Apprehensions about the rules harming privacy are also misplaced. Rule 4(2) requires ‘significant social media intermediaries’ to provide only the metadata about the first originator of a viral message that may be required for investigation of a serious crime relating to sovereignty and integrity of India, public order, rape, child sexual abuse, etc. that are punishable with a minimum prison term of five years.
The writer is additional secretary, ministry of electronics & information technology, GoIIn a communication dated June 11, three United Nations special rapporteurs raised serious concerns over provisions of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. They claim that these provisions do not meet the standards of rights to privacy and to freedom of expression as per the Articles 17 and 19 of the International Covenant on Civil and Political Rights (ICCPR), and that some of the due diligence obligations of intermediaries may infringe upon a ‘wide range of human rights’.
They claim that terms in the new rules — such as ‘ethnically or racially objectionable,’ ‘harmful to child,’ ‘impersonates another person’ — lack clear definition and may lead to arbitrary application. But these terms have been very well defined and understood in both Indian and international law and jurisprudence. Rule 3(1)(b) of the IT Rules specifies these terms clearly as part of a user agreement the intermediaries must publish. They are aimed at bringing more transparency in how intermediaries deal with user content and are not violative of UN’s joint declaration on freedom of expression, ‘fake news’, disinformation and propaganda.
Also, Rule 3(1)(d) allows for removal of unlawful content relating to the sovereignty and integrity of India, security of the state, friendly relations with foreign states, public order, etc. only upon an order by a competent court or by the appropriate government. This is as per the due process specified by the Supreme Court in the 2015 ‘Shreya Singhal Vs Union of India’ case. The time limit of 36 hours for their removal after due process is reasonable.
Similarly, the time limit of 72 hours for providing information for investigation in response to lawful requests in writing from government agencies is also reasonable. Rule 3(2) provides for establishing a grievance redressal mechanism by the intermediaries and resolution of user complaints within 15 days. However, content of the nature of ‘revenge porn’ must be removed within 24 hours.
The liability of the chief compliance officer under Rule 4(1) of a ‘significant social media intermediary’ is not arbitrary. He or she can be held liable in any proceeding only after a due process of law.
Apprehensions about the rules harming privacy are also misplaced. Rule 4(2) requires ‘significant social media intermediaries’ to provide only the metadata about the first originator of a viral message that may be required for investigation of a serious crime relating to sovereignty and integrity of India, public order, rape, child sexual abuse, etc. that are punishable with a minimum prison term of five years. This again is after a lawful order is passed by a court or a competent authority, and where there is no other less intrusive means of obtaining such information.
There is no provision demanding the intermediary break any encryption to obtain the contents of the message. In fact, the content is provided by the law enforcement agencies to the intermediary. Lawful investigation of crimes cannot be termed as harmful to privacy. Countries like the US, Britain and Australia have enacted laws that allow for far more intrusive interception of encrypted messages, including their decryption.
The concerns with regard to media freedom are also misplaced. Section 5 of the UN’s joint declaration, specifically enjoins upon media outlets to provide for self-regulation at the individual media outlet level, and/or at the media sector level. The IT Rules provide for a three-tier system of regulation, in which the government oversight mechanism comes in only at the third level after the first two tiers of self-regulation have failed to produce a resolution. The rules clearly specify the due process for the government oversight mechanism.
The IT Rules aim at empowering users to exercise their right to freedom of expression responsibly and prevent the misuse of these platforms for unlawful purposes. The selective interpretation of the provisions of the IT Rules by the UN rapporteurs is disingenuous.