Intermediary Liability And Data Responsibility: Balancing Innovation With Accountability In Digital India

The role of social media platforms has changed from being passive conduits of information to being active arbiters of public discourse, content moderation, and the processing of personal data. Platforms like Facebook, Instagram, YouTube, X (formerly Twitter), and TikTok facilitate Global communication, commerce, and political organising. The changes in these platforms will require a re-evaluation of the laws originally designed for traditional internet service providers.

A fundamental question is whether the platforms should still be classified as intermediaries with broad immunity from liability, or whether their status as active curators of information requires them to be held more accountable for the information they've curated.

Platforms create a legally complex situation because they are both data stewards (i.e., the people responsible for safeguarding the privacy of users' personal data) and content moderators (i.e. the people who decide what content users can see).

India has passed a series of laws governing the use of social media and technology in general. The Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 demonstrate that the Indian legal system is moving from a simple safe-harbour model of liability protection to a model that incorporates conditional liability.

Legal Evolution: From Immunity To Accountability

The history of intermediary liability protection began with 47 U.S.C. § 230 of the Communications Decency Act (1996), which protected online entities from liability for the content created by their users. The reason for providing such protection was to encourage innovation in the development of the internet so that online entities would have no incentive to overly suppress unwanted user-generated content by exposing them to liability similar to that of traditional publishers.

There has been a huge shift in the manner in which modern platforms develop and deliver goods and/or services from that of early internet service providers. Modern-day platforms are no longer simply conduits of messages between parties; they use complex algorithms to recommend products, curate information, and drive user engagement. The active role of modern platforms sets them apart from traditional intermediaries and provides support for regulatory response proportional to that activity.

The European Union's Digital Services Act (O.J. 2022 (L 277) 1) exemplifies this shift. Rather than eliminating an intermediary's immunity, the Act conditions immunity upon meeting due diligence obligations, conducting risk assessments, and providing for transparency. The Act facilitates innovation while still providing for some measure of accountability within an intermediary context.

India has adopted a similar approach to strike a balance between protecting intermediaries and holding them accountable. Intermediary liability protection under Section 79 of the Information Technology Act (2000) is based upon compliance with procedural safeguards. The Information Technology (Intermediary Guidelines & Digital Media Ethics Code) Rules (2021) provided additional clarity regarding procedural safeguard compliance; these rules require, inter alia, procedures for grievance redress, procedures for content removal, and the protection of user privacy.

Judicial Development: Shreya Singhal And Beyond

The Supreme Court's landmark ruling in Shreya Singhal v. Union of India 2013) 1 S.C.C. 641 established critical precedent concerning intermediary liability within India. The Court made it clear that an intermediary's obligations should not mandate or therefore facilitate censorship, while also emphasising that removing lawful content from the internet equates to violating an individual's right to free speech as protected by Article 19(1)(a), Constitution of India, 1950.

Such a landmark ruling also means that “lawful justification for restricting an intermediary's immunity” must meet the principles of proportionality found in Suresh Kumar Koushal v. Naz Foundation (2014) 1 S.C.C 1. Therefore, any restrictions on an intermediary's immunity must be necessary and in pursuance of legitimate aims within the context of their legitimate proportionality to their associated aims. This protects platforms from using content moderation as a tool to undermine or destroy protected expression.

The Cambridge Analytica controversy also establishes that the extent of intermediaries' liability is beyond the realm of content moderation and includes the realm of data stewardship. Unlawful and unauthorised use of data for political manipulation, although separate from content issues, creates an equal harm and an inadequate response by traditional proprietary intermediary frameworks.

Data Protection And Platform Responsibility

The Digital Personal Data Protection Act, 2023 is a turning point for how data is governed in India. The Act creates a comprehensive system that sets out requirements for obtaining explicit consent for collecting and processing personal data, as well as definitions of legitimate purposes and data minimisation.

Under this new framework, platforms will act as Data Controllers and assume responsibilities, including but not limited to:

1.Obtaining Consent: All platforms that collect or process personal data must obtain affirmative consent from the data subject, as laid out by Section 8 of the Digital Personal Data Protection Act, 2023.

2.Security Measures: The Digital Personal Data Protection Act 2023 requires Data Controllers to use reasonable and appropriate security measures to protect against unauthorised access, processing, or disclosure of personal data (Digital Personal Data Protection Act, 2023, Section 8(3)).

3.Transparency: Data Controllers must maintain transparent records of how they are processing personal data and must communicate clearly to Data Principals about such processing activities.

4.Rights of Data Principals: From Sections 10 through 12 of the Digital Personal Data Protection Act, 2023, Data Principals (the individuals to whom the data belongs) have the right to obtain copies of their personal data, have inaccuracies in their personal data corrected, and have their personal data deleted.

Overall, these responsibilities create a recognition that a platform with significant amounts of its customers' personal data will have fiduciary obligations similar to those of a bank that manages its clients' assets. Furthermore, the concentration of individual customers' data in a platform's database will present systemic risks that warrant regulatory oversight.

Algorithmic Governance And Content Moderation

Algorithmic governance has undergone an evolution that is critical to our understanding of how platforms communicate with users. Users engage with platforms based on the recommendations or rankings provided by the algorithms used by these platforms. Historically, Outside Hosting Liability (OHL) had been the primary focus of Safe Harbour doctrine, whereas there are many examples of how algorithmically curated and amplified content presents a different challenge than simply hosting the content.

The relationship between OHL and user-created content provided on platforms that are algorithmically however still continues to be debated. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 make clear

reference to the proposition that platforms must have "generally acceptable" practices regarding moderation or grievance processes in order to ensure the algorithmic curation of user-created content is continuously held accountable.

Risks associated with algorithmic amplification, including the spreading of false information, the possibility of the creation of polarisation and other filter bubbles, and the potential of discrimination resulting from the training data used to develop algorithms, cannot be solved by simply removing individual pieces of user-created content. There is also a need for platforms to take more ownership of the choices made in the development of their algorithms.

Balancing Competing Interests

Digital governance is about balancing the competing constitutional values of the Constitution. For example, the Constitution provides constitutional protection for freedom of speech under Article 19(1)(a), for freedom to conduct business under 19(1)(g), for privacy under 21, and for equality under 14. Digital governance must take into account that these four rights should all be balanced equally.

If companies face excessive liability, companies will face increased levels of overcensorship and loss of innovation. When companies face too little liability, companies may have unregulated data exploitation and systemic harms impacting democratic discussion and debate. The solution is to have proportionate conditional accountability for companies; for platforms to be immune from liability, there must be meaningful compliance with data protection, algorithmic transparency, cybersecurity, and procedural safeguards.

The age of treating social media networks as simple intermediaries, which cannot be held accountable for what they do, has come to an end. The evolution of today's internet into data-driven platforms that influence how we communicate and engage with each other requires new legal standards to develop around these rapidly changing technologies. With its emerging regulatory framework, India offers an excellent example of how the rest of the world could see its own digital governance evolve successfully.

The development of regulations for digital and technology-related intermediaries must be focused on creating transparent algorithmic design criteria by which these companies operate; better data security requirements for companies operating in this space; more opportunities for users to resolve disputes arising from their use of these technologies; and regular compliance audits of companies regarding compliance with these regulations. All of these things will allow for continued innovation while still protecting the fundamental tenets of our Constitution.

The Preamble to the United States Constitution articulates the United States' commitment to justice, liberty, and equality for all citizens. This same commitment must continue to guide the way that digital governance is created to ensure that technology-based intermediaries support democracy and do not undermine it to benefit corporations.

References:

1. Shreya Singhal v. Union of India, (2013) 1 S.C.C. 641.

2. Constitution of India, 1950, Arts. 14, 19, 21.

3. Information Technology Act, 2000, No. 21, §§ 79, 69A (India).

4. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, G.S.R. 139(E) (India).

5. Digital Personal Data Protection Act, 2023, No. 22 (India).

6. Communications Decency Act, 47 U.S.C. § 230 (1996) (United States).

7. Regulation (EU) 2022/2065, Digital Services Act, 2022 O.J. (L 277) 1 (European Union).

8. Suresh Kumar Koushal v. Naz Foundation, (2014) 1 S.C.C. 1.

9. Daphne Keller, Intermediary Liability and User Content Under Global Law, Hoover Inst. Aegis Series Paper No. 1902 (2019).

10. Julie E. Cohen, Between Truth and Power, 67–102 (Oxford Univ. Press 2019).

11. Jack M. Balkin, Free Speech in the Algorithmic Society, 51 U.C. Davis L. Rev. 1149 (2018).

12. World Economic Forum, Global Cybersecurity Outlook 2025 (2025).

13. Electronic Frontier Foundation, Who Has Your Back? Protecting User Data from Government Requests (2024).

Author is an LL.M Student. Views are personal.