PROTECTING THE “INTERMEDIARY”: CURRENT LAW TRENDS

The Government of India has issued a draft e-commerce policy titled Electronic Commerce in India:Draft National Policy Framework, 2018. This inter alia proposes to revisit and modify the exemption from liability granted to intermediaries under Section 79 of the Information Technology Act, 2000 (“I.T Act”).
In this note, we highlight the current exemptions given to intermediaries and the eligibility criteria for availing such exemptions.

INTRODUCTION: WHAT IS AN “INTERMEDIARY”?

The I.T. Act, under Section 2(w), provides a wide definition of an intermediary, in relation to an electronic record, as any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record.

The definition inter alia includes telecom service providers, internet service providers, search engines and online-market places. Simply put, any person operating any website or mobile application who on behalf of another person receives, stores or transmits any kind of data or information (e.g. – social networking and blogging sites) or provides any service (e.g. – aggregators) can be classified as an intermediary.

It is pertinent to note that any person shall be classified as an intermediary only when it is performing the aforesaid functions “on behalf of” another person. For example, a news website may not be classified as intermediary with respect to the news articles published by them. However, they may be classified as an intermediary in respect of the advertisement that are posted on their news website. On the other hand, a blogging website such as Blogger shall be classified as intermediary for the purposes of both
the content posted and the advertisements hosted on its website.

Currently, intermediaries in India are governed by the provisions of I.T. Act and specifically by Information Technology (Intermediaries guidelines) Rules, 2011 (“Intermediary Rules”) made thereunder.

Neither the I.T. Act nor the Intermediary Rules classify the intermediaries into different classes based on their functions and area of operation.

SAFE HARBOUR RULES

Section 79 of the I.T. Act provides a safe harbour to intermediaries (except Copyright Act, 1950 and Patents Act, 1970)- if prescribed compliance and standards prescribed under the I.T. Act and the Intermediaries Rules are met with. In other words, in order to charge an intermediary under any other law in India (for example with defamation under Section 499 of Indian Penal Code, 1860), it is required to be demonstrated that the company cannot be classified as an eligible intermediary i.e. one who meets the standards prescribed in the I.T. Act and Intermediary Rules.

To avail the safe harbour provision an intermediary must fulfil the following conditions:

1. Limited function: Only perform the function of providing access to a communication system over
which information made available by third parties is transmitted or temporarily stored or hosted.

2. No manual intervention: Should not host or publish any information, initiate the transmission,
select the receiver of the transmission and select or modify the information contained in the transmission.

Please note that nothing will amount to hosting, publishing, editing or storing of such information
if the actions taken by the intermediary is temporary or transient or intermediate storage of
information which is automatically conducted by a computer involving no manual control by the
intermediary.

3. Due diligence: Comply with due diligence norms while carrying out activities as prescribed under
the Intermediary Rules:

  1. Usage policy: Publish rules and regulations delineating terms of use which shall govern the conduct of third-parties hosting information or using services of the intermediary. The usage policy must inform the users not to host, display, upload, modify, publish, transmit, update or share any information listed under Rule 3(2) of the Intermediary Rules such as information that may be defamatory or grossly harmful in nature, harm minors in any way or violates any law in force. The usage policy should clearly state that any non-compliance of the I.T. Act, Intermediary Rules, the usage policy or the privacy policy shall lead to termination of access and also removal of non-compliant information.
  2. Privacy policy: Comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 which mandates certain requirements such as publication of privacy policy, appointment of grievance officer, adherence with reasonable security standards and procedures etc.
  3. Takedown of illegal information: Remove or block access to any illegal information, within
    36 hours, upon receiving actual knowledge through the medium of a court order or on being
    notified by the appropriate government or its agency. The illegal information must be
    preserved for ninety days from takedown for investigative purposes. This takedown obligation
    is dealt in detail in the next section.
  4. Co-operation with government agencies: Provide any information or assistance as may be requested by an authorised government agency for the purpose of verification of identity, or for prevention, investigation, prosecution and cyber security incidents of offences under any law. The request to the intermediary must be made in writing stating clearly the purpose for such which such information or assistance is sought. This may be the relevant provision under which the Government of India is seeking information and assistance from Facebook Inc., the company which owns and operates WhatsApp, to curb the circulation of fake news through
    its social messaging application.
  5. Reporting of cyber security incidents: In case of a cyber security incident, intermediary has to
    report such incident and share related information with the Indian Computer Emergency
    Response Team.
  6. Grievance officer: Publish the name and contact details of the grievance officer on the
    intermediary’s website. The grievance officer is required to redress the complaint within one
    month from the date of receipt of complaint.

TAKEDOWNS: TRENDS

The most contentious part of the intermediary liability is the “takedown” regime which is captured under Section 79 of the I.T. Act and proviso(b) to Rule 3(3) of the Intermediary Rules. As per these provisions, an intermediary shall not be entitled to safe harbour in case it fails to remove or disable access to the information or communication link which is used to commit an unlawful act upon receiving actual knowledge or being notified by the Government or its agency regarding such information. This black letter reading has been highly diluted by Indian courts.

Prior to Shreya Singhal vs. Union of India (AIR 2015 SC 1523), the takedown regime was self-regulator so as an intermediary, upon receiving actual knowledge regarding any illegal information, either by itself or by an affected person, had to act within thirty-six hours. The intermediary on its own discretion had the power to remove or block access to the impugned information. The obligation of S. 79 was satisfied if the intermediaries acted in this self-regulated manner.

This regime was overhauled by the Supreme Court of the India in Shreya Singhal, wherein the Supreme Court read down the concept of “actual knowledge” and held that an intermediary shall be obligated to remove or block any information, within 36 hours, only upon receiving actual knowledge through the medium of a court order or on being notified by the appropriate government or its agency.

The Supreme Court reasoned that it may be nearly impossible for intermediaries like Google or Facebook to screen every takedown request sent by any person and thereafter adjudge the legality of such takedown request or the impugned information.

The court further emphasised that any court order or notification passed by a government authority in this regard must be within the bounds of Article 19(2) of the Constitution which imposes reasonable restriction on the right to freedom of speech and expression. It is also interesting to note that the Supreme Court in Shreya Singhal struck down Section 66A of the I.T. Act which provided for arrest of those who posted allegedly “offensive” content on the internet.

The Supreme Court upheld Section 79 of the I.T. Act to be constitutional and therefore the government does not have power to arrest but it has the power to notify the intermediary to takedown the alleged “offensive” content on the internet. Post Shreya Singhal case, there have been a plethora of cases filed against users for posting defamatory content on the websites of intermediaries. Generally, the intermediaries are also made parties to these defamation cases. In an ongoing case of Pepsico v. Facebook and ors., the Delhi High Court has ordered the intermediaries to take down fake news and posts relating to products of Pepsico (Kurkure and Lays) from their website.

It is pertinent to note here that Pepsico had provided that the Court with a list of URL/links to the posts on these intermediaries which were said to be defamatory in nature. The court initially ordered theses intermediaries to takedown the listed links/URLs and also to block/remove “any other similar video”. The intermediaries later challenged the obligation to remove “any other similar order video” on grounds of ambiguity and this part of the order was suspended by a division bench of the same Court. In light of this, it can be inferred that the affected persons are required to point out the exact links/URLs to be removed i.e. there cannot be any blanket takedown order on an intermediary without specifying the objectionable content.

CONCLUDING REMARKS

The following emerge as the consistent and core set of principles in relation to intermediary liability in
India:

  1. The request to remove any problematic information must be made by an “affected person”.
    [Rule 3(4)]
  2.  Any information must be taken down by the intermediary within 36 hours only after receiving
    a court order or a notification by the government. [Rule 3(4)]
  3. As best practice, the user whose content is being removed should be notified of such removal
    and the grounds for such removal. [Rule 3(4)]
  4. The intermediary should display a usage policy on its website at the minimum that informs
    users that (i) the content cannot violate any law of India; and (ii) the content that violates this
    norm can be removed by the intermediary-this is presumably at the discretion of the
    intermediary. [Rule 3(1) & (5)].
  5. Details of the grievance officer should be placed on the website of the intermediaries- there is
    no specified role for this officer except from her or his existence. [Rule 3(11)].
  6. It remains to be seen how these protections to intermediaries under the current legal regime will be
    modified by the Indian government considering the contents of the Electronic Commerce in India: Draft
    National Policy Framework, 2018.