Reading time : 10 minutes
IT RULES HISTORY
Information technology act 2000
Personal data protection bill 2019
WHAT ARE THE NEW IT RULES?
1. For social media intermediaries
2. For OTT’s
The last decade has seen exponential growth in the use of online applications which became a normal part of everyone’s life since the emergence of smart phones. Nowadays most the young people use internet to an extent that it has become integral to their lifestyle. With this many people using social media and more recently OTT platforms the fear of data privacy has emerged. Because exponential growth in the use of internet there has not been many laws to govern actions on the internet reason being its ever changing nature. Specifically in India till very recently the Information technology act of 2000 was the only major legislation for governing the use of internet. Although, in 2011 IT rules were added but they too are now out dated. In the wake of long run tussle between the Indian government and social media intermediaries such as twitter, whatsapp and facebook has led to the emergence of the new IT rules which are basically, additional guidelines to be added in the IT act 2000. This article focuses on the reason for the introduction of the new IT rules and what makes it a matter of concern to data privacy and unnecessary censorship.
IT RULES HISTORY
For the longest time the information technology act 2000 has been the most comprehensive legal provision that deals with internet privacy. The Information technology act contains a number of provisions that can, in some cases, protect online privacy, or in other cases, compromise with online privacy.
Provisions of the act that clearly protect users online privacy include:
- Penalizing child pornography,
- Penalizing hacking and related frauds and;
- Outlining data protection standards for corporates.
Provisions that in some way compromise user privacy speak to access by law enforcement to user’s personal information stored by corporate entity gathering and monitoring of internet traffic data and real time monitoring, intervention, and decryption of communications through online modes.
Additionally, legislative loop holes in the information technology act serve to weaken the privacy of online users. For example, the act does not address questions and situations like the evidentiary status of social media content in India, merging and sharing of data across databases, whether individuals can transmit images of their own “private areas” across the internet, if users have the right to be notified of the presence of cookies and do-not track options, the use of electronic personal identifiers throughout data bases, and if individuals have the right to demand service providers to dismantle and delete their personal content.
The Personal Data Protection Bill, 2019
After the Supreme Court’s landmark judgment in the Justice KS Puttaswamy case, as mentioned above, the Ministry of Information constituted a 10 member committee lead by retired Supreme Court judge B.N. Srikrishna for providing recommendations for a draft Bill on protection of personal data of citizens. the process took almost a year and finally the committee submitted its report titled “A Free and Fair Digital Economy: Protecting Privacy, Empowering Indians ” along with the draft bill on personal data protection. The new and updated Personal Data Protection Bill, 2019 (Bill), was presented by Mr. Ravi Shankar Prasad, Minister for Electronics and Information Technology, in the Lok Sabha on December 11, 2019. Although, it is still has not been passed due to delay in its examination by the assigned committee.
WHAT ARE THE NEW IT RULES?
SALIENT FEATURES OF NEW IT RULES
Grievance Redressal Mechanism:
The new Rules seek to empower the users by directing the intermediaries, including social media intermediaries, to establish an active grievance redressal mechanism for resolution of complaints received from the users or victims. Intermediaries are supposed to appoint a Grievance Officer who will deal with these complaints and also to share the name and contact details of such officer with the concerned government authority. Grievance Officer must acknowledge the complaint within 24 hours and resolve it within 15 days from its reception.
Ensuring Online Safety and Dignity of Users, Specially Women Users:
According to this guideline the social media intermediaries shall remove or disable the access in a time frame of 24 hours of receipt of the complaint of posts that exposes the private areas of individuals, show such individuals in full or partial nudity or in sexual act or is in the nature of impersonation including morphed images etc. complaints regarding this type of content can be either by the individual or by any other person on his/her behalf.
Two Categories of Social Media Intermediaries:
In this guideline it has been stated that the social media intermediaries will be divided into 2 categories to encourage innovations and enable growth of new social media intermediaries without subjecting the comparatively smaller platforms to strict compliance requirement, these two categories are namely, social media intermediaries and significant social media intermediaries. These categories are mainly based on the number of users surfing. As far as the exact threshold of number of users is concerned the government will have full discretion. The Rules require the category of significant social media intermediaries to follow some extra due diligence.
Self-Classification of Content:
According to this guideline the OTT platforms are supposed to self-classify the content present on their platforms into 5 age based categories i.e. U (Universal), U/A 7+, U/A 13+, U/A 16+, and A (Adult).
For the content classified as U/A 13+ or higher platforms would required to implement parental locks, and a reliable age verification system for content classified as “A(ADULT)”. The publisher of online curated content shall glaringly display the classification rating specific to the content or programme together with a content disclaimer informing the user about the nature of the content, and advising on viewer description (if applicable) at the beginning of every programme in order to help the user in making an informed decision, prior to watching the programme.
Also read: A Critical Analysis of Doping in Sports
A three-level grievance redressal mechanism has been developed under the rules with different levels of regulations.
Level-1: Self-regulation by the publishers of the content;
Level-2 : Self-regulation with help of these guidlines by the self-regulating bodies of the publishers;
Level-3 : Oversight mechanism for constant review.
The most recent development in the online privacy sphere has undoubtedly been the new It rules introduced by the Indian government and as soon as they caught the public eye it has been a matter of heated debate among common public and experts.
The new IT rules are at the heart of a big battle between the Union government and big tech corporations. Aimed at making the foreign companies comply with Indian laws which they often dodge, step down from their responsibilities and accountability to millions of users, the new rules also give the executive the power to censor any digital content with little to no judicial supervision.
There is unison among all stakeholders that a transparent and accountable mechanism is needed to prevent the widespread abuse of social media platforms to spread misinformation through so called media outlets, defame individuals for their choices, transfer sexually explicit material and violates copyrights
In the absence of a data privacy law, the Information Technology Act, 2000, did not have sufficient provisions to regulate the ever evolving functioning of social media platforms, particularly social media intermediaries such as Facebook, twitter and instagram and instant messenger services like WhatsApp, Telegram and Signal.
The misuse of private data was rampant and went unchecked because of there was an absence of a transparent grievance redressal mechanism. The Information technology Act of 2000 also provided a safe blanket to these intermediaries with a passive outlet of information without any active role in the content and discharged them from any criminal liability for the content published by them. The Union government claims the motive behind the IT rules is to create a transparent and readily available forum for redressal of grievances.
Government while explaining the rationale behind the new IT rules put forth its view and said that the propagation of social media, on one hand helps the citizens in many ways but then on the other hand it gives rise to certain serious concerns and consequences which have grown manifold in recent years. These concerns have been raised from time to time in different forums including in the Indian Parliament and its various committees, judicial orders and in civil society discussions in different parts of the country. Such concerns are also prevalent and has been raised all over the world and it is becoming an international issue off late.
Government further said that some very distressing developments have been observed on the social media platforms. Continuous spread of fake news has obliged many media platforms to create fact-check tools. Widespread abuse of social media to share morphed imagery of women and content related to revenge porn has repeatedly been threatening the dignity of women online. Abuse of social media for settling corporate contentions in blatantly unethical fashion has become a major concern for businesses working online. Cases of use of offensive language, defamatory and obscene contents and blatant lack of respect to religious sentiments through platforms are growing.
Over the years, the increasing examples of abuse of social media by criminals and anti-national elements have brought new challenges for law enforcement agencies. These include stimulus for recruitment of terrorists, circulation of explicit content, spread of disharmony, financial frauds, incitement of violence, public order etc.
Finally the IT ministry in the notification said they have found that currently there is no robust complaint redressal mechanism in place in which a normal users of social media and OTT platforms can record their complaint and get it remedied within definite timeline. A sheer lack of transparency and absence of robust grievance redressal mechanism have left the users totally dependent on the an irrational and unpredictable nature of social media platforms. Often it has been seen that a user who has spent his time, energy and money in developing a social media profile is left with no remedies in case that profile is restricted or removed by the platform without giving any opportunity to be heard.
Civil rights activists claim that this provision unreasonably authorizes the government to block any content especially the content that doesn’t suits the ideological bend of the centre by using the sovereignty, national integrity and public order clauses of law.
The biggest bone of contention has been the traceability clause added in the new it rules. According to the said clause all the established social media platforms with at least 5 million registered users will need to enable identification of the originator of the information, which is required by a court of competent jurisdiction/ competent authority if it is an offence related to the sovereignty, integrity and security of India, friendly relations with foreign countries, public order or a sexual crime. Although the state in the new rules has mentioned the specifications of when this clause can be invoked, experts in the field feel that categories such as ‘public order’ are very broad in scope and can be easily misused by the State.
“Terms like defamatory and libellous can be invoked easily to characterise content seen as unfavourable,” says Gurumurthy Manzar demands judicial oversight to decide the nature of the content and the necessity, proportionality of intervention by the government.
More importantly, experts fear this provision will be the end of encrypted messages which will eventually lead to death of user privacy.
“The publication of a transparency report along with clearly defined processes of grievance redressal will make the internet a safer place for users. But making the government the final arbiter has raised the hackles of many,” says Subimal Bhattacharya, a cyber security expert and former head of General Dynamics.
INTERMEDIARIES REACTION TO NEW IT RULES
The 3 month limit for social media platforms to comply with the IT Rules, 2021 concluded on May 25, 2021. The Government of India, on May 26, 2021, issued a letter to all the significant social media intermediaries, asking them, the status of compliance by the said intermediaries.
Instead of the compliance, WhatsApp filed a court case against the Government of India in the Delhi High Court, challenging mainly Rule 4(2) of the IT Rules, 2021 by banking on the Supreme Court’s judgment in the case of Justice K S Puttaswamy vs Union of India. A spokesperson from WhatsApp said that “Requiring messaging apps to ‘trace’ chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption and fundamentally undermines people’s right to privacy”. Very recently, WhatsApp updated their FAQ page on the website, with a very detailed post about “What exactly is traceability and why is WhatsApp opposing it.”
In response to Whatsapp’s appeal, the Ministry of Electronics and Information Technology of India, in a press statement explained that “Such Requirements are only in case when the message is required for Prevention, Investigation or Punishment of Very Serious Offences related to the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, or public order, or of incitement to an offence relating to the above or in relation with rape, sexually explicit material or child sexual abuse material.” The press statement further clarified that the Rules passes the proportionality test of the Indian Constitution and stated, “The cornerstone of this test is whether a lesser effective alternative remedy exists. As per the Intermediary Guidelines, the originator of information can only be traced in a scenario where other remedies have proven to be ineffective, making the same a last resort measure. Moreover, such information can only be sought as per a process sanctioned by the law thereby incorporating sufficient legal safeguards.”
As far as other social media giants are concerned, Facebook has stated that they “aim to comply with the provisions of the IT rules, even as they continue to discuss a few of the issues which need more engagement with the government”. Twitter also went on and filed a case but very recently Justice Rekha Palli stated that the government has all the rights to take actions if twitter fails to comply to the guidelines.
In a liberal democracy regulation has an important role to play. however, in the present situation where people are more sensitive to content online than ever, introduction of regulatory mechanism score weather scope of high intervention from the government’s side has a high chance of being tough to operate and could affect the creativity and freedom of expression of Indian youth using social media and OTT platforms.
On the flip side since there has been a draught of legislations regarding regulations on internet please guidelines are much needed. the solution to the ongoing tuition can only be deliberation with stakeholders that is government and the intermediaries.White paper should be published mentioning all the grievances of intermediaries against the new regulations for instance regulation of online video streaming platforms. After that, if the new regulations are still deemed necessary, then the demand should be to make it a law through debate in parliament instead of just relying on executive powers under section 699A of the information technology act. Making platforms share more information could prove counterproductive in a country where the citizens still do not have a data privacy law to guard themselves against excesses committed by any party.
In this context, there is a need to expedite the passing of the personal data protection bill, 2019.
 The Information Technology Act, 2000 (Act 21 of 2000).
 Internet Privacy in India — The Centre for Internet and Society, Cis-india.org (2021), available at: https://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-india (last visited Jul 9, 2021).
 (2019) 1 SCC 1
 Priya Rao, PERSONAL DATA PROTECTION LAW IN INDIA http://www.legal500.com (2021), available at: https://www.legal500.com/developments/thought-leadership/personal-data-protection-law-in-india/ (last visited Jul 7, 2021).
 Government notifies Information Technology (IntermediaryGuidelines and Digital Media Ethics Code) Rules 2021 Pib.gov.in, available at: https://pib.gov.in/PressReleasePage.aspx?PRID=1700749 (last visited Jul 18, 2021)
 Kaushik Deka, The battle for online privacy India Today (2021), available at: https://www.indiatoday.in/magazine/special-report/story/20210621-the-battle-for-online-privacy-1813369-2021-06-11 (last visited Jul 9, 2021).
 Government issues new guidelines for social media platforms, digital news sites and video streaming platforms The Financial Express, available at:https://www.financialexpress.com/brandwagon/government-issues-new-guidelines-for-social-media-platforms-digital-news-sites-and-video-streaming-platforms/2201799/ (last visited Jul 10, 2021)
 Vijay Pal Dalmia, Data Protection Laws In India – Everything You Must Know – Privacy – India Mondaq.com (2021), available at: https://www.mondaq.com/india/data-protection/655034/data-protection-laws-in-india–everything-you-must-know (last visited Jul 9, 2021).
 Intermediaries must comply with new IT Rules The Financial Express, available at: https://www.financialexpress.com/opinion/intermediaries-must-comply-with-new-it-rules/2277214/ (last visited Jul 13, 2021)
Author: PRAJJWAL CHAUHAN, UNIVERSITY SCHOOL OF LAW AND LEGAL STUDIES(USLLS) GGSIPU, DELHI
Editor: Kanishka Vaish, Senior Editor, LexLife India.