Regulatory Comments | Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules, 2021
INTRODUCTION
The Government of India (‘State’) recently passed the Intermediary Guidelines and Digital Media Ethics Code Rules, 2021 (‘IT Rules 2021’).[1] These Rules have been notified in the larger back-drop of recent protests over Farm-Laws in India. For reasons of ideological interference that potentially led to the violent instigation of Farm-Laws protesters, the Government of India had asked twitter to block certain accounts on its platform. In response, interestingly, twitter after initial reluctance, during which it staunchly affirmed its stand over the freedom of free speech & expression of its users, was pressured into compliance by the State after receiving repeated take-down notices.[2] As a reaction to twitter’s reluctant & defiant enforcement measure, the State hurriedly issued these IT Rules 2021 without resorting to any regulatory impact analysis or engaging in stakeholder consultation. These Guidelines suffer from serious drafting lacunae and exhibit State’s lack of understanding of the unwritten norms that govern the cyber-space.
CRITICAL COMMENTS — DEFINITION CLAUSE
The scope of definition of child[3] as someone who is below 18 years is too paternalistic as the implications of usage of Social Media Platforms & OTT Platforms are widely used and understood by children above the age of 12 years.[4]
Additionally, the prescribed definition of ‘news and current affairs content’[5] is idealistic with usage of expressions like “noteworthy content” (So, will Arnab’s rant over the internet be included as noteworthy content?) While this definition will subsume content from reputed news-publishing houses, however, it also leaves ambiguity with respect to its applicability to other kinds of content from plethora of every-day blogs, small-self publishing editorial houses, and informal blogs as well as YouTube News channels.
Other definitions have also been shoddily drafted with the definition of newspaper including usage of expressions such as “loosely folded sheets”. By categorizing Social Media Platforms into ‘significant social media intermediary’ and ‘social media intermediary’ with the demarcation being premised on the basis of the number of registered users,[6] these IT Rules 2021 are assuming Social Media Platforms (‘SMP’) to be deterministic entities[7] (controlling humans and shaping society to the requirements to the efficiency and progress)
CRITICAL COMMENTS — PART II OF THE IT RULES 2021
Essentially, these IT Rules 2021 are a confused mesh of delegated legislation that issue prescriptive norms inculcating the dichotomous elements of co-regulation[8] (“major”) and self-regulation (“minor”).[9] The problem with laying down any prescriptive regulatory norms for cyber-space is that these norms would be relegated to the back-seat in light of the technical architectural codes that govern their realization.[10] For example, Rule 3 (1) of the IT Rules 2021[11] lays down prescriptive standards of duties, which the intermediary needs to follow during the discharge of its duties. It includes the requirement[12] to publish on its website (i) rules and regulations (ii) privacy policy (iii) user agreement for access or usage of its computer resource by any person.[A1] Such traditional textual notice requirements have been widely criticized by notice sceptics[13] who instead ask for the deployment of the novel innovative ‘visceral’ form of notice. Rule 3(1) (b) lays down certain categories of information, which the SMP shall communicate to its users via the aforementioned avenues of notice and thus effectively refraining them from “hosting, displaying, uploading, modifying, publishing, storing, updating, and sharing”[14] with resulting sanctions for non-compliance.[15] While these norms incorporate Mason’s Parrish commendatory & iconic information sharing policies[16] for a social-media user, the resulting sanctions (removal of content & termination of access) will create a ‘chilling effect’ on free-speech and expression.
Take-down orders by the State as laid down under section 79(3) (b) of the Information Technology Act 2000 (‘IT Act’) can be only issued by State or its notified “authorised agency”.[17] This again gives wide discretion to the State to notify agencies that will essentially exercise control over the regulation of SMPs.
The requirement to preserve evidence of information and records for the purposes of investigation for one hundred and eight days[18] will potentially impose dichotomous compliance burden on intermediaries where on one hand they are required to respect the right of continuing non-disclosure of its users[19] while selectively preserving records for investigation in the prescribed instances.
The wording of Rule 3(1) (k) and its proviso clause is gruesomely dangerous because on one hand it prohibits the SMPs from employing any architectural/technical recourses to tamper with the usual functionality of the computer resources while on the other, it contrastingly asks the SMPs to employ the same architectural/technological methods in order to secure the access to computer resource and information contained therein at the whims and fancies of State.
The creation of Grievance Redressal mechanism for the take-down of content including but not limited to partial or full nudity is extremely paternalistic especially in light of the contrasting socio-cultural norms existing across different jurisdictions.
“One man’s pornography is another man’s theology — Clive Barker”
This could potentially include users who voluntarily post sexually explicit content bordering on partial or full nudity in addition to the genuine intended victims of instances of obscene sharing. Moreover, there are plethora of remedies already available under the sub-terrains of different legislation [20] and therefore such a prescription will add more duplication and confusion into the existing terrain of laws.
Rule 4(1) (a) calls for the designation of a Chief Compliance Officer for overseeing the near-impossible compliance obligations of the prescribed norms with the ensuing liability[21] for his non-performance. This cannot be expected to be reasonably carried out by him as a matter of practice,[22] although the proviso clause lessens the blow by atleast giving him the opportunity of being heard.
Rule 4(2) asks the SMPs[23] to enable the identification of first originator in the context of messaging services. This requirement of traceability could directly clash with the encryption protocols of messaging platforms and is essentially another instance of technological impossibility. Either the SMPs can ensure our privacy via encryption or else they comply with the prescribed requirement of traceability at the expense of our privacy. However, this strict dichotomy has been recently questioned by a scholar who argues that a greater level of informational privacy can also be ensured while providing a digital economy services (that could potentially include the aspect of traceability requirement) in strict regulatory environments.[24] It is the invisibility of features of SMPs that make an application more privacy protective or data secure and it is probably expensive for individual companies to provide a greater level of informational privacy.[25]
Rule 4(4) deploys the self-regulatory model of regulation wherein SMPs are endeavoured to deploy technology-based measures, including automated tools or other mechanisms to pro-actively filter prohibited content. Again, this prescription for self-regulation won’t work in practice because it goes against the business mode of these SMPs.[26]
Rule 7 of the IT Rules 2021[27] effectively adds another exception to the safe-harbour protection given to SMPs under section 79(1) of the IT Act, 2021 by imposing liability and criminal sanctions in the event that they fail to comply with the prescribed stipulations.
SPECIFIC COMMENTS — PART III OF THE IT RULES 2021
Rule 9(3) provides for the setting up of a three-tier structure that includes firstly self-regulation by the publishers; secondly, self-regulation by the self-regulating bodies of publishers and thirdly oversight mechanism by the Central Government.
This 3-tier regulatory mechanism will add to the existing red-tape of ineffective bureaucratic committees, departments and ineffective officers when it comes to redress of genuine grievances and is unsalable on a policy level. The quasi-regulatory content take-down & grievance redress models of SMPs and OTT Platforms though not completely effective, however, kept the interventionist prongs of the State away from the open-architecture of the Internet. These IT Rules 2021 will potentially act as a wedge as once these regulators are getting their foot in the room, they will be pushing in with more and more rules.[28] This ‘suppression’ of information in the guise of ‘regulation’ will have far-reaching consequences of its restriction for protected truthful expression.[29] The State should not avoid putting its first foot in the room because it would inevitable lead to the “push”.[30]
Moreover, the composition of TIER-II self-regulatory body of publishers[31] is bereft of the ground-level understanding of the cost & availability of human resources required for the establishment and functioning of such a committee.
The oversight mechanism under TIER — III has undertones of Quasi-regulation[32] with the Ministry being asked to facilitate the adherence to the Code of Ethics by publishers and self-regulating bodies, develop a mechanism for over-sight by publishing a Code of practices[33], establish an Inter-Departmental Committee[34], issue appropriate guidance and advisories to publishers[35], and issue orders and directions to the publishers for maintenance and adherence to the Code of Ethics.[36]
The power to issue orders for Blocking as referred to in sub-section (1) of section 69[37] can only be exercised by an authorized officer by the Inter-Departmental Committee after satisfying the prongs of an exhaustive redressal mechanism system.
Chapter VI of the IT Rules 2021 are a step in the positive direction with the requirement on publishers and the self-regulatory body to make a transparent & updated public disclosure of the receipt of the grievances.[38]
CONCLUSION
These IT Rules 2021 are extremely dangerous because they are setting a precedent of Information Regulation by the State, something which the majoritarian governments will employ to take control of our thought and speech. Such an approach is extremely paternalistic and borders on undemocratic self-governance. Moreover the prescriptions in these IT Rules 2021 are bereft of the existing web of interactions and inter dependencies operating between the users and the platforms. All in all, we just came one step closer towards becoming a police State.
REFERENCES :-
[1] Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 <https://www.meity.gov.in/writereaddata/files/Intermediary_Guidelines_and_Digital_Media_Ethics_Code_Rules-2021.pdf> (Hereinafter IT Rules 2021).
[2] Twitter Safety, ‘Updates on Our Response to Blocking Orders from the Indian Government’
<https://blog.twitter.com/en_in/topics/company/2020/twitters-response-indian-government.html accessed 21 February 2021.
[3] See IT Rules 2021 r 2 (1) (d).
[4] ICO Age-Appropriate Design Code of Practice <https://ico.org.uk/media/about-the-ico/documents/2617010/code-of-practice-dpa-2018-age-appropriate-design-code_v_2_0.pdf.> accessed 21 February 2021.
[5] See IT Rules 2021 r 2 (1) (m).
[6] See IT Rules 2021 r 2 (1) (v); See also IT Rules 2021 r 2((1) (w).
[7] See Andrew Feenberg, What Is Philosophy of Technology? In Dakers Jr (ed.), Defining Technological Literacy (Palgrave Macmillan 2006) 6.
[8] Julia Black, ‘Decentring Regulation: Understanding the Role of Regulation and Self-Regulation in‘Post-Regulatory’ World’ [2001] 54(1) 121 Current Legal Problems <https://doi.org/10.1093/clp/54.1.103> accessed 21 February 2021.
[9] Ibid.
[10] Andrew Feenberg, ‘Democratizing Technology: Interests, Codes, and Rights.’ (2001) The Journal of Ethics, 5(2) 2001, 177–195. JSTOR, <www.jstor.org/stable/25115688> accessed 29 Jan. 2021. [Hereinafter Feenberg].
[11] IT Rules 2021, Rule 3(1)
[12] Ibid, at rule 3(1)(a)
[13] See M. R. Calo, Against Notice Skepticism in Privacy (and Elsewhere), 87 Notre Dame L. Rev. 1027 (2013)<http://scholarship.law.nd.edu/ndlr/vol87/iss3/3.> accessed 21 February 2021.
[14] Ibid, at rule 3(1)(b)
[15] Ibid, at Rule 3(1)©.
[16] James L. Parrish “PAPA knows best: Principles for the ethical sharing of information on social networking sites,” (2010) 12(2) Ethics and Information Technology, 187–193.
[17] IT Rules 2021, r 3(1) (d) proviso clause.
[18] Ibid r 3(1) (g).
[19] K.S Puttaswamy (Retd) v Union of India 2017 10 S.C.C 1.
[20] See Information Technology Act 2000 s 66; See also Information Technology Act 2000 s 67; India Penal Code 1860 s 354; Indian Penal Code 1860 s 359.
[21] IT Rules 2021, r 4(1) (a).
[22] Edwin W. Tucker, “The Morality of Law, by Lon L. Fuller,” (1965) Indiana Law Journal 40 (2), article 5 <https://www.repository.law.indiana.edu/ilj/vol40/iss2/5> accessed 21 February 2021.
[23] IT Rules 2021, r 4(1) (b).
[24] Lauren Henry Scholz, ‘Indivisibilities in Technological Regulation’ (2020) U Chi L Rev Online 75 < https://lawreviewblog.uchicago.edu/2020/03/30/indivisibilities-in-technology-regulation-by-lauren-henry-scholz/ accessed 21 February 2021.
[25] Ibid.
[26] Paul Bernal, ‘Fakebook: Why Facebook Makes the Fake News problem inevitable’ (2018) 69 (4)
Northern Ireland Legal Quarterly <https://nilq.qub.ac.uk/index.php/nilq/article/view/189/145> accessed 21 February 2021.
[27] See IT Rules 2021, r 7.
[28] See generally, Donella Meadows, Thinking in Systems (Chelsea Green Publishing Co 2015) 158; See also Deborah Stone, Policy Paradox — The Art of Political Decision (2nd ed., W W Norton & Co 2001) 173 (Hereinafter Policy Paradox).
[29] See Irini Katsirea, “Fake news”: reconsidering the value of untruthful expression in the face of Regulatory Uncertainty’ (2018) 10(2) Journal of Media Law 188. <10.1080/17577632.2019.1573569> accessed 21 February 2021 (Hereinafter Irini Kastsirea).
[30] Policy Paradox (n 28) 174.
[31] See IT Rules 2021 r 12(2).
[32] See e.g. Productivity Commission, Regulation and Its Review 1997–1998 (Canberra, 1998).
[33] IT Rules 2021 r 13(1)(a).
[34] IT Rules 2021 r 13 (1)(b).
[35] IT Rules 2021 r 13(1)(d).
[36] IT Rules 2021 r 13(1)(e).
[37] IT Rules 2021 r 16(1).
[38] IT Rules 2021 r 19(1); IT Rules 2021 r 19(1)(2).
