In the midst of its face-off with the Indian government, social media messaging giant WhatsApp has moved the Delhi High Court seeking an order to declare the Rule 4(2) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”) as being violative of the following rights guaranteed by the Constitution:
- Articles 14 (right to equality)
- Article 19(1)(a) (freedom of speech and expression)
- Article 19(1)(g) (freedom to practise any profession, or to carry on any occupation, trade or business)
- Article 21 (right to life and liberty which also includes right to privacy)
WhatsApp, which has over 2.5 billion users worldwide, has argued that criminal liability may not be imposed for non-compliance with Rule 4(2) and any attempt to impose criminal liability for non-compliance is unconstitutional, ultra vires the IT Act, and illegal. Rule 4(2) requires intermediaries like WhatsApp to enable “the identification of the first originator of the Information”, which means this rule forces WhatsApp to disclose the identity of the person who was the first source of the message upon the government or courts order. Hence, WhatsApp will have to keep a track of every message sent on its platform for that purpose.
WhatsApp has contended that this rule infringes upon the fundamental rights to privacy and free speech of the hundreds of millions of citizens using WhatsApp to communicate privately and securely. WhatsApp states that this rule is against their policy of end-to-end encryption which ensures that every communication sent on WhatsApp, both messages and calls, can only be decrypted by the recipient. No one else, not even personnel at WhatsApp, can read or listen to encrypted communications or determine their contents.
WhatsApp has cited some examples in this regard that end-to-end encryption enables government officials, law enforcement agencies, journalists, members of ethnic or religious groups, scholars, teachers, students and the like to exercise their right to freedom of speech and expression without fear of retaliation. WhatsApp also allows doctors and patients to discuss confidential health information with total privacy, enables clients to confide in their lawyers with the assurance that their communication is protected, and allows financial and government institutions to trust that they can communicate securely without anyone listening to their conversations. However, the requirement that intermediaries, like the petitioner, enable the identification of the first originator of information in India on their platforms puts end-to-end encryption and its benefits at risk.
WhatsApp has taken various grounds in its plea under the following heads:
- Rule 4(2) should be struck down as unconstitutional and ultra vires the IT Act. Rule 4(2) should be struck down on the grounds that it
- violates the fundamental right to privacy guaranteed under Article 21 of the Constitution;
- (ii) it violates the fundamental right to freedom of speech and expression guaranteed under Article 19 of the Constitution;
- (iii) it is ultra vires the parent statutory provisions, Sections 69A and 79 of the IT Act, as well as the 32 intent of the IT Act itself;
- (iv) it is “manifestly arbitrary” in violation of Article 14 of the Constitution; and
- (iv) it violates the principle of data minimisation
- Rule 4(2) violates the fundamental right to privacy. In the landmark decision of K.S. Puttaswamy vs Union of India, (2017) 10 SCC 1 (“Puttaswamy I”), the Supreme Court held that the right to privacy is a fundamental right guaranteed under Article 21 of the Constitution. In reaching its decision, the Court identified nine types of privacy, including:
(a) “communicational privacy, which is reflected in enabling an individual to restrict access to communications or control the use of information which is communicated to third parties”;
(b) “informational privacy, which reflects an interest in preventing information about the self from being disseminated and controlling the extent of access to information”; and
(c) “associational privacy which is reflected in the ability of the individual to choose who she wishes to interact with”.
- More recently, the Supreme Court affirmed that the right to privacy includes the right to anonymity. (See 33 Central Public Information Officer, Supreme Court vs Subhash Chandra Agrawal—“Privacy and confidentiality encompass a bundle of rights, including the right to protect identity and anonymity.”)
- Impugned Rule 4(2) does not satisfy the valid law requirement. There is no law enacted by Parliament that expressly requires an intermediary to enable the identification of the first originator of information in India on its end-to-end encrypted platform or otherwise authorises the imposition of such a requirement through rule-making.
On May 26, Union Law Minister Ravi Shankar Prasad released a statement saying: “The Government of India recognizes that ‘Right to Privacy’ is a Fundamental right and is committed to ensure the same to its citizens.” He added in his statement, released by the PIB: “The Government of India is committed to ensure the Right of Privacy to all its citizens but at the same time it is also the responsibility of the government to maintain law and order and ensure national security. None of the measures proposed by India will impact the normal functioning of WhatsApp in any manner whatsoever and for the common users, there will be no impact.”
WhatsApp is not the only platform affected. The new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, will cover all significant social media platforms with more than 50 lakh users and digital media platforms, including news sites and streaming platforms. Twitter’s Indian rival, Koo, which has 60 lakh users, is the only platform that has complied with the Rules so far. Facebook (41 crore subscribers) and Google have said that they will comply with the new rules. At least five industry bodies, including the Confederation of Indian Industries (CII), the Federation of Indian Chambers of Commerce & Industry (FICCI) and the US-India Strategic Partnership Forum (USISPF) have sought an extension of between 6 and 12 months.
The key points of the new IT Act include:
- The new IT rules require social media companies to remove any flagged content within 36 hours.
- The rules also require social media platforms to act on any concerns related to the dignity of users, including showing nudity, pornographic material, impersonation, etc, within 24 hours after a complaint is made.
- Under its grievances redressal system, social media companies would need to appoint three officers, based out of India, who would handle grievances: (i) Chief Compliance Officer, responsible for ensuring compliance with the Act, (ii) Nodal Contact Officer for 24×7 coordination with law enforcement agencies and officers to ensure compliance to orders and (iii) Resident Grievance Officer, who would be responsible for these functions.
- To ensure adherence to the Code of Ethics, publishers also need to set up a three-tier structure that includes:
- Self-regulation by publishers
- Self-regulation by setting up one or more self-regulatory bodies of publishers. Such a body will be headed by a retired judge of the Supreme Court or High Court or an independent eminent person from media, broadcasting, entertainment, child rights, human rights or other relevant fields.
- Oversight mechanism for self-regulation by the central government. Such a mechanism will have representatives from the Ministry of Information and Broadcasting, Ministry of Women and Child Development, Ministry of Law and Justice, Ministry of Home Affairs, Ministry of Electronics and Information Technology, Ministry of External Affairs, Ministry of Defence, and other such ministries and organisations.
- OTTs will have to self-govern and classify content based on age appropriateness. Films would need to be classified under five age-based categories—U (Universal), U/A 7+, U/A 13+, U/A 16+, and A (Adult).
- OTTs would need to prominently display age classification of a specific programme along with content describing viewers of the nature of the content. OTTs would also be required to set up parental locks for content classified as U/A 13+ and above.
- OTTs need to take into account India’s multi-ethnic and multi-religious background and “exercise due caution and discretion” while featuring religious or racial practices, or views.
- Social media platforms, OTT platforms and digital media companies will have to file monthly compliance reports, providing details of grievances received and action taken.
All these could lead to innocent people being targeted, caught up in investigations or even landing up in jail. This, according to the messaging platform, would violate universally recognised principles of free expression and human rights.
The new IT rules face at least six legal challenges across three High Courts in the country. The Internet Freedom Foundation has said that the guidelines pose a tremendous challenge to artistic expression and diversity and lead to government-mandated censorship. The Foundation for Independent Journalism has also filed a petition challenging the IT rules. On its part, while maintaining that user privacy will not be affected, the Indian government has stated that “no Fundamental Right, including the Right to Privacy, is absolute and it is subject to reasonable restrictions”. It has said that the requirements in the intermediary guidelines pertaining to the first originator of information are an example of such a reasonable restriction.”
While the decision of the courts are awaited, what is clear is that the new rules would make operating in the country difficult for digital companies, creating an hostile environment which can only increase the fears that the government is bent on exercising control over posts and social messages that it may not agree with, or like.
—By Abhinav Verma and India Legal News Service
Lead Visual:- Amitava Sen