INTRODUCTION

On February 25, 2021, the Ministry of Electronics and Information Technology and the Ministry of Information and Broadcasting (MIB) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Intermediary Rules 2021) under Section 87 of the Information Technology Act, 2000 (IT Act). The objective of the Intermediary Rules 2021, which supersede the Information Technology (Intermediaries Guidelines) Rules 2011, is to establish a harmonious, soft-touch oversight mechanism in relation to social media platforms as well as digital media and OTT platforms etc.

The Intermediary Rules 2021 are divided into three parts - Part I deals with defining all the terms used therein; Part II deals with the due diligence requirements which must be followed by a social media intermediary (SMI) and a significant social media intermediary (SSMI) and Part III deals with the code of ethics and procedure and safeguard in relation to digital media.

Section 2(w) of the IT Act defines intermediary as "intermediary", with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes. The Intermediary Rules 2021 introduce the concept of a "SMI" and define it to mean "an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services. Based on the number of users on the social media platform, intermediaries have been divided into "SMI" and "SSMI" (number of registered users in India should be above 50 lakhs as notified by the Central Government).

SMI

Under the Intermediary Rules 2021, there are certain due diligence requirements that have to be observed by SMI while discharging their duties, which includes the following:

  1. Publish: To publish a Privacy Policy, User Agreement, and Rules and Regulation for usage of its website or app or both informing the user (i) to not host, display, upload, modify, publish, transmit, store, update or share any information that belongs to other person, or infringes on any Intellectual Property Law, or is obscene, harmful to a child, is pornographic, encourages gambling, threatens the sovereignty and unity of India etc.; (ii) the access to the website/app can be terminated if they are not in compliance with these policies; (iii) any changes in these policies.
  2. Remove: It shall remove any objectionable content, within 36 hours that it has stored, hosted, or published on its servers, once it gains actual knowledge, in the form of a court order or such notification by the appropriate government. The information of any user who has withdrawn or cancelled his registration or the objectionable content should be stored in servers for 180 days or more (if court or government permits)
  3. Protect: It shall protect the data following reasonable security procedures and practices as laid down in Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011.
  4. Access: It shall provide information under its control or possession to the government agency within 72 hours, after being in receipt of order and not install any kind of technical configuration to its computer resource, altering the normal course of its operation, in order to by-pass the law.
  5. Report: It shall report any cyber security incident and share the same with Indian Computer Emergency Response Team, in accordance with (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013.
  6. Grievances: It shall prominently publish on its website/app the contact details of the Grievance Redressal Officer (GRO) and mechanism to lodge the complaint against any content on the website/app. The GRO shall acknowledge the receipt of such complaint within 24 hours and dispose-off the same within 15 days from receipt. However, if the complaint is regarding content which shows any kind of nudity prima facie, then the GRO must take down such content within 24 hours of being in receipt of such complaint. Further, the GRO must acknowledge and receive any order, notice or direction by the appropriate government, any competent authority, or a court of competent jurisdiction.

SSMI

Under the Intermediary Rules 2021, there are certain due diligence requirements that have to be observed by SSMI while discharging their duties, which include the following:

  1. Appoint: It shall appoint a Chief Compliance Officer for compliance with IT Act and corresponding rules, a 24/7 Nodal Contact Person for assisting the law enforcement agencies & for complying with their orders and requisitions, and a Resident Grievance Officer (RGO) for dealing with complaints lodged by any person with respect to any content on the website/app.
  2. First Originator: It shall enable identification of first originator of the information, in case of messaging platforms, which would require chats to be backed up to encrypted cloud server, rather than providing end-to-end encryption to its users.
  3. Ownership of content: It shall clearly mark any information as being advertised, marketed, sponsored, owned or exclusively controlled, if such intermediary is deriving direct financial benefit by advertising information on someone else's behalf, to which it owns a copyright, or has an exclusive license, or in relation with which it has entered into any contract that directly or indirectly restricts the publication or transmission of that information through any means other than those provided through the computer resource of such SSMI.
  4. Physical Address: It shall have a physical contact address in India published on its website, mobile application, or both for the purposes of receiving the communication addressed to it.
  5. Removal of Information: In case, a user's access to the website or app has been revoked, or any other content that has been uploaded by the user has been removed, it shall inform the user prior to such removal about why the action is being taken, and on what grounds is the action being taken. However, it shall also provide the user an opportunity to contest this claim of removal and the user's request to re-upload the content. However, this should be done within reasonable time. The RGO shall oversee this process. It can be asked to furnish any additional information as deemed fit by the MIB.
  6. Objectionable contents: It shall employ technology-based measures to identify and remove information that depicts any sexually explicit content or any identical information which has already been removed by it. It shall display a notice to the user who is attempting to access such information that it has identified such information as objectionable. The measures taken by the SSMI must be proportional and have regard to the interests of free speech and privacy of the individual. The SSMI must further review periodically the technology-based measures to ensure there is no propensity of bias and discrimination in such measures.
  7. Complaints: It shall implement an appropriate mechanism for the receipt and processing of complaints which shall enable the complainant to track the status of such complaint by providing a unique ticket number. It should endeavour to provide the complainant with reasons for any action taken or not taken pursuant to the complaint.
  8. Voluntary verification: It shall enable users to voluntarily verify their accounts by using any appropriate mechanism and provide such users with a demonstrable and visible mark of verification, which shall be visible to all users of the service.
  9. Safe harbour: If it fails to adhere or follow the Intermediary Rules 2021, they would not be able to claim protection under Section 79(1) of IT Act, which is safe harbour provision for intermediaries.
  10. Compliance Reports: It must publish compliance reports every month containing the details in respect of the complaints which were received and the action taken on those complaints, and the number of links or information removed while using proactive monitoring through automated tools.

CODE OF ETHICS AND PROCEDURE AND SAFEGUARDS IN RELATION TO DIGITAL MEDIA

The Intermediary Rules 2021 prescribe a code of ethics for online news, OTT platforms and digital media. It also provides for self-classification of content for OTT platforms into five age-based categories - U (Universal), U/A 7+, U/A 13+, U/A 16+, and A (Adult). Platforms will be required to implement parental locks for content classified as U/A 13+ or higher, and reliable age verification mechanisms for content classified as "A". The OTT platform shall prominently display the classification rating specific to each content or programme together with a content descriptor informing the user about the nature of the content and advising on viewer description (if applicable) at the beginning of every programme enabling the user to make an informed decision, prior to watching the programme. Publishers of news on digital media would be required to observe Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television Networks Regulation Act thereby providing a level playing field between the offline (Print, TV) and digital media. Lastly, a three-level grievance redressal mechanism has been established under the Intermediary Guidelines with three levels of self-regulation, i.e., self-regulation by the publishers; self-regulation by the self-regulating bodies of the publishers; and an oversight mechanism.

The Intermediary Rules 2021 classify its subjects into two categories namely (i) Publishers of news and current affairs content; and (ii) Publishers of online curated content. The publisher has to give an acknowledgment of the grievance to the complainant, within a period of 24 hours; address the grievance and convey its decision to the complainant within 15 days. If the grievance remains unaddressed even after 15 days, it will be escalated to the self-regulating body at level two, a self-regulatory body registered with MIB. The self-regulatory body is supposed to ensure that the publishers adhere to the Code of Ethics, provide guidance on the same to them, address grievances which remain unresolved with the publishers and hear appeals which are filed by the complainants against the decision given by the publishers. The body also has the power to issue guidance or advisories to the publishers, 'warning, censuring, admonishing or reprimanding' them or requiring an apology, warning card or a disclaimer from the publisher. The self-regulatory body can further direct the publisher of online curated content to reclassify the ratings of content, make modifications in the age classification and access control measures, and refer content to the MIB for consideration.

The final level comprises an Oversight Mechanism which is constituted by the MIB, to ensure adherence to the Code of Ethics by the publishers. The MIB has to designate an officer as the "Authorized Officer, who shall have the power to initiate the procedure for deletion, blocking or modification of information by the publisher, and for blocking of information in case of an 'emergency'. The Oversight Mechanism shall establish an Inter-Departmental Committee for hearing grievances, shall refer grievances to the said committee and shall issue guidance, advisories, and directions to publishers. The Inter-Departmental Committee has the onus of hearing complaints in relation to grievances received from Level I or Level II and the ones which are referred to it by the MIB.

ANALYSIS AND CONCLUSION

The Intermediary Rules 2021 prescribe additional requirements for the intermediaries. While the publication of Compliance Reports is a positive step that would ensure transparency and enhance the efficiency of content moderation techniques, publishing the reports monthly may create problems for such intermediaries. Apart from providing the Privacy Policy, User Agreement, and Rules and Regulation for its website/app, the intermediary would need to annually inform the users that they need to adhere to these policies to continue gaining access and also keep them informed about any changes in these policies. This will create unnecessary hassle not only for the intermediaries but also for the users to act upon whenever such information is sent to them.

The intermediary can store on its servers, the information of the user, who has registered on the website or app for 180 days, even after such user has withdrawn or cancelled his registration. The time-period for storing information for investigative purposes has been increased to 180 days from 90 days. It shall provide information under its control or possession to the government agency within 72 hours, after being in receipt of order. Earlier there was no prescribed time limit to provide the information. These steps would go a long way to ensure the safety and privacy measures that were the primary purposes.

Prominently publishing on its website/app the contact details of the GRO and mechanism to lodge the complaint against any content on the website/app and the timelines surrounding it would benefit the users. And the GRO would have to act in a timely manner to adhere to the strict timelines.

Significant social media intermediaries have to provide an explanation to the users, in respect of removal of content. The rule also mandates that the entity should give an opportunity to an aggrieved user to dispute the action taken by the intermediary and the decision in this respect must be taken within a reasonable period of time. Although this requirement is burdensome for social media companies, it is a much needed one. There have been many instances when social media companies inadvertently or otherwise, ended up blocking harmless content. This requirement will bring more transparency and will ensure private players give due consideration to the rights of users while filtering content.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.