Recently, the Ministry of Electronics & Information Technology ('MEITY') released a draft amendment ('Draft Amendment') to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ('Guidelines') for public consultations. The Draft Amendment proposes to bring about certain changes to the grievance redressal mechanism, timelines for responding to grievances and proposes constitution of a Grievance Redressal Appellate Committee ('GRAC') by the Central Government, apart from proposing additional obligations on intermediaries.
Interlinking grievance redressal and content takedown
The Draft Amendment expressly enables users to submit requests for takedown of content with intermediaries (on grounds wider than obscene material ), thereby creating a new basis for content takedown, apart from notification by government and court orders. Further, it proposes tighter timelines for redressal for such user requests for content removal with intermediaries having to act upon and redress such complaints within 72 (seventy-two) hours while other complaints may be resolved in the pre-existing timeline of 15 (fifteen) days, in view of the 'very nature of cyberspace, instant communication, outreach and virality', ostensibly warranting an expedited response.
The ability of intermediaries to make content removal decisions has always been under question. The initial position of law in Shreya Singhal that intermediaries may only remove content on notification by the Government or on receiving actual knowledge by means of a court order as it "would be very difficult for intermediaries to act when millions of requests are made and the intermediary is then to judge as to which of such requests are legitimate and which are not" was on the premise that intermediaries may not be best suited to make content takedown decisions. Decisions of content moderation, monitoring or takedown of unlawful content made by intermediaries, including through algorithms, automated tools or human intervention by intermediaries in response to user requests cannot be relied upon and may also lead to unintended consequences such as large scathes of data being taken down in a precautionary approach. As the Joint Committee of the Parliament on Personal Data Protection Bill has observed, intermediaries have become private censors determining the right to freedom of speech, the Draft Amendment may only further it.
It may be important to highlight that no carve-outs or exceptions have been made for situations where intermediaries may require additional time for procuring additional information and background or verifying details of grievances filed. This may include situations involving content removal requests on grounds such as information belonging to another person, infringing intellectual property, impersonating or misleading, patently false information, the disposal of which may be time-consuming and highly subjective.
GRAC and appellate mechanism
The Draft Amendment proposes constitution of one or more grievance redressal appellate committees with a chairperson and other members with powers to hear appeals from orders of grievance officers of intermediaries, filed within 30 (thirty) days from decisions of grievance officers, given that there exists 'no credible appellate or self-regulatory mechanism' in place provided by intermediaries . While it is provided that the GRACs must endeavour to dispose appeals within 30 (thirty) days, the qualifications and nature of members to be appointed have not been specified as yet. However, it is expressly provided that the GRAC is provided as an alternative redressal mechanism and it is without prejudice to the right of users to seek judicial remedy at any time.
Recent media reports suggest, however, that the Government is willing to work on building a self-regulatory appellate mechanism which can offer a better solution to raise user grievances.
Additional obligations on Intermediaries
(a) Intermediaries are required to take reasonable measures to ensure accessibility of its services to users along with reasonable expectation of due diligence, privacy and transparency. This appears to be grossly vague and unclear. Firstly, it is unclear if accessibility is used in the context of access of platform features to persons with disabilities, which is cast as 'access services' obligations upon publishers of online content under the Guidelines. Alternatively, accessibility may be used in the context of uptime and availability of platforms and services. Secondly, it is proposed that intermediaries act in accordance with the principle of privacy, which is provided as an express pre-existing requirement under the Intermediaries Guidelines to comply with existing data protection law, i.e. the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ('SPDI Rules'). In the presence of such express obligation, inclusion of 'reasonable expectation of privacy' may create further uncertainties. Finally, the provision introduces a broad reasonable expectation of transparency from intermediaries, without proposing definitive obligations or implications resulting from such transparency. Unlike the Draft Amendment, many existing and forthcoming laws have proposed transparency obligations by specifically providing transparency disclosures and requirements. For instance, a specific requirement of algorithmic disclosures for data processing is present under the proposed Data Protection Bill, 2021 ('Bill') .
(b) Intermediaries are required to respect rights accorded to citizens under the Constitution. The explanatory note provides that it has been made necessary to ensure that intermediaries do not act in violation of constitutional rights of citizens guaranteed by the Government. While the Draft Amendment indicates that the proposed amendments are to ensure that constitutional rights are not contravened by big-tech platforms by ensuring new accountability standards for significant social media intermediaries, it is noteworthy that the obligations are made applicable to all intermediaries. Consequently, it is unclear as to how the note concludes that early stage or growth stage Indian companies would remain unaffected by the Draft Amendment when it is squarely applicable to all intermediaries. If the requirement of acting in consonance with constitutional rights is in the context of balancing freedom of speech and content removal obligations, it is beyond doubt that intermediaries are perceived as far from being mere platform operators. The Supreme Court also observed in this regard that "it would be too simplistic to contend that large platforms are a mere platform for exchange of ideas without performing any significant role themselves – especially given their manner of functioning and business model. Debate in the free world has shown the concern expressed by Governments across the board and the necessity of greater accountability by these intermediaries which have become big business corporations with influence across borders and over millions of people" . This is also manifest in the Data Protection Bill which proposes that social media intermediaries above a user threshold which have an impact on sovereignty, security, integrity, electoral democracy or public order be categorized as significant data fiduciaries. Having said so, it may also be unreasonable to internet users and intermediaries to expect intermediaries to be capable to adjudge validity of millions of content takedown requests they may receive while balancing key considerations of freedom of speech and legal validity of takedown requests in merits, in the absence of a court order or the order of a notified Government agency. This may also have to be viewed against the law laid down by the Supreme Court in Shreya Singhal and the limitations under Article 19(2).
While the overall intent of the Draft Amendment appears to be to create a framework for grievance redressal beyond internal grievance redressal of intermediaries, the enabling of submission of takedown requests by users has changed the framework of intermediary regulation. Apart from that, the introduction of additional obligations governing accessibility, expectation of transparency without any definitive details and respecting rights of citizens accorded under the Constitution may create further uncertainty around intermediary responsibilities, especially when such requirements are linked to due diligence conditions for safe harbor protection.
[The authors are Senior Associate, Associate and Partner, respectively, in Data Protection practice area at Lakshmikumaran & Sridharan Attorneys, New Delhi]
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.