NASSCOM has submitted its feedback to the Ministry of Electronics and Information Technology (MeitY) in response to its invitation dated December 24, 2018. Earlier we released a policy brief raising some discussion points on the proposed draft Rules. Given below are the overall observations in our feedback. The detailed feedback is also attached below.
In terms of our approach, given the numerous seminal judgments, orders and guidance from various courts since the Intermediary Guidelines 2011 were first introduced, we believe that a holistic relook at the entire Intermediary Guidelines 2011 is required. Therefore, we have not restricted our comments / suggestions to the Draft Rules alone but have also provided our comments on the Intermediary Guidelines 2011 as a whole.
We have split our response into two parts: (i) Part A provides context to the Intermediary Guidelines 2011 as well as identifies existing interpretation issues with them; (ii) Part B provides a para wise review of the Draft Rules along with our suggestions and comments.
- Scope of Intermediary Guidelines 2011:
Section 79 of the Information Technology Act, 2000 (“IT Act”), which is the genesis of the Intermediary Guidelines 2011, was introduced to provide intermediaries with exemption from liability / safe harbor in certain limited scenarios.
The purport of this section is to provide intermediaries with ‘immunity from third party information, data, or communication link made available or hosted, ’ subject to compliance with the conditions specified under Section 79(2) and Section 79(3) of the IT Act.
Therefore, any additional obligation placed on intermediaries beyond the scope of the aforementioned purpose, i.e., providing an intermediary immunity for third party content hosted by it, as such should not be the subject matter of the Intermediary Guidelines 2011 framed under Section 79. Consequently, any provision which is proposed under the Intermediary Guidelines 2011 would need to be tested on the grounds of whether or not it exceeds the realm of Section 79 (if it does so, it will be ultra vires Section 79 of the IT Act). For example, Rule 3(5) of the Draft Rules, appears to go beyond the realm of Section 79 of the IT Act. Section 78 of the IT Act already empowers certain police officers to investigate offences under the IT Act. Thus, for the purpose of investigation, other provisions of the IT Act should be invoked and a requirement should not be added in the Intermediary Guidelines 2011 which is issued under Section 79.
Thus, the proposed amendments to the Intermediary Guidelines 2011 should be restricted only to cover those matters that fall under Section 79 of the IT Act.
- Different Types of Intermediaries:
We understand that one of the purposes of amending the Intermediary Guidelines 2011 is to address the issue of the spread of fake news on social media platforms . However, by adding prescriptive due – diligence requirement on all intermediaries, we believe that one risks making a sweeping generalization about the roles played by different types of intermediaries without taking into account the differences in the nature, function and activities of different intermediaries.
Most intermediaries do not enable users to disseminate or share content with others, or even make content available to the public. Therefore, using the same yardstick to regulate intermediaries who do not make content available to the public would be excessive. Several intermediaries in fact are engaged in business to business (B2B) transactions alone and do not have any role with respect to the circulation of fake news. Some examples of different types of intermediaries are as follow:
- Outsourcing entities (who are only in the business of data processing)
- Accounting software providers
- Payroll management software providers
- Cloud infrastructure providers
- Online payment systems
While the safe harbor provisions under Section 79 of the IT Act should apply to all types of intermediaries (subject to fulfillment of the conditions stipulated under the section), due to the distinct role played by each type of intermediary, the same due diligence obligations cannot be applied to all. For example, requiring cloud service providers to actively monitor and take down content as required under the Draft Rules would not be applicable or even practically possible. Similarly, requiring an entity in the IT – BPM sector to enable traceability of the data made available to it would not only expose such entity to possible liabilities under data protection laws but also serve no real purpose.
Furthermore, there are several intermediaries who are already regulated under law. For example, payment intermediaries are regulated by the Reserve Bank of India and telecom service providers are regulated by the Department of Telecom. Accordingly, these types of intermediaries are already required to comply with several obligations under applicable laws, many of which are even more stringent than the Intermediary Guidelines 2011. Therefore, a distinction needs to be made in terms of the level of oversight that is applied to such entities and the consequent due diligence requirements that must be imposed on them.
NASSCOM shall be pleased to work with MeitY to help draw up such distinctions in terms of the different types / classes of intermediaries, and identify what corresponding obligations should apply to each.
- Need for Procedural Safeguards:
In Shreya Singhal v Union of India , the Supreme Court (“SC”) refrained from striking down Section 69 A, due to the presence of several procedural safeguards built into the law itself. The court had specifically observed as follows:
“It will be noticed that Section 69A unlike Section 66A is a narrowly drawn provision with several safeguards. First and foremost, blocking can only be resorted to where the Central Government is satisfied that it is necessary so to do. Secondly, such necessity is relatable only to some of the subjects set out in Article 19(2). Thirdly, reasons have to be recorded in writing in such blocking order so that they may be assailed in a writ petition under Article 226 of the Constitution.”
Even though the Draft Rules require that content running afoul of Article 19(2) must be taken down, in terms of process it is are devoid of the following procedural safeguards which are otherwise available in Section 69 A:
- Who can pass the orders, as the term ‘appropriate Government or its agency’ has been defined too broadly and is also vague.
- The rule does not specify that a government order to takedown content will be accompanied with the reason for takedown.
- There is no requirement that takedown must be only be issued where strictly necessary.
Given that any takedown request is likely to have an impact on the right to freedom and speech and expression, it is imperative that such safeguard be built into the Intermediary Guidelines 2011 to ensure transparency.
- Need for clarification of the term ‘knowingly host’:
In Shreya Singhal v Union of India, the SC dealt with Section 79(3) (b) of the IT Act and Rule 3(4) of the Intermediary Guidelines 2011. The requirement of ‘actual knowledge’ in these provisions was read down to mean ‘upon receipt of a court order/notification by an appropriate government or its agency’.
However, given that the SC had only read down the term, ‘actual knowledge’, in the context of Rule 3(4) of the Intermediary Guidelines 2011, it is not entirely clear what is the meaning of the term ‘knowingly host’ in Rule 3(3) of the Intermediary Guidelines 2011. Accordingly, there should be clarity provided on its meaning in accordance with the principles laid down in the Shreya Singhal case.
Another issue that arises in terms of the judgment is where the SC held:
“Also, the Court order and/or the notification by the appropriate Government or its agency must strictly conform to the subject matters laid down in Article 19(2). Unlawful acts beyond what is laid down in Article 19(2) obviously cannot form any part of Section 79. With these two caveats, we refrain from striking down Section 79(3) (b).”
In continuation of the above, the court concluded:
“Section 79 is valid subject to Section 79(3)(b) being read down to mean that an intermediary upon receiving actual knowledge from a court order or on being notified by the appropriate government or its agency that unlawful acts relatable to Article 19(2) are going to be committed then fails to expeditiously remove or disable access to such material.
Similarly, the Information Technology “Intermediary Guidelines 2011” Rules, 2011 are valid subject to Rule 3 sub-rule (4) being read down in the same manner as indicated in the judgment.”
Thus, there is need for clarity as to the scope of the restrictions referred to by the SC. Whether the limitations of Article 19(2) of the Constitution would apply only when the content to which such limitation is applied relates to free speech and expression and not otherwise E.g. actions such as infringement of intellectual property rights, or impersonations of persons are not relatable to speech and expression. Accordingly, the restrictions under Article 19(2) of the Constitution should not apply to such content.
Therefore, given the impact of the above issues on the Intermediary Guidelines 2011 as a whole, we believe that there is need for clarity on the aforesaid issues.
Against this background, please see our specific recommendations in relation to the Draft Rules.