New Social Media Regulatory Guidelines: The Law and its Impact

The Author, Nidhi Kale, is a first year BBA LLB student at School of Law, NMIMS, Bangalore. She is currently interning with LatestLaws.com. 

Introduction

In just over a decade, social media in our country, has evolved from a fun sidekick to a completely integrated element of practically every facet of many people's everyday lives. Social Media is excessively used for not just social networking and building connections but also for extracting information and news from all around the world, it helps bring new ideas, and people learn from and shape their own perspectives reading the many sides of a story on social media platforms, and therefore it becomes very important that social media platforms be regulated timely and efficiently.

Transnational technology platforms, it is clear, not only impact politics and markets through the conduct of users over whom they have no control, but also wield political power directly. We are as of now yet to fully acclimatise to the Information Age's new power centres, and all countries—from autocracies to liberal democracies—are grappling with how to control, constrain, regulate, and harness them in their unique ways.

Liberal democracies are responding to this dilemma in two ways, both of which rely on existing tools to address a situation for which they were not built. One strategy is to regulate various areas of the information sphere, particularly through surveillance, speech restrictions, and rights protection. However, giving governments more ability to increase surveillance and limit free expression leads to politicisation, partisanship, and unfairness. You can also choose not to use Facebook if you disagree with its policies. You cannot, however, opt out if you disagree with your government's rules.

Targeting the market dominance of technological platforms inherently diminishes value for everyone, including consumers, despite the fact that barriers to entry on the internet are essentially non-existent. A large network is worth several times more than the total of four smaller networks, each of which is a fifth of its size. Breaking up Facebook Inc., for example, would decrease the company's and its owners' political clout, possibly slowing the spread of hate and bigotry for a while.

Background of  Laws and Guidelines regulating Social Media, in India

The Indian Express was the first to report on a "secret" meeting in which suggested revisions to the provisions under Section 79 of the Information Technology Act, 2000 (IT Act) were discussed in 2018. Section 79 of the IT Act creates a so-called "safe harbour" for intermediaries who host user-generated content, exempting them from liability for the acts of users on their platform if they follow government rules. In order to be free from liability under Section 79 of the IT Act, an Intermediary must follow specific rules. The Intermediary must remove any information that is grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, harm minors in any way, or otherwise unlaunderable, according to these guidelines (issued in 2011).

The Information Technology (Intermediaries Guidelines) Rules, 2011, back then provided the existing guidelines that intermediaries must follow, although the government had been since long considering revisions to these guidelines since December 2018. So prior the enactment of Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, the law or regulation in place was Information Technology (Intermediaries Guidelines) Rules, 2011.

While the Ministry of Electronics and Information Technology initially denied knowledge of the meeting and proposed modifications, they later admitted them and launched a public consultation. Changes to the liability exclusions for internet platforms or service providers were proposed. Any service provider that transmits, hosts, and publishes user content without exercising editorial control over it, such as traditional publishers, is an intermediary. It might be your internet service provider, email provider, social media platform, or any other website that allows you to post, upload, and publish content.

In 2015, the landmark judgment of Shreya Singal v. Union of India, the Court invalidated Section 66A of IT Act in its entirety as it violated the right to freedom of expression guaranteed under Article 19(1)(a) of the Constitution of India and thereby upholded  the right to free speech and expression in the recent times. Section 66A of the IT Act is solely concerned with and regulates social media content. It forbids the transmission of any offensive video, audio, or text message, as well as any recorded information. This also includes any material or electronic message that is known to be false but is sent with the intent to annoy, injure, or insult others. This is done with the intent of committing a crime and instilling enmity in the public. It may also lead to a person's deception.

Because of the numerous arrests made under this section in the last year or so (most notably the arrest of two teenage girls in Palghar, Maharashtra in November 2012), Section 66A has perhaps attracted the most media attention. This clause made it illegal to send an insulting message over a computer resource. The most serious worry in this regard was the provision's extraordinarily broad and vague meaning, which might have covered anything that was offensive, menacing, caused discomfort or inconvenience, insults, generated enmity, animosity, or ill-will, and so on. Three years in prison was the penalty for such an offence.

Apart from sections 79 and 66A, which has since been abolished, Section 69A of the act also deals with social media platforms and allows the government to ban public access to any content for a variety of reasons. If an intermediary fails to follow instructions to censor content, they might face up to seven years in prison. This clause allows the government to restrict any content it deems appropriate, as long as it meets certain criteria. It has been applied with varied results. While there are times when content must be censored (for example, one of the sparks for the recent communal violence in Uttar Pradesh was the distribution through Facebook of a fake video purporting to show violence against the majority community), practise shows that government directives are often vague (resulting in entire domains and websites being blocked). The broad and imprecise character of the conditions that must be met before this power can be invoked is additional cause for concern.

The Supreme Court (SC) has previously on several occcasions ordered the government to frame the necessary guidelines/Standard Operating Procedure (SOP) and implement them to "eliminate child pornography, rape and gang rape imagery, videos, and sites in content hosting platforms and other applications" the recent one being the Prajwala case vs Union of India.

In the case of Tehseen S. Poonawalla, the Supreme Court granted the government broad authority to restrict or prevent the spread of "irresponsible and explosive communications on various social media platforms, which have a tendency to encourage mob violence and lynching of any kind."

Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021

Coming back to the new guidelines now, One of the problematic issues presented by MeitY in the December 2018 version of the draft Rules, and which also appears in the most recent 2021 version of the draft rules, concerns the traceability of information originators on the internet. In Antony Clement Rubin v. Union of India, the Supreme Court was discussing the issue of the traceability of information originators on messaging systems. This lawsuit began as a public interest litigation (PIL) filed in the Madras High Court, requesting that Aadhaar be linked to social media accounts. The focus switched to traceability of originators of information on end-to-end encrypted platforms like WhatsApp during hearings before the Madras High Court, and the matter was ultimately transferred to the Supreme Court.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, appear to have evolved from the Draft Intermediaries Rules, 2018 between December 2018 and February 2021. The Ministry of Electronics and Information Technology (MeitY) published the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 in February. The new laws were given a three-month grace period for social media intermediaries to comply.

On May 26, the government sent a second notice to all social media intermediaries, requesting information on the status of compliance with the new rules that took effect that day. Google, Facebook, WhatsApp, Telegram, Koo, Sharechat, and LinkedIn have all shared information with MeitY in accordance with the new regulations. Twitter requested that the compliance window be extended, as well as a constructive dialogue and collaborative approach from the government to protect public freedom of expression. WhatsApp also launched a lawsuit against the government in the Delhi High Court, alleging that the new rules breached customer privacy. The Wire, LiveLaw, and The Quint have all taken issue with the new Intermediary Guidelines and Digital Media Ethics Code.

The IT Rules 2021 intend to provide ordinary users of social media platforms and over-the-top (OTT) platforms with a system for grievance redress and speedy resolution through the employment of a Grievance Redressal Officer (GRO) who must be a resident of India. Special attention has been paid to protecting women and children from sexual assaults, fake news, and other forms of social media abuse. In the event of an offence involving India's sovereignty and integrity, the "initial creator of the information" must be identified. A Chief Compliance Officer, who must be a resident of India, must also be selected, and this person would be responsible for ensuring that the Act and Rules are followed. A monthly compliance report mentioning the details of complaints received and action taken on the complaints would be necessary.

On the other hand, OTT platforms, online news, and digital media businesses would be required to adhere to a Code of Ethics. Under the new laws, OTT platforms would be referred to as "publishers of online curated content." They'd have to divide the content into five groups based on age, and employ parental controls for everyone over the age of 13. For content classed as ‘Adult,' they must also provide age verification procedures. A three-tiered grievance resolution system has been established. The appointment of a GRO, self-regulatory entities registered with the Ministry of Information and Broadcasting (MIB) to oversee the Code of Ethics, and a Charter for the self-regulating bodies developed by MIB are all part of this.

If anything, the new IT rule presents fresh problems for tech powerhouses like Facebook, Twitter, Google, and Netflix, which rely on Asia's third-largest economy as a crucial international market. Social media companies will be expected to answer takedown requests for unlawful, deceptive, and violent information within 24 hours and provide a comprehensive redress within 15 days, according to India's IT, Law, and Justice Minister Ravi Shankar Prasad. Firms will be forced to remove content within 24 hours in sensitive circumstances, such as those involving graphic sexual content.

A Quick Overview of the New Guidelines

1. Classification of Social Media Intermediaries: The guidelines call upon the categories of social media intermediaries:

             Regular Social Media Intermediaries (RSMIs)

             Significant Social Media Intermediaries (SSMIs)

2. Making sure Officers are appointed: The SSMIs must appoint the following officers, all of whom must be Indian residents:

            A Chief Compliance Officer is a person who is in charge of ensuring day to day functions

            A Nodal Contact Officer who should be available 24 hours a day, 7 days a week.

            A Resident Grievance Officer who deals with complaints from residents.

3. Monthly Reports: The SSMIs must also publish a monthly report detailing the number of complaints received and the actions done in response to those complaints.
4. Grievance Redressal Mechanism: According to the standards, social media platforms must have a grievance redressal mechanism in place so that any content uploaded that violates public order or is not regulatory can be reported to the Grievance Redressal Officer. Within 24 hours, the officer must recognise the complaint and address it within 15 days. The requirement is to settle the complaint within 24 hours in circumstances directly related to crime against women.
5. Identifying Message Originators: Under the new guidelines, services like WhatsApp, Signal, and Telegram must assist in identifying "originators" of "unlawful" messages, and social media networks must remove such messages within a certain time frame.

Noncompliance with these requirements may result in SSMIs losing the "safe harbour" protection provided by Section 79 of the IT Act.

It protects users from civil and criminal liability for content uploaded on the social media platform by third parties.

Its Likely Impact

The problem with the ruling is that social media companies with large user bases in India will have to drastically change their business models to comply with the Indian government's new mandates under Section 79 of the Information Technology Act, which include the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.

End-to-end encryption will almost certainly have to be diluted in messaging apps like WhatsApp or Signal in order to track down the "initial originator" of flagged messages. Platforms such as Facebook will have to design a new interface for India that would allow users to verify users through authorised know-your-customer (KYC) processes and display a verification tag for those who request it. While WhatsApp will have to figure out how to display the verification tag, Twitter will have to make the verified blue tick option available to everyone who requests it.

There will also be Technological Hurdles with Respect to Traceability. The elements in the new legislation that oblige them to identify traceability when required to do so by authorities have caused concern among social media businesses such as WhatsApp. They argue that this could lead to the decryption of end-to-end encryption, which could jeopardise users' privacy. The administration, on the other hand, has indicated that traceability will be required only in the event of "extremely serious offences" that endanger India's sovereignty and integrity. It could also be done without compromising the end-to-end encryption. Companies, on the other hand, will be responsible for developing a technology solution to this.

The concern relating to breach of Privacy- Many services (Whatsapp, Signal, Telegram, and others) save minimum user data for electronic information exchange and employ end-to-end encryption to serve users with trust, security, and privacy. Millions of Indians use these to protect themselves from identity theft, code injection assaults, and other risks. Encryption is becoming increasingly vital as more aspects of our life require our personal data which is incresingly being pooled and analysed on a scale never before imaginable. The Justice Srikrishna Committee on Data Protection has already chastised the government for requiring inadequate encryption levels in licence agreements with telecom service providers, claiming that this “poses a threat to the safety and security of data principals' personal data.”

This requirement for traceability has significant implications for everyday users of online services, and it should be considered in conjunction with the MHA notification, which activates the IT (Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009, which give the power to direct "decryption." We lack sufficient legislative monitoring or judicial review of surveillance, and the latest guidelines, would be a massive increase of the government's power over ordinary persons, some who oppose these rules say, it would be disturbingly similar to China's banning and breaking of user encryption to spy on its population.

Rule 5(2), insofar as it demands changes to the design of encrypted platforms in order to enable traceability, is outside the scope of the parent provision, Section 79 of the IT Act. It's worth noting that the authority to impose encryption standards and procedures stems from Section 84A of the IT Act, not Section 79, which is a safe harbour provision. Section 84A also gives the Central Government the authority to establish encryption modes and procedures for the purpose of “securing the electronic medium and promoting e-governance and e-commerce.” Any attempts to weaken encryption in order to permit traceability would fall short of the goal of providing secure electronic communication.

Conclusion

Any democracy's foundational precept is freedom of speech and expression. There is no such thing as absolute or unlimited freedom. Since the promulgation of the Constitution, striking the correct balance between fundamental rights and determining the rationality of a restriction has been an ongoing endeavour. The discussion has now moved to the digital realm. The ongoing battle between private, tech giants that own a significant amount of Big Data, governments that want to impose reasonable restrictions, and users concerned about data privacy and restrictions on freedom of speech and expression is only going to get more complicated before optimal solutions can be found.

The IT Rules 2021, according to the government, seek to address concerns of the citizens without infringing on their privacy and personal liberties, while maintaining digital sovereignty at the same time, while some organisations believe its an infringement of right to privacy and freedom of speech and expression, perhaps only with time and over time will we realise which one of the aforementioned is true or stands true.

In the end, the standards are about the end users of social media platforms, and the latter's growth is dependent on the former. The protection of end users' interests must take precedence, and laws and regulations must not be drafted in a way that contradicts their fundamental rights. Furthermore, there is a tremendous need for law and order to be in place to curb misleading information while also ensuring that citizen’s privacy is not jeopardised.

Picture Source :