with No Comments

INFORMATION TECHNOLOGY (INTERMEDIARY GUIDELINES AND DIGITAL MEDIA ETHICS CODE) RULES, 2021.

 

In February 2021, the Ministry of Electronics and Information Technology (“MeitY”) in consultation with the Ministry of Information and Broadcasting (“MIB”) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Rules”) under the Information Technology Act, 2000 (“Act”) in supersession of the Information Technology (Intermediary Guidelines) Rules, 2011 (“Old Guidelines”). The Rules expand the scope to impose additional obligations on social media intermediaries and digital media entities.

The Rules maybe divided into two parts-Part A: Obligations applicable to intermediaries, including social media intermediaries; and Part B: Code of ethics, related safeguards, and procedures applicable to digital media entities.

Part A: Obligations applicable to intermediaries.

  1. Applicability: The Rules have expanded the scope of the definition of the term ‘Intermediary’[1] under Section 2(w) of the Act to include two other classes of intermediaries; social media intermediaries[2] (“SSM”), which are intermediaries that enable online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services and significant social media intermediaries[3](“SSMI”), which have a minimum number of registered users as notified by the Central Government[4].
  2. Due diligence requirements: To claim safe harbour[5] under the Act and absolve itself of any liability in relation to any third-party information, data, or communication made available or hosted by the Intermediary, the Rules mandate that all Intermediaries observe certain due diligence requirements while discharging their duties.

The Rules are a departure from the Old Guidelines that required the intermediary to prominently publish the privacy policy, terms of use and user agreement. The Rules prescribe additional requirements such as:

Information to users: Intermediaries are now required to inform users[6] through their privacy policy or user agreements to not publish or share any information that is: (i) invasive of another’s bodily privacy or harassing on the basis of gender; (ii) violative of intellectual property right or any other law in force (iii) patently false or misleading but perceived as a fact; (iv) false, with the intention of causing injury or profit.

  • Annual notification to users: All Intermediaries must periodically, and at least once every year, inform its users of any change to the rules and regulations, terms of use or privacy policy and the consequences of non-compliance which include the termination of the rights of the user to access the Intermediary platform and/or the removal of non-compliant information.
  • Content take-down: Upon receipt of actual knowledge in the form of a court order or upon being notified by the appropriate government[7] or its agency, of the unlawful information that is hosted, stored, or published, the Intermediary must remove or disable access to unlawful information within thirty-six (36) hours from the receipt of such order or notification.
  • Retaining records: Intermediaries must retain information, user registration records and information of users who have withdrawn or cancelled their registration for a period of 180 days under the Rules as opposed to the the earlier requirement of ninety (90) days in the Old Guidelines from date of removal or disabling access to any unlawful information pursuant to receipt of actual knowledge or on voluntary basis or upon receipt of any grievances received by it.
  • Providing assistance to government agencies: Upon receipt of a written order, the Intermediary will be required to provide information under its control or possession or assistance to the relevant government agency within seventy-two (72) hours for verification of identify, prevention of offences, detection, investigation or prosecution of unlawful offences or for cyber security incidents.
  1. Grievance redressal mechanism of Intermediary: The Old Guidelines prescribed the requirement of appointing a grievance officer and publishing their name and details. In addition to that, the Rules require an Intermediary to constitute a grievance redressal mechanism and to acknowledge receipt of user complaints within twenty-four (24) hours of the complaint being made and resolve disputes within fifteen (15) days (the Old Guidelines prescribed a time limit of 30 days). The grievance officer is also required to receive and acknowledge any order, notice or direction issued by the appropriate government, competent authority, or a court.Further on receipt of any complaint from an individual regarding content which is prima facie in the nature of any material depicting nudity or any sexual act, or the impersonation of any person including artificially morphed images, the Intermediary must take all reasonable measures to remove or disable access to such content within twenty-fours (24) hours of receipt of the complaint.
  1. Additional due diligence obligations for SSMI’s: In addition to the obligations applicable to other Intermediaries, SSMIs are subject to additional obligations which must be complied with, within three (3) months from date of issuance of the Rules. The additional obligations applicable to SSMIs are as follows:

 

a) Appointment of local personnel:

  • The SSMI is required to appoint an Indian resident employee as Chief Compliance Officer (“CCO”), Grievance Redressal Officer (“GRO”) and the nodal person of contact for the SSMI.
  • The CCO must be senior employee or key managerial personnel who shall be responsible for ensuring compliance with the Act and the Rules and shall be liable in any proceedings relating to any relevant third-party information, data or communication made available or hosted by the Intermediary where they fail to ensure the Intermediary compliance while discharging its duties under the Act and Rules.
  • The nodal contact person who is an Indian resident employee will coordinate with law enforcement agencies and officers to ensure compliance to their orders or requisitions made in accordance with the provisions of law or Rules.
  • The GRO who is an Indian resident employee will shall be responsible for the Grievance redressal mechanism.

b) Monthly reports: SSMIs must publish monthly compliance reports indicating details of complaints received, action taken thereon, and the number of specific communication links or parts of information removed, or access disabled as a result of proactive monitoring using automated tools.

 

c) Identification of first originator: An SSMI that primarily provides messaging services must enable the identification of the first originator of information or communication if required by an order passed by a court or competent authority under Section 69 of the Act. It must provide the court or government authority with a copy of the information relating to the first originator in electronic form. Such order can be issued in the interest of sovereignty and integrity, security, public order, defamation, etc. If the first originator is located outside the territory of India, then the first originator for the information in India must be identified by the SSMI.

 

d) However, the Rules clarify that there is no obligation on SSMIs to disclose the content of the communication while complying with such order. Despite this, intermediaries may be required to do so under Section 69 of the Act which empowers the government to pass orders for interception or monitoring or decryption of any information through any computer resource in the interest of sovereignty and integrity, defence, security of the State, friendly relations with foreign States or public order or for prevention of incitement of any cognizable offence relating to the same or for investigation of any offence.

 

e) Disclosure of advertised or marketed services: If an SSMI provides services or transmits information on behalf of another person on its computer resource, for direct financial benefit in a way that increases it prominence or targets the receiver of the information or to which it owns a copyright or has entered into an exclusive licensing or contractual arrangement that directly or indirectly restricts the publication of that information through any means other than those provided through the SMI,  must clearly indicate that the information is being advertised, sponsored or exclusively targeted to the recipient of the information.

 

f) Use of technology-based and automated tools: SSMIs must endeavour to deploy technology-based measures including automated tools to proactively identify and remove unlawful content and information, including content depicting rape and child sexual abuse in any form or any information which is exactly identical in content to information that has previously been taken down pursuant to a court order.

 

g) While doing so, the SSMI must ensure that the use of such tools is balanced against the interests of its users, including their freedom of speech and expression and privacy. SSMIs must also implement appropriate mechanisms to ensure human oversight in order to evaluate the accuracy and frequency of these tools, their propensity for bias and discrimination and their possible impact on privacy and security.

 

h) Local address: The SSMI must also have a physical contact address in India to receive communications published on its website, mobile based application or both where applicable.

 

i) Grievance redressal mechanism: In addition to implementing appropriate mechanisms for grievance redressal, SSMIs must also enable the tracking of the status of complaints by providing a unique ticket number for every compliant or grievance received. It must also to the extent possible, provide reasons to the complainant for any action taken or not taken.

 

j) Voluntary verification for users: SSMIs must enable voluntary verification for users registering for its services from India or using their services in India, by using mechanisms such as verification by active Indian mobile number of such user. Once such verification is completed, the user must be provided with a demonstrable mark of verification visible to all other users of the services.

 

h) Notification of action voluntarily taken against content: If an SSMI voluntarily removes or disables access to unlawful content, it must (i) notify the user who had created, uploaded, shared, disseminated, or modified such content; (ii) provide reasonable opportunity to such user to dispute such action and request for reinstatement; and (iii) ensure that the grievance officer maintains oversight over such dispute resolution.

 

  1. Non-observance of Rules: Upon failure of an Intermediary to comply with the Rules, section 79 of the Act which exempts the Intermediary of liability in certain cases will not apply to the Intermediary and the Intermediary will be liable to punishment under the provisions of the applicable law including the Act and the Indian Penal Code,1860.

 

Part B: Code of ethics, related safeguards, and procedures applicable to digital media entities.

Part III of the Rules are administered by the MIB and is applicable to publishers of news and current affairs content and publishers of online curated content, where such publishers operate in the territory of India or conduct systematic business activity of making its content available in India.

  1. Inclusion of new definitions: The Rules have included new definitions such as:
  • News and current affairs content: The term has been defined to include newly received or noteworthy content, such as analysis about recent events primarily of socio-political, economic, or cultural nature.
  • News aggregator: The term has been defined as an entity which makes, aggregates, curates, and presents news and current affairs content. It makes available a computer resource to users through which they can access news and current affairs and performs a significant role in determining what news and current affairs content is available.
  • Online curated content: The term has been defined as any curated catalogue of audio-visual content, which is owned by, licensed to, or contracted to be transmitted by a publisher of online curated content, and made available on demand, by way of subscription or otherwise. It includes films, audio visual programmes, documentaries, television programmes, serials, podcasts, and other such content, but excludes news and current affairs content.
  • Publisher of news and current affairs: The term has been defined as an online paper, news portal, news aggregator, news agency or any entity whose functions are similar to publishers of news and current affairs content but excluding print media such as newspapers and their replica e-papers and individuals publishing such content pursuant to non-commercial activities.
  • Publisher of online curated content: A publisher of online curated content has been defined as a publisher who makes available to users, a computer resource through which they can access online curated content and performs a significant role in determining what online curated content is made available but excludes individuals publishing such content pursuant to non-commercial activities.

 

  1. Obligations of due diligence requirements for news and current affairs content: An Intermediary which transmits news and current affairs content on behalf of publishers, such as an entity aggregating and displaying news and current affairs created by publishers on its platform, must (i) publish a clear and concise statement on its website or mobile application, informing publishers to furnish details of their user accounts to the MIB; (ii)  provide a demonstrable mark visible to all users of the compliance by the publisher of the requirement to share information with the MIB.

 

  1. Code of Ethics for publishers of news and current affairs: The Rules require the publishers of news and current affairs content to adhere to the Norms of Journalistic Conduct of the Press Council of India and the Programme Code under the Cable Television and Networks regulation Act, 1995.

 

  1. Code of Ethics for publishers of online curated content: The Rules requires the publishers of online curated content to self-classify content on the basis of context, impact, target audience, etc. The publishers of such content are required to exercise due caution and discretion while featuring the activities, beliefs, practices, or views of any racial or religious groups and restrict. Access to ‘A’ rated content by a child through the implementation of appropriate access control measures such as including a parental lock to facilitate compliance of age classification of content.

 

  1. Adoption of three-tier grievance redressal mechanism: The Rules provide a three-tier grievance redressal structure for addressing grievances in relation to the Code of Ethics.

 

  • Level 1- Self-regulation by the publisher: The publisher shall be the first level of the three-tier structure and must establish a grievance redressal mechanism, appoint a grievance officer in India and publish the name and contact details of this officer on its platform. The grievance officer will be the point of contact for all grievances relating to the Code of Ethics and will also act as the nodal point for all interactions with the complainant, the self-regulating body and the MIB. The grievance officer is required to take a decision on every complaint received and communicate the same to the complainant, within fifteen (15) days of the registration of the complaint.
  • Level 2- Creation of self-regulation body: The Rules provide for creation of one or more self-regulatory bodies of publishers or industry experts. The self-regulating body will have a maximum of six (6) members and will be headed by a retired judge of the Supreme Court or a High Court, or an independent eminent person from the field of media, broadcasting, entertainment, child rights, human rights, or such other relevant field. Such self-regulating body is required to register itself with the MIB. The MIB will publish a charter for these self-regulating bodies including codes of practice. The publisher must become a member of any one of these self-regulating bodies and abide by the terms and conditions of such body.The self-regulating body can address grievances that the publisher fails to resolve within fifteen (15) days, hear appeals from the complainant and issue guidance or advisories to the publishers requiring them to issue apology, censor the content or include disclaimers or warning cards The self-regulating body must also ensure the alignment and adherence by the publishers of the Code of Ethics. If the publisher fails to comply with any guidance or advisory issued by the self-regulating body, then the body can refer such grievance to the oversight mechanism set up by the government within fifteen (15) days. The self-regulating body cannot issue any direction for the removal or modification of unlawful content, it can only refer such content to the oversight mechanism.
  • Level III-Oversight mechanism by the government: The MIB will develop an oversight mechanism and coordinate and facilitate the adherence to the Code of Ethics by the publishers of news and current affairs content and publishers of online curated content. The MIB will establish an inter-departmental committee and an authorized officer appointed by the MIB will be the chairperson of such committee. The committee will hear complaints arising out of the grievances in respect of the decision taken by the publishers or the self-regulating body, or where no such decision is taken by these bodies within the specified timeline, and complaints referred to it by the MIB.The committee can issue recommendations to the MIB requiring removal or modification of the content in the interest of sovereignty, integrity, defence, or in order to prevent cognizable offence. In case of recommendations pertaining to the removal or modification of content, the authorised officer appointed by the MIB is required to place the committee’s recommendation before the MIB for its consideration, who upon receiving approval from the MIB can issue directions to the publisher or the intermediary seeking removal or modification of the relevant content. The Rules provide that the orders and directions issued by the authorised officer can only be in respect of a specific piece of content and cannot require any entity to cease its operations.
  1. Blocking of information in case of emergency: In case of an emergency where no delay is acceptable, the authorised officer will review the content and determine whether it violates the grounds relating to sovereignty and integrity, defence, security of the State, friendly relations with foreign States or public order or for prevention of incitement of any cognizable offence relating to the same as provided under Section 69A of the Act and can submit its recommendations to the MIB for removal of such content. If the MIB is satisfied, then it may issue an interim order under Section 69A for immediate blocking of this content without giving any opportunity of hearing.

 

  1. Furnishing information: The Rules require a publisher operating in the territory of India to furnish certain information to the MIB within thirty (30) days of publication of the Rules. These publishers are also required to publish monthly compliance reports with the details of the grievances received.

 

  1. Retaining records: The Rules require publishers to preserve the records of content transmitted by it for a minimum period of sixty (60) days and make this information available to the self-regulating body or the central government or other government body, if requisitioned.

 

The Rules impose various additional obligations on intermediaries and social media intermediaries aiming to bridge the gap in regulations applicable to traditional forms of media. The Rules encourage greater transparency and a stronger accountability of intermediaries and are expected to have a significant impact in role of keeping strict checks and balances on the content which is published on platforms with a wider audience reach.

If you have any questions about the above mentioned, please contact Christopher L. Rasmussen, Managing Partner, Inventus Law, PC., at chris@inventuslaw.com or Vivek Balakrishnan, Principal Associate, Inventus Law, India at vivek@inventuslaw.in.

 

Disclaimer: This Memo is being provided for information purposes only and is drafted entirely on the bases of public resources. Information contained on or made available herein is not intended to and does not constitute legal advice, recommendations, mediation, or counselling under any circumstance. This information and your use thereof do not create an attorney-client relationship. You should not act or rely on any information provided herein without seeking the advice of a competent advocate licensed to practice in your jurisdiction for your particular business.


[1] Section 2(w) ―intermediary, with respect to any particular electronic records, means any person who on behalf of another person receives, stores, or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places, and cyber cafes; Information Technology Act, 2000.

[2] Rule 2(w) Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

[3] Rule 2(v) Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

[4]On 26 February 2021 the Central Government notified fifty lakh registered users in India as the threshold for a social media intermediary to be considered as a significant social media intermediary.

[5] Section 79, Information Technology Act, 2000.

[6] Rule 2(x) Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021: A user is a person who accesses or avails the computer resource of an intermediary for the purpose of hosting, publishing, sharing, transacting, viewing, displaying, downloading, or uploading information. It includes other persons jointly participating in using such computer resource, including the addressee and originator.

[7] Section 2(1)(e) of the IT Act, ‘appropriate Government’ means as respects any matter,– (i) enumerated in List II of the Seventh Schedule to the Constitution; (ii) relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government and in any other case, the Central Government.

2024 Inventus Law. All rights reserved. | Website Designed By Blue Astral