IT Rules 2021 explained: Non-compliance will expose WhatsApp, Facebook, Twitter to significant liability

On 25 February 2021, the Central Government enacted the InformationTechnology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which cast various obligations on internet intermediaries, and in particular, on social media platforms. It was reported that social media platforms such as Facebook, Instagram and Twitter were yet to comply with their obligations under the 2021 Rules. This gave rise to an apprehension among users of such websites that these websites could either stop operations or be banned in India for such non-compliance. Internet intermediaries and protection afforded to them under law Internet intermediaries are entities which perform various functions including facilitation of exchange of information and online communication. For example, Facebook or Twitter are internet intermediaries. A user registered on Facebook can share information with his connections without the same being edited by Facebook in any manner. This passive role adopted by Facebook is what in essence enables it to be classified as an intermediary. Under Section 79 of the Information Technology Act, 2000, intermediaries are granted protection from incurring any liability for third-party data available on their platform or hosted by them. This protection is essential as various intermediaries such as Facebook, Twitter or YouTube do not monitor the content posted by third-party users on their platforms. However, if any such content uploaded by a third-party user is in violation of any law, the intermediary does not incur any liability for such information. Imagine a situation where a third-party user posts defamatory or obscene content on Facebook. Now, if Facebook were to be held liable for such a post, it would necessarily mean that Facebook as a passive platform enabling online communication is required to first scrutinise the content being uploaded on its platform. This not only goes against their model of operation but would also hamper free flow ofinformation. This could also result in censorship of information where legitimate content may be taken down on an apprehension, resulting in third-party users’ freedom of speech and expression being stifled. Section79, which is recognised as a safe harbour provision, enables intermediaries to function freely without having any such obligation to monitor the content before it is uploaded. However, the protection offered to intermediaries under Section 79 is conditional. One of the conditions prescribed under Section 79 is that an intermediary is required to observe due diligence while discharging its duties and observe guidelines made by the Central Government in this regard. Now, the term ‘due diligence’ is not defined under the InformationTechnology Act, 2000. Neither does the Act prescribe what are the standards of due diligence required to be followed by intermediaries. This is where the guidelines framed by the Central Government come in. Information Technology (Intermediaries Guidelines) Rules, 2011 Prior to the current 2021 rules, the 2011 Rules laid down the standards of due diligence required to be observed by intermediaries. The 2011 Rules required intermediaries to publish rules and regulations, privacy policy and user agreements which would enjoin each user not to post information which would contravene any law in force. These rules also required intermediaries to disable access or remove information which is unlawful upon receiving actual knowledge of the same. The Supreme Court in Shreya Singhal versus Union of India read down the requirement of actual knowledge of an intermediary to mean knowledge of a court order directing it to disable access or remove such information. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 The 2021 Rules supersede the 2011 Rules. In these rules, the requirementof publication of rules and regulations, privacy policy and user agreements which stipulate that no user shall post information which would contravene any law in force has been retained. The Supreme Court’s decision in Shreya Singhal versus Union of India on the point of actual knowledge has now been embodied in the rules. The 2021 Rules also now permit the intermediaries to take down any unlawful information on a voluntary basis and such voluntary removal would not affect the protection afforded to them under Section 79 of the InformationTechnology Act. In addition to these general requirements, the 2021 Rules lay down additional due diligence requirements to be observed by “significant social media intermediaries”. Any intermediary who primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services and has more than 50 lakh registered users is classified as a significant social media intermediary. Thus, all popular social networking platforms such as Whatsapp, Facebook, Instagram and Twitter would be required to observe these additional due diligence requirements. These intermediaries were given a three-month timeline for ensuring compliance of these rules. Each significant social media intermediary is required to establish a grievance redressal mechanism and appoint three officers, viz, a Chief Compliance Officer who shall be responsible for compliance of the Information Technology Act and the rules framed there under, a Nodal Contact Person who shall be responsible for communication with law enforcement agencies and a Resident Grievance Officer who shall be responsible for the grievance redressal mechanism. All these officers are required to be residents of India. Another obligation cast upon these intermediaries is to enable identification of the ‘first originator’ of any information on its platform. An order directing an intermediary to identify the first originator can only be passed for prevention, detecting, investigating or prosecuting any offence relating to the sovereignty or integrity of India, its security and relations with other countries, public order and in relation to information depicting rape or sexually explicit material or child sexual abuse material. It is reported that Whatsapp, which provides end to end encrypted messaging services, has approached the Delhi High Court challenging this particular provision on the ground that it violates the right to privacy guaranteed under the Indian Constitution. So far, none of the major international social networking platforms have complied with these requirements. Facebook has released a statement that it aims to comply with the 2021 Rules and was in discussion with the government on certain issues. The Central Government has by a letter addressed to these intermediaries sought an update as to whether the 2021 Rules have been complied with. What happens if the intermediaries do not comply? Under Rule 7 of the 2021 Rules, if an intermediary fails to observe any of the rules laid down, it loses protection afforded to it by Section 79 of the Information Technology Act. Simply put, this would mean that an intermediary like Facebook or Twitter would be open for liability if a third-party user posts unlawful content on their platforms. If publication of such information amounts to an offence, the intermediaries hosting such information would also be punishable under the relevant law in the absence of the protection afforded under Section 79. Thus, non-compliance of the 2021 Rules would expose the intermediaries to significant liability. It is unlikely that they would be banned from operating in India for such non-compliance. It may, however, render their operations non-viable as they may then be required to proactively monitor information uploaded on its platform so as to avoid incurring liability. Only time will tell what course of action these intermediaries adopt. In the meantime, one can only hope that for the sake of millions of people using these platforms, the enactment of the 2021 Rules will not affect the way these platforms operate.