In January 2019, the Ministry of Electronics and Information Technology (MeitY) issued the Information Technology [Intermediary Guidelines (Amendment) Rules], 2019 (Draft Intermediary Guidelines).
Aimed primarily at addressing the risks associated with rapid dissemination of misinformation, fake news and illegal content (such as terrorism related content, or child pornography) over new age platforms, the Draft Intermediary Guidelines, proposed the introduction of new obligations, which require ‘intermediaries’ as defined under the Information Technology Act, 2000 (IT Act) to take on a greater role in addressing these risks.
In particular, the Draft Intermediary Guidelines, inter alia proposed the introduction of obligations requiring faster response times from intermediaries, greater cooperation with law enforcement, enabling traceability of the origin of content, proactive monitoring of content, and local incorporation for the purposes of coordination with law enforcement.
NASSCOM had submitted its comments, as a part of the consultation process driven by the MeitY on the Draft Intermediary Guidelines. Subsequent to that, NASSCOM held industry consultations to get a better view of the industry’s concerns on the proposed amendments. Since then, NASSCOM has met MeitY officials on several occasions, and made representations towards revising the Draft Intermediary Guidelines, in order to ensure risk-proportionate regulation that addresses the key concerns of the MeitY regarding misinformation, fake news, and illegal content, disseminated online.
Summarised below, are some of the modifications that were discussed with the MeitY.
- Need to map obligations based on the nature of intermediaries:
Given that the risk of misinformation would vary across different types of intermediary services, introducing a ‘catch-all’ set of obligations applicable to all intermediaries, will be disproportionate for certain intermediaries.
Accordingly, NASSCOM urged MeitY to consider introducing new definitions under the Draft Intermediary Guidelines, in order to recognize the variance in nature of services offered by intermediaries. To this end, NASSCOM recommended that the definition of ‘social media intermediary’ (as included under the Personal Data Protection Bill, 2019) be included under the Draft Intermediary Guidelines, given that such intermediaries bear the highest risk vis-à-vis rapid dissemination of user generated content. Similarly, NASSCOM recommended that a definition for ‘computer resource service’ be included and defined as services where the sole user objective is to access an intermediary’s computer resources to utilize the intermediary’s computer hardware or software services to enhance the processing capability or storage capacity of a computer. Intermediaries providing such services should have limited obligations for such intermediaries keeping in mind that a computer resource service provider has no technical capability to remove specific content stored by their customers or the end-users of their services.
- Need to provide more certain user-based thresholds:
The Draft Intermediary Guidelines as released by the MeitY, includes a reference to number of users of an intermediary’s service, as a benchmark for determining the applicability of certain obligations under the Draft Intermediary Guidelines. However, given the nature of services provided over the internet, an accurate estimation might not be possible (given that there could be passive users, who do not actively use the services). Accordingly, NASSCOM recommended that a definition for “registered users”, such that it excludes passive users of an intermediary’s computer resources, and includes only such active users, where the user’s access to the computer resource of the intermediary is conditional upon registration and the creation of a unique identifier, be used as a measure of identifying intermediaries operating at scale.
- Need to limit the scope of illegal information under Rule 3(2) of the Draft Intermediary Guidelines
Phrases such as “grossly harmful” “harassing” “blasphemous”, “grossly offensive”, “menacing” or “libellous” were held to be vague and beyond the scope of reasonable restrictions under Article 19(2) of the Constitution of India, by the Supreme Court of India, in the case of Shreya Singhal v. Union of India. Accordingly, and in line with the judgement of the Supreme Court, NASSCOM recommended that the MeitY should consider removing all references to such phrases. It was recommended that the scope of information under Rule 3(2) of the Draft Intermediary Guidelines be limited to specifically identifiable categories of illegal information, in order to lend greater clarity for intermediaries to whom the guidelines apply.
- Need for rationalising the scope of Rule 3(5) of the Draft Intermediary Guidelines
Attempting to strike a balance between law enforcement requirements and an intermediary’s own resources for complying with directions under the Draft Intermediary Guidelines, NASSCOM suggested that the MeitY should consider revising the response requirements under Rule 3(5), such that intermediaries would be obligated to extend their first action-oriented response to a request from a legally authorised Government agency within 36 hours of the receipt of such request.
Likewise, in recognition of the fact that in certain instances ensuring traceability may be technically impossible, NASSCOM recommended that the obligation to enable tracing of the originator of information, should not apply to instances where the intermediary is able to demonstrate that it has no control over the decryption key and is unable to view the content of private communications sent on its computer resource. This inclusion would harmonise the requirements under the Draft Intermediary Guidelines, with an intermediary’s obligations under Rule 13(3) of the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 (Decryption Rules) issued under Section 69 of the IT Act.
Lastly, since certain intermediaries may not be legally entitled to have access to content stored on their computer resources, NASSCOM recommended that the intermediaries providing computer resource services should be exempted from the obligations under Rule 3(5) of the Draft Intermediary Guidelines.
- Relax rule 3(7) in the Draft Intermediary Guidelines requiring the appointment of Nodal Officers by certain intermediaries
Moving away from the incorporation requirement under Rule 3(7) of the Draft Intermediary Guidelines as it currently stands, NASSCOM recommended that only social media intermediaries having more than 50 lakh registered users in India (and thereby bearing significant risk of rapid dissemination of user-generated content), should be required to appoint in India, a nodal officer, or in his absence, an alternate senior designated functionary, who shall be person of contact in India for the sole purpose of coordination.
Given the ease of market entry, there remained a concern that other intermediaries, including social media intermediaries might be able to scale their services quickly and gain significance in a relatively short period of time, thereby increasing the risk of rapid dissemination of user-generated content on their platforms. To address this, NASSCOM suggested that the MeitY may retain flexibility to address such situations, by including a proviso, such that the Government may, after giving due regard to the nature, scale and significance of an intermediary’s services, notify such intermediary as being required to comply with Rule 3(7) of the Draft Intermediary Guidelines.
Lastly, given the time required to comply with the requirements under the rule, NASSCOM recommended that the provisions of this rule should ideally come into effect at least six months from the date of notification of the Draft Intermediary Guidelines.
- Need for ensuring adequate safeguards for intermediaries, by ensuring appropriate conditions under which intermediaries are required to act under rule 3(8) of the Draft Intermediary Guidelines
As with NASSCOM’s suggestions on Rule 3(2), NASSCOM recommended that the provisions of Rule 3(8) should also be harmonised in line with the judgement of the Supreme Court in Shreya Singhal v. Union of India, such that intermediaries should be required to block access to actionable content, upon receiving actual knowledge in the form of a court order or a lawful order issued relating to the grounds under Article 19(2) of the Constitution, by a legally authorised government agency, within the time specified in such order.
Moreover, given the volume of orders that are currently issued, NASSCOM urged MeitY to consider streamlining the accompanying administrative processes in order to ensure timely and better coordination, by way of prescribing Standard Operating Procedures for authorised Government agencies issuing requests under the rule.
- Instead of mandating, encourage the proactive monitoring of content under Rule 3(9) of the draft intermediary guidelines
Recognising the significant harms stemming from the dissemination of manifestly paedophilic content and terrorist content, NASSCOM recommended that intermediaries should be encouraged to proactively monitor content. However, given the fallibility of automated means of monitoring, such a requirement should not be mandatory. Further, given that such monitoring could potentially raise concerns over user’s data privacy, NASSCOM recommended that the MeitY may consider including a reference to a requirement of complying with applicable privacy and data protection laws.
We also recommend that this rule should come into force six months from the date of notification of the Intermediaries (Amendment) Guidelines in the gazette.