The revolutionary digital transformation of our world in the twenty-first century has impacted almost all aspects of our life. The trajectories of such changes across various countries are, however, uneven. Cheap and affordable gadgets and accessible internet services are instrumental in India’s digital revolution. There are now over 450 million mobile internet users in India utilising one of the lowest data costs (Rao 2019). Recently, the Ministry of Information and Technology revealed that there are over 53 crore users of WhatsApp and 41 crores of Facebook users in India (Chakravarti 2021), many of whom are increasingly dependent on social media for their news updates (Pew Research Centre 2018; Ingram 2015). The Supreme Court reiterated this in 2019 in the Tehseen Poonawalla case, which laid down anticipatory, corrective, and punitive mechanisms to reduce the instances of lynching caused or triggered by fake news and WhatsApp forwards. The court has also mandated central and state governments to curb the spread of violent content on social media that may disrupt social harmony. In this context of everything mentioned above, The Government of India created Intermediary guidelines in February 2021, exercising its powers under Information Technology Act, 2000.
The revised guidelines seek to impose India’s authority over digital media through preventive and punitive regulations (Mansell 2015). These guidelines caused dismay among various online news media outlets and significant social media intermediary ‘data monopolies’ such as Facebook, Twitter, and Google. However, it is noteworthy that such regulations are not entirely distinct to India. There has been an emerging trend of guidelines that seek to govern digital spaces to reclaim digital sovereignty. The revised IT rules, better known as Information Technology Rules 2021, contain three parts and broadly aim to regulate social media intermediaries and online streaming platforms such as Netflix, Amazon Prime, Hotstar, and digital media.
Regulating Social Media Intermediaries
Social media intermediaries enjoy certain privileges under section 79 of the Information and Technology Act (2000) [IT Act], namely the Safe Harbour Protection. According to the law, as long as the intermediaries comply with the requirements of section 79 of the IT Act, they are exempt from legal liability for information hosted by them (Economic and Political Weekly 2021). The guidelines notified in February 2021, which replaced the 2011 guidelines, are the requirements that social media intermediaries must follow for seeking safe harbour protection under the IT Act.
United States Communications Decency Act [CDA] of 1996 can be regarded as the cornerstone of the safe harbour protection principle. CDA provided exemption to internet technology from liabilities with the view that the industry was, at that point, a developing one. However, much has changed since countries today are looking for ways to establish authority over data monopolies. Such data giants not only earn billions of dollars every year but have also started to dictate terms to the government itself. This behaviour is especially prevalent in countries of the Global South. The growing influence of the social media intermediaries and their privilege of non-accountability, unlike traditional media platforms, of the content posted on these platforms have serious implications.
According to Alexa’s traffic insights of 2021, social media intermediaries such as Google, Facebook, Amazon, Zoom are among the top 10 websites most used by Indians. Social media is one of the most powerful platforms for various discussions, from personal to political issues. Most of the intermediaries offer free services to people and collect data from the users. This Big Data — massive electronic files produced by and about the people, things, and interactions (Losifidis and Andrews 2020) — is not only used for personalised advertisements with the ‘panoptic sorting’ but also help in commodifying the consciousness of the individual itself. There is no need to emphasise much on the surveillance capitalism of the big tech companies, especially at a time when it is scientifically proven that the ‘likes’ of a user can predict the individual’s personality better than their close friends and family (Youyou, Kosinski, and Stillwell 2017). The most nefarious use of surveillance capitalism was evident in the political sphere during Brexit and US elections, where it was alleged that Facebook was used to manipulate the behaviour of the citizens for political ends.
The technology behind social media has undergone significant change since its inception. Algorithms and artificial intelligence have become predominant in personalising information based on the user’s likes and dislikes. Unlike the traditional media outlets, which go through a process of checks and balances before publishing a piece, social media does not only lack such a mechanism but may also trap a user in what has been called the ‘filter bubble’ effect (Pariser 2011). The introduction of the share button on Facebook, hashtags in Twitter to link tweets on similar issues, and forwarding options of messaging services like WhatsApp have changed the way social media is utilised by the networked publics- publics constructed by the networked technologies (Boyd 2014). Fake news and troll pages on social media call for revisiting the safe harbour protection to the social media intermediaries.
The IT guidelines notified by the central government in February 2021 reevaluate the prerequisites for extending safe harbour protection to the social media intermediaries. The new rules state that the social media intermediaries shall “notify their users of its rules and regulations, privacy policy or user agreement or any change in the rules and regulations, privacy policy or user agreement, as the case may be” (Information Technology Rules 2021). Rule 3 of the guidelines prescribe that the social media intermediaries diligently perform their duties, including voluntarily taking down any unlawful information. The rules also create a new category of significant social media intermediaries, which refers to any platform with more than 50 lakh users.
Such intermediaries are required to establish grievance redressal mechanisms and establish a Chief Compliance Officer (responsible for compliance with Act and rules), a nodal contact person with law enforcement agencies, and a Grievance Redressal Officer (responsible for grievance redressal mechanism). Sub-rule (2) of rule 4 mandates messaging services such as WhatsApp, Telegram, and Signal to identify the first originator of the messages. Recognising the originator could mean compromising the end-to-end encryption that protects user privacy. Further, significant social media platforms, under sub-rule (4) of rule 5, are now mandated to “deploy technology-based measures, including automated tools or other mechanisms to proactively identify information that depicts any act or simulation in any form depicting rape, child sexual abuse or conduct, whether explicit or implicit” (Information Technology Rules 2021). Intermediaries which fail to observe any of the guidelines prescribed will lose the safe harbour protection under rule 7. In other words, non-compliance will make the intermediaries legally liable for any content posted that is unlawful.
Some of the provisions of the rules discussed above attempt to lessen the harms propelled by the digital platforms, including but not limited to checking the virality of fake news and exponential hegemony of the large social media intermediaries to dictate the terms to national authorities. However, the question that begs our attention is the place of the user in these reforms. The central government endorses the rules as a move towards reclaiming digital sovereignty, especially for its citizens and their protection. Yet, the rules come at a time when the government has been vindicating itself of any criticism by attacking civil liberties. Many activists and students protesting the government’s decisions are booked under the Unlawful Activities Prevention Act (UAPA) and imprisoned (Tankha 2021). According to Economic Intelligence Unit’s (2020) Democracy Index, India’s democracy ranking fell to 53rd rank globally and qualifies as a “flawed democracy”.
The IT guidelines comprise vague terms like “due diligence”, “technology-based measures”, “unlawful information” without properly defining these terms. Such unclear drafting leaves a large scope for investigative agencies to wrongly prosecute individuals for political ends, as is evident from past experiences. It has been pointed out in Natasha Narwal vs State of Delhi NCT case 2021 judgement where UAPA was wrongly applied. Trying to do away with or even tweaking end-to-end encryption for the messaging services in the name of seeking to find the originator of the viral messages can also have a drastic impact on the privacy and the fundamental freedoms of a user. The irony of the guidelines is that instead of keeping the user’s privacy intact, they weaken privacy and freedom of speech and expression in the name of the protection of the people. Digital News Publishing Agency [DNPA], a thirteen-member collective of India’s biggest news media agencies, while challenging the constitutional validity of the rules, rightly pointed out that the new regulations have the potential to “usher an era of surveillance and fear” (Roy 2021).
To conclude, IT rules 2021 represent an emerging trend of states seeking to exercise their digital sovereignty. It is unfortunate that matters that impact most citizens in India are taken through an executive decision but not legislation. However, most political decisions today, both executive and legislative, are handled by political leaders and ‘experts’, leaving the citizens voiceless. In a way, these rules are symbolic of the politics that we witness, which factor out citizen participation in policymaking. The government needs to open the platform for a public debate on user privacy in the digital space and call for innovative ideas from civil society that can effectively tackle the larger issues at hand.