1. Home
2. Legal News
3. New IT Rules: Too much extension of Section 79’s “Due Diligence” criteria!

New IT Rules: Too much extension of Section 79’s “Due Diligence” criteria!

Dated: February 27, 2021

                                                                                                                                                           - By Megha Bhatia

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 have been notified by the Ministry of Electronics and Information Technology (MEITY) after a long delay.

This version is substantially wider than the draft rules issued for public consultation by the ministry in 2019, as it includes not just the responsibility of internet intermediaries, but also establishes a digital media regulatory regime. It is not clear as to why all of these issues were merged into one set of rules. It’s likely that the government’s decision to control OTT and streaming news media had everything to do with the pending Supreme Court litigation. 

The new rules’ core theme is the imposition of new duties on Internet intermediaries hoping to benefit from Section 79 of the Information Technology Act of 2001’s legal immunities. Previously, the legislation allowed internet intermediaries at little or no expense to enjoy unparalleled and wide-ranging protection from legal liability.

No one in the information transmission business enjoys such immunity from civil defamation charges, etc. For example, although newspapers and broadcasters have always faced legal responsibility for slander and other speech-related crimes, intermediaries have been immune from liability despite serving as publishers due to Section 79 protection. This immunity is of the form of a right or subsidy, as it decreases intermediaries’ running costs. Nobody, not even social media giants, is entitled to such legal protection.

The new legislation allows internet intermediaries, in particular “significant social media intermediaries” (most likely Facebook, YouTube and WhatsApp), to gain the right of legal immunity by discharging those duties and obligations under Indian law.

These obligations include the need to develop a functioning Dispute Resolution Process, a more accountable take-down framework, special expedited take-down procedures for revenge porn cases, recruitment of India-based enforcement officers, traceability criteria for particular purposes, implementation of automatic filtering tools, recognition of a physical address for service purposes, a right of users to seek verification of their accounts. If an internet intermediary wants to acknowledge these additional obligations, they will forfeit the safeguards given by Section 79, leaving them legitimately responsible for the conduct of third parties on their website.

The ultimate aim of these regulations is to make internet intermediaries, especially Silicon Valley giants, more accessible and accountable to their customers. Platforms like WhatsApp are just too dangerous to be commercially sustainable without legal guarantees like Section 79. 

‘Regulation’ of Video Streaming Platforms

The first of the three main developments is the proxy control of OTT and news media channels. This is deemed as grossly unconstitutional. The draft IT Rules for 2021 describe a “Code Of Ethics And Procedure And Safeguards In Relation To Digital/Online Media” in the Appendix to the Rules, which will extend to “applicable entities.” “Applicable entities” as contained in Rule 7 include, “publishers of news and current affairs content”; and “intermediaries which primarily enable the transmission of news and current affairs content”; and “publishers of online curated content”; and, “intermediaries which primarily enable the transmission of online curated content.”

Further, under sub-rule (3) of Rule 8, the Rules lay down a three-tier structure for observance and adherence to the Code which is as follows, “Level I – Self-regulation by the applicable entity”; “Level II – Self-regulation by the self-regulating bodies of the applicable entities”; “Level III – Oversight mechanism by the Central Government.” What does this mean? In all likelihood, government oversight and more censorship.

Digital News Media

Without any specific statutory backing, this oversight structure is being established and will now gradually execute tasks close to those done by the TV Control Ministry of Information and Broadcasting. For example, according to Rule 13(4), this now includes powers of censorship, such as apology scrolls, but also content blocking! Without some legal approval or a simple legislation made by parliament, all of this is planned to be achieved.

Several issues abound with respect to news media control. Since the Information Technology Act of 2000 does not apply to news media, the rules do not have the legal power to control them. These guidelines thus exercise powers well beyond the laws of parent legislation. Furthermore, these instructions are in violation of section 79 of the IT Act, which provides a “safe harbor” in the form of a liability exception in some situations. As a result, these rules are a subtle effort to control internet news media by putting them under the purview of the Information Technology Act of 2000 rather than going through the appropriate mechanisms of legislative oversight and corresponding legislation.

The vague definition of “publisher of news and current affairs content” may also lead to further arbitrariness. 

‘Traceability’ and breaking encryption?

Under sub-rule (2) of Rule 5 of the draft IT Rules for 2021, it is mandatory for a significant social media agent offering services primarily in the context of messaging, such as WhatsApp, Signal, Telegram, and others, to allow the identification of the information’s first originator. This adds the traceability requirement, which will break end-to-end encryption.

Development of AI to automate censorship?

In addition, the draft IT Rules made it obligatory, under sub-rule (4) of Rule 5, for a major social network agent (such as WhatsApp, Signal, Twitter, Instagram or Facebook, etc.) to enforce technology-based interventions, including automatic software or other methods, to proactively detect information depicting any act or simulation in any manner depicting harassment, child sexual exploitation or actions, whether explicit or implicit.

Moreover if one reads Rule 5(4) closely, it also goes beyond to a re-upload requirement, when it states that, “or any information which is exactly identical in content to information that has previously been removed or access to which has been disabled on the computer resource of such intermediary under clause (d) of sub-rule (1) of rule 4.”

The creation of censorship mechanisms based on artificial intelligence (AI) is rife with threats, including the underdeveloped and incomplete existence of AI in its present state-of-the-art.

Judicial challenge 

The major issue with these laws, though, is whether they can survive judicial challenge as the government seeks to push them into delegated legislation rather than legislative legislation. 

The critical question is whether Section 79 of the IT Act grants the central government the right to enforce on internet intermediaries certain additional obligations as a precondition for enjoying the legal protection that the same clause provides.

The legal experience of Section 79 indicates that the government would not have the right to enforce preconditions on internet intermediaries hoping to benefit from Section 79’s immunities.

If it currently stands, whether they exercise “due diligence” and obey “guidelines” set down by the Central Government, Section 79 of the Information Technology Act, 2001 grants intermediaries wide-ranging legal protection.

The use of the word “due diligence” in legislation has never been common with the industry since it is open-ended and leaves substantial latitude with judges who can determine if the requirements of “due diligence” are satisfied by concrete steps taken by internet intermediaries. In fact, more than a decade ago, there were many efforts to get the word ‘due diligence’ out of the statute. There was a tussle between a Parliamentary Standing Committee and the government over the retention of the words “due diligence” in the statute before the bill was amended in 2006. The government proposed an amendment in 2006 that eliminated the “due diligence” clause from Section 79.

Nevertheless, the Standing Committee disagreed and asked for it to be reintroduced into practice. The following is an abstract from the study that is relevant:

“What has caused further concern to the Committee, in the above context, is that the Bill proposes to delete the words ‘due diligence’ as has been existing in Section 79 of the principal Act. The Department’s logic for the proposed removal of the words ‘due diligence’ is the intention to explicitly define the provisions under Section 79 pertaining to exemption from liability of network service providers. The Department have further contended that the words ‘due diligence’ would be covered under the guidelines which the Central Government can issue under sub-section 4 of Section 79 of the principal Act. The Committee does not accept the reasoning of the Department as they feel that removing an enabling provision which already exists in the principal Act and leaving it to be taken care of by the possible guidelines makes no sense.”

After the Standing Committee’s report, the government relented and reintroduced the word “due diligence” into the statute, while maintaining the power to set guidelines. The final version of the law as enacted by parliament in 2008 required intermediaries to exercise “due diligence while discharging his duties under this Act and also observes such other guidelines as the Central government may prescribe in this behalf.” 

In 2011, when its guidelines were informed by the Central Government, it sneakily attempted to restrict the initial legislative intent by demanding the freedom to identify “due diligence.” The title of section 3 of the guidelines was “due diligence to be observed by intermediaries.”

However, the constitutional past reveals that parliament decided to keep the word “due diligence” open-ended so that the courts could cope with a number of reality scenarios. In its 2011 guidelines, the federal government has no right to assert jurisdiction over the concept of “due diligence.”

Section 79 gives the federal government the right to enforce certain “guidelines” at the most. The use of the term “observe” the “guidelines” as opposed to “rules” or “regulations” is also relevant since the “guidelines” usually lack the force of law in the Indian sense. Guidelines are only supposed to be guidelines that is non-binding. From this point of view, both the newly introduced guidelines under debate and the old 2011 guidelines ignore the binding power of the statute.

I would warn, however, that the understanding I have set forward above is the view of the minority. The general opinion tends to be that the central government will form the criteria of Section 79’s “due diligence” through the formation of legally binding guidelines. In any scenario, it’s doubtful that any of the Silicon Valley giants will go to court against the Centre. 

Third parties or smaller stakeholders are more likely to file a judicial challenge to these regulations. Therefore, a simpler choice for the government is to try to drive forward these laws as legislation before parliament. Over all, it is unlikely that it will encounter major political resistance.

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 have the potential to fundamentally change how the internet is accessed and used by millions of users across India.