Information Technology - Guidelines For Intermediaries and Digital Media Ethics Code - Rules, 2021

In the final analysis, the IT Rules are seen as having a deep, detrimental impact on the social media and digital news sectors, and result in increased work loads for employees, increased cost of operations and compliance for organizations. Along with existing concerns over the potential impact of the Personal Data Protection Bill (PDP) that is currently under advisement by a parliamentary body and future legislation around Non-Personal Data (NPD) and a growing concern over data governance, data nationalization, there is a very serious gap in awareness and understanding within the IT ecosystem on how policy impacts work.

In the specific case of the IT Rules, SSMI and Digital News organizations have gone to court to challenge the Rules. Sections of the Rules that are Ultra Vires of the parent IT Act will require arbitration in competent courts, and jurisprudence.

For SSMIs, the MEITY may proactively revise and redraft the Rules and ensure it complies with the parent law. Particularly, the changes to definition of intermediaries and creation of classes within intermediaries - as the IT Rules 2021 envisions - will need to be removed entirely. Safe Harbour, a ‘taken for granted’ privilege offered by nations across the world, and provided by the IT Act, is threatened under the IT Rules 2021. This will need to be reiterated and written explicitly into the new Rules.

However, if the ministry continues to maintain distinction between classes of intermediaries for operational or other purposes, it is recommended that threshold limits for social media intermediaries, such as user base or revenue, will need to be clarified and written explicitly into the Rules, following extensive consultation for the same.

At the industry and community level, representatives we spoke to say that the Rules will need to be redrafted to remove the personal liability attached to the role of the Chief Compliance Officer. Representatives also ask for guidance in the form of Standard Operating Procedures from the ministry, with regards to reporting, content take down, grievance redressal and others. The community strongly recommends that MEITY work with stakeholders to assess the costs of compliance for organizations of different sizes and at various levels of operations.

With multiple Law Enforcement Agencies (LEAs) potentially able to initiate proceedings against the CCO under the current version of the Rules, industry representatives say this will create a culture of fear and self-censorship, stifling free speech. While they strongly recommend removing personal liability entirely, organizations also say that at the very least, restrict it to a role-based responsibility, to ensure that employees are not unfairly held accountable even after their term of employment ends.

Some organizations also recommend that the government and the ministry consider imposing financial penalties in place of personal liability. The extent of financial liability will need to be determined after consultation with the industry, and based on the organization’s size, turnover, user base and other parameters.

Representatives suggest that only a state or union government – via a specially appointed Nodal Officer – be the point of contact for SSMIs. Further all takedown requests and grievance redressal be directed through the Nodal Officer of the government, helping streamline the process and providing clarity to organizations.

SSMI representatives, experts in security and privacy and legal experts all agree that privacy can be preserved while also protecting against the spread of CSAM or other patently illegal and unlawful content. Organizations already have robust internal mechanisms and teams to monitor and review such content and do not need to rely on identifying the originator to remove such content from their systems. Therefore the recommendation is to strengthen encryption and confirm protecting user privacy as a stated goal of the Rules.

Digital news organizations require clarity on why their sector has been clubbed in the Rules and how they qualify as intermediaries. Cases are currently under trial in various Indian courts challenging this. But there is a larger concern over dissent, freedom of the press and freedom of speech.

For organizations and industry bodies the take-aways are clear: invest in training, resources and forums by which skill and knowledge gaps are plugged. This is an immediate and critical requirement if the industry is to weather the changing policy climate.

Within organizations, leadership must invest in training to address the gaps in knowledge and skills of entry level and junior employees, and build resources for the continued learning and development of middle managers and leaders. The shape and nature of these trainings will necessarily vary from organization to organization. MEITY can play a role, by facilitating workshops and knowledge sharing sessions for organizations and industry bodies. However that is not enough and the larger concern with policy and governance will need a coordinated, industry-level solution.

This requires a forum in which individuals and groups across sectors and across the country can meet and discuss, and evolve solutions to issues of civil liberties. As we have seen through this report, there is a sorely felt gap: one for a peer network of technologists and practitioners, and civil society organizations to help and guide each other on technology and its impact on society.