Read Time: 14 minutes

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 were notified on the 25th February, 2021. The rules had to be complied with by intermediaries within three months of notification. The rules have been divided into three parts. The first part dictates the relevant definitions and categorisation of various entities. The second part mentions the due diligence requirement and grievance redressal mechanisms that the intermediaries (social media and significant social media platform) need to comply with.

Following the end of a three month period, Twitter released a statement on 27th May stating that,

“To keep our service available, we will strive to comply with applicable law in India. But just as we do around the world, we will continue to be strictly guided by principles of transparency, a commitment to empowering every voice on the service, and protecting freedom of expression and privacy under the rule of law. Right now, we are concerned by recent events regarding our employees in India and the potential threat to freedom of expression for the people we serve. We, alongside many in civil society in India and around the world, have concerns with regards to the use of intimidation tactics by the police in response to enforcement of our global Terms of Service, as well as with core elements of the new IT Rules. We plan to advocate for changes to elements of these regulations that inhibit free, open public conversation. We will continue our constructive dialogue with the Indian Government and believe it is critical to adopt a collaborative approach. We believe that it is the collective responsibility of elected officials, industry, and civil society to safeguard the interests of the public.”[1]

The Delhi High Court, on receiving a complaint regarding the noncompliance to the new rules, directed the social media platform to appoint a grievance redressal officer within three weeks. The said notice came in on 31st May, 2021.[2]

Thereafter, the Ministry of Electronics and IT issued ‘one last notice to the social media platform on the 5th June, 2021, to comply with the new IT rules.

The ministry said in a statement that,

“Despite being operational in India for more than a decade, it is beyond belief that Twitter Inc has doggedly refused to create mechanism that will enable the people of India to resolve their issues on the platform in a timely and transparent manner and through fair processes, by India based, clearly identified resources"[3]

Responding to the said notice, Twitter has given out a statement affirming that it has started the process of adhering to the said rules and shall appoint the officers accordingly. [4]

Non - compliance to the rules would result in the waiving off of 'safe-harbour' protection that the intermediaries enjoy in India. While inquiring about the impact of non-compliance to the new rules and the resultant impact on free speech, we reached out to experts in the space.

Gurshabad Grover who is a technologist and a legal researcher with Centre for Internet and Society, said that,

“Section 79 of the IT Act provides immunity from liability of any user-generated content. The rules lay out some of these conditions. So, the effect of non-compliance with the rules is that this immunity no longer exists, and Twitter (in this case) will be that theoretically Twitter becomes as liable as a content creator on its platform for any content that violates law. Practically, this would mean that law enforcement agencies can prosecute intermediaries in addition to the content creators for any illegal activity. The final liability and decision, as ideally any would, have to be finally decided by the courts. The ramifications for freedom of expression become more apparent when we consider content takedown/surveillance requests to intermediaries. Companies often fight back a little on overbroad content takedown orders (for example, Twitter had a tussle with the GoI on a content takedown order related to the farmer protests). Imposing stringent conditions to avail immunity from liability can mean that intermediaries will try to avoid criminal liability, and tend to over-comply with governmental takedown and surveillance requests. This is especially concerning in India because the censorship and surveillance frame work in India is solely executive-dictated, and does not require judicial oversight (see Sections 69 and 69A of the IT Act, and the rules issued thereunder)," he said

We also reached out to Kriti Sharma, who is an Independent Senior Commercial Counsel and works primarily in the space of Healthcare -Tech & Data Privacy. She said that,

"Considering the significance of securing human dignity, safeguarding human rights and fundamental freedom of individuals in light of the ever changing methodologies of data processing and personal data flows, personal autonomy based on a person’s right to control his or her personal data and the processing of such data is of utmost importance. A strict yet holistic approach must be adopted to increase the accountability of these platforms which should not just be limited to data privacy of data subjects but beyond."

On the issue of ramifications on freedom of speech, Sharma said,

"Co-existence of data protection with freedom of expression is important and it must not be limited to bringing personal data but personal existence (online) under a detailed regulatory regime that safeguards the user’s autonomy and makes these platforms an accommodative space,"

She added that appointment of a grievance officer seem to be a key requirement from day-one of rules coming into effect, considering the importance of public interface for complaints and need for an acknowledgement system for requests. While providing her inputs on the issue of automated processing of data, Sharma pointed out that protection of individuals with regard to automated processing of personal data or behavioural patterns should be prioritised.

"Efforts should be made to strike a perfect balance between compliance and response mechanism, which apparently is still work-in-progress for countries having adopted their own local data governance framework with statutes governing data protection instead of adopting GDPR in verbatim despite following it in-essence. As of date, India is not recognized by EU as a country with adequate level of data protection, taking this with a pinch of salt it therefore requires additional compliances for transfer and processing of data at social media level. If social media platforms can regulate data flow with right controls and compliances in place, the co-existence of humans and AI in staying secure, accountable, fair & thus process information with integrity will become easier."