The Government of India has notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the “Rules”) on February 25, 2021 under the Information Technology Act, 2000 (“IT Act”) applicable to internet intermediaries, social media intermediaries, publishers of news and current affairs content and online curated content (defined to mean curated catalogue of audio-visual content owned by, licensed to or contracted to be transmitted by a publisher and made available on demand).
These Rules have been issued in supersession of the existing rules on intermediaries, the Information Technology (Intermediaries Guidelines) Rules, 2011 (“2011 Rules”) which regulated internet intermediaries (defined to include entities which receives, stores or transmits electronic records or provides any service with respect to such records) and have far-ranging consequences on all internet intermediaries and publishers.
The 2011 Rules provided for a ‘safe harbour’ for intermediaries from liability for third-party content, to the extent that they meet certain ‘due diligence’ requirements. The Rules follow the same approach, however, introduce additional due diligence requirements (such as requiring users to not upload any content which is patently false or misleading) and stricter timelines for responding on directions soliciting information, assistance or blocking issued by authorized law enforcement agencies have been introduced.
The Rules specify significant compliance requirements for social media intermediaries (which primarily enables online interaction between one or more users and allows dissemination of content) and significant social media intermediaries (social media intermediaries which cross a registered user threshold of 5 (five) million users), such as to deploy technology-based automated tools for proactive identification of information which is identical to previously blocked content and explicit content and to enable tracing of originator of information on its computer resource. Additional requirements relate to publication of monthly compliance reports, implementation of a grievance redressal mechanism, enabling voluntary verification of users, flagging of sponsored content and appointment of grievance officer, compliance officer and a nodal officer resident in India, for coordination with law enforcement authorities.
The requirements relating to use of automated tools for proactive identification of information and unlawful content require such entities to take proportionate measures having regard to interests of free speech and expression and privacy of the users. Absent further guidance on the balancing measures, it is to be seen as to how social media intermediaries would operate under the new framework.
Publishers of News and Online Curated Content
The Rules introduce a de-novo regime for publishers of news (“News Publishers”) and online curated content (“Content Publishers”) subsequent to an amendment to the Government Business rules which allocated regulation of online content providers and news on online platforms to the Ministry of Information & Broadcasting (“MIB”).
Both News Publishers and Content Publishers (collectively “Publishers”) are required to make certain disclosures to the MIB, publish details of grievances, periodic compliance reports and include a visible verification mark on registration, apart from complying with takedown orders issued by the Secretary, MIB. While News Publishers are required to comply with a Code of Ethics including norms of journalistic conduct, Content Publishers have broader responsibilities such as:
- Widely worded requirements to not publish any content which affects sovereignty or integrity of India, threatens, endangers or jeopardizes State security, friendly relations with foreign countries or which is likely to incite violence or disturb maintenance of public order;
- Classification of content into 5 (five) categories i.e. Universal, PG7, PG13, PG16 and Adult content, on the basis of themes and messages, violence, nudity, sex, language, substance abuse and horror, with regard to the context, theme, tone and impact and intended audience of the online material;
Grievance Redressal Mechanisms
The Rules propose a three-tier mechanism for grievance redressal, involving a first level review by Publishers as part of an internal grievance redressal mechanism, a second level by a self-regulatory industry body registered with the MIB in an appellate dispensation role and a final oversight by an inter-departmental committee, which is empowered to recommend issuance of orders for blocking, modifying or removing content under Section 69-A of the IT Act which is required to be complied with.
Orders issued under Section 69-A are subject to decision of a review committee under the Telegraph Rules, 1951, however, such review is not prior to enforcement of directions.
Changing dynamics with emerging Data Protection Law
The Personal Data Protection Bill, 2019 (the “PDP Bill”) is currently being finalized by a joint parliamentary committee, it is scheduled to be presented in the ongoing session and passed later this year. It proposes significant changes in the manner of data processing by entities in all sectors and introduces a consent-centered regime for processing personal data.
The PDP Bill proposes enhanced requirements for social media intermediaries and other types of Data Fiduciaries which meet certain thresholds (Significant Data Fiduciaries). It exempts requirement to obtain consent and other requirements if processing is relevant to a journalistic purpose, provided such entity remains in compliance with the code of ethics issued by the Press Council of India or any media self-regulatory organization. Use of technology and data processing methods by media companies in India are bound to undergo tremendous changes with the emergence of the Rules and proposed PDP Bill.
While the effect of the Rules on internet intermediaries is minimal due to inclusion of a few additional requirements, it remains a shattering change for the previously unregulated News and Content Publishers, who are now governed under a substantive compliance and self-regulatory framework, operating under a fragile ‘safe-harbour’ liability model. It would be interesting to see the actions that may be taken by these entities to remain complaint and resultant affect on rumour-mongering, free speech and content censorship in India, and the manner in which the Government and Publishers strike the balance with free speech and privacy of users.
Sameer Avasarala is a technology lawyer from Bengaluru, while Shreya Mukherjee is a 4th Year, B.A. LL.B. (Hons) at Symbiosis Law School, Pune. The opinions expressed by the authors are purely personal, do not constitute legal advice and does not reflect the views, opinions or advise of any organizations that the Authors are associated with. Sameer can be contacted at firstname.lastname@example.org, while Shreya can be contacted at email@example.com.