Government vs. WhatsApp Blame Game: Let User Privacy Win!

Safe Harbour Protections in India and related issues

In India, intermediaries have often played a crucial role in dissemination of crucial information that crave public scrutiny and action. Such platforms make use of effective tools and hashtags to allow increased user engagement and enable channels for meaningful discourse online. Users have the liberty to publish their images, videos, personal opinion, accomplishments etc. without any filters and the platforms do not exercise any editorial control over the published content. Thus, it becomes important to make provision for intermediary immunity from the repercussions that may follow soon after hosting any illegal content online. The need for such immunity, in the name of safe harbour protection has been formally acknowledged, backed and recognised by jurisdictions across the world. Under section 79 of the IT Act, an intermediary is exempted from liability for any third - party information hosted on its website so long as the intermediary does not initiate the transmission of such information or modifies the information being transmitted through the intermediary and the intermediary observes due diligence while discharging its duties. Safe harbour protection is conditional upon fulfilment of certain terms and conditions in addition to exercising due diligence, some of which have been set out below:

• The role of an intermediary is limited to that of a passive participant enabling access and connectivity only;
• The intermediary must not choose the originator or recipient of any information hosted on its platform; and
• The intermediary must not exercise any amount of control (editorial or otherwise) over the content.

The safe harbour protection for intermediaries in India has frequently been challenged and evolved basis judicial interpretation by the courts of relevant jurisdiction. Some case laws also brought to the fore the need for protection of online intermediaries in relation to content hosted on their platform. For instance, in the case of Avnish Bajaj v. State, it was shocking how both the user (Mr. Ravi Raj) and the CEO of bazee.com (Mr. Avnish Bajaj) were liable for same level of punishment pursuant to sale of a CD (containing an obscene clip) via online auction on bazee.com. It was thus recognised that safe harbour protection has to be introduced in Indian context to ensure the growth of e-commerce businesses – this led to the Information Technology (Amendment) Act, 2008. The intermediaries have also particularly faced trouble in defending themselves against cases of defamation (Google India Private Ltd v. Vishaka Industries). However, in the case of Kent RO Systems Limited & Anr. v. Amit Kotak & Ors., the Court specifically recognised intermediary protection in light of a specific design infringement. It was categorically held that the intermediary is only required to exercise due diligence and publish terms of use and privacy policy for sufficient safeguards. It acknowledged that the intermediary is not capable of predicting whether particular content is in violation of law or not and therefore, is only liable to take – down content upon receipt of actual knowledge (order by court of competent jurisdiction or appropriate government).

Legality of Intermediary Guidelines, 2021

In the case of Attorney General v. Times Newspaper Limited^[1], Lord Simon of Glaisdale observed that the freedom of expression serves four broad social purposes which includes strengthening the capacity of an individual to participate in decision making process and assist in the discovery of truth.

Stifling free speech and channelizing arbitrary censorship seem to be the inevitable policy instruments for keeping the democratic fibre intact. The cyber domain has given wings to free speech and expression in ways which defy most other domains. The ease of access to large audience accelerates the exchange of information, formation of opinions and ideas. This is essentially why the government takes considerable steps towards establishing control over online content – in order to tailor and influence public perception of the government. Most of the questions that have been raised with respect to the Intermediary Guidelines, 2021 exist due to the complete breakdown of trust in the executive body of the government. The executive has time and again tried to curb free speech and expression of individuals and has tried to take control over the online discourse in case of severe opposition. We will try and analyse the legality of the Intermediary Guidelines, 2021 in two parts:

1. Procedural legality
2. Utter disregard of pre-legislative processes

In India, Parliament is the law-making body at central level and legislative assemblies and councils are entrusted with the responsibility at the state levels. Pre-legislative processes include the process of recognizing the need for a new law or an amendment to an existing law, drafting of the proposed law, seeking inputs / comments from different ministries, stakeholders and public, revision of the draft bill to incorporate such inputs, and getting the same vetted by the Ministry of Law and Justice. Subsequently, the bill is presented to the Cabinet for approval. The importance of conducting public consultation with cross - section of stakeholders also stems from the Right to Information Act, 2005 which encapsulates the role of civil society actors in the drafting of a bill. By virtue of notification number D.O. No. 11 (35) / 2013 – L.I dated February 05, 2014, any Department / Ministry is obligated to publish / place the draft legislation in public domain. Such draft legislation should be kept public for at least a period of thirty days in order to ensure proactive sharing of information with the public. Such draft legislation is also required to include inter alia include brief justification for such legislation, essential elements of the proposed legislation, its broad financial implications, and an estimated assessment of the impact of such legislation on environment, fundamental rights, lives and livelihoods of the concerned/affected people, etc. We are well aware of the backdrop in which Intermediary Guidelines, 2021 were brought into force – utter disregard to pre – legislative processes is rather evident and crave some amount of regulatory decorum and civility.

2. Doctrine of separation of powers?

The doctrine of separation of powers is acknowledged to form a crucial part of the basic structure of the Constitution of India. It is commonly understood that all the three organs of the State i.e. the Legislature, the Judiciary and the Executive are bound by and subject to the portions of the Constitution, which demarcates their respective powers, jurisdictions, responsibilities and relationship with one another.^[2] Section 87 of the IT Act authorises the Central government to make rules by way of notifications in the Official Gazette and Electronic Gazette for various subjects including security procedure for electronic record and digital signature, form of application for issuance of digital signature certificate, and qualification and experience of adjudicating officer. It is interesting to note that the provisions nowhere provide authority to the Central government to make rules for regulating digital media platforms. Therefore, it is not wrong to say that the executive has clearly overstepped its jurisdiction and encroached upon the legislative function of the Parliament. Such an encroachment is antithetical to the principle of separation of powers.

3. Challenging the basis for these rules

Section 69A of the IT Act allows the Central government to block public access to any information hosted on an intermediary platform in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognisable offence in relation to above.

On a meticulous analysis of one of the rules framed under section 69A i.e. Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 ("Blocking Rules"), it is sufficiently clear that the provisions are in violation of the core principles of natural justice. The request for blocking of online content is to be reviewed by a committee comprising designated officer and two members (i.e. Joint Secretary and CERT-IN member) ("Committee"), which is required to further submit its recommendation to the Secretary, Department of IT, Government of India ("Secretary"). The Secretary is finally required to pass suitable orders under normal circumstances. It is interesting to note that the power to pass blocking orders under situations of emergency are also vested with the Secretary. However, in such situations, the Secretary is required to forward such an order to the Committee which may place recommendations to help him decide on continuation of the interim order, based on his subjective satisfaction. In utter disregard of the first principles, the Secretary is effectively made to sit in appeal against his own decision, which can definitely be challenged as arbitrary and unsustainable in itself. The Secretary's order is subject to review by a specialised review committee but the timeframe for such review is two months. It is important to understand that blocking may have serious repercussions on the very website or business, which such website supports and it may go defunct in the course of such timeframe.^[3]

The other aspect of concern is the high and criminal penalty imposed on the intermediaries for non-compliance with orders passed under section 69A of the IT Act. Given the heavy penalty that an intermediary is required to pay for non-compliance, several instances of misuse by security agencies, police personnel is bound to happen. Such agencies merely try to reproduce provisions in order to force service providers to comply with untenable requisitions.

In the case of Shreya Singhal v. Union of India, important red flags in relation to section 69A were highlighted such as the unavailability of pre-decisional hearing to the 'originator' of information and procedural safeguards set out in section 95 and 96 of CrPC. The SC had rejected the submissions and held that section 69A is narrowly drawn unlike section 66A and has substantial provisions imposing restrictions on exercise of power for blocking orders by government agencies. However, the Hon`ble Court erred in analysing the procedures applicable in cases of emergency wherein right to fair hearing of the intermediary is also suspended.

Further, Rule 16 of the Blocking Rules prescribe the confidentiality requirement for all such requests and complaints which is in violation of the fundamental rights of the service providers. This is problematic and the SC had also rightly held in Anuradha Bhasin v. Union of India that government orders which affect the lives, liberty and property of the citizens must be made available to enable citizens to challenge them.

1. Substantive legality
2. Vague and subjective standards

Several laws have been historically challenged and held to be unconstitutional by the courts in India for being outrightly vague and loosely drafted making room for varied interpretation. For instance, Section 66A of the IT Act was struck down on these grounds in the landmark judgement of Shreya Singhal v. Union of India.

2. Practical roadblocks

In context of introduction of any new rules brought about by the government, it becomes important to set out and understand the objectives behind the passing of the same. The Intermediary Rules, 2021 has been introduced in order to:

• Ensure effective regulation of intermediaries;
• Curb obscene information on the internet;
• Prevent spread of fake news;
• Prevent misuse of social media; and
• Provide security to the users of such platforms.

Broadly, it is fair to say that these objectives appear to have been specifically addressed by way of the Intermediary Rules, 2021 for instance, the intermediaries are expected to remove or disable access within thirty – six hours of actual knowledge (which may be in the form of court order or order by appropriate government without vitiating evidence. While there is no doubt that this is a good practice initiative for preventing misuse of social media platforms, curb obscene information on internet etc., such a short timeline may not be feasible to meet for small start – ups and as a result of which, there may be unnecessary financial burden. Further, the amount of time it takes to obtain a court order in India cannot be ignored.

Similarly, one of the other objectives is to provide security to the users. The significant social media intermediary is also required to enable identification of the first originator of the information by virtue of a judicial order or an order passed under Section 69 of the IT Act. We are fully cognizant of the fact that most of the platforms are end – to – end encrypted to ensure privacy concerns are met. This provision for enabling traceability weakens the extent of encryption. The Intermediary Rules, 2021 therefore, is failing at the stage of ideation and may do miserably, at the stage of implementation.

3. Reasonable restrictions on free speech

In line with Article 19(2) of Constitution of India, any reasonable restriction can only be imposed on the fundamental rights guaranteed under the Constitution through a law enacted by the legislature. The presumption of constitutionality is not applicable on executive rules.

4. Judge in your own cause?

The Intermediary Rules, 2021 has introduced a three – layered complaints and adjudication structure wherein the executive is required to act as both the complainant and the judge on vital questions of free speech and expression. Such questions may also involve serious actions including blocking and take down of online material. There is absolutely no provision for the aggrieved publisher of information to appeal against the decision of the Inter-Departmental Committee which comprises only of members from the executive leg of the government.

Basis a careful review of Rule 7 of the Intermediary Guidelines, 2021, it is clear that any non-compliance shall only lead to punishment under relevant provisions of the IT Act and Indian Penal Code in addition to loss of safe harbour protection. Therefore, a complete ban on its operation is out of question at the moment.

The problem is this - The Intermediary Rules, 2021 have full potential to fundamentally change the usage, operation and access of internet is in India and it is terrible to see the lack of apathy towards the millions of users who are the ultimate victims of this wild goose chase. WhatsApp has challenged the traceability requirement under the Intermediary Guidelines, 2021 which undeniably undermine privacy and encourage mass surveillance. Ironically, WhatsApp coerced its users to accept the updated privacy policy which does not amount to informed consent. Recent affirmations by the government suggest that they do not have any intention of emulating the 'Great Chinese Firewall' model but their actions do not seem to sync with the same.

For once and for all, let's stop the blame game and take effective steps towards bringing in a comprehensive data protection legislation in India. Switching from WhatsApp to temporary alternatives is definitely not a long-term, practical situation for all users and the government should push for data protection by design.

Views are personal.