IT Rules and Liability of Intermediaries

The present article is written by Sanjana Suman, a student of Amity Law School, Amity University Jharkhand Ranchi.

Introduction

The Ministry of Electronics and Information Technology recently released a draft of the Information Technology (Intermediary Guidelines) Rules 2018 and solicited feedback. A review of the proposed rules reveals the same issues that have plagued the Information Technology Act of 2000 since its start, namely, excessive delegation to subordinate legislation, vague wording, and difficult-to-implement restrictions.

With respect to any given electronic message, the term “intermediary” has been defined under the Information Technology Act of 2002 (“IT Act”) as any person that receives, stores, or transmits such a message on behalf of another person or offers any service with respect to that message. This is not a complete list, but it does include Internet Service Providers (“ISPs”) as well as any website that hosts user-generated material.

As a result of intermediary responsibility, which is founded on the legal idea of vicarious liability, service providers are held liable for any criminal acts committed by users on their platform. As Rebecca MacKinnon has said, “Intermediary liability means that the intermediary, a service that acts as ‘intermediate’ conduit for the transmission or publication of information, is held liable or legally responsible for everything its users do.”

Development of “intermediary liability” in India

Intermediary regulation is covered by a number of laws and sub-legislations in India. In addition, there has been a slew of instances in India, and the Indian courts have been quick to rule on these problems.

IT ACT (2000)

Only network service providers were initially protected under the IT Act “for any third party information or data made available by him if he proves that the offense or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offense or contravention” As a result, intermediaries had little or no safe harbor protection under the original IT Act.

Avnish Bajaj v. State and the Amendment to the IT Act (2008)

For content spread by a third party on its e-commerce platform, the Managing Director (rather than the company Baazee.com) was charged with criminal penalties under the Indian Penal Act and the IT Act. The Managing Director, on the other hand, was exempt from accountability because the corporation was not named as a defendant in either the High Court or the Supreme Court. Furthermore, the Delhi High Court stated that if the content posted bypasses the filters designed to prohibit pornographic content, corporations risk gaining knowledge.

In this case, it was also determined that the breadth of protection provided to intermediaries needed to be expanded, therefore the IT Act was changed in 2008 to incorporate a safe harbour regime under Section 79 of the IT Act, as well as to change the definition of intermediaries (as it reads presently). The modified Section 79 of the IT Act protects internet intermediaries from “any unlawful conduct,” rather than only offences or contraventions, and includes a requirement for due diligence when claiming safe harbour. It is an exemption provision that grants intermediaries conditional immunity as long as they abide by the section’s rules and restrictions.

The Legal Provision

Section 2 (w) of the Information Technology Act,2000 (IT Act, 2000) defines Intermediaries as – “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes Telecom service providers, network service providers, internet service providers, web hosting companies, search engines, online payment sites, online auction sites, online marketplaces, and cyber cafes.

The Information Technology (Intermediaries Guidelines) Rules, 2011

The Government of India published the Intermediary Guidelines after amending the IT Act in 2008, which were mandatory for all intermediaries claiming safe harbor protection. These should be read in accordance with the IT Act, as well as the due diligence requirements for intermediaries set forth in Rule 3:

Rules and regulations, as well as a privacy policy and a user agreement, must be published by intermediaries.
All prohibited acts, such as those that belong to other people, are grossly harmful, harassing, or unlawful, harm minors, infringe on intellectual property rights, violate any law, are deceiving or misleading, contain a virus, or threaten India, will be specified in the rules and regulations, terms and conditions, or user agreement and Users should be informed that any violation of the terms will result in their access being terminated by the intermediary.
Intermediaries must not knowingly host or disseminate information as defined in this sub-rule (2),
Intermediaries must deactivate such data within 36 hours and save it for 90 days for investigation purposes.
To assist authorized government agencies, intermediaries are needed.
Intermediaries are required to take all necessary precautions to protect their computer resources.
Intermediaries must notify the Indian Computer Emergency Response Team (ICERT) about cybersecurity incidents.
Intermediaries must establish a Grievance Officer and post the details of that officer on their website.

However, several difficulties such as ambiguity in prohibited content and coerced decisions by intermediaries flooded the IT Act and the Intermediary Guidelines. Furthermore, anyone can ask the middlemen to remove the illegal content. These difficulties, however, were essentially settled in the Shreya Singhal judgement.

Shreya Singhal v. Union of India (2015)

The Supreme Court recognised the Indian citizen’s right to freedom of speech on the Internet and cyberspace for the first time in the historic Shreya Singhal v UOI decision in 2015. It overturned Section 66A of the Information Technology Act, which imposed harsh penalties for delivering offensive material through computer.

The Court held that “Section 79 is valid subject to Section 79(3)(b) being read down to mean that an intermediary fails to promptly remove or disable access to such material after receiving actual knowledge from a court order or being notified by the appropriate government or its agency that unlawful acts relatable to Article 19(2) are going to be committed.” Similarly, the 2011 Information Technology “Intermediary Guidelines” Rules are valid if Rule 3 sub-rule (4) is read down in the same way as the judgement.”

The Court also noted that it would be extremely hard for intermediaries and sites such as Google, Facebook, and others to sift through millions of requests and identify which are valid and which are not.

Conclusion

The link between the various intermediary liability requirements and rules is extremely hazy. Section 79 offers umbrella protection of immunity (‘safe harbor’) for intermediaries from civil and criminal liability. However, most licenses are contractual, and any breach would result in the Department of Telecommunications terminating the ISP’s license.

The rights, protections, and obligations of intermediaries in India are ever-evolving and dynamic technology and the law, as seen by the statutory provisions and judicial pronouncements above. However, the trend indicates that India is nearing a period of increased intermediate liability. The authoritative law of India on intermediary responsibility is now Section 79 of the IT Act, the Intermediary Guidelines, and the Shreya Singhal judgment. As a result, intermediaries cannot be held accountable unless they possessed accurate information and the appropriate authority issued a court order.

References

https://www.barandbench.com/columns/intermediary-liability-under-the-information-technology-act-time-for-an-amendment
https://blog.ipleaders.in/internet-intermediaries-intellectual-property-shoot-messenger/
https://sflc.in/sites/default/files/wp-content/uploads/2012/07/eBook-IT-Rules.pdf