules and regulations, privacy policy or user agreement of the intermediary shall inform the user of its computer resource not to host, display, upload, modify, publish, transmit, store, update or share any information that,— (i) – (x) xxx |
3.(1) Due diligence by an intermediary: An intermediary, including social media intermediary and significant social media intermediary, shall observe the following due diligence while discharging its duties, namely:—
(a) the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person and ensure compliance of the same;
(b) the intermediary shall inform the rules and regulations, privacy policy or user agreement of the intermediary to the user and shall cause the user of its computer resource not to host, display, upload, modify, publish, transmit, store, update or share any information that,— (i) – (x) xxx
(m) the intermediary shall take all reasonable measures to ensure accessibility of its services to users along with reasonable expectation of due diligence, privacy and transparency;
(n) the intermediary shall respect the rights accorded to the citizens under the Constitution of India. |
Comments:-
- Rules 3(1)(a) and (b): The insertions in Rule 3(1)(a) and Rule 3(1)(b) require intermediaries to ensure users to comply casts an affirmative obligation on the intermediaries to enforce their policies and monitor content available on the platform. The expressions “ensure compliance” and “cause the user” are likely to be interpreted to cast a requirement on intermediaries to proactively monitor content failing which the presence of any illegal content may result in loss of safe harbour.
- Existing Rule 3(1)(b) read with Rule 3(1)(c) and Rule 3(1)(f) casts obligations on intermediaries to periodically inform it’s users on the rules, regulations, privacy policy or user agreement.
- SSMIs have TOS/ product policies ensuring compliance of not hosting, displaying, uploading any content some of which is also within the scope of 3(1)(d). They also have reporting mechanisms wherein alleged unlawful content can be reported and actioned on as per the applicable provisions under Rule 3(1)(d). Additional requirements to “ensure compliance” and/ or to “cause” users to not post such content is beyond the proportionality requirements.
- These amendments are in conflict with the substantive statutory provisions laid down under Sec 79(2) of the IT Act[1] and various judicial precedents on intermediary liability, such as Shreya Singhal v. Union of India[2] and Myspace v. Super Cassettes Industries[3]. Requiring an intermediary to screen any kind of content would change the nature of an intermediary as it will be required to actively monitor as well as adjudicate on content, thereby censoring content on the platform.
- Suggestion:
- Therefore it is recommended that these insertions be removed.
- If necessary, the proposed amendment must be limited in scope for which we recommend the following revisions –
Rules 3(1)(a) – the intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the rules and regulations, privacy policy and user agreement for access or usage of its computer resource by any person and endeavor to ensure compliance of the same upon receiving actual knowledge;
Rules 3(1)(b) – the intermediary shall inform the rules and regulations, privacy policy or user agreement of the intermediary to the user and shall upon receipt of actual knowledge, endeavor to cause the user of its computer resource not to host, display, upload, modify, publish, transmit, store, update or share any information that,—
- Rule 3(1)(m): Addition of “reasonable expectation of due diligence, privacy and transparency” in the draft provision is an attempt to introduce safeguards on actions taken by intermediaries, however, “reasonable expectation” is an abstract construct, does not provide clarity on its exact meaning and as a result risks and liability can be created for intermediaries on mere perception of non-compliance.
- Rule 3(1)(c) gives the intermediary the right to terminate access or usage rights of the users of the computer resource immediately or remove non-compliant information or both. The accessibility of the services are subject to the terms of service and Rules themselves cast an obligation on intermediaries to terminate the account of users. Thus the amended provision is not required.
- Suggestion:
Therefore it is recommended that this insertion be removed.
- Rule 3(1)(n): Addition of this proposed amendment is indicative of the requirement of an intermediary to perform a public function with respect to the regulatory framework as it tasks the intermediary to engage with fundamental rights. The business of private functionaries intersects with fundamental rights, that per se does not imply that it discharges a public function. Fundamental Rights principally are available to citizens against the State.
- Suggestion:
Therefore it is recommended that this insertion be removed.
[2] Grievance redressal mechanism of intermediary: The draft amendment has proposed changes in the grievance redressal mechanism of the intermediary under rule 3(2). The draft provision proposes to introduce an obligation on the Grievance Officer to acknowledge the complaints “including suspension, removal or blocking of any user or user account or any complaint from its users in the nature of request for removal of information or communication link” within twenty four hours and dispose of such complaint within a period of fifteen days from the date of its receipt. Further, it has proposed to add two provisos under rule 3(2) of the IT Rules 2021. The first proviso will require any complaint for removal of any content under rule 3(1)(b) to be addressed within 72 hours of the receipt of the user’s complaint. The second proviso allows intermediaries to implement any safeguards to prevent any misuse of the grievance redressal mechanism by users.
IT Rules 2021 |
Draft Amendment |
3.(2) Grievance redressal mechanism of intermediary: (a) The intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the name of the Grievance Officer and his contact details as well as mechanism by which a user or a victim may make complaint against violation of the provisions of this rule or any other matters pertaining to the computer resources made available by it, and the Grievance Officer shall –
(i) acknowledge the complaint within twenty four hours and dispose off such complaint within a period of fifteen days from the date of its receipt;
|
3(2) Grievance redressal mechanism of intermediary: (a) The intermediary shall prominently publish on its website, mobile based application or both, as the case may be, the name of the Grievance Officer and his contact details as well as mechanism by which a user or a victim may make complaint against violation of the provisions of this rule or any other matters pertaining to the computer resources made available by it, and the Grievance Officer shall –
(i) acknowledge the complaint, including suspension, removal or blocking of any user or user account or any complaint from its users in the nature of request for removal of information or communication link relating to sub-clauses (i) to (x) of the clause (b) under sub-rule (1) of rule 3, within twenty-four hours and dispose of such complaint within a period of fifteen days from the date of its receipt;
Provided that the complaint in the nature of request for removal of information or communication link relating to sub-clauses (i) to (x) of the clause (b) under sub-rule (1) of rule 3, shall be acted upon expeditiously and redressed within 72 hours of reporting:
Provided further that appropriate safeguards may be developed by the intermediary to avoid any misuse by users. |
Comments :-
- Rule 3(2)(i): The proposed amendment envisages acknowledgement of complaints within 24 hours and does not appear to be prejudicial. However, we propose a clarificatory revision that the 24 hour timeline for acknowledging complaints, includes complaints for suspension, blocking, removal of any user/user account etc.
- Suggestion:
- We recommend the following revision –
“acknowledge the complaint, which complaint could include suspension, removal or blocking of any user or user account or any complaint from its users in the nature of request for removal of information or communication link relating to sub-clauses (i) to (x) of the clause (b) under sub-rule (1) of rule 3, within twenty-four hours and dispose of such complaint within a period of fifteen days from the date of its receipt.”
- Rule 3(2)(i) proviso: The proposed amendment adds an additional layer of turnaround time for removal requests under Rule 3(1)(a) (i)-(x) to 72 hours. As provided in the press note, this amendment is proposed to ensure expeditious removal of problematic content and guard against virality over a sustained period of time by providing a shorter timeline for dealing with user grievances. However, Rule 3(1)(b)(i) to (x) is exhaustive and a large volume of user complaints fall within its ambit and thereby it is a stringent timeline owing to intermediaries having a large volume of removal requests and lacks technical feasibility. It would additionally create more challenges for alleged non-compliance and risk of loss of safe harbour
- Further, the terms ‘acted upon’ and ‘redressed’ read with the requirements of ‘ensuring compliance’ and ‘causing the user’ sought to be introduced in Rules 3(1)(a) and (b) suggest that within 72 hours content must be disabled or removed, or inform the user of removal. There is no provision for seeking clarifications or details including asking for court orders supported by judicial precedents.
- Suggestion:
- It is therefore recommended that the original timeline and process be retained.
- However, if necessary, for expeditious removal of egregious content, there can be a segregation under Rule 3(1)(a) (i)-(x). And subsequently the 72 hour timeline should apply only to content falling under the ambit of Rule 3(1)(a) (ii)[4], (iii)[5] and (viii)[6] and any other content that the executive may believe is of a nature that warrants an expeditious removal. It is important to bear in mind the tighter the time frame given, the greater the chances of errors occurring and forcing the intermediary to block content without appreciating the issue. This surely cannot be the objective behind a timeline.
[3] Grievance Appellate Committee: MeitY has proposed to create an appellate body called “Grievance Appellate Committee” under rule 3(3) of the IT Rules 2021 by invoking section 79 of the IT Act having regard to additional guidelines as may be prescribed by the Central Government and consisting of a “Chairperson and such other Members, as the Central Government may, by notification in the Official Gazette, appoint”. This creates an appeal mechanism for users against the grievance redressal process of the intermediaries before this new appellate body. It is proposed that the Grievance Appellate Committee shall make “an endeavour” to dispose of the appeal within 30 days. However, the draft note has also clarified that despite the amendments coming in place, users will have the right to directly approach a court of law against the intermediary’s decision.
IT Rules 2021 |
Draft Amendment |
|
3.(3) Appeal to Grievance Appellate Committee(s): – (a) The Central Government shall constitute one or more Grievance Appellate Committees, which shall consist of a Chairperson and such other Members, as the Central Government may, by notification in the Official Gazette, appoint;
(b) Any person aggrieved by an order made by the Grievance Officer under clause (a) and clause (b) of sub-rule (2) of rule 3 may prefer an appeal to the Grievance Appellate Committee having jurisdiction in the matter within a period of 30 days of receipt of communication from the Grievance Officer;
(c) The Grievance Appellate Committee shall deal with such appeal expeditiously and shall make an endeavour to dispose of the appeal finally within 30 calendar days from the date of receipt of the appeal;
(d) Every order passed by the Grievance Appellate Committee shall be complied with by the concerned Intermediary. |
Comments :-
- The introduction of the Grievance Appellate Committee poses various concerns. Whereas it provides an alternative forum to regular courts to file appeals, the draft amendment is silent on the intermediary’s right to be heard as well as the right of the uploader to be heard and it may further expand the scope of issues that can be raised by users, that are not contemplated in the statute or by the Courts.
- Rule 3(1)(c) gives the intermediary the right to terminate the access or usage rights of the users to the computer resource immediately or remove noncompliant information or both, as the case may be. Thus, the action is taken by intermediaries on a case to case basis based on the facts and circumstances and violation of those terms and policies. Review by the Grievance Appellate Committee will broaden the scope of matters for content removal.
- Rule 3(1)(d) mandates removal of content pursuant to a court order or on direction from the appropriate Government agency. Any additional layer of review of removals by GAC will tantamount to privatisation of adjudications that would otherwise be litigated in Courts and Tribunals as matters of free speech.
- There is no indication on the details of constitution of members, powers and functions, qualifications etc. of the Grievance Appellate Committee with adequate industry and judicial representation.
- The entity as proposed has uncanalised powers, will remain in existence with both the law enforcement agencies and the judiciary which could lead to a conflict in decision making. There is no clarity as to the composition of this Board and, not being an independent authority, this could affect its ability in taking decisions. Again there is no clarity on the remedies an uploader has from a decision of the Grievance Appellate Committee. Further, there is no clarity on the due process based procedure for reviewing user complaints to be followed by Grievance Appellate Committee.
- IT Rules 2021 have set out three levels of regulation for news publishers — self-regulation, a self-regulatory body, headed by a retired judge or an eminent person, and oversight from the Information and Broadcasting Ministry, including codes of practices and a Grievance Committee. However, the draft amendment has not carved out any similar provision for establishing a credible self-regulatory mechanism for intermediaries.
- It must be noted that three-tier grievance redressal mechanism headed by the Government, has been stayed by the Bombay and Madras High Court, by its interim orders on the ground that these rules to be prima facie violative of Article 19(1)(a) and beyond the rule-making power conferred by the Parliament on the Government.
- Suggestion:
It is strongly recommended that in lieu of a Grievance Appellate Authority, an industry led self-regulatory mechanism be introduced that can serve the purpose of an independent appellate forum to oversee the decisions of an intermediary.
***
[1] 79 Exemption from liability of intermediary in certain cases. –
(1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.
(2) The provisions of sub-section (1) shall apply if-
(a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or
(b) the intermediary does not-
(i) initiate the transmission,
(ii) select the receiver of the transmission, and
(iii) select or modify the information contained in the transmission;
(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.
[2] Shreya Singhal v. Union of India, (2015) 5 SCC 1
[3] Myspace v. Super Cassettes Industries Ltd., 236 (2017) DLT 478
[4] Rule 3(1)(a)(ii) is defamatory, obscene, pornographic, paedophilic, invasive of another‘s privacy, including bodily privacy, insulting or harassing on the basis of gender, libellous, racially or ethnically objectionable, relating or encouraging money laundering or gambling, or otherwise inconsistent with or contrary to the laws in force;
[5] Rule 3(1)(a)(iii) is harmful to child;
[6] Rule 3(1)(a)(viii) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign States, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting other nation;