This article has been authored by Thrisha Rai, a second year student at Jindal Global Law School, Jindal Global University.
The Ministry of Electronics and Information Technology (MEITY) with the Ministry of Information and Broadcasting (MIB) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 that supersede the Information Technolgy (Intermediaries Guidelines) Rules, 2011. The main objective of these rules is the regulation of OTT (Over the top) Platforms, digital and social media sites. The Bill grants broad powers to the Government for monitoring and censoring social media intermediaries. Further it vests absolute power in the Information & Broadcasting Ministry to block content and restrain the public from accessing it in specific cases of emergency.
Provisions of The Rules
One of the main changes that these rules bring in is that for the first time, OTT Platforms and news media will be regulated. The Rules lay down a three-pronged structure for adherence to the Code. The first level consists self-regulation by the entity, the second level establishes self-regulation by the self-regulating bodies of the entities and the third level has an oversight mechanism by the Central Government. There seems to be no explanation or a clear legislative backing for the third level of oversight mechanism for grievance redressal. What is particularly alarming is that this level also includes blocking content unilaterally.
The spell of censorship has also been cast upon news media as the Rules also regulate the Digital News Media. It is important to note that news media does not fall under the ambit of the Information Technology Act, 2000. Therefore, the legislative backing needed to regulate news media seems to be missing. These guidelines are a discreet way of indirectly regulating online news media by bringing them under the Act without giving consideration to the due process of parliamentary discussion. There are several inconsistencies and ambiguities while ascertaining as to what exactly will fall within the definition of “publisher of news and current affairs content”. While there are several papers with an online presence in terms of e-papers, the broad definition gives the Government a leeway to censor and curtail the freedom of these media entities according to their convenience.
Breach of Privacy?
The Rules have also made it mandatory for a significant social media intermediary which in essence facilitate messaging like Whatsapp to allow the identification of the first originator of the information. This can only be attained by breaking the end-to-end encryption which is one of the key measures by various platforms to assure privacy to its users. Encryption cannot be ignored especially in today’s day and age when more and more of our personal data is being processed and analyzed in large quantities. Many companies have been selling personal data like financial and health information to third parties for their profit, encryption is one effective way to curb the illegal sale of data.
The Report of the Justice Srikrishna Committee also heavily critiqued the government’s policies that require weak encryption standards for telecom service providers as it posed a threat to the safety and security of personal data. The traceability of the originator has serious drawbacks for regular users of online services and has been channeled by the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.
Without a proper parliamentary or judicial check these Rules give the government a form of absolute power on surveillance which is very unsettling for a democracy. This also severely dilutes the freedom of speech by placing arbitrary power on the executive through the proposed grievance redressal mechanism by allowing them to rule over the nature of content published by the Media via the Oversight Mechanism. Therefore, the constitutional validity of such rules can be greatly questioned.
With these implications, there are several inconsistencies that arise in the way these Rules have been brought. Modification of encrypted platforms to allow traceability is heavily subject to challenge considering the fact that there is no legislative backing for the same. This seems to be way beyond the ambit of Section 79 of the Information Technology Act which is considered to be the parent provision. Section 79 is a safe harbor provision while Section 84A of the IT Act enumerates encryption standards with the aim to help the government in securing the use of electronic medium and promoting e-governance and e-commerce. Weakening encryption standards for the sole purpose of traceability cannot be justified.
The drawbacks of the earlier bills that dealt with privacy have seeped into this and play a huge role in undermining the aspect of privacy of the people. Despite the Supreme Court ruling that privacy is a fundamental right which is covered under the Article 21 of the Constitution in K.S Puttaswamy vs. Union of India, there is a complete lack of clarity around the Personal Data Protection Bill, 2019 and its actual enactment.
The Indian stance on Data Protection is still in a quandary. The Bill is abounded with contradictions, especially when it comes to government checks on data protection. The purpose of the Bill has largely been jeopardized by the unnecessary and broad powers the Government has vested in itself to exempt itself and its agencies from the provisions of the Bill. This Bill also lacked safeguards to protect the right to privacy and therefore exponentially increases surveillance.
The same seems to be the case with the Digital Media Ethics Code. These legislations while aiming towards the same legal issue of data protection completely fail to counter the same lacuna of the unregulated governmental interference and surveillance. While the Intermediary Guidelines and Digital Media Ethics Code could change the entire dynamic of the Internet and its usage, there are several concerns about majority of the provisions being decided without proper public consultation can lead to a very strict model of surveillance and censorship which could be detrimental to the privacy of the people. Especially with an unchecked extension of executive power, it is absolutely necessary and within the constitutional rights of the users to be consulted in regulating which is positioned around their privacy.
Conclusion
The time-lapse and the delay in implementation of both the Bills in the proper manner that too without public consultation causes these important legislations to lose their impact and purpose. With the technological sphere changing at such a rate, the intermediary companies will easily be able to devise ways to reconfigure their systems and incorporations to be in compliance with the legislations that the government will have to draft another Bill concerning Data and Privacy with a different set of obligations.
In this prolonged battle between the Government, its surveillance mechanism and the intermediaries, it’s the users who are often at the losing end because their data and its protection is hugely being compromised and subsequently their freedom to express and make choices for themselves is taken away from them. Therefore, the need of the hour, is provisions that are user-centric, and place them and their rights at the forefront which can be achieved only through active consultation with the public and explicit legislative recognition of the right to Privacy.