The Government of India came up with the Information Technology Act, 2000 (hereinafter ‘IT Act’) with the objective to provide recognition to e-commerce and e-transactions and also to protect the users from digital crimes, piracy, etc. The achievement of these objectives required the fixation of the liability on the intermediaries. “Intermediary, with respect to any particular electronic records, means any person who on behalf of another person receives stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, Internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places, and cyber cafes.”[i] Intermediary liability refers to the liability imposed upon the intermediary for the illegal content of the third party or its users uploaded or transmitted through their platform.
MODELS FOR IMPOSING LIABILITY
Broadly three models for imposing liability on an Intermediary have been recognized in the report titled Internet Intermediaries: Dilemma of Liability. Firstly, the Strict Liability Model which is followed in Thailand and China under which the intermediaries are strictly held liable for the user-generated content and there is generally no defense available to them. They are required to monitor their content, failing to which they face heavy penalties. Secondly, the Broad Immunity Model provides for broad immunity to the intermediaries from any liability arising out of user-generated content. Under this model, intermediaries are absolved from the obligation to monitor the unlawful content. This model is followed in U.S.[ii], EU, and Singapore. Thirdly, the Safe Harbour Model which is followed in India provides conditional immunity to the intermediaries against the third party content if they follow certain conditions specified by the law.
EVOLUTION OF LAW OF INTERMEDIARY LIABILITY IN INDIA
In India, safe harbor model was adopted under Section 79 of the IT Act, according to which the intermediary is protected for the third party content if it proves the absence of knowledge; or the application of due diligence on its part. Further the Information Technology (Amendment) Act, 2008 widened the scope of safe harbor protection by adopting the function-based approach and made the safe harbour protection available to intermediaries if they (a) were only involved in providing a communication platform to the users and (b) were not involved in the initiation of transmission or modification of the information. Under the said section, intermediaries were required to take down the content if they were informed by the government to do so or if they possessed “actual knowledge” about the content being unlawful.
In 2011, the Ministry of Electronics and Information Technology (hereinafter ‘MeitY’) issued The Information Technology (Intermediaries Guidelines) Rules which were to be followed by the intermediaries to avail the safe harbour protection provided under Section 79 of the IT Act. Further in the landmark judgment of Shreya Singhal v. Union of India[iii] the Supreme Court clarified that the term actual knowledge enumerated in Section 79 means that the intermediaries are required to take down the content only if they are intimated either by the government or by an order of the court.
As social media gained prominence, issues such as fake news, piracy, online hate speech, obscene content, and user privacy came up to fore. Following the rise in such cases the Ministry of Electronics and Information Technology prepared a draft in 2018 to amend the Information Technology (Intermediary Guidelines) Rules, 2011. The Draft Information Technology [Intermediary Guidelines (Amendment) Rules], 2018 (hereinafter ‘draft rules’) proposed certain amendments in the ‘Due Diligence’ guidelines.
Firstly, it provides that the intermediaries must, within 72 hours of communication, provide assistance to the government agency and also obligates the intermediaries to enable the tracing out of originators of content on their platforms.[iv] The draft rules also mandates the intermediaries to send a notice mentioning that the non compliance to the with the rules and policies would lead to termination of usage rights to its users at least once in a month.[v] Further, it requires intermediaries to proactively filter content on their platform by using automated tools.[vi] Also, the draft rules require mandatory incorporation of all the intermediaries having user base of more than 5 million in India. The said category of intermediaries is also required to have a permanent registered office in India, a nodal officer, and a senior official for 24-hour coordination with Law Enforcement Agencies.[vii] Lastly, it provides that every intermediary must, within 24 hours, remove the content on their platform on receiving an order from the court or being intimated by the government.[viii]
KEY ISSUES AND CONCERNS
The traceability requirement compromises with the right to privacy which was recognized as a fundamental right by the Supreme Court in the case of JusticeK.S. Puttaswamy v. Union of India[ix]. It also poses problems for the platforms which provide end-to-end encryption messaging facilities like WhatsApp as traceability requirement would mean the breaking of the end-to-end encryption. Also, the said rule fails to specify as to which government agency has the competency to ask for the assistance from the intermediary.
The requirement of proactive filtering of unlawful content by the intermediaries themselves, using automated tools goes very much against the Shreya Singhal[x] judgment wherein the Supreme Court held that the intermediaries are neutral platforms and need not exercise their own judgment in deciding what constitutes legitimate content. Further the rule requiring the intermediaries to regularly send notices to its users would lead to ‘Notice Fatigue’ and also be burdensome for intermediaries, especially those which do not have sufficient resources.
Also, there are certain ambiguous terms “unlawful information or content” in the Draft Rules which further deteriorates the situation. Lastly, the rule requiring the intermediaries having more than 5 million user base to have a permanent registered office, a nodal officer and a senior functionary fails to make it clear as to what this number of users refers to i.e. whether it refers daily, monthly or yearly users, or the number of registered users. Further, the compulsion to have a permanent physical address will incur additional costs on the intermediaries which will discourage them to enter and invest in the Indian markets.
The rules above, if notified without being amended may lead to infringement of “right to privacy” of the users and will pose difficulty for the intermediaries to observe “due diligence” of such rules.To address the concern regarding the rule mandating permanent registration and incorporation of the intermediary, the rule must be changed and must also provide for appointment of a nodal officer who must fulfill government’s requirement of having a contact person for the enforcement of law. Also, MeitY must clarify the manner of calculations of users for the purposes of applicability of the said rule. Further, instead of a strict 72 hour rule, the draft rules must prescribe ‘Stop the Clock’ method from the time the communication is made to the intermediaries for any kind of assistance to the government agency. The 24 hour timeline for removing the content shall be replaced with ‘Stop the Clock’ mechanism, so that the intermediaries can ask the questions, request for review and ensure that the data is not subjected to frequent and unnecessary removal. The rule requiring the intermediaries to send regular notice to its users shall be changed and the intermediaries should be provided the flexibility to determine the appropriate way and frequency of keeping their users informed of the applicable rules.
From the above analysis, it can be concluded that the rights, immunities, and liabilities of intermediaries in India are ever-changing and constantly evolving. Currently, Section 79 of the IT Act and the Shreya Singhal judgment guide the law regarding intermediary liability in India. The Draft Information Technology [Intermediary Guidelines (Amendment) Rules], 2018 which has not been notified in the official gazette by the MeitY yet must be changed with regard to the issues pointed out above, so as to impose “Reasonable” liability on the intermediary and to keep up the spirit of the “right to privacy” of the users. Further the analysis shows that the liability imposed on the intermediaries in India is inclined more towards the stringent side rather than the liberal side as in USA or Singapore which can be both a bane and a boon for the users, depending upon the circumstances.
[i] Information Technology Act, §2(1)(w) (2000)
[ii] Communications Decency Act, § 230 (1996)
[iii] Shreya Singhal v. Union of India, 12 SCC 73 (2013)
[vi] Draft Information Technology [Intermediary Guidelines (Amendment) Rules], Rule 3(9) (2018)
[vii] Draft Information Technology [Intermediary Guidelines (Amendment) Rules], Rule 3(7) (2018)
[viii]Draft Information Technology [Intermediary Guidelines (Amendment) Rules], Rule 3(8) (2018)
[ix] Justice K.S. Puttaswamy v. Union of India, 10 SCC 1 (2017)
[x] Supra, Note iv