Tl;dr
Under the Intermediaries and Digital Media Rules, significant social media intermediaries had a host of obligations to comply with, and the deadline to complete such compliance was 3 months from the date of notification of the Rules. That’s 25th May, 2021. The compliances that significant social media intermediaries are onerous and may stifle innovation in the Indian digital space. Social media is broken and the responsibility for this is shared by silicon valley companies that enable it. But, these rules are problematic, for in many places, rather than fixing it, it actually makes it worse.
Background
On February 25, 2021, the Ministry of Electronics and Information Technology (MeitY) and the Ministry of Information and Broadcasting (MIB) issued the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the Intermediaries Rules). We have written before about how the Intermediaries Rules are unconstitutional, undemocratic and negatively change the way we use the internet in India. As time has passed since their notification, the Intermediaries Rules have also been contentious.
There has been high controversy on them with at least six writ petitions (click to view our tracker) have been filed before three different High Courts of India, challenging these Rules. IFF has provided legal assistance to LiveLaw Media Private Limited in its challenge before the High Court of Kerala. This also includes arguments and reliefs from the perspective of users of social media. The Hon’ble Single Judge of the Kerala High Court was pleased to provide protection to LiveLaw Media against coercive action from MIB and MeitY in respect of the Intermediaries Rules.
What happens tomorrow?
Under Rule 4 of the Intermediaries Rules, significant social media intermediaries were given three months from February 25, 2021 to comply with the special provisions that apply to them. As the deadline for compliance with the Intermediaries Rules approaches, we take a look at what compliance will mean for significant social media intermediaries, and how such compliance can impact you! How it will stifle producer and user innovation and creativity in startups and platforms that may fall within the definition of significant social media intermediaries.
This is not only applicable to significant social media intermediaries, but also indian companies which are gaining scale in India and globally. It is necessary, then, to look at the actual provisions of the Intermediaries Rules to understand what a “significant social media intermediary” is, and what additional compliances are expected of them.
ELI5 “social media intermediary”
Most of the time we (most people) spend online is on a social media platform. It provides them a place to discover interests, chat about politics and news, organise on issues and even emergency and disaster relief. As they are giving you a platform, they are not the authors and editors, they are called intermediaries. These social media companies are broadly termed as, “social media intermediaries”. Now, coming to the more technical explanation (excuse a bit of repetition, but this is important). Intermediaries which primarily or solely enable online interaction between multiple users and allow them to create and share information have been defined as ‘social media intermediaries’ under Rule 2(w) of the Intermediaries Rules.
Among them, the intermediaries that have more than 50 lakh (5 million) registered users have been designated as ‘significant social media intermediaries’, according to Rule 2(v) of the Intermediaries Rules and Notification S.O. 942(E) dated February 25, 2021 issued by MeitY. This sub-class, “significant social media intermediaries” come with additional compliances. But, 50 lakh is a small number when it comes to account sign-ups if a technology service is popular. Numbers add up fast! So, many platforms beyond Facebook, Twitter, Whatsapp and Youtube will be impacted by them.
So what are these compliances?
We have written about the issues with the Intermediaries Rules before: in our Deep Dive into the Rules, we summarise some of the main compliance requirements of significant social media intermediaries below.
- Reduced timelines for takedowns and assistance to government agencies. Previously, in the Information Technology (Intermediaries guidelines) Rules, 2011 the Grievance Officer was responsible for receiving complaints from users concerning the Rules and redressing them within a month. Now, the Grievance Officer is responsible for acknowledging complaints within 24 hours and resolving them within a reduced timeline of 15 days. The Grievance Officer has also been made responsible for the receipt and acknowledgement of any order, notice or direction. Further, under the 2011 Rules, intermediaries had to “act within thirty-six hours and where applicable, work with the user or owner of such information” to take it down. Under the new Intermediaries Rules, intermediaries must *complete* the takedown process under Section 79(3) of the IT Act, within 36 hours. Lastly, the 2011 Rules did not specify a timeline within which intermediaries were required to provide information or assistance to law enforcement agencies. The Intermediary Rules have provided intermediaries with a 72-hour limit for providing such information or assistance.
- Further, the 2011 Rules did not specify any consequences upon the intermediaries for failing to comply with the provisions of the Rules; the consequence was relatively direct -- they lost immunity! The Intermediaries Rules, 2021 however, expressly state a loss of immunity and indicate a level of severity of consequences, including potential criminal prosecution under provisions of the IT Act and the Indian Penal Code. This is a major barrier for potential entrants into the sector, who may either not have the necessary resources to acquire the necessary legal capabilities to deal with such obligations or may be scared away by the threat of criminal prosecution. It will undermine social sharing and conversation functions in any user, community centric technical environment.
Additional compliances for “significant social media intermediaries”
On top of these, several additional compliances have been imposed on significant social media intermediaries under Rule 4 of the Intermediaries Rules for which the deadline is May 25. Rule 4(1) of the Intermediaries Rules states that significant social media intermediaries must publish monthly compliance reports of action taken in respect of grievances received by the grievance officer (Rule 4(1)(d)), and also appoint at least three distinct officers:
- A chief compliance officer, who will be responsible for ensuring compliance with the Information Technology Act, 2000 and the Intermediaries Rules;
- A nodal contact person for 24x7 coordination with law enforcement agencies; and
- A resident grievance officer, who must reside in India and receive complaints, acknowledge them within 24 hours and respond within 15 days.
All three officers appointed by the significant social media intermediaries, as above, are now legally required to reside in India. Significant social media Intermediaries are also required to have a physical contact address in India [Rule 4(5)]. Officer’s details and the physical contact address must be prominently published on its website or mobile-based Internet application. It is important to note that the Home Ministry has fortnightly meetings with all social media entities in India. This will no doubt erect a significant entry barrier to the sector, as new entrants will now have to invest a major chunk of their resources towards developing such a compliance mechanism. While behemoths like Facebook, Twitter, and Instagram will easily be able to do it, smaller Indian startups will face greater financial pressure in implementation. This will also reinforce higher entry barriers when startups start to scale to the 50 lakh limit. It simply means reduced competition and hence lower levels of innovation and value for users.
Additionally, significant social media intermediaries must allow users to voluntarily verify their identity (Rule 4(7)). This could lead to a scenario where the voluntary becomes mandatory, as is the case with many other technologies which were introduced as “voluntary” but eventually made mandatory in an indirect manner. For instance, the Data Protection Bill also contains a similar proposal to link Government IDs with our social media accounts! Again, as Indian consumers begin to value privacy and data security further, even if established platforms are able to navigate such obligations, new players looking to emerge in the field would be significantly hampered by such constraints.
What really concerns us is your free expression and privacy!
Some of the more troubling aspects of the Intermediaries Rules coming into force on May 25 are Rules 4(2) and 4(4). Under Rule 4(2), significant social media intermediaries that are primarily in the nature of messaging services must enable the traceability of the originator of messages. This is severely detrimental to the fundamental rights of speech and privacy of all citizens, since it will essentially undermine end-to-end encryption and likely cause a chilling effect on speech in private conversations.
While the Intermediaries Rules clarify that in doing so, the significant social media intermediary shall not be required to disclose the contents of any electronic message, any other information related to the first originator, or any information related to its other users, the Information Technology Decryption Rules contain powers to make demands for the message content. Used together, the government will have the power to break any type of end-to-end encryption to gain knowledge of who sent what message and also get to know its contents. As we have mentioned previously, more and more Indians are valuing their privacy: 84% Indian consumers willing to pay more to do business with organisations committed to protecting data privacy. Thus, for enterprises and start-ups who have based their business on providing secure platforms for exchanging information, such an obligation would be a death blow, devaluing the enormous amounts of money, time, and research that would have gone into developing rigorous cyber-security standards.
Under Rule 4(4) of the Intermediaries Rules, significant social media intermediaries must enable ‘automated tools’, or basically AI technology, to identify and take down child sexual abuse material, or content depicting rape, or any information which is exactly identical in content to information that has previously been removed. This is already an example of function creep, where extreme technological measures contemplated for a limited and very serious use are slowly and imperceptibly utilized for other less serious uses, and it will lead to further function creep.
Big tech like Facebook, Twitter, Instagram, Whatsapp, and Google often make terrible policies and decisions that are often harming millions of Indians. All of us at IFF, are consistently advocating with our public authorities for user rights centric regulations that help address them. It is our clear belief that the Intermediaries Rules do not fix these outstanding issues, suffer from core defects of procedural and substantive legality and end up harming your rights as well as the innovation which makes the internet so special and exciting. Today, more than ever we need to follow a path that is led by experts and the values of the Indian constitution.
Important Documents
- Previous post titled 'Deep dive: How the intermediaries rules are anti-democratic and unconstitutional.' dated 23.11.2020 (link)
- Previous post title ‘Coming to streaming services near you: Self-censorship!’ dated 04.03.2021 (link)
- Table collating all the various challenges to the Intermediaries Rules (link)