Intermediary liability rules: A not-so-safe harbour?

By Arun Prabhu, Cyril Amarchand Mangaldas
0
169

The Ministry of Electronics and Information Technology has released a draft of the proposed Information Technology Intermediaries Guidelines (Amendment) Rules, 2018, under section 79 of the Information Technology Act, 2000, for public consultation and feedback.

An intermediary, in the rules, is defined as an entity which, “…on behalf of another person receives, stores or transmits” a “record” or provides any related service. The definition can encompass entities such as internet service providers, telecom companies, cloud services providers to search engines, social media providers, messaging companies, and e-commerce and payment platforms.

Safe harbour protection

While the intermediaries may publish, transmit, store or aggregate information, they do not usually generate, review or select it – this is often impossible, given the sheer volumes of information involved, and that much of it is encrypted. Therefore, the intermediaries run the risk of being penalized for information that they merely transmit.

Arun-Prabhu-id
Arun Prabhu
Partner
Cyril Amarchand Mangaldas

To enable intermediaries to operate, countries around the world offer them safe harbour protection. According to section 79 of the IT Act, safe harbour protection is available to intermediaries that are not: (i) initiating, (ii) selecting the receiver of, or (iii) modifying the information they handle. The intermediaries are also required to exercise due diligence in their operations and put in place user agreements restricting certain actions. Section 79(3)(b) of the IT Act denies safe harbour protection if the intermediaries, upon “receiving actual knowledge, or on being notified by the appropriate government or its agency” of unlawful content, fail to take it down.

This provision was challenged in Shreya Singhal v Union of India case on two grounds: a) that it required intermediaries to identify (through an exercise of their own judgment) and disable “unlawful” information, when intermediaries are, by definition, a neutral platform; and b) that the usage of the term “unlawful” in the provision was vague, broad and had no relation with the grounds for curtailment of fundamental rights guaranteed under article 19(2) of the Constitution of India.

The Supreme Court read down the scope of “actual knowledge” to mean an intermediary receiving “a court order” or “being notified by the appropriate government … that unlawful acts relatable to article 19(2) are going to be committed.” The draft rules call in to question the Supreme Court’s reading by requiring intermediaries to “proactively” identify, remove and disable access to unlawful information or content and “trace the originators” of information on their platforms.

The requirement for “proactive” identification is problematic per se, as an intermediary can only become aware of “unlawfulness” after receiving a court or government order.

Further, it may be impossible for the intermediary to trace the originator of the content unless it tracks every single originator on its platform. Apart from the impracticality, such tracking may also fall afoul of the fundamental right to information privacy so broadly articulated by the Supreme Court in Justice KS Puttaswamy v Union of India.

Entity localization

The draft rules also require that all intermediaries with more than five million users, and other intermediaries notified by the government, be incorporated under Indian laws, have an office in India and appoint people for round-the-clock coordination with law enforcement agencies. Obvious compliance and tax burdens aside, the above requirements may suffer on account of arbitrariness.

Under the draft rules, users are defined as persons who access computer resources of the intermediary for “hosting, publishing, sharing, transacting, displaying or uploading information or views”.

There is, therefore, no apparent relationship between the number of “users” and the need for it to have a presence in India. For instance, search engines and cloud service providers may be “accessed” by millions of users with whom they have no connection. On the other hand, a messaging platform may distribute “unlawful” content to millions of persons who may not be “users” because they do not have access to its “computer resources”.

The changes may prove particularly burdensome for smaller intermediaries with large non-revenue-generating user bases. It may be more viable, both technically and financially, for such intermediaries, which may include innovative service providers and content platforms, to simply stop offering services in India.

While any attempt to regulate a diverse set of entities may be ambitious, the changes proposed by the draft rules seem particularly problematic. A more nuanced and specific approach is needed to avoid unintended consequences.

Cyril Amarchand Mangaldas is India’s largest full-service law firm. Arun Prabhu is a partner at the firm.

Cyril

Cyril Amarchand Mangaldas
Peninsula Chambers
Peninsula Corporate Park
Lower Parel, Mumbai – 400 013 India

New Delhi | Bengaluru | Hyderabad | Chennai | Ahmedabad
Contact details
Tel: +91 22 2496 4455
Fax: +91 22 2496 3666
Email: cam.mumbai@cyrilshroff.com