By Na Vijayashankar
The New Intermediary Guidelines and Digital Media Ethics Rules is no ordinary notification. It is a surgical strike on, as the government puts it, “Information Terrorism” defined by the Greta Thunberg-Disha Ravi toolkit episode and its impact on the violent events on Republic Day at the Red Fort. At the bail stage, those accused of such “Information Terrorism” were able to convince the lower court that the evidence was insufficient to keep them in jail. The government has now dealt a hard blow in the form of this notification.
The issue requires discussion both on the specific legal issues surrounding the powers of the government under the Information Technology Act and the Constitutional right of the “Freedom of Expression” and its derivative namely the “Freedom of Press”. In view of the possibility of this issue reaching the doors of the Supreme Court shortly, it is necessary for us to look at the legal aspects involved along with certain philosophical underpinnings about the impact of the Internet on society.
In the early days of cyber law development in India and elsewhere, there was a discussion about a utopian concept of a cyber society and the physical society functioning harmoniously with a distinct border in such a manner that freedom of netizens could be protected while physical society continued to be governed by the legacy environment.
But the attraction of businesses “gaining power in the physical society through the digital society” and “opportunity to make physical money through digital activities” was so overwhelming that the identities of citizens and netizens got entangled. The opportunity and feasibility for creating such societies were demonstrated by “virtual game societies” such as secondlife.com and perhaps by the early generation of cryptocurrencies. But unfortunately, this opportunity has now been lost and we have to live with the current situation where the digital society and the physical society work similar to the entangled particles of the quantum theory. Any action on one of these will be affecting the other. Hence, we cannot disregard a tweet or a YouTube video or an OTT serial or Bitcoin and not regulate them with laws that are necessary to protect citizens in the physical society.
The latest notification contains two distinct parts. First is the revised Intermediary Guidelines under Section 79 of ITA 2000 and the second is the digital media regulations. The “due diligence” required to be followed by the intermediaries is an update of the 2018 draft. In particular, the guidelines have clarified the definition of an “Intermediary” to distinguish from ISP type of activities where information of the users is passed through a platform owner and the type of value added services where the third party content is “curated” and published. Most controversial developments in recent days refer to such services which publish “curated content” and include Twitter, Facebook, YouTube, etc.
The operational issues such as sending of notice of renewal of terms and removal of disputed content have been modified and the grievance redressal mechanism has been emphasised. The need to appoint a “chief compliance officer”, a “nodal person” for 24×7 coordination and a “resident grievance officer” in case of foreign companies has been introduced for accountability. A monthly compliance report consisting of details of complaints received and action taken thereof is also to be published. Message traceability with the identification of the originator and the self-certification option to be given to the users are the two other requirements that have been retained from the earlier version. Content removal on receipt of a court order or an order from an appropriate authority with a notice to the uploading user also continues.
It is expected that a list of “significant social media Intermediaries” will be notified separately. The ministry has the right to notify any intermediary which may even be below the threshold number of registered users to be called a “significant social media intermediary” to comply with any or all of the provisions under this rule. These organisations need to be in compliance within three months failing which they shall lose the safe harbour provision of Section 79 of Information Technology Act and shall be liable for any offence committed on their platform.
What is more interesting in the notification is the digital media regulation part which requires registration of “publisher of news and current affairs content” and “publisher of online curated content” operating in the territory of India within March 27, 2021 or within 30 days from the start of their operation. This will affect all the OTT platforms and also YouTube channels.
There shall be a code of ethics similar to the journalistic conduct of the Press Council of India and the programme code under the Cable Television Networks (Regulation) Act. The content will have to be classified as “available for all ages”, “suitable for less than 7 years/above 7/13/16 years and adult content for 18 years and above”. The classification has to be displayed and a mechanism for verification of age for adult content shall be instituted. A set of guidelines for classification is part of the notification.
The notification suggests three levels of regulatory mechanism to enable compliance with the digital media guidelines. Level I would be a self-regulatory mechanism which will include the grievance redressal mechanism, display of contact details, display of content rating and membership of a self-regulatory body envisaged at Level II.
At Level II, publishers or their associations may set up self-regulatory bodies which may be headed by retired judges of the Supreme Court or High Court or an independent, eminent person from the field of media, broadcasting, entertainment, child rights, human rights or such other relevant fields and have six other members who are experts in such fields. Such a body can register itself with the ministry within 30 days.
Over and above these two levels, an oversight mechanism at Level III is envisaged at the level of the I&B ministry which will publish a charter for self- regulating bodies, including codes and practices, issue appropriate guidance and advisories to publishers, etc. An “authorized officer” will be designated for the purpose at the level of a joint secretary. This authorised officer will also have the powers to issue emergency directions under Section 69A of ITA 2000/8 for blocking of content.
Information Technology Minister Ravi Shankar Prasad reiterated that any powers that will be exercised by the government will be within the ambit of Article 19(2). This indicates that the government is keeping itself ready with its arguments in case the notification is challenged in the Supreme Court.
At present, there is no provision for collecting any penalties if organisations do not register themselves and the penalty is only in the form of not being able to claim exemption under Section 79 for any offence, such as defamation, impersonation, etc. As soon as the 30-day period is over, the government may have to issue notices to such organisations which it has already identified and/or notified as “significant social media intermediary” to showcause why they should not be “notified as not eligible for being considered as eligible for Section 79 protection”. This will prepare the ground to take action against platforms seen as promoting “information terrorism.” The true test of the new rules will eventually be decided in the courts where the government may have to defend it.
—The writer is a cyber law and techno-legal information security consultant based in Bengaluru
The first test of the new rules took place on March 1, 2021 when Manipur’s district magistrate issued a notification to a local publication to “furnish all relevant documents showing compliance”. The notice was subsequently withdrawn. The notice was not issued properly as per the ITA 2000 or the notification itself.
Section 79 of ITA 2000 is not a section which defines any offence. It is only meant to provide a safe harbour to an intermediary when some offence has been committed. Unlike the Personal Data Protection Act, there cannot be an administrative fine or punishment for non-compliance of the notification per se. Non-compliance will only result in the safe harbour protection being not available and the intermediary becoming responsible for the offence committed.
The notice issued by the magistrate in the Manipur case did not mention any offence either under ITA 2000 or IPC and issued it as if non-compliance itself is a penal offence. It is good that it has been withdrawn almost immediately. But it is disappointing to observe that whoever caused the notice to be issued appeared ignorant of the objective of Section 79 of ITA 2000 or the notification.
Read the related article: What digital, social media intermediaries need to do now on