In the latest thrust to moderate digital content in India, new guidelines have been notified under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Social media networks, messaging services, OTT platforms, and online news portals have been brought within the ambit of this regulatory framework. The rules also require foreign tech companies operating in India to comply with its provisions. As has been widely publicised by the Union Government, accountability and due diligence will be the two key norms that guide the implementation of these rules.
The timing of this notification has been hardly surprising. Only a short time ago, the Indian government had brought online news and audio-visual content within the purview of the Ministry of Information and Broadcasting, triggering speculations about impending changes in the existing regulatory structure. Furthermore, in the light of incidents like the Capitol Hill riot in Washington and the farmers’ protests in New Delhi, the unfettered status of virtual platforms had been dominating global headlines over the past few months.
While guided by legitimate objectives such as combating hate speech, child abuse, misinformation, cyberbullying or violent propaganda on the internet, any push for government supervision is likely to rekindle the spectre of an Orwellian state. It would be important, therefore, to evaluate these regulations on the touchstone of fundamental rights like privacy and freedom of speech.
The newly drafted IT framework distinguishes between different types of content services, including intermediaries, publishers of news content, and curated content platforms. While Part II of the rules deals with the regulation of digital intermediaries, including social media networks, Part III elaborates on the rules governing online news media and OTT platforms. Accordingly, these two sections have been placed under the administrative authority of the Ministry of Electronics and Information Technology (Meity) and the Ministry of Information and Broadcasting (MIB), respectively.
As far as social media intermediaries are concerned, the rules make a distinction between ‘ordinary’ and ‘significant’ intermediaries. If the platform has a minimum of 50 lakh registered users, then it is classified as a ‘significant social media intermediary’, subject to maximum due-diligence compliances.
By explicitly recognising the diversity of entities operating in the digital space and stipulating different thresholds for regulatory compliance, the rules have adequately captured the reality of non-monolithic enterprises on the world wide web, which differ in terms of size, audiences, and impact. However, the overall upsurge in compliance costs may render it difficult for smaller companies to compete with tech behemoths like Facebook, effectively creating an entry barrier.
More broadly, the inclusion of online news portals within the ambit of the IT rules is legally murky. The IT Act, which is the parent legislation for these newly enacted rules, is primarily a framework that fixes the liabilities of digital intermediaries. In order to expand its scope to cover digital news agencies, legislative intervention is required. In other words, the Indian Parliament will have to approve these changes, something that has not been done in the instant case.
According to the latest rules, significant intermediaries are required to establish a physical contact address in India, which is published on their websites or mobile applications. They also need to appoint chiefcompliance officers, nodal contact persons, as well as resident grievance officers, all of whom must be Indian residents.
For many foreign companies, this would amount to a significant business presence in the country, potentially leading to tax obligations. In this context, they are unlikely to welcome a change in the status quo, as they have traditionally contested tax liabilities on the grounds that they have no presence in India. However, experts in the field envision that the absence of registration and mandatory licensing frameworks for digital media businesses will continue to incentivise foreign players in setting up domestic operations.
For messaging services, in particular, the rules mandate the identification of the first ‘originator’ of information if there is an order by the court or the government to that effect. In the event that the content has been generated on foreign soil, the person who has initially forwarded it in India will be deemed the first originator.
This proviso is particularly concerning for platforms like WhatsApp, Telegram or Signal, as it requires the retention of user texts, including metadata, which is usually deleted as soon as the message is delivered. This, in turn, can compromise the integrity of end-to-end encryption in such applications, thereby altering the conventional ways in which these platforms have dealt with texts. Coupled with the fact that India has recently joined the Five Eyes alliance in seeking backdoor access to encrypted data for law enforcement agencies, critics are extremely wary of this proposition.
All online platforms covered by the new IT Rules, including intermediaries, OTT services, and digital news portals, will be subject to a three-tier grievance redressal system. While the first level consists of a grievance redressal officer that every publisher has to appoint in India, the second level calls for the institution of a self-regulatory body, chaired by a retired judge of the Supreme Court/High Court, or a person of eminence in the relevant field.
In cases where online content is detrimental to the sovereignty and integrity of India, public order, or friendly relations with foreign countries, the self-regulatory body can refer the matter to an Inter-Departmental Committee, consisting of representatives from the Ministries of Information and Broadcasting, Home Affairs, Information Technology, and External Affairs.
Under this oversight mechanism, a blocking order can be issued to the concerned publisher or platform in furtherance of Section 69 of the IT Act. While such a ‘takedown’ provision has always applied to intermediaries under the previous statutory regime, this is the first time that it has been extended to digital news publications and websites of traditional media houses.
This grievance redressal structure has been critiqued for not factoring in meaningful engagement by affected consumers. In the event of a complaint, it is unclear how the asymmetries of information between consumers and online platforms will be balanced at a time when, even established media houses are struggling to match the bargaining power of tech giants. The recent tussle between Facebook and news publishers in Australia is a case in point.
Furthermore, although the first two tiers are emblematic of a self-regulatory body, the entire system has been predicated on the Inter-Departmental Committee at the third tier, which is purely an executive structure. It has the power to bypass judicial oversight and direct platforms to take down content. Phrases like sovereignty and public order may be easily misinterpreted to further vested interests and stifle political dissent. This certainly does not bode well for constitutional rights like freedom of speech and expression.
- In a world dominated by the knowledge economy, any framework that restricts access to information should be representative of diverse voices beyond that of the government. More participatory consultations will have to be conducted with relevant stakeholders before the IT Rules are effectively implemented.
- Since provisions that mandate the identification of ‘originators’ can implicate fundamental rights such as privacy, the Indian government will have to notify its data protection law, which has been long overdue.
- More broadly, it will have to align its regulatory structure with global best practices, as internet companies have porous territorial boundaries. In doing so, a balance must be struck between regulation and innovation.