Published on: May 25, 2021

THE INFORMATION TECHNOLOGY (GUIDELINES FOR INTERMEDIARIES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021

THE INFORMATION TECHNOLOGY (GUIDELINES FOR INTERMEDIARIES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021

What is the news : WhatsApp questions new IT rules in Delhi high court

Background :

  • The guidelines, announced in February, had asked all social media platforms to set up a grievances redressal and compliance mechanism, which included appointing a resident grievance officer, chief compliance officer and a nodal contact person.
  • The Ministry of Electronics & Information Technology had also asked these platforms to submit monthly reports on complaints received from users and action taken.
  • Messaging apps was to make provisions for tracking the first originator of a message.
  • Failure to comply with any one of these requirements would take away the indemnity provided to social media intermediaries under Section 79 of the Information Technology Act.

What is Section 79 of the IT Act?

  • Section 79 says any intermediary shall not be held legally or otherwise liable for any third party information, data, or communication link made available or hosted on its platform. This protection, the Act says, shall be applicable if the said intermediary does not in any way, initiate the transmission of the message in question, select the receiver of the transmitted message and does not modify any information contained in the transmission.
  • This means that as long as a platform acts just as the messenger carrying a message from point A to point B, without interfering in any manner, it will be safe from any legal prosecution brought upon due to the message being transmitted.
  • The protection accorded under Section 79, however, is not granted if the intermediary, despite being informed or notified by the government or its agencies, does not immediately disable access to the material under question. The intermediary must not tamper with any evidence of these messages or content present on its platform, failing which it lose its protection under the Act
  • Section 79 of the IT Act 2000 makes it clear that “an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him”.
  • Third party information means any information dealt with by a network service provider in his capacity as an intermediary.
  • This protects intermediaries such as Internet and data service providers and those hosting websites from being made liable for content that users may post or generate.
  • Sections 79 also introduced the concept of “notice and take down” provision.
  • It provides that an intermediary would lose its immunity if upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act and it fails to expeditiously remove or disable access to that material.

Supreme Court’s Stand Related to Intermediaries in IT Act 2000:

In Shreya Singhal vs Union of India (2015), the Supreme Court read down the provision to mean that the intermediaries ought to act only upon receiving actual knowledge that a court order has been passed, asking [them] to expeditiously remove or disable access to certain material.

What are the Concerns being raised?

  • Concerns over potential unavailability of ‘safe harbour’ protection given to intermediaries under Section 79 of the IT Act, under the new rules.
  • Can lead to imposition of criminal liability upon the employees for non-compliance by intermediaries
  • May effect the ease of doing business.
  • Originator traceability mandate in end-to-end encrypted platforms could end up weakening the security architecture of the platform. This could render the entire citizenry susceptible to cyberattacks by hostile actors.
  • The extant data retention mandate entailed risking privacy of users in India and abroad in addition to security risks and technical complexities which requires a lot of time for development and testing before integration with the existing ecosystem.