Constitutional Issues Arising from India’s New IT Rules, 2021

Reading time : 10 minutes

  1. Introduction

On February 25th of this year, the Government of India released the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which required various social media intermediaries and platforms to adhere to a stricter set of rules within the stipulated time. The development of these new rules was undertaken by the Central Government of India, the Ministry of Electronics and Information Technology (MeitY) and the Ministry of Information and Broadcasting (MIB).[1] The rules are a form of secondary legislation, created under Section 87 of the Information Technology Act, 2000, which grants the Central Government the power to make subsidiary rules. Because of this, the rules did not have to go through Parliament to be accepted. The rules are based on a combination of the Intermediaries Rules, 2018 and the OTT Regulation and Code of Ethics for Digital Media.

The conversation around the rules first came to light on December 24, 2018, when news broke that a meeting was held to propose guidelines under Section 79 of the IT Act, which states that intermediaries are not liable for the actions of users if they comply with the guidelines set down by the government.[2] The guidelines were created following the Information Technology (Intermediaries Guidelines) Rules, 2011, with new changes were being proposed to them, and the new rules published in 2021 now suppresses those from 2011. Because the conversations behind the change in guidelines were brought to the public’s attention, the MeitY announced a public consultation to the changes, which aimed to alter some of the liability exemptions of the platform providers.[3] The final rules were then published on February 25th of this year. Although the government stated that the reason for the creation of the rules was “in order to prevent spreading of fake news, curb obscene information on the internet, prevent misuse of social media platforms and to provide security to the users,” many have criticized it, stating that it could inhibit the right to free speech and privacy that the Constitution of India offers.[4] This paper aims to analyse these constitutional issues that could arise from the imposition of these rules.

The New Guidelines – Relevant Sections

The new guidelines stipulate some conditions that various social media and other intermediaries must comply with by May 25th, three months after the rules were released. The guidelines are a combination of rules created by the MeitY and the MIB. MeitY issued rules included due diligence from the side of the intermediaries and a grievance redressal mechanism. MIB issued rules included a code of ethics, a self-classification system and an oversight mechanism. Section 2 of the rules begins with the definition and classification of the various entities that fall under the Act’s purview. These include news aggregator, publisher of news and current affairs content, publisher of online curated content, significant social media intermediary and social media intermediary.[5]

Section 3 of the guidelines highlight some of the due diligence requirements that have to be followed by intermediaries, significant social media intermediaries and social media intermediaries. Rule 3(1)(d) stipulates that once an intermediary receives knowledge through a court order or government notification, they must remove the information published on their platform, specifically those which prohibited by law concerning the interest of the sovereignty and integrity of India, the security of the State, friendly relations with foreign states, public order, decency or morality, contempt of court, defamation, incitement to an offence or information which violates any law which is in force.[6]

Section 4 of the guidelines builds upon Section 3, by including further due diligence that has to be followed, specifically by significant social media intermediaries like Twitter and WhatsApp. A significant social media intermediary, under these new rules, are those intermediaries that have more than 5 million users. Under Section 4(2), social media intermediaries with messaging features must be able to identify the “first originator” of a piece of information.[7] If the first originator is from outside India, then the first originator becomes the first person to have access to that piece of information within the boundaries of India. Section 4(4) further states that a significant social media intermediary must also provide an automated mechanism for identifying inappropriate content (in the form of rape, sexual abuse, or any information similar to that which has already been removed).[8] After identifying such content, the automated mechanism will automatically take it down, subject to review.

Furthermore, there must be an oversight mechanism from the MIB to ensure the various intermediaries adhere to the guidelines. The Ministry will have an officer designated as the “Authorized Officer,”[9] who will initiate the procedure for deletion blocking or modification of information by the publisher, and for blocking of data in case of an emergency[10]. The section also states that the MIB must form an Interdepartmental Committee, which will hear complaints and grievances raised by Level I and Level II of the Grievance Redressal Mechanism. They will then provide recommendations back to the MIB, including “warning, censuring, admonishing or reprimanding” an entity, demanding an apology, issuing a warning or deleting or modifying content.[11] The MIB will then pass this on to the intermediary, in the form of a government order.

  1. Threat to Right to Privacy

Introduction to Right to Privacy

Prior to 2017, the right to privacy was not considered a constitutional right in India, with Supreme Court judgements in cases like MP Sharma v. Satish Chandra[12] and Kharak Singh v. State of Uttar Pradesh[13], setting the precedent of the same. Both these cases held that the Constitution of India does not provide or protect the right to privacy. For over 55 years, these two cases were binding judgements in all cases regarding the right to privacy because no larger bench in the Supreme Court has had to consider this issue. That was until 24th August 2017, when the Supreme Court, in a historic judgement in the case of Justice K.S.Puttuswamy v. Union of India[14], declared that the right to privacy was a fundamental right that was protected under the Constitution of India. A nine judge-bench held that although it is not explicitly articulated, under Articles 14, 19 and 21 of the Constitution, the right to privacy remains a fundamental right.[15] It is an essential part of the right to life and liberty and thus protects all citizens from the State’s scrutiny, subject to reasonable restrictions.

Although the right to privacy is classified as a fundamental right, it is not absolute and will be subjected to reasonable restrictions. These reasonable restrictions can be imposed to protect legitimate State interests, but only upon following a three-step test to determine if it is necessary. There must be an existence of a law that justifies this encroachment on privacy, a legitimate State aim that requires the nature of the law to fall within the zone of reasonableness, and proportional means taken by the State based on the objects that need to be sought.[16] All current and future actions of the State that aim to violate the right to privacy under the Constitution must now be compared against these three steps to ensure the violation is reasonable and required.

Application to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Under Section 4 of the Rules, the social media intermediary must be able to identify the “first originator” of a piece of information, and for this to be done, all the messages will have to be traceable. To do so, many of these intermediaries will have to break the end-to-end encryption that forms the backbone of their services. Imposing the traceability of messages as a mandatory requirement weakens the security and the privacy of these conversations taking place on the intermediary. Along with the breaking of encryption, these intermediaries will have to provide further data about each message, such as the phone number of the sender, the time the message was sent and where and from what device it was sent from.[17] The collection of this data is a severe violation of the right to privacy that is guaranteed to all the users of an intermediary when they sign up to use the app and could also put them at risk of surveillance from other actors.

Furthermore, to implement this traceability, intermediaries will have to break encryption not just within their functioning in India, but also across the world. Economically, it would not be plausible to this, which might lead to the intermediary shutting down their services in India. Other countries with stricter data privacy laws might also not allow the intermediaries to do this in their domain, again making it easier to shut down operations in India only. This is not ideal, especially because intermediaries like WhatsApp have become one of the most popular messaging apps in India, playing an important role in not just everyone’s personal lives, but also in the business and political sphere. Alternatively, because the government says they do not intend to break this encryption, tech experts from the field have stated that there is a possibility that traceability could be implemented without breaking the encryption.[18] However, the functioning of this is sceptical because to do so would be extremely expensive and challenging for intermediaries because the amount of data they would have to store and collect would be immense all over the world.

Section 4(2) further states the aim of this rule is only for the prevention, detection, investigation, prosecution” of offences related to the sovereignty of the country, public order or in relation with sexually explicit material, including children or rape. Advocates of traceability also say the main aim of this rule is to combat fake news or track down the origins of illegal content such as child pornography.[19] However, technical experts have argued that implementing traceability could have limited effectiveness on this aim, as there are several easily accessible methods through which one could circumvent traceability.[20] Furthermore, there might be situations wherein it will be impossible to truly reach the first originator of the information, for example, when a screenshot of a tweet is shared via WhatsApp. In such cases, the traceability measures will only reach the first originator of the message on WhatsApp, not the first originator of the actual piece of evidence. This might lead to the wrong person being accused of the said offence, even though they are not the true originator, and their right to privacy being violated unnecessarily.

WhatsApp has also filed a lawsuit against the Government of India in the Delhi High Court, following the same arguments. They also argue that the reasonable restrictions the Supreme Court set down in the Puttuswamy judgement, wherein legality, necessity and proportionality could all allow for a limitation on the right to privacy, was not applicable to this law.[21] This is because they claim the new IT rules fail all those tests.[22] There is an existence of a law, but one without parliamentary backing, and the request for traceability does not seem proportionate to the possible effects of sharing of information via the intermediary. Thus, the con of threatening the right to privacy might be greater than the actual impact this rule might have in carrying out the true aim of its implementation.

The possible violation of the right to privacy is especially important in a country like India, where there is no specific Data Privacy law that could safeguard citizens against violations committed by any other party. Allowing such rules like traceability to be imposed, might seriously infringe on the minimal rights the citizens have over their privacy currently, with possibilities of recourse.

  1. Restriction on Freedom of Speech

Introduction to Freedom of Speech

The freedom of speech and expression in India is a constitutionally guaranteed right available to all citizens of the country. Under Article 19 of the Constitution, “All citizens shall have the right to freedom of speech and expression,” meaning that every person has the right to express one’s opinions freely by writing, word of mouth, printing, pictures or in any other mode.[23] This also includes the right to publish the view of other people in any manner. Social media has become a new accessible and influential space where citizens can express themselves without constraint. Previous forms of traditional media required publishers, and therefore held control over what gets published, but these barriers are removed when it comes to social media. Subsequent to the case of Indian Express v. Union of India, it has further been held that although not mentioned explicitly in the Constitution, Article 19 also encompasses the freedom of the press, under which they are guaranteed freedom to access sources of information, freedom of publication and freedom of circulation.[24]

Under Article 19(2) of the Constitution, reasonable restrictions may be placed on the freedom of speech in order to protect the “the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence.”[25] However, as set down in the case of Kedar Nath Singh vs the State of Bihar, inciting threat to security or sovereignty is not the same thing as commenting on the measures and acts of the government.[26] Therefore, under the freedom of speech, a citizen has the right to say whatever they like about the government, as long as it does not incite violence against the government or cause public disorder.

Application to Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Section 3 and 4 of the rules, which stipulate that under the due diligence requirements of the rules, intermediaries are required to take down content when they receive a notice by the government, is said to be highly violative of the right to free speech guaranteed under Article 19 of the Indian Constitution. This is because the government becomes the adjudicator for all speech online, and any discourse that goes against the government can be muted. As seen in the recent past, the Indian government has been very strict against dissent, and this rule could be abused to silent anyone speaking up against the government. Under Section 13 of the rules, wherein the MIB is set as the highest oversight mechanism, the MIB has the power to issue guidance rules and advisories to publishers who publish certain content. In return, the Inter-Departmental Committee can also send recommendations of information to be warned, censured or reprimanded.[27] In such a framework, the freedom of speech and expression will be at the behest of the government and its agencies, and thus, does not count as truly free speech.

Furthermore, Section 3(d) imposes that the time limit for action to be taken once a notice is given is 36 hours. This is hugely problematic because this takes away the time for the intermediary to take their own internal action against the content, such as an internal review of the content against the intermediaries guidelines. If the intermediary disagrees with the order of the government, meaning if they believe the content should not be taken down, this might not be enough time for an appeal or a review to take place. Additionally, because of the stringent nature of the rules and the possible criminal repercussions if the rules aren’t met, intermediaries might be incentivized just to take down the content. They might not exercise due care to ensure that the freedom of speech is maintained and might just submit to the government orders, which could cause increased government censorship and restraint on freedom of speech.

In regards to rule 4(4), which designates an automated filtering mechanism to block content that goes against the guidelines automatically, this too has severe consequences for free speech in India. Although these tools have been proposed in order to monitor content such as rape or child abuse, these technologies have not yet developed to their full potential. They may not adequately perform the task in different languages. Since these automated mechanisms are also coded, coding biases may lead to discrimination in languages differences and a lack of accountability and transparency in the process of identifying harmful content.[28] Because this has to do with the freedom of speech of citizens, it may not be adequate to leave this in the hands of a system riddled with coding biases. Furthermore, since AI learns through past data, certain words or phrases that have previously been flagged may be censored again, even though they have been used in different contexts or meanings. In such cases, automated censorship increases, as platforms and AI mechanisms would rather take down content that has previously been flagged instead of leaving it up and possibly inviting consequences. This will also further have effects on the free speech of online intermediary users.

Another issue that could possibly arise would be in regards to the publishing of online news media on these intermediaries. The Information Technology Act, and therefore its subsequent rules, do not affect the publication of news media in any form. The definition of “publisher of news and current affairs content” under Section 2 only specifies that the scope of this term does not include those that publish physical newspapers. This eliminates a large number of media publications that do not publish physical newspapers but still publish online newspapers. This arbitrariness in the definition, allows the government to extend the scope of their censorship to such publishers. This might further stifle online news sources, many of whom also use Twitter to dispense headlines, and further limit the freedom of speech and freedom of the press.

Especially since the freedom of speech and freedom of the press are enshrined in the Constitution of India, it becomes all the more important for the government to uphold these rights. However, the nature of these rules that have been implemented could pose a serious violation of these rights.

  1. Possible Solutions

Although there are some major constitutional issues regarding these new rules, there are some solutions that could ensure these constitutional rights are upheld and not violated.

  1. Parliamentary Backing – Section 87 of the IT Act, 2000 stipulates that the Central Government has the power to create new rules under this Act through notification in the Official Gazette or Electronic Gazette. This means that any new rules created does not have to go through a parliamentary procedure as other legislature do. However, because of the nature of these rules and the significant risk they pose to constitutional rights, an exception could be made that allows these rules to gain parliamentary backing. This would ensure that the essence of the regulations is debated in Parliament, and Amendments are proposed to ensure there are no major constitutional violations. Once this is done and the bill gains assent from the Lower and Upper houses of the Parliament, it can then be adopted across the country.
  • Data Privacy Laws – These rules also warrant the sharing of excess amounts of personal information and data of intermediary users, an issue that may not have arisen before. Because of this, it should be ensured that these users also have laws to guard themselves against the misuse of their private data by any party online. Since the IT Act 2000 does not specifically provide for this, new Data Privacy laws must be enacted to ensure the protection of user’s data online. This could be done by expediting the passing of the Personal Data Protection Bill that was introduced in Parliament in 2019 and has still yet to be enacted because it is under the final stages of parliamentary review.[29]
  • Stakeholder Input – Another important issue that arose about the rules is the lack of significant stakeholder and public input that was taken while drafting them. The MeitY announced a public consultation on the draft in 2018, on which they received 171 comments and 80 counter-comments.[30] But, in 2021, without any consultation with the relevant stakeholders, the rules were published. According to the Government of India’s Pre-Legislative Consultation Policy, all ministries must publish draft legislation in public domain for a minimum of at least 30 days.[31] If this can be followed, it might give more time for the stakeholders to provide inputs to uphold their interests in the legislation.  
  • Conclusion

In conclusion, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 could potentially change the way we access the internet and social media intermediaries, as well as how our data is accessed in return by these intermediaries. There seems to be illegal and unconstitutional use of executive power to curtail some fundamental rights of users of the apps, specifically without parliamentary backing or consultation with involved stakeholders. The constitutional issues that arise are the violation of the right to free speech and expression as well as the right to privacy that all individuals in India have. It is imperative for the government to take due cognizance of the complaints of possible violations of these rights because of the international image of the decline of democracy in India. Both V-Dem in Sweden and Freedom House in the United States have downgraded India’s ranking as a democracy, stating that the reasons for this were the attack on civil liberties by the government.[32] These rules are another example of this attack on civil rights, and could negatively affect the status India currently holds as a democracy.

However, the problems the arise with the rules do not necessarily compel them to be repealed. The rules are a necessary oversight and accountability for big tech companies and intermediaries and therefore remain essential. Furthermore, there are certain benefits to them, such as the removal of non-consensual intimate or nude images, the banning of child porn and other similar sexually explicit photos within 24 hours.[33] Intermediaries also have to publish compliance reports, which will help to increase transparency through the process, as well as set up a dispute resolution mechanism for content removal within their company. Such benefits of the rules are essential, but should not come at the cost of the freedom of speech and privacy for individuals using these social media intermediaries. Thus, it might be in the best interest of the people for specific changes to be made to the rules, or for the rules to be scrapped and rewritten, keeping in mind the constitutional rights of the people, so as not to silence voices and hurt privacy.


[1] Dalmia, Vijay Pal. “Information Technology (Guidelines For Intermediaries And Digital Media Ethics Code) Rules, 2021.” Mondaq, Mondaq Ltd., 4 Mar. 2021, http://www.mondaq.com/india/social-media/1042586/information-technology-guidelines-for-intermediaries-and-digital-media-ethics-code-rules-2021.

[2] Jain, Anushka. “Latest Draft Intermediary Rules: Fixing Big Tech, by Breaking Our Digital Rights?” Internet Freedom Foundation, Internet Freedom Foundation, 25 Feb. 2021, internetfreedom.in/latest-draft-intermediary-rules-fixing-big-tech-by-breaking-our-digital-rights/.

[3] Ibid.

[4] S.S. Rana & Co. Advocates. “Analysis Of The Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018.” Mondaq, Mondaq Ltd. , 29 Mar. 2019, http://www.mondaq.com/india/social-media/794624/analysis-of-the-information-technology-intermediaries-guidelines-amendment-rules-2018.

[5] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, s. 2

[6] Ibid, s. 3(1)(d)

[7] Ibid, s. 4(2)

[8] Ibid, s. 4(4)

[9] Ibid, s. 15(2)

[10] Ibid, s. 16(1)

[11] Ibid, s. 14(5)

[12] 1954 AIR 300

[13] 1963 AIR 1295

[14] 10 SCC 1

[15] Justice K.S.Puttuswamy v. Union of India 10 SCC 1

[16] Ibid.

[17] Lichtenberg, Judith. “GNI Analysis: Information Technology Rules Put Rights at Risk in India.” Global Network Initiative | Freedom of Expression and Privacy, Global Network Initiative, 30 Mar. 2021, globalnetworkinitiative.org/india-it-rules-2021/.

[18] Ibid.

[19] Aravind, Vinay. “From Social to Antisocial: How the New IT Rules Will Accelerate India’s Democratic Decline.” Newslaundry, 29 May 2021, http://www.newslaundry.com/2021/05/29/from-social-to-antisocial-how-the-new-it-rules-will-accelerate-indias-democratic-decline.

[20] Prabhakaran, Manoj. IIT Bombay, 2019, pp. 1–6, On A Proposal for Originator Tracing on WhatsApp.

[21] Menn, Joseph. “WhatsApp Sues Indian Government over New Privacy Rules .” Reuters, Thomson Reuters, 26 May 2021, http://www.reuters.com/world/india/exclusive-whatsapp-sues-india-govt-says-new-media-rules-mean-end-privacy-sources-2021-05-26/.

[22] Ibid.

[23] The Constitution of India, art. 19.

[24] 1986 AIR 515

[25] The Constitution of India, art. 19 (2)

[26] 1962 AIR 955

[27] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, s. 13

[28] Jain, Anushka. “Latest Draft Intermediary Rules: Fixing Big Tech, by Breaking Our Digital Rights?” Internet Freedom Foundation, Internet Freedom Foundation, 25 Feb. 2021, internetfreedom.in/latest-draft-intermediary-rules-fixing-big-tech-by-breaking-our-digital-rights/.

[29] Waris, Salman. “Personal Data Protection Bill-Status Of The Legislation And Data Regulation Regime In India – Privacy – India.” Mondaq, Mondaq Ltd., 26 Jan. 2021, http://www.mondaq.com/india/data-protection/1022956/personal-data-protection-bill-status-of-the-legislation-and-data-regulation-regime-in-india.

[30] “Analysis of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.” SFLC.in, Software Freedom Law Centre, 27 Feb. 2021, sflc.in/analysis-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021.

[31] Ibid.

[32] Aravind, Vinay. “From Social to Antisocial: How the New IT Rules Will Accelerate India’s Democratic Decline.” Newslaundry, 29 May 2021, http://www.newslaundry.com/2021/05/29/from-social-to-antisocial-how-the-new-it-rules-will-accelerate-indias-democratic-decline.

[33] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, s. 3(2)(b)

Author: Trisha Jawahar, O.P Jindal Global University

Editor: Kanishka VaishSenior Editor, LexLife India.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s