The Ministry of Electronics and Information Technology (“MeitY”), on 25 February 2021, notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines, 2021”) which supersede the Information Technology (Intermediary Guidelines) Rules, 2011 (“Intermediary Guidelines, 2011”) and bring under their scope numerous online entities by introducing broad new terms and definitions.

Intermediary Guidelines

The Intermediary Guidelines, 2021 divides intermediaries based on their functions or the services they offer and then lays down their duties and obligations.

These Rules seek to address all these issues and to regulate the following categories of intermediaries and digital media entities: 

  1. Intermediaries and social media intermediaries 
  2. Publishers of news and current affairs content, including news aggregators, news agencies, and individual news reporters to the extent they are transmitting content in the course of a commercial activity 
  3. Publishers of online curated content, including individual creators transmitting content in the course of a systematic business, professional or commercial activity.

While this may seem like a step forward, it can also be perceived as a practice of regulating a critical sphere, not just of our lives but also the nation’s economy, only by the powers of the executive. Consequently, the legislatures’ contribution is reduced to almost negligible, which may prove harmful.

Definitions

  • News Aggregator (Rule 2(o))
    An entity who, performing a significant role in determining the news and current affairs content being made available, makes available to users a computer resource that enables such users to access the news and current affairs content which is aggregated, curated and presented by such entity.
  • Publisher of news and current affairs content (Rule 2(t))
    An online paper, news portal, news aggregator, news agency and such other entity called by whatever name, which is functionally similar to publishers of news and current affairs content but shall not include newspapers, replica e-papers of the newspaper and any individual or user who is not transmitting content in the course of systematic business, professional or commercial activity.
  • Publisher of online curated content (Rule 2(u))
    A publisher who, performing a significant role in determining the online curated content being made available, makes available to users a computer resource that enables such users to access online curated content over the internet or computer networks, and such other entity called by whatever name, which is functionally similar to publishers of online curated content but does not include any individual or user who is not transmitting online curated content in the course of systematic business, professional or commercial activity.
  • Significant social media intermediary (Rule 2(v))
    A social media intermediary having a number of registered users in India above such threshold as notified by the Central Government. This threshold has been set at fifty (50) lakh users.  
  • Social media intermediary (Rule 2(w))
    An intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services.

The rules have been further divided into two parts; Due diligence obligations applicable to intermediaries, and Code of ethics and related safeguards and procedures applicable to entities in the digital media space.

Other important definitions include communication link, news and current affairs content and online curated content which together fulfil the government’s purpose of regulating numerous kinds of information available on the internet. It must be noted here that; Rule 3 of the Intermediary Guidelines require an intermediary to observe due diligence while discharging its duties. If this mandate of due diligence is not complied with, such an intermediary shall not qualify for ‘safe harbour’ protection, as granted under Section 79 of the Information Technology Act, 2000 (“IT Act”). The due diligence obligations include publishing, in a prominent manner, the rules and regulations, privacy policy and user agreement for access or usage by any person (these shall, thereafter, be collectively referred to as “Access Policy”). These must also inform the user to not host, display, upload, modify, publish, transmit, store, update or share any prohibited information. There are ten categories of such prohibited information ranging from unauthorized information as a consequence of it belonging to another person to information which threatens the unity, integrity, defense, security or sovereignty of India.

As part of its due diligence obligations, an intermediary must also do the following:

  1. Periodically inform its users that their non-compliance with the Access Policy allows the intermediary a  right to terminate such users’ right to access or usage of the intermediary’s website or mobile application (hereinafter collectively referred to as “Platform”).
  2. Not host, store or publish any unlawful information, or if so done, the intermediary shall remove or disable access to such information at the earliest but not later than thirty-six (36) hours of having received actual knowledge of the unlawfulness of the impugned information. A similar obligation was placed upon an intermediary under the Intermediary Guidelines, 2011; however, an intermediary was also required in case it obtained knowledge of such information by itself and not necessarily by actual knowledge. An intermediary was also required to work with the user or owner of such information to disable it. The Intermediary Guidelines, 2021, on the other hand, limit the obligation to receiving actual knowledge in the form of an order by a competent court or on being notified by the government or its agency.

While, prima facie, this step shall ensure that only information that has been verified to be unlawful shall be subject to not being hosted, stored or published, or removed or disabled accessed to, it does not keep any person from having such information on display on an intermediary’s platform till the time a court or an appropriate government acts upon it.

An exception is made to this rule, wherein, an intermediary, within twenty-four (24) hours from the receipt of a complaint made by an individual (or on behalf of such individual), with regard to any content which, prima facie, depicts nudity, sexual conduct or impersonation of such individual, must take such content down.

  1. Any information, which has been removed or to which access is disabled, shall be preserved, without vitiating evidence, up to one hundred and eighty (180) days or more, as may be required by a court or (lawfully authorised) government agency.
  2. Any information collected from a user upon his/her registration shall be retained for one hundred and eighty (180) days after cancellation and/or withdrawal of his/her registration.
  3. Reasonable security measures must be implemented to protect the Platform, its users and the information contained therein, compliant with the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011
  4. Co-operate with any government agency lawfully authorised to perform investigative, protective or cyber security activities and provide any related information under the control or possession of the intermediary within seventy-two (72) hours of receipt of an order to do so.
  5. The intermediary must not, knowingly deploy, install or modify its Platform’s technical configuration or become a party to an act which may result in such consequence. It is also required to report cyber security incidents and share related information with the Indian Computer Emergency Response Team.

Furthermore, Significant Social Media Intermediaries are required to observe additional due diligence which includes:

  1. Appointment of a Chief Compliance Officer.
  2. Appointment of a nodal contact person (other than the Chief Compliance Officer) for full time coordination with law enforcement agencies and officers.
  3. Appointment of a Resident Grievance Officer.
  4. Publishing of monthly compliance reports containing details of complaints received and actions taken.

If a Significant Social Media Intermediary provides services primarily in the nature of messaging, it must enable the identification of the first originator of the information available on such platform, as may be required by a judicial order passed by a competent court or an order passed under Section 69 of the IT Act and applicable rules, by a competent authority.

To curb the abuse of this Rule, it has been provided that such orders shall only be passed for prevention, detection, investigation, prosecution or punishment of an offence and only if other means, not as intrusive, cannot be employed. It is further provided that the contents of any electronic message or other such information relating to the first originator needn’t be disclosed. Thus, an attempt has been made to balance public or national interests and the protection of individual privacy.

  1. Significant Social Media Intermediaries are also required to endeavour to adopt technology-based measures to proactively identify information depicting the act or simulation of rape, child sexual abuse or other such conduct, or any information which was previously removed or the access to which was disabled, and to display notice to users attempting to access such information.
  2. Here, it has been provided that interests of free speech and expression, user privacy and so on, must be duly regarded and measures must be proportionate. Appropriate human oversight of such measures, including periodic reviews evaluating their accuracy and fairness, must also be deployed to ensure their proper functioning.
  3. Significant Social Media Intermediaries are also required to have a physical contact address in India which must be published on their Platform.
  4. A grievance redressal mechanism must be implemented which must enable aggrieved users to track the status of their complaint via a unique ticket number. Moreover, the complainants must be provided with reasons for why the Significant Social Media Intermediary acted or did not act upon their complaint to a reasonable extent.
  5. Enable users to voluntarily verify themselves and provide a demonstrable and visible mark of verification to such users. The information provided by any user, in furtherance of this, shall not be used for any other purpose, unless expressly consented to.
  6. Before removal or disabling access to information, which is unlawful, on its own accord, a Significant Social Media Intermediary must notify the user who has created or uploaded such information and provide an adequate and reasonable opportunity to such users to dispute the action.

In addition to the above, an intermediary in relation to news and current affairs content shall publish on its Platform, at an appropriate place, a clear and concise statement informing publishers therein, to furnish details of their user accounts on the services of such intermediary to MeitY. Such publishers must be provided a demonstrable and visible mark of verification.

Grievance Redressal Mechanism

An intermediary is required to prominently publish the name and contact details of the Grievance Officer along with the redressal mechanism, including for receipt of complaints, on the Platform. The Grievance Officer shall

  1. Acknowledge the complaint within twenty-four (24) hours and dispose it of within a period of fifteen days from the date of its receipt,
  2. Receive and acknowledge any order, notice or direction issued by the Appropriate Government, any competent authority or a court of competent jurisdiction.

An intermediary must, within 24 hours of receipt of a complaint made individual (or on behalf of such individual), with regard to any content which, prima facie, depicts nudity, sexual conduct or impersonation of such individual, must take all reasonable and practical measures to remove or disable access to such content.

Code of Ethics

A three-tier code of ethics (“Code”) has been implemented which is largely self-regulatory in nature. This includes self-regulation by publishers of not only online curated content but also of news and current affairs content, operating in India and conducting the systematic business activity of making their content available here.

Level I provides for a self-regulation by the publishers.

  • Publishers are required to establish a grievance redressal mechanism and appoint a Grievance Officer. Moreover, publishers of online curated content are required to classify such content based on appropriateness and suitability for persons of various age groups while having regard for context, theme, tone and impact and target audience. Other concerns such as the display or use of discrimination, psychotropic substances, liquor, smoking and tobacco, imitable behaviour, offensive language, nudity, sex and violence must also be duly accounted.

Such classification or rating must be displayed prominently and viewer discretion, if required, must be advised. Display ratings of the Online Curated Content such as 'U', or 'U/A 7+,' or 'U/A 13+', or 'U/A 16+', or 'A' prominently to its users in a manner that will ensure that the users are aware of the ratings before accessing such content.

  • Publishers must also make reasonable efforts to improve accessibility of online curated content to persons with disabilities by implementing appropriate access services.

Additionally, a publisher shall not transmit or publish any content which is prohibited by law or by a competent court and must also take into consideration national interests and India’s diversity while exercising due caution and discretion in featuring activities, beliefs, practices or views of any racial or religious group.

Level II provides for the establishment of one or more independent and self-regulating bodies of publishers or their associations.

Such a body shall be headed by a retired judge of the Supreme Court or High Court, or an independent eminent person from the field of media, broadcasting, entertainment, child rights, human rights or such other relevant field and up to six other members who are experts in one or more of the aforementioned fields. The body must register itself with MeitY within thirty days of the date of notification of these rules or, if constituted after this period, within 30 days of its constitution.

The regulatory body shall:

  1. Oversee and ensure adherence, by all publishers, to the Code
  2. Provide guidance to publishers on the Code
  3. Address grievances which remain unresolved by publishers even after the fifteen (15) day period
  4. Hear appeals against decisions of publishers

The body can also issue guidance or advisories to publishers while disposing a grievance or an appeal. It can also refer a matter to MeitY if it believes it necessary. If the body concludes there is no violation of the Code, such a decision must be conveyed both to the complainant and the publisher. Finally, in cases of non-compliance of a guideline or advisory, issued by the body, by a publisher, the matter may be referred to the Oversight Mechanism within 15 days of the period in which such compliance was required by such publisher.

Level III provides for an oversight mechanism which shall fall under the purview of MeitY, who shall, in turn, coordinate and facilitate adherence, by publishers, to the Code. 

MeitY is required to do the following, as part of the oversight mechanism:

  1. Publish a charter for self-regulating bodies, including Codes of Practices,
  2. Establish an Inter-Departmental Committee for hearing grievances or appeals to decisions made by the self-regulating body or complaints or references made regarding violation of the Code.
  3. Issue guidance and advisories to publishers
  4. Issue orders and directions to publishers for maintenance and adherence to the Code.

Analysis of Intermediary Guidelines 2021

The Intermediary Guidelines, 2021 seem to be a necessary step allowing the law to catch up with the constantly evolving and disruptive technology. With these Rules encouraging self-censorship, it is evident that the Executive recognizes how important it is to allow intermediaries freedom in their operation. However, it also uploads the need to protect individuals using such intermediary platforms and urges intermediaries to work in a conscious and ethical manner. The increase in compliance requirements is likely to result in higher volumes of complaints and access requests by government agencies, making it difficult to address the complaints in a short time frame as provided under the rules that is to say it may not be practical to take down content within these timelines. Provisions such as permitting the tracing of originator of the information drastically undermines the privacy of individuals. The local presence requirement as seeked under the new guidelines may also lead to increased operational costs.

Despite the well-intended attempt to regulate the digital space, it is important that the government and bodies responsible for enforcing the Intermediary Guidelines, 2021 strike a balance between upholding the protections which individuals are entitled under the Indian Constitution or under any other law and to allow intermediaries to operate in India with limited restrictions, thereby, curbing any abuse while also helping the country’s digital economy to flourish. 

The rules issued by MeitY, and the IT Act also aim at regulating digital media entities (that are currently being governed by the Ministry of Information and Broadcasting). 

Treelife Ventures Services Private Limited.
All Rights Reserved. © 2020.