The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 (Rules) as notified on 26th February aim to specifically regulate the social media forums, intermediaries, digital news media, and OTT platforms; and are in supersession of the erstwhile Information Technology (Intermediary Guidelines) Rules 2011.
These Rules have come in at a time, where the online streaming platforms required guidance with respect to the expectations that are of them, to ensure that the content which is made available to the end users are original, tasteful, and in compliance with the applicable laws. For the longest time, the courts have come down heavy on the content streaming platforms, exclusively, in terms of the content which is being shown to the ‘unaware’, ‘insecure’ and ‘not-so-conversant’ audience. With the introduction of these Rules, the platforms (at least the content streaming platforms) are, for the first time extremely aware of the contours within which they can play out.
The power to establish the recently notified Rules has been conferred upon the government under Section 87 of the Information Technology Act, 2000, intended for the creation of legislation for the regulation of intermediaries. Further, the safe harbor protection that was afforded to the intermediaries earlier, continues to apply, subject to the compliance of the new conditions imposed by way of these Rules.
The Rules encompass a wide array of digital platforms under its jurisdiction and has chosen to divide the specific regulations in distinct Parts of the Rules. The bifurcation of the governing Rules has been done to allocate an ease of understanding with respect to the governing provisions for the unique form of digital platform, and also to further the allocation of business that is prescribed for separate ministries of the Central Government. The latter portions which concern themselves with the news and digital media platforms, and the platforms which stream content, are to be governed under the aegis of the Ministry of Information and Broadcasting (MIB), as opposed to the broader regulation of the rest by the Ministry of Electronics and Information Technology (MEITY).
Part I of the Rules primarily lays down the definitions which have been applied in the Rules, wherein Part II contains the exhaustive compliances and requirements to be complied with by the intermediaries. Part III of the Rules deals with the regulation of digital news media and OTT platforms, and is administered by MIB.
The Rules import the definition of an ‘intermediary’ from the parent, Information Technology Act, 2000, and significantly add upon their compliance requirements to avail of the safe harbor provisions, basis the reach and size of the intermediary. The Rules have brought about new definitions, and have therefore, have extended the scope of the entities which could qualify as an intermediary. Also, there is introduction of a new category of intermediaries, qualifying as ‘social media intermediary’, who have been defined as entities who are primarily or solely enabling online interaction between two or more users, which scopes in almost all online communication-based platforms. interestingly, the Rules have now divided the social media intermediaries into two categories: social media intermediary and significant social media intermediary.
The exhaustive nature of due diligence duties imposed on the intermediaries under Part II of the Rules will place onerous compliances and duties upon them, which would require significant amendments to the privacy policy and the internal machinery of the intermediaries. A non-exhaustive list of the due diligence requirements to be undertaken by the intermediaries has been listed herein:
An intermediary is now required to have the Grievance Redressal Officer be made responsible for acknowledging complaints within 24 hours from the time of a complaint and must redress them within a period of 15 days (Rule 3(2)a(i)). However, they (grievance officers for intermediaries) are not expected to furnish any reason for the decision taken regarding complaints received by them. No reason is March 2021 | Lex WITNESS | 15 necessarily required to be furnished to the complainant or the user whose content has been so removed. Needless to say, this could lead to a lot of unwarranted and overzealous, pre-emptive removal of content from the platform/s.
Per the new Rules, an entire takedown process must be complete within a timeline of 36 hours. The Rules also require the intermediary to provide information or assistance to law enforcement agencies within a prescribed timeline of 72 hours (Rule 3(2)j).
Additionally, a new takedown requirement has been added, wherein specific scenarios, such as nudity, depiction of sexual conduct or impersonation, the intermediary is required to take down such content, upon request of the concerned user, within 24 hours (Rule 3(2)b).
The intermediary is also required to retain information pertaining to a particular account/ activity for a period of 180 days, even after the user has deleted such account (Rule 3(1)h). This requirement must be reconsidered in view of the fact that this may conflict with the pending data privacy and protection laws. In absence of a data privacy regime, this may lead to issues pertaining to surveillance by the State.
Any intermediary who does not observe these Rules, will lose its immunity under the safe harbor principles, and will be subject to a level of severity of consequences, which may include potential criminal prosecution under the provisions of the IT Act and the Indian Penal Code. While these Rules are not provisioning for any specific consequences of non-compliance, the rule of law would necessarily let the parent legislation prevail over in matters of inconsistencies.
By way of the new definition, messaging-related intermediaries such as WhatsApp, Telegram, Signal, are also included, and are put at par with media related intermediaries as well.
The government has notified a threshold of fifty lakh (5 million) registered users, for a social media intermediary to qualify as a significant social media intermediary. Further, it retains the discretion to, by order, require ‘any intermediary’ to comply with obligations imposed on a “significant social media intermediary” under Rule 4. This may empower the government to enforce discriminatory compliances, across entities. This disparity will not just lead to discord amongst the entities but may also pose as an entry-barrier to any start-up which wishes to furnish similar services to larger masses.
In addition to the compliance conditions that are applicable to the intermediaries, the social media intermediaries will additionally have to appoint three officers with different responsibilities (Rule 4(1)), who must be residents of India.
Upon qualification as a significant social media intermediary, the entity must also allow their users to “voluntarily” verify their accounts, using any appropriate mechanism, including the active Indian mobile number of the user. With a requirement like this, the entities may also consume national identifiers / identity proof/s from the end users to afford them a ‘visible/ demonstrable mark of verified user’. It is noteworthy that in the absence of a data privacy regime, this may lead to the entities processing sensitive personal information, even without a valid / proportionate requirement to process such identifier.
Significant social media intermediaries are now also required to develop and deploy technology-based measures, automated tools. These include automated tools or other mechanisms to proactively identify information that depicts any act or simulation in any form depicting rape, child sexual abuse or conduct (Rule 4(4)]); there could be a proclivity on the part of the systems to removal of content erroneously. This is something which can only be tested against the time.
In furtherance, the significant social media intermediary (dealing in messaging services) would be required to ensure identification of the first originator of information as and when required by a judicial order of a court of competent jurisdiction. While the Rules themselves place restrictions and conditions to the origin of such order, the intermediaries would be required to process the user information in a manner, to effect the provisions of the Rules. This would necessitate a revision of their extant Privacy Policies, with the requirement to inform the user of such re-modelled collection and processing of data. Pertinently, India still does not have a dedicated legislation towards data privacy and protection and any collection of data as sought by the Rules could lead to possible invasion of the user’s privacy.
On a business level, the accountability and faith positioned in certain messaging intermediaries, based on their guarantees of anonymity and data privacy, may be affected by the change in policy brought about by the Intermediary Rules. This could necessitate the processing of the erstwhile collected data to determine the originator of the message from the intermediaries engaging in end-to-end encryption, thereby ensuring their compliance with the new Rules while preserving their position of ensuring user confidence and privacy.
The intent behind the notification of the Rules lies to regulate the assimilation and distribution of news content distributed online through several channels. Part III of the Rules, dedicated towards news content regulation, ropes in intermediaries, publishers and aggregators of news content alike who either operate in India, or engage with Indian users to offer them their commercial services.
It is pertinent to note that the Intermediary Rules have defined ‘news and current affairs content’ to include newly received or noteworthy information including analysis, especially about recent events primarily of socio-political, economic or cultural nature. Consequently, the definition of digital media would be inclusive of news and current affairs content wherein the context, substance, purpose, import or meaning of such media is in the nature of news and current affairs content. The ambit of the definition has been purposely widened to ensure the regulation of the maximum amount of data which could be purported as news. This classification may necessitate a revision of the corporate structure of an entity, which had been erstwhile operating under the bracket of non-news segment, if and where it is in conflict with the applicable FDI norms.
The new definition has the potential of infusing any analytical piece placed online within the regulation of the Rules, disregarding the dominant structure of an entity which may be engaged in the aggregation of news content as an ancillary activity. Consequently, entities which are engaged in different sectors like fantasy sports, fintech companies, e-pharmacy applications which provide guidance and analysis on the extant provisions in their sector may also be roped within the definition of a news aggregator, if they are indulging in sharing of information which is part of this renewed definition. Also, in the absence of any other law which specifically defines what qualifies as news content, this may become the norm that is replicated across other laws, bringing about unforeseen complications.
The regulations in Part III are also applicable upon the operation of OTT platforms and entertainment aggregators. The Rules create a threetiered grievance redressal mechanism in the manner described herein:
The cascading nature of the redressal mechanism is aimed at allowing a complainant to approach/appeal to a different body in the event they are not satisfied with the handling and resolution of their complaint by the previous entity. The self-regulatory organization would be required to register itself with the Grievance Portal to be developed by the government and can issue guidance and advisories to the bodies who are a member of the self-regulatory organization. However, the Rules fall short of delineating the enforceability, format, and manner of the advisories to be issued by the bodies. The self-regulatory organization would be inclusive of members of the applicable fields along with several experts from the fields of media and technology. Pertinently, the three-tiered grievance redressal mechanism postulated by the Rules runs parallel to the two-tiered grievance redressal mechanism agreed upon by the industry in the IAMAI Code, a self-regulatory code released by the Internet and Mobile Association of India’s Digital Entertainment Committee. The self-regulation code had been passed as the OTT platforms were reluctant to fall under any governmental legislation/ guidelines due to the absence of any parent provision which could enable the same and the fear of over-regulation by the sector. The reaction of the OTT sector to the Intermediary Rules remains to be seen, after they had agreed upon the self-regulation code with exhaustive deliberation.
It seems appropriate that the government has relied upon the IAMAI Code to formulate the schedules of the Rules. The category specific differentiation, which is an exercise already underway by major OTT players, has also been loosely borrowed from the IAMAI Code by the government.
At the governmental regulation level, an inter-departmental committee will be created to enable grievance redressal at the oversight stage. Pertinently, this inter-departmental committee will consist of representatives from several industries not limited to representatives from MEITY, MIB, Ministry of Law and Justice, Ministry of Women and Development and Ministry of Defence. The decision of the Committee may be exercised in multiple formats, including requiring an entity to apologise for its content, and recommending its removal/ blocking under Section 69A of the IT Act, to the Ministry of Information and Broadcasting.
Pertinently, the Committee is authorised to recommend the blocking of any content if it is felt that the same is necessary in view of the emergency and if the content is within the grounds referred to in Section 69A(1) of the IT Act. While the emergency nature of the request may necessitate the blocking of such content, the Rules do not provide the publisher of such content to present their case either before the blocking or after. This provision arguably falls against the principles of natural justice and may be subject to amendment in the future.
The Rules further provide guidance to the OTT publishers for the classification of their content online by providing indicators, basis which such classification may be made. The Rules are exhaustive over the factors and issues which need to be considered by the OTT publishers during the classification of their content. The aforementioned guidelines have arguably been provided in light of the questionable content being pushed out by such platforms, which have been the subject of severe litigation in courts and have also brought the OTT platforms under review for the perceived lack of regulation upon their content.
Tags: TMT Law Practice
www.grandmasters.in | 8 Years & Counting
www.rcls.in | 8 Years & Counting
www.itlegalsummit.com | 8 Years & Counting
www.bfls.in | 8 Years & Counting
www.maels.in | 8 Years & Counting
www.plcs.co.in | 8 Years & Counting
Copyright © 2020 Lex Witness - India's 1st Magazine on Legal & Corporate Affairs Rights of Admission Reserved
