The IT Rules, 2021 and its Application to Significant Social Media Platforms- An Explainer

The recent Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 has caused quite a stir and has left Indian netizens confused and worried about the future of the social media platforms that they relentlessly use. Thus, in this piece, I try to breakdown these Rules and hopefully answer some of the frequently asked questions.

These Rules define a social media platform as an intermediary “which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services”. According to these Rules, these social media platforms have to undertake due-diligence and establish a grievance redressal mechanism. However, the Rules cast additional obligations on ‘significant’ social media intermediaries. Through a notification dated 26th February 2021, the Central Government declared that all social media platforms having more than 50 Lakh users would be classified as ‘significant’ social media intermediaries. Thus, all popular platforms such as WhatsApp, Twitter, Facebook, Instagram, etc. are significant social media intermediaries.

At the outset, the objective of mandating social media platforms to conduct due-diligence and establish a grievance redressal mechanism sounds laudatory rather than problematic. However, the manner and extent to which these Rules mandate these platforms to observe, preserve and monitor their user’s behaviour poses a serious threat to the right to privacy of millions of Indians.

On a combined reading of these Rules and the Notification of the Central Government, it is understood that these significant social media platforms had to comply with the additional obligations by 26th of May 2021. According to these additional obligations, these platforms are required to appoint a Chief Compliance Officer, a Nodal Contact Person and a Resident Grievance Officer.

The Chief Compliance Officer has to be a key managerial personal or senior employee. Her job profile would be to ensure compliance with these Rules and the IT Act, 2000. However, if she fails to ensure that the intermediary observes due diligence while discharging its duties, she can be held liable under the law. On the other hand, the Nodal Contact Person’s duty is “24×7 coordination with the law enforcement agencies and officers to ensure compliance to their orders and requisitions”. The Resident Grievance Officer, though has the unenviable job of acknowledging every complaint made by a user within 24 hours and disposing off such complaints within just 15 days. Apart from this, these significant social media platforms will have to publish a monthly compliance report including the details of the complaints and the action taken on those complaints.

These measures definitely force these significant platforms to function in a more transparent manner. It also ensures that user complaints are taken seriously by these platforms. However, the sudden increase in workload, especially disposing complaints in a time bound manner (which even our well-structured judiciary fails at) might be a huge challenge, especially when politically organised ‘IT cells’ -known for propagating fake news, extreme opinions and also for their hyper-sensitive reactions to opposing views- dominate these spaces. Further, compelling 24×7 coordination with law enforcement agencies will definitely raise privacy concerns, and could be used to intimidate and silence political rivals as well as these social media intermediaries themselves. (Cc-Delhi Police Special Cell).

Apart from this, ordinary law-abiding users such as you (hopefully law-abiding) and I, should be more concerned about the provisions contained in Sub-Rule 2 of Rule 4. As per this Sub-Rule, messaging apps may be compelled through a Court Order or by the Executive itself, to identify the first originator of information for the purpose of investigation, detection and prosecution of certain crimes. While most of these crimes are of serious nature, the list also includes offences related to “public order”, which is a wide term that could allow for potential misuse and abuse of this power. Even if this Rule is not misused, it is still extremely problematic. This is because, this Rule effectively kills the idea of an end-to-end encrypted confidential communication, since at any time these apps could be called on to identify the first originator of messages, thus, allowing these apps complete access to our conversations. So, if you were one of those who thought that WhatsApp’s privacy policy was worrying, then you should definitely be frightened by these Rules.

Further, the Rules explicitly encourage significant social media platforms to develop technology-based measures including automated tools to detect any information depicting rape and child sexual abuse or conduct. It is not anybody’s case that action against these deplorable acts must not be taken. It is an extremely grave and serious problem that has to be tackled. However, is encouraging the development of automated tools that could potentially be used to track and examine in-depth user behaviour, patterns and information- a potential surveillance system- the right solution? This could be a potential problem-solution mismatch. Although there are safeguards coded into the Rules such as, these measures must be proportionate and must factor-in free-speech and privacy concerns. Further, the Rules also calls for periodic review of these tools with regard to their propensity of bias and discrimination, fairness and accuracy, and privacy and security concerns.

Thus, the Rules themselves recognise that these tools could pose a serious problem to the lives of millions of users. Yet, it encourages the use of these tools and only calls on these platforms to review these issues periodically.

Lastly, if this brings you any cheer, the Government cannot ban your favourite apps. Non-compliance with these Rules does not entail a ban. Instead, these non-complying social media platforms can now be held liable for any third-party information, data, or communication link hosted by them and would also be liable for punishment under the Indian Penal Code. This, essentially means that even social media giants like Facebook and Twitter can be made liable for any criminal activity undertaken by a user on these apps.

In conclusion, it is surprising to see the State take exception to WhatsApp’s privacy policy on the ground that it violates the privacy of Indians, but at the same time, the State through these Rules has systematically weakened and diluted our claim to that fundamental, inalienable right to privacy. Hopefully, this tussle between the State and these significant social media platforms is an opportunity to bring attention back to the primary stakeholder in this debate- The User!

One thought on “The IT Rules, 2021 and its Application to Significant Social Media Platforms- An Explainer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create your website with WordPress.com
Get started
%d bloggers like this: