Image Source: https://rb.gy/c8fun6

This article is written by Nidhi Bajaj, of Guru Nanak Dev University, Punjab. The article is an attempt to elucidate the relevant provisions relating to intermediaries under the IT Act, 2000 in light of the new Intermediary Guidelines and Digital Media Ethics Code Rules, 2021.

Introduction

The Internet has become an indispensable part of our lives. Social media platforms such as WhatsApp, Instagram, Facebook, Twitter etc. have become our constant companions as we use them to communicate with our friends, to follow our interests, to give our opinions and for a host of other innumerable activities. Also, many of us prefer to buy our clothes and other stuff online from e-commerce sites such as Myntra and Amazon. The crucial question that arises is, “Whether these e-Commerce websites, social media platforms and search engines and the like (Intermediaries) can be held liable for any unlawful content, hateful remarks, fake news posted on these platforms, websites by a third party?”

In this article, the author will attempt to answer this question while taking you through the important legal provisions and case laws relating to Intermediaries, their liability and the conditions under which they can be exempted from such liability. 

Who are intermediaries under the IT Act

Generally speaking, an intermediary is a person or a third party that acts as a link between two parties and facilitates communication between the two. We can also say that an intermediary is someone who facilitates the use of the internet. 

The term ‘Intermediary’ is defined in broad terms in the Information Technology Act, 2000. Section 2(1)(w) of the Information Technology Act 2000 defines an intermediary as a person who receives, stores or transmits any electronic record and provides any service relating to such record on the behalf of another person. Intermediary includes network service providers, telecom service providers, internet service providers, search engines, web-hosting service providers, online-auction sites, online payment sites, online-marketplaces and cyber cafes. 

Intermediaries perform functions such as hosting content, collecting information and evaluating information, facilitating communication and information exchange, facilitating the use of the internet etc. Examples of intermediaries include social media platforms such as WhatsApp, Twitter, Instagram, Facebook; e-commerce sites such as Myntra, Amazon; search engines, cloud service providers etc. 

Exemption from liability of intermediary

An intermediary does not create any information by itself but only receives, stores and transmits the information created or posted by users i.e. third parties. Intermediaries merely act as a middleman between those who create content and those who consume it. Hence, it would be wrong to hold the intermediary liable for everything that is posted by a third party as it would be unreasonable to expect that the intermediary tracks every piece of information posted by millions of users on its platform. This is the reason why intermediaries enjoy some special legal privileges.

India operates on the ‘Safe Harbour model’, under which the intermediaries are provided protection against liability for the acts of third parties who use the infrastructure provided for committing unlawful acts. For example, a social media platform will not be held liable for the defamatory content posted by a user. 

Section 79 of the IT Act

Under the IT Act, as originally enacted, only the network service providers were granted protection from liability for illegal acts of third parties. But after the Amendment Act of 2008, the definition of the intermediary under the Act and Section 79 of the Act were amended to provide for a wider scope of protection to intermediaries. 

Section 79 of the IT Act provides for ‘Exemption from liability of intermediary in certain cases:

Exemption from liability

Section 79(1) provides for exemption from liability of an intermediary for any third party information, data, or communication link made available or hosted by him. However, this shall be subject to provisions of sub-section (2) and sub-section (3) of Section 79. 

When exempted

Section 79 (2) provides for the conditions which must be fulfilled for granting exemption from liability to an intermediary, which are as follows:

  1. The intermediary’s function is limited to providing access to a communication system over which information made available by third parties is transmitted, hosted or stored; 
  2. The intermediary does not:
    1. initiate the transmission,
    2. select who receives the transmission, and
    3. select or modify the information contained in the transmission,
  3. The intermediary observes due diligence while performing his duties under this Act and also observes such other guidelines prescribed by the Central Government. 

Third-party information

According to the explanation attached to Section 79 of the IT Act, ‘third party information’ means information that is dealt with by an intermediary in his capacity as an intermediary. 

When can intermediaries be held liable

Section 79 (3) of the IT Act provides an exception to the immunity granted to intermediaries from liability for third party information and acts under Section 79 (1) of the Act. Intermediaries can be held liable for third party content hosted by them in the following cases:

  1. The intermediary is guilty of conspiring, abetting, aiding or inducing the commission of the unlawful act;
  2. Intermediary fails to expeditiously remove or disable access to any material residing in or connected to a computer resource upon receiving actual knowledge, or on being notified by the Government that any information residing in or connected to such computer resource controlled by the intermediary is being used to commit an unlawful act. Such removal or disabling of access has to be done without vitiating the evidence in any manner. 

Thus, the immunity provided to intermediaries is not absolute but is subject to fulfilment of certain duties and following of certain guidelines or rules issued as by the government. 

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were notified by the Central Government on 25th February 2021. These rules have been framed by the central government in exercise of the power conferred on it by Section 87 of the IT Act and will supersede the Information Technology (Intermediary Guidelines) Rules, 2011. These rules are divided into three parts, namely,

  1. Preliminary providing for Definitions
  2. Due Diligence by intermediaries 
  3. Code of ethics and procedure and safeguards in relation to digital media

Part II of the rules (Rule 3-7) dealing with ‘Due Diligence by intermediaries and grievance redressal mechanism’ provide for due diligence requirements to be followed by all social media intermediaries and additional due diligence requirements to be followed by significant social media intermediaries. Thus, the rules categorise the digital intermediaries into two categories: 

  1. Social Media Intermediaries (SMI);
  2. Significant Social Media Intermediaries (SSMI).
Section 2(1)(v) Significant social media intermediary means a social media intermediary having such number of registered users (50 lakh or more) in India above such threshold as notified by the central government.
Section 2(1)(w)Social Media Intermediary means an intermediary which primarily enables online interaction between two or more users and allows creating, uploading, sharing, dissemination, modification or access to information using these services. 

Rule 7 of the said rules provides that failure to observe these rules shall disqualify an intermediary from exemption from liability under Section 79(1) of the IT Act and such intermediary shall be punishable under IT Act and the Indian Penal Code 1860.

Due diligence requirements for social media intermediaries

Publishing of details

The intermediary is required to publish following information on its website, mobile-based application or both:

  • Rules and regulations, 
  • User agreement, and 
  • Privacy policy.

Such rules and regulations, privacy policy or user agreement must inform the user about the types of objectionable information which they shall not host, display, upload, modify, publish, transmit or store etc. Intermediaries must inform the users at least once a year about the rules and regulations, user agreement, privacy policy or any changes in the same and that the intermediary reserves the right of terminating a user’s access or removing any non-compliant information from its platform.

Disabling access

Intermediaries are prohibited from storing, hosting or publishing any unlawful information which is prohibited by any law in relation to the categories mentioned in Rule 3(1)(d) of the rules. The intermediary must remove such information if it is so hosted, stored or published or disable access to as early as possible but no later than 36 hours from the receipt of the court order or on being notified by the Government under Section 79(3)(b) of the IT Act.

Preservation of information

Intermediaries shall preserve or retain the following information for 180 days:

  1. Information that has been removed or access to which has been disabled
  2. User’s registration information, after cancellation or withdrawal of such registration.

Furnishing of information or assistance to the government agency

Intermediaries must provide information that is under its control or possession or give assistance for verification of identity or for preventing, detecting, investigating, or prosecution, of any offence, or cyber security incidents to any lawfully authorised government agency as soon as possible but within 72 hours of receiving a written order.

Grievance redressal mechanism

The intermediary must publish the following details on its website, mobile-based application or both:

  1. Name and contact details of the Grievance Officer.
  2. Complaint Mechanism by which a user or a victim may file a complaint. 

The Grievance Officer shall acknowledge the complaint within 24 hours of receiving it and has to dispose it off within 15 days. 

Removal of explicit content

The intermediary shall take all reasonable and practicable measures for removing or disabling access to any content hosted, stored, published or transmitted by it which exposes the private area of any individual, or shows such individual in nudity or in any sexual act etc. within 24 hours of receiving the complaint. 

Additional due diligence to be observed by significant social media intermediaries

Rule 4 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 provides for ‘Additional due diligence to be observed by significant social media intermediaries’. Social media intermediaries with fifty lakh registered users or more have been classified as significant social media intermediaries and are subject to due diligence requirements in addition to those prescribed for intermediaries in general. 

Rule 6 provides for the power of the Ministry to extend the additional due diligence obligations to any other social media intermediary which is not a significant social media intermediary in certain cases. 

Appointment of certain officers and contact persons

All the significant social media intermediaries shall appoint the following officers: 

  1. Chief Compliance Officer: Chief Compliance Officer means key managerial personnel or other senior employee of SSMI who is residing in India. He is responsible for ensuring compliance with the IT Act and rules made thereunder. 
  2. Nodal Contact Person:  Nodal Contact Person means an employee of a SSMI who is resident in India. He is responsible for 24×7 coordination with law enforcement agencies and officers for ensuring compliance to their orders.
  3. Resident Grievance Officer: He is an employee of the SSMI who is resident in India. He is responsible for performing functions relating to sub-rule (2) of Rule 3 i.e. with regard to the grievance redressal mechanism. 

Periodic Compliance Report

SSMIs shall publish a monthly report containing the following:

  • Complaints received and action taken upon them.
  • Number of links or parts of information removed or access to which has been disabled.

Identifying the first originator of information

SSMIs providing messaging services are required to enable identification of the first originator of information on being authorised to do so by a court order or an order passed under Section 69 of the IT Act. In case the first originator of any information is located outside the Indian territory, the first originator in India shall be deemed to be the first originator of the information. Also, the SSMI is not required to disclose the contents of any message while disclosing the identity of the first originator.

Active monitoring

A SSMI shall endeavour to make use of  appropriate technology-based measures for the purpose of identifying information that depicts:

  • any act depicting rape, child sexual abuse, or 
  • any information exactly identical in content to the information previously removed or access to which has been disabled. 

The measures taken by the significant social media intermediary must be proportionate having regard to the interests of free speech and expression and privacy of users.

Voluntary verification

The significant social media intermediary shall have an appropriate mechanism for enabling voluntary verification by the users registering for their services from India, or using their services in India. Upon such verification, the user will be provided with a demonstrable and visible mark of verification, which shall be visible to all users of the service.

Removal of information or disabling access to information 

The rules provide that certain pre-conditions are required to be fulfilled in case of removing or disabling access to any information by the significant social media intermediary of its own accord. The conditions required to be fulfilled are:

  1. Before removing or disabling access to information, the SSMI has to ensure that the user who created, uploaded, shared, disseminated, or modified such information or link is provided with a notification giving reasons and grounds for such action;
  2. Such user who created, modified or shared such information has to be provided with a reasonable opportunity to oppose the action being taken by intermediary;
  3. Appropriate oversight has to be maintained by the Resident Grievance Officer over the mechanism for resolution of any disputes. 

Grievance redressal

The significant social media intermediary must have an appropriate complaint redressal mechanism enabling tracking of complaints by assigning a unique ticket number for every complaint received. Also, the SSMI has to provide reasons for any action taken and not taken in pursuance of the complaint to the complainant.

Judicial approach

Shreya Singhal v. Union of India (2015)

In this landmark judgement, the Hon’ble Supreme Court struck down Section 66A of the IT Act 2000 as being violative of Article 19(1)(a) of the Constitution of India. In this case, Section 79(3)(b) of the IT Act was also challenged to the extent that it allows the intermediary to exercise its own judgment upon receiving actual knowledge that any information is being used to commit unlawful acts. It was also contended that the expression “unlawful acts” in the said section goes way beyond the subjects provided in Article 19(2) of the Constitution. The Supreme Court upheld the validity of Section 79(3)(b) by reading it down to mean that the intermediary upon receiving actual knowledge that a court order has been passed asking it to expeditiously remove or disable access to certain material must then fail to expeditiously remove or disable access to that material. Secondly, the Court order and/or such notification by  the government must conform to subjects as provided in Article 19(2). 

My Space Inc. v. Super Cassettes Industries Ltd. (2016)

In this case, Super Cassettes India Ltd. filed a suit against myspace.com alleging that it allows its users to share Super Cassette’s copyrighted work without permission. The Court held that Sections 79 and 81 of the IT Act and Section 51(a)(ii) of the Copyright Act have to be read harmoniously. The Court also introduced the concept of ‘actual or specific knowledge’ to hold that the intermediaries could be held liable if they have either actual or specific knowledge of the existence of unlawful content on their website and if they do not take down such content despite notice.

Christian Louboutin SAS v. Nakul Bajaj and Ors. (2018)

In this case, Delhi High Court had to decide on the liability of an e-commerce platform, darveys.com for infringement of trademark rights of Christian Louboutin whose products were being sold on the platform. The court distinguished ‘active’ and ‘passive’ intermediaries and held that Section 79 of the IT Act is to protect genuine intermediaries and cannot be abused by extending it to those persons who are not intermediaries and are active participants in the unlawful act. The Court also laid down certain factors to identify an active intermediary, namely identification of the seller and providing details of the seller; providing quality assurance, authenticity guarantees or storage facilities; assistance for placing a booking of the product; creating a listing of the product; packaging of th­­e product with its own packing; transportation; delivery; and advertising products on the platform, etc. If a large number of elements enumerated above are present, then such intermediary shall be deemed to be an active participant and would not be exempted under Section 79 of the IT Act.  

Amazon Seller Services Pvt. Ltd. v. Amway India Enterprises Pvt. Ltd. and Ors (2020)

In this landmark case, the Delhi High Court held that there is no distinction between passive and active intermediaries so far as the availability of the safe harbour provisions is concerned and an intermediary shall not be liable for any third-party information, data or communication link made available or posted by it, as long as it complies with Sections 79 (2) or (3) of the IT Act.

Conclusion

Regulating digital intermediaries is not an easy road to tread on as imposing too many obligations without sufficient clarity may have significant economic repercussions and may threaten the effective exercise of the right of freedom of speech and expression. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 are under challenge in the Supreme Court and various High Courts as well for being undemocratic and unconstitutional. In September, the Madras High Court has noted that the restrictions imposed on intermediaries under Rule 3(1)(b)(x) go beyond the scheme of Article 19 (2) of the Constitution of India. The Court also observed that there is a genuine apprehension,“ that a wink or a nod from appropriate quarters may result in the platform being inaccessible to a citizen”. Online spaces have become an indispensable, omnipresent part of society and hence the need for their stringent regulation has never been this important. What is thus required, is a clear and fair framework that could achieve the goal of preventing unlawful acts and conduct without unreasonably impinging on the rights of individuals as well as digital players.

References


LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

https://t.me/joinchat/J_0YrBa4IBSHdpuTfQO_sA

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.

LEAVE A REPLY

Please enter your comment!
Please enter your name here