Digital landscape should be secure and free. Equally the Service providers must be accountable for the content on their platforms. But the question is what should be the extent of State restrictions? Can restrictions imposed by the theory of ‘Compelling State Necessity’ go beyond what is legitimate and necessary in a Democratic Society? Can Intermediaries/ Service providers be totally deprived of the benefits of global norm on safe harbour protection? How do you balance these competing rights? The new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 fails to answer these penetrating questions in a viable manner, acceptable to constitutionalism and open and free democracy.

The Rules were notified under the Information Technology Act, 2000, an enactment to provide for regulation of electronic transactions and to prevent cybercrimes. The Rules replace the Information Technology (Intermediaries Guidelines) Rules, 2011. But what is new with the new Rules is that it covers broad range of circumstances built on the principle of “duty of care” like due diligence by Intermediaries, additional due diligence of Significant Social Media Intermediaries (SSMIs),  Intermediaries providing messaging as a primary service, Code of Ethics for Digital Media publishers, Grievance Redressal, Blocking of content in emergency, etc.

Rules require SSMIs offering messaging services to be able to trace the identity of originators of content in response to a court order or Government demand under Section 69 of the Information Technology Act. There appears to be vagueness on the entities qualifying under messaging service. Traceability requirement may cause risks for privacy and data protection and keeping of strong end-to-end encryption, which ensures that only the sender and recipient of a message can decipher its contents. Exceptional access to message content may also be involved when the company attempts to decipher messages travelling between two parties. Privacy itself is a travelling right which has no terminus. It demands a just approach in everything.

Grievance Redressal

Under the Rules, Intermediaries and Digital Media publishers will have to provide for a grievance redressal mechanism by designating an officer to address complaints against violation of rules. Complaints will have to be acknowledged within 24 hours and to be determined within 15 days. In relation to digital media publishers, a three-tier grievance mechanism will be in force for dealing with complaints regarding content, such as self-regulation by the publisher; self-regulation by the self-regulating bodies of the publishers;  and oversight mechanism by the Central Government.  

Publishers will appoint a Grievance Redressal Officer within India and redress complaints within 15 days. As part of oversight mechanism, Ministry will establish an Inter-Departmental Committee to hear grievances not addressed by self-regulating bodies and oversee adherence to the code of ethics. 

In case of emergencies, the Authorised Officers may examine digital media content and the Secretary, Ministry of Information and Broadcasting will pass interim direction blocking the content. The final order will be passed only after the approval by the Inter-Departmental Committee. In case of non-approval from the Committee, the content must be unblocked. 
     
Enforcement risks

Under Rule 7, a Company can lose its safe harbor protection (indemnity available to an intermediary under Section 79 of the IT Act from legal liability for any third party information, data or communication made available on its platform) for user-generated content for failure to observe any element of the Rules, thereby exposing them to the risk of litigation. SSIMs  are required to designate three employees, all residing in India  for taking up the functional responsibilities as the Grievance Officer, Nodal Contact person for whole time law enforcement co-ordination and Chief Compliance Officer, the key managerial personnel from the Company, who can he held personally liable for failure to meet the due diligence requirements. 

Penalties including imprisonment and significant fines could be imposed, as outlined in Section 69 and 69A of the Information Technology Act. Fastening criminal liability on employees and making them personally liable for the acts of the Company is undesirable and unjustified in a democracy. It makes them unable to vindicate their rights and they may be forced to leave employment also.

Chilling effect on free speech

The Rules define Significant Social Media Intermediaries as any service that has five million or more user limit in India. Such Companies will have to take down questionable content within 24 hours and answer the traceability of messages. User data will have to be provided within 72 hours on a Government request. Service providers will have to mandatorily upload filters to weed out noxious or unlawful content. They are under obligation to preserve their records for at least 180 days to aid government investigators. 

Rules facilitate surveillance, thus undermining the right to privacy of users. It has a chilling effect on free expression and access to information. Rules appear to be not in consonance with the benchmarks laid down by the Supreme Court in Shreya Singhal case (2015), wherein Court held that online content could be removed from intermediary platforms only by reasoned government or court order. This protects the platforms from liability and acts as a check on frivolous take-down demands.  

The wider range of circulation over the Internet cannot restrict the content of the right to free speech and expression nor can it justify its denial. Court in Shreya Singhal struck down Section 66A of Information Technology Act for being over broad and containing open-ended and undefined terms, violating the freedom of expression, the guarantee available for the free marketplace of ideas. In Khushboo v. Kanniammal (2010), Supreme Court held that law should not be used in a manner that has chilling effect on speech and expression.

Missing jurisprudential norms

A glance of the Rules would reveal that the liability regime envisaged do not match with the current international norms and jurisprudential consciousness. The Ethics Codes of Germany and Russia envisages rapid removal of hate speech and other toxic content and for its failure, the violator is fined with heavy penalty. Australia’s crackdown norms on social media companies entail huge fines for Intermediaries. The UK has stringent Rules in force to combat specified illegal content, such as child abuse and terrorism.  But what is conspicuously missing in the newly introduced Rules in India is that it does not contain adequate procedural safeguards and guarantees or checks and balances comparable with Germany’s liability regime or European Union’s General Data Protection Regulation, 2016.
European Union law and standard practices lay emphasis on strong transparency from the platforms. But these Countries have strong and vibrant regulators, Integrity Institutions and Review Bodies to oversee the implementation of the law enforcement. Australia’s e-Safety Commissioner and the UK’s Telecom regulator Ofcom act as the Internet Watchdog in overseeing and enforcing “duty of care” laws. In these countries, the surveillance and liability regime is operating in close liaison between intermediaries and other Government agencies.

Counter Speech Theory

It is in the interest of the Society that the victims of hate speech should be protected.  Freedom of speech and expression is not absolute, it is indeed a freedom with responsibility.  However, the very essence of the right cannot be impeded or destroyed. The essence of a right is what is in the right, its basis and substance which need preservation and advancement.  

The Brandeis Doctrine propounded by Justice Louis Brandeis of the US Supreme Court in Whitney v. California and hailed across the world for providing a practical approach to hate speech recognizes the efficacy of counter speech as a solution for harmful or threatening expression to remedy the evil. 

The remedy for speech that is false is speech that is true. This view was further endorsed by Justice Anthony Kennedy of the US Supreme Court in US v. Alvarez (2012) and then again followed in Williams v. Florida (2015). Thus, the need of the hour against hate or injurious speech is more speech and not an enforced silence or restrictions.

The Preamble to the Constitution of India declares with clarity our nation’s unique and towering status as a democratic republic. It also secures to its citizens inter alia liberty of thought and expression. Peaceful human interaction is necessary in an open and democratic society. In Bennett Coleman & Co. (1972), the Apex Court held: Freedom of the press is the Ark of the Covenant of Democracy because public criticism is essential to the working of its institutions. Never has criticism been more necessary than today when the weapons of propaganda are so strong and so subtle. But, like other liberties, this also must be limited.

Limitations on digital freedom cannot negate the essential content of the right to freedom. Rules should be examined in the light of its limitations on freedom, its impact in effect and substance, to determine whether it satisfies democratic due process and the elements of legality, legitimacy, proportionality and necessity in democracy. These principles were highlighted by the Supreme Court in Puttaswamy (2017) and Anuradha Bhasin (2020) cases. Restrictions must also manifest tolerance and broadmindedness. 

Fundamental Freedoms

Justice William Brennan of the US Supreme Court observed: We must develop a jurisprudence of civil liberties in times of security crisis. Shabby treatment of civil liberties received during war and perceived threats to national security must make us realize that abrogation of civil liberties is unnecessary. Ultimately this is an issue of trust, the trust of the people. If the trust of the people is undermined, nothing can help it, no law can save it. 

Right to privacy is part of life, written in golden letters in international documents and accepted as an inalienable, invaluable and universal right under International Humanitarian law. The United Nations General Assembly Resolution 68/167 calls on States to respect and protect right to privacy, including in the context of digital communication, take measures to put an end to violations of rights and prevent violations by ensuring that national legislation complies with their obligations under International Human Rights Law.  The Freedom Online Coalition Conference, 2014 also affirms it.  Right to enjoyment of human rights in relation to information and communication technologies is part of the Yogyakarata Principles, 2017 which delineates the extent of human rights enjoyable by human beings.

As in the physical space, cyber security shall not come at the expense of cyber privacy. Just because we can do something, does it mean that we should do it is the point to be pondered. Reforms are necessary, particularly on the anvil of digital security and harm principles. But any reform or lawmaking in this arena should be based on the principles of rule of law; legitimate purposes; oversight by legislative, judicial and other bodies like independent Ombudsman; and transparency in a free society.  

Freedom and security are intertwined. This is clear from a cursory reference to Atlantic Charter, Declaration of UN, Universal Declaration of Human Rights and International Covenant on Civil and Political Rights which have uniformly treated it as human rights issue. Some level of surveillance is inevitable and justified in a contemporary society. But the means employed for the purpose must be just and proportionate and it must preserve reasonable standards of privacy. The trick is to get balance right. 

The competing rights in the digital age should be nicely weighed and measured through the “golden and straight metwand of law”, the measure of justice, as opposed to the uncertain and crooked cord of discretion. As held by the European Court on Human Rights in Al-Sadoon (2009), human rights such as liberty and privacy are unanimously guaranteed in legally binding standards at universal and regional levels. The responsibility for maintaining rule of law cast on every organ of the State obligates them to refuse to countenance behavior that threaten human rights and fundamental freedoms and to perform each one’s role as icons in democracy. 

(Dr. Pauly Mathew Muricken is a prominent Lawyer, an acclaimed writer and a distinguished academician based in Kochi)