NEW SOCIAL MEDIA RULES TO CURB MISUSE OF SOCIAL MEDIA
Introduction
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the “Intermediary Rules”) fundamentally change the way the internet will be experienced in India. Most notably, the Rules now will bring government control rather than regulation over digital news platforms and OTT video content providers. Several requirements under them suffer from unconstitutionality and undermine the free expression and privacy for millions of internet users in India.
On Feb 25, these rules were notified in the official gazette as the “Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021”. For convenience, let’s just call them the Intermediary Rules. The Intermediary Rules have replaced the Information Technology (Intermediaries guidelines) Rules, 2011 (or the 2011 Rules). In this post, we bring a much more in-depth and legal analysis of the Intermediary Rules breaking down the top five changes in each chapter that impact your digital rights.
Due Diligence Requirements for Intermediaries
The Rules came into effect on 25 February 2021. However, the provisions pertaining to due diligence requirements for significant social media intermediaries have been given a lead time of three months from the date of notification of the threshold of a significant social media intermediary (i.e. 25 February 2021) to implement the prescribed measures. Non-compliance with the provisions of the Rules may disqualify the intermediary from seeking exemption of liability under the IT Act and the intermediary may be liable to punishment under any law for the time being in force, including the IT Act and the Indian Penal Code 1860.
- Furnishing information to the government: The Rules state that intermediaries must provide information for verification of identity or assistance to any lawfully authorised government agency for prevention, detection, investigation and prosecution of offences or for cyber security incidents, no later than 72 hours of receiving a written order.
- Preservation of records: The Rules require intermediaries to preserve, maintain, and/or store the following information for 180 days: (a) any information that has been removed or access to which has been disabled under certain provisions of the Rules; and (b) user’s information regarding registration, after cancellation or withdrawal of such registration.
- Disabling access: Intermediaries are not permitted to store, host or publish unlawful information which is prohibited under any law for the time being in force. In case such unlawful information is hosted, stored or published, the intermediary must remove or disable access to such information as early as possible, but within 36 hours of receiving a court order or being notified by a government agency.
- Removal of/ disabling access to explicit content: The Rules require expeditious action from an intermediary to remove or disable, within 24 hours of complaint, access to any material exposing the private area of any person, material with any nudity or depiction of any sexual act or conduct, or impersonation in an electronic form. In addition, intermediaries must provide a mechanism for receipt of complaints from users to enable them to provide details in relation to such explicit content.
- Grievance redressal: Under the Rules, intermediaries must prominently publish on website, mobile application or both- (a) the name and contact details of grievance officer and (b) the complaint mechanism. The grievance officer must acknowledge the complaint within 24 hours and dispose of it within 15 days and provide reasons to the complainant for any action / inaction.
- Details to be published: Intermediaries must prominently publish rules and regulations, privacy policy and user agreement on its website, mobile based application or both. The users must be informed about types of information that are ‘objectionable’ which they shall not share, display, upload, etc. In addition to the types of objectionable information prescribed under the 2011 Rules, certain new types of information have been specified under the Rules. Therefore, intermediaries will have to consider revising the existing documents in this regard. Intermediaries must inform users at least once every year about (a) rules and regulations, privacy policy or user agreement and any changes thereunder; and (b) intermediary’s right to terminate user’s access or remove the non-compliant information from its platform in case of non-compliance with the rules and regulations, privacy policy or user agreement.
Other Diligence Requirements for Significant Social Media Intermediaries
- Significance threshold: Social media intermediaries with fifty lakh (five million) registered users or more have been classified as significant social media intermediaries and are subject to additional due diligence requirements beyond those prescribed for intermediaries in general. However, the Government may require any other intermediary to also comply with the rules applicable to significant social media intermediaries if services of such intermediary impose a material risk to the sovereignty or integrity of India, security of the State, etc. While in practice this could prove to be more of an enabling provision for the Government, at this initial juncture it appears that even relatively smaller social media platforms, could be brought under the ambit of stricter compliances under the Rules.
- Officers and contact address in India: All significant social media intermediaries are required to appoint:
- Chief Compliance Officer;
- Nodal Contact Person; and
- Resident Grievance Officer,
each of whom are to be employees residing in India. The Rules also necessitate significant social media intermediaries to have a physical contact address in India published on its website or mobile application or both. These mandatory requirements for all significant social media intermediaries, not only has significant implications in terms of setting up infrastructure and deployment of resources and employees in India but may also have significant commercial and tax implications for such intermediaries. However, absence of a mandatory incorporation requirement does leave flexibility for foreign intermediaries who do not have an incorporated entity in India.
- Active monitoring: In a departure from the 2011 Rules, significant social media intermediaries shall endeavour to deploy technology-based measures, including automated tools to identify information that depicts rape, child sexual abuse or conduct, or information that has previously been removed. The Rules also require maintenance of appropriate human oversight, and periodic review of such automated tools. The measures deployed are required to take into consideration the interests of free speech and expression, and privacy of users, including interests protected through the appropriate use of technical measures.
- Compliance report: Significant social media intermediaries must publish a monthly report containing details of-
- the complaints received;
- action taken; and
- number of links/ information removed or to which access is disabled,
pursuant to any proactive monitoring by using automated tools or any other relevant information as may be specified.
- Identification of first originator of information: Significant social media intermediaries which provide messaging services will be required to enable identification of the first originator of information if required by a court order or an order passed under Section 69 of the IT Act. In case the originator is outside the Indian territory, the first originator in India will have to be identified. The Rules mention that the contents of the message are not required, but the identity of the originator is required to be disclosed.
- Voluntary verification: The Rules impose an obligation on significant social media intermediaries to enable users who register for their services from India, or use their services in India, to verify their accounts by using any appropriate mechanism, including the active Indian mobile number of such users, to verify their accounts and to provide a visible mark of verification. However, it is specified that the verification cannot be used for any other purpose unless consented by the user.
- Grievance redressal: The grievance redressal mechanism of a significant social media intermediary is required to enable tracking of the grievance/complaint through a ticket number associated with such complaint. The intermediary is required to provide reasons for any action/inaction. The proposed mandatory grievance redressal mechanism may entail considerable overhaul of the existing grievance redressal mechanism.
- Removal of/disabling access to information: In case any objectionable information is removed by an intermediary on its own accord, following steps need to be taken –
- ensure that prior to the removal/ disabling access, the user who created, shared, uploaded such content is notified of such removal/ disabled access along with reasons;
- provide adequate and reasonable opportunity to the user to dispute the action and request for reinstatement of such access; and
- resident grievance officer to maintain appropriate oversight over the dispute resolution mechanism.
RULES FOR OTT Platform & Digital Media
- The government has called for a grievance redressal system for OTT platforms and digital news media portals as well. The government is also asking OTT platforms and digital news media to self-regulate and wants a mechanism for addressing any grievances.
- While films have a censor board, OTT platforms will be required to self-classify their movies and content based on age. The content will have to be classified based on age appropriateness. The government wants the OTT players to classify films based on 13+, 16+ and those for adults and clarified it is not bringing any kind of censorship to these platforms.
- There has to be a mechanism of parental lock and ensuring compliance with the same. Platforms like Netflix already have an option for a parental lock.
- For publishers of news on digital media, they will be “required to observe Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television Networks Regulation Act thereby providing a level playing field between the offline (Print, TV) and digital media,” according to the government.
- It also wants a three-level grievance redressal mechanism. This will include self-regulation by the publishers; self-regulation by the self-regulating bodies of the publishers and oversight mechanism.
- The government wants digital media to appoint a Grievance Redressal Officer based in India who shall be responsible for the redressal of grievances received by it. The officer shall take decision on every grievance received by it within 15 days.
- There may be one or more self-regulatory bodies of publishers. According to the rules, this body “shall be headed by a retired judge of the Supreme Court, a High Court or independent eminent person and have not more than six members.”
- The body will have to register with the Ministry of Information and Broadcasting. This body will oversee the adherence by the publisher to the Code of Ethics and address grievances that have not been resolved by the publisher within 15 days.
- Further, the Ministry of Information and Broadcasting shall formulate an oversight mechanism. It shall publish a charter for self-regulating bodies, including Codes of Practices and establish an Inter-Departmental Committee for hearing grievances.
Current Scenario
As per May 26, Indian microblogging platform Koo on Saturday said it has met the compliance requirements of the new guidelines for digital platforms.
- A Facebook spokesperson noted that the company is working to implement operational processes and aims to comply with the provisions of the IT rules.
- A Google spokesperson said the company has consistently invested in significant product changes, resources and personnel to ensure that it is combating illegal content in an effective and fair way, and to comply with local laws in the jurisdictions it operates in.
However, As per May, 26 both the companies have not yet accepted the rules laid by the central government.
On May, 26 WhatsApp moved the Delhi high court against the new rules announced in February for digital media companies, saying the requirement for them to adopt features such as traceability for identifying originators of messages violated the right to privacy under the Indian law and the company’s end-to-end encryption policy. It said the company does not believe traceability can be imposed in a way that cannot be spoofed or modified, leading to new ways for people to be framed for things they did not say or do.
Conclusion
The massive growth of digital platforms and social media in India has largely been fuelled by a moderate regulatory framework under the IT Act and 2011 Rules, with the online curated content space being largely unregulated. However, given the growing concerns around the information and content available over social media and content platforms across both, domestic, and foreign owned platforms accessible in India, detailed regulations for digital media from the Government were imminent.
With the digital space and technology constantly evolving world over, the regulatory framework for digital media will also develop further. Keeping this in perspective, it is imperative that stakeholders, policy makers, and Governmental bodies continue to engage in consultations and dialogue, to eventually achieve a regulatory landscape that is effective yet balanced for everyone.
Author: Vinay Sachdev
Editor: Adv. Aditya Bhatt & Adv. Chandni Joshi