About the Author: Rishubh Agarwal is a 4th Year, BBA LL.B (Hons.) student at Jindal Global Law School
In a sovereign democracy, it is both implied and fundamental that the government serves to ‘protect’ its citizens, if we draw from the idea that the government is of, by and for the people. To serve this implicit yet primary objective, the government must strike a delicate balance between governmental restraint upon misconduct and personal liberty. However, we find that the current governmental regime ignores this fundamental principle of democracy and blatantly violates individual privacy and autonomy. The IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were notified in the official gazette on 25th February 2021. In furtherance, the Union government provided a three-month compliance window. While the Rules were reviewed and a subsequent explainer has been already published on our Blog (available here), this post aims to identify the constitutional challenges presented by these Rules. We start off with a brief overview of the new Rules, the “safeguards” it offers and lastly, its impact on your fundamental rights. We conclude by examining whether the Rules meet the test of constitutionality under Indian jurisprudence.
Though the Rules are framed and (erroneously) interpreted as offering a progressive, liberal check on social media intermediaries and OTT platforms, in actuality, they empower the government to control and monitor online expression. The new rules aim to empower digital platform users by providing for an elaborate grievance redressal mechanism and imposing accountability in case of violation of rights. The inception of these rules can be traced back to Prajwala v. Union of India, wherein the apex court ordered the central government to “frame necessary guidelines and regulations and implement them to eliminate child pornography, rape and gang rape imagery, videos, etc.”
The New Rules – Relevant Provisions
The Rules have a unique feature in that they distinguish between social media intermediaries [Rule 2(w)] and significant social media intermediaries [Rule 2(v)] based on user size. However, the power to delineate lies within the sole discretion of the government. These platforms hold significant power because of their technical capability to connect us to others, host our data and mediate our digital experience. According to Rule 6, the government may require “any intermediary” to comply with the obligations imposed on significant social media intermediaries under Rule 4, if they suspect a “material risk of harm”. This threshold is manifestly arbitrary and subject to extensive debate as it gives the government significant discretion over regulation of digital content. Under Rule 4, the significant social media intermediaries are expected to perform ‘due diligence’ and appoint a Chief Compliance Officer, a Resident Grievance Officer and a Nodal person of contact. On closely analysing the complaints mechanism, we find that the Rules do not deter lodging of frivolous or unreasonable complaints, nor do they provide for a limitation period. Further, Rule 12 allows for formation of more than one regulating body, leaving room for conflicts regarding the same impugned content and creating disunity of command.
Principally, the implementation of the new rules has two major implications: 1) Significant social media intermediaries must now reveal the ‘first originator’ of content if the content is questionable as per the government. This essentially breaks down end-to-end encryption, thus having significant repercussions for data privacy. 2) OTT platforms like Netflix, Amazon Prime, Disney + Hotstar now fall within the ambit of the new rules, thus empowering the government to control and censor online content.
The new Intermediary Rules have been challenged on various constitutional grounds, be it challenges specific to certain provisions under the Rules or the wide argument that the Rules are ultra vires the parent legislation (the Information Technology Act, 2000). Here are several reasons why citizens must be sceptical about the new IT Rules:
- The first argument derives its force from the ultra vires contention. The new rules are bound to affect various classes of individuals (content creators, authors, bloggers, news media organizations, etc.) thereby exceeding the original boundaries set forth by the IT Act. Earlier, the Information Technology Act, 2000 was limited in scope and application and only extended to blocking of websites and providing for intermediary liabilities’ framework. The Act, unequivocally, did not extend to digital media organizations, publishers of online curated content or video-streaming platforms. The guidelines do not possess the necessary legislative backing to regulate these platforms. Finally, the content of most of these impugned provisions was never put up for public deliberation or consultation.
- The obligation of significant social intermediaries to trace the ‘first originator’ of information [under sub-rule (2) of Rule 4] effectively breaks down end-to-end encryption and undermines the fundamental right to privacy as guaranteed under Article 21 of the Constitution. The government has remained carefully silent on the passing of an exclusive Data Protection and Privacy law. One major repercussion of the new rules is that the government’s power to put debatable content as well as suspected persons under the scanner of digital surveillance, is now practically unhindered. The issue of traceability of information was the subject of a pending litigation before the apex court in Anthony Clement Rubin v. Union of India. While the original petition pertained to the linking of social media accounts with Aadhar, the focus subsequently shifted to identifying the traceability of information through social media giants like Facebook and Twitter.
- The government, while amending the pre-existing IT rules have avoided the legislative route altogether and passed the rules on its own volition. Even if we consider the government to be entitled to impose preconditions on digital platforms, the original rules do not cover censorship or control of digital content by the government. This is in line with the broad contention that the new Rules are ultra vires the Constitution as well as the parent legislation.
- Sub-rule (3) of Rule 9 lays down a three-tier framework for adherence to the Code with the first two levels concerning themselves with ‘self-regulatory’ mechanisms. Level III provides for an “oversight mechanism by the Central government.” We find this manifestly unconstitutional as the tacit effect of these mechanisms is to increase governmental oversight and censorship. In a recent order passed by the Bombay High Court, Rules 9 (1) and 9 (3) have been temporarily stayed, thus manifesting a glimmer of hope for those critiquing the new Rules. The order has been discussed below.
- Section 79(1) of the IT Act states that “an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him” if it fulfils the conditions laid down in Sections 79 (2) and 79 (3). This is often referred to as ‘safe harbour protection’. Through a variety of cases (examined here) we find that Indian courts are yet to conclusively establish what constitutes compliance to sub-sections (2) and (3) of Section 79, if such platforms are to successfully claim safe harbour protection. One precondition under sub-section (2) is that the intermediary must observe ‘due diligence while discharging its duties’. Section 87(2)(zg) of the IT Act authorizes the government to lay down guidelines which the intermediaries must adhere to under Section 79 (2). A combined reading of Section 79 and Section 87 (2) elucidates the true picture of the onerous regulatory mechanism put in place by the government.
“Dissent in Democracy is vital”: Bombay HC stays Rules 9 (1) and 9(3) of the IT Rules 2021
On 14th August 2021, the Bombay High Court partially stayed Rule 9 of the newly introduced IT rules. The interim relief came in response to two petitions filed by digital legal news portal ‘the Leaflet’ and journalist Nikhil Wagle – which claimed that the new rules went beyond the scope of the parent IT Act as well as the reasonable restrictions imposed by Article 19 (2) of the Constitution. The Hight Court, on August 14, 2021observed that ‘the indeterminate and wide terms’ of the new Rules are “manifestly unreasonable”, prima facie violate the right to freedom of speech, and go beyond the ‘substantive law of the IT Act’. In other words, the guidelines seek to regulate something that the IT Act itself does not. The Division Bench comprising of CJ Dipankar Datta and Justice G.S. Kulkarni stated that, “People would be starved of the liberty of thought and feel suffocated to exercise their right of freedom of speech and expression, if they are made to live in present times of content regulation on the Internet with the Code of Ethics hanging over their head as the Sword of Damocles. This regime would run clearly contrary to the well-recognized Constitutional ethos and principles” (Paragraph 30). However, the two-judge bench did not strike down Rule 7, Rule 14 or Rule 16 as it deemed no ‘immediate urgency’ to review them.
On July 27, 2018, Justice B.N. Srikrishna Committee on Data Protection published a report criticizing the government for tracing personal data and threatening privacy and free expression online. The report can be accessed here. It merits a mention that the new Rules do bring some accountability to social media platforms. For instance, users are to be given adequate notice prior to taking down the content in question. However, these ‘progressive’ features are severely overshadowed by the infringement of fundamental rights and the absence of surveillance oversight.
In the words of Senior Advocate Darius Khambata, the Rules are for the most part “draconian” and have a “chilling effect” on freedom of speech and expression. The recent Bombay High Court judgment is a step in the right direction for advocates of online free speech and individual privacy. However, a great deal remains to be done by the Courts in order to invalidate oppressive provisions of the new IT Rules. The judicial recognition of the unconstitutionality and illegality of these provisions is the need of the hour. Intervention and oversight by the judiciary will have an appreciable impact on online speech and expression, blanket privacy, security and user rights.