Social Media Platforms & Their Future under Proposed Data Protection Laws

  • Indias New IT Rules Do Not Conform With International Human Rights Norms : UN Special Rapporteurs

    On December 11, 2019, a Joint Parliamentary Committee on the Personal Data Protection Bill, 2019 ("JPC") was constituted with the goal to dissect and analyze the Personal Data Protection Bill, 2019 ("2019 Bill"). With one of its endeavours being to integrate the 2019 Bill into the fast-developing landscape of data, the JPC, in its report tabled before both houses of the Parliament on December 16, 2021

    [1] ("Report"), highlighted various lacunae that exist in the preexisting 2019 Bill, the Information Technology Act, 2000 ("IT Act") and other laws that relate to the exchange of digital information.

    Current Shortfalls

    Through its Report, the JPC attempted to address an issue that has garnered a substantial bit of attention across the world in the recent past—the regulation of social media platforms and data intermediaries. Leading up to the recommendations of the JPC, the section of the Report dealing with this subject described the various shortfalls of the 2019 Bill and the IT Act.

    The JPC first highlighted certain key areas of concern relating to social media intermediaries ranging from the transparency and accountability of social media platforms ("SMP(s)") and the categorization of such SMPs as intermediaries; to the criteria adopted by SMPs for removal of content and the anonymous publication of content on such SMPs.

    The JPC critiqued the lack of responsibility that is apportioned to SMPs for the content that is circulated on such platforms by drawing an analogy with print media and electronic media—where the platform disseminating the content is answerable for it and there are adequate mechanisms in place for the redressal of grievances arising out of the entire process.

    In addressing the root causes that led to such a divergence of applicable standards, the JPC identified that the IT Act wrongly designated SMPs as 'intermediaries'. The IT Act defines 'intermediaries' to mean any person who receives, stores, or transmits an electronic record on behalf of another person; or provides any service with respect to such a record

    [2]. The JPC further observed that SMPs continue to be categorized as intermediaries that are not accountable for the content available on their platforms despite their significant participation in the dissemination of such content—ranging from selecting the receivers of the content to controlling the access to any content that is posted on their platform.

    Submission by the Ministry of Electronics and Information Technology

    To gain further clarity on the current position of law relating to social media intermediaries, the JPC went on to entertain submissions regarding the same from the Ministry of Electronics and Information Technology ("MeitY"). MeitY proffered some clarity on the regulatory ambit of social media intermediaries under the IT Act and detailed its steps for the future by discussing the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("2021 Rules") which were notified on February 25, 2021.

    The MeitY stated that SMPs are required to define their terms and conditions of usage, publish a privacy policy, report security instances to the computer emergency repose team and have a grievance officer in place. It also emphasized that intermediaries (including SMPs) are required to take down unlawful content when relatable to Article 19(2) and assist law enforcement officials. Further, the MeitY also clarified that while such platforms are expected to inform law enforcement authorities about violations in law, they could also take measures they deem necessary in cases of violations of the platform's policies.

    As part of their plan for the future, the MeitY submitted that certain amendments are being introduced to the intermediary rules to rectify shortfalls like (a) the inclusion of specific and additional liabilities for SMPs and "significant social media platforms"; and (b) requiring SMPs to have representatives in India to ensure increased accountability.

    The Road Ahead

    In its Report, the JPC observed the inability of the IT Act to "keep pace with the changing nature of the social media ecosystem" and the generic nature of the provisions of the 2019 Bill relating to SMPs. It underlined how SMPs operate as publishers in various situations and must therefore be treated as such. The JPC recommended that mechanisms ought to be devised (a) to have SMPs be accountable to the content posted by unverified accounts, and (b) to verify accounts upon receipt of the necessary documentation.

    Further, the JPC recommended that the SMPs should only be permitted to operate in India if their parent companies set up offices in India. The need to constitute a statutory media regulation authority for the regulation of the content posted on such platforms was also highlighted by the JPC.

    The apportionment of liability for intermediaries under the IT Act is especially relevant because of the safe harbour provision the IT Act puts in place to protect passive intermediaries from liabilities under "any law"

    [3]. The 2021 Rules make this overarching protection from liability contingent on the adherence to obligations specified in the Rules,[4] which include notifying users of the types of content they are disallowed from sharing and removing access to information that an appropriate government authority deems prohibited information.
    The 2021 Rules also cull out two new sub-categories of intermediaries: (a) social media intermediaries, that are responsible for facilitating online interactions between users and allowing them to handle information by using its services;
    [5] and (b) significant social media intermediaries ("SSMI(s)") that are social media intermediaries with more than 50,00,000 (fifty lakh) users.[6] The 2021 Rules impose additional obligations on SSMIs like having a physical address in India and the appointment of several officials in India to ensure that the due diligence requirements and court orders are complied with, the grievances of users are redressed, and law enforcement agencies are coordinated with
    The 2021 Rules and JPC Report appear unified regarding the imposition of liability on SMPs and the requirement for a nuanced approach to tackling how those liabilities ought to be apportioned between platforms (based on how active a role they play in the dissemination of information exchanged over their platforms). This is a noteworthy change from the blanket immunity social media intermediaries would earlier enjoy, and has led to several SMPs resisting the changes citing the need for free speech and fair communication

    Ashima Obhan is a Partner and Anubhav Chakravorty is an Associate at Obhan and Associates. Views are personal

    [1] Report of the Joint Committee on the Personal Data Protection Bill, 2019.

    [2] Section 2(w) of the IT Act.

    [3] Section 79 of the IT Act.

    [4] Rule 3 of the 2021 Rules.

    [5] Rule 2(w) of the 2021 Rules.

    [6] Government of India, Ministry of Electronics and Information Technology, F.No.16(4)/2020-CLES (February 25, 2021), available at:

    [7] Rule 4 of the 2021 Rules.


    Next Story