In December, the Union government proposed changes to the IT (Intermediary Liability) Rules, 2011 to hold platforms liable for the content hosted on them. MeitY invited comments on the proposed amendments, which were made public on February 6 and February 8. Counter-comments are open till February 14.

Here are the key points from IndiaTech.org’s submission to MeitY. Points have been paraphrased for reference.

On the monthly notification requirement to inform users – Rule 3(4)

  • Monthly notifications would affect user experience significantly and have a cost impact
  • Since user terms of agreement and privacy policy exist, the proposed requirement will be of little consequence
  • The requirement could also result in the user being spammed with such emails from different intermediaries, which will be sent repeatedly
  • The suggestion is that if at all this rule is required, it should be done once a year, only for inactive users (who have not transacted for over a year), for intermediaries with a customer base that exceeds threshold of over 10 lakh users.

On the takedown rule – Rule 3(5)

IndiaTech.org suggests that there be an exception of reverting to cases on the basis of the age of the data.

  • For data that is up to 180 days old, depending on the size and complexity of data demanded, it may be prudent to keep the time frame of 72 hours to one week from date of receipt of the notice
  • For data that is more than 180 days old, the time frame should be at least 15 days, extendable by another 15 days under certain circumstances

Further suggestions:

  • The ability to trace the “originator” of information must aim to place responsibility on social media, messaging and content hosting platforms.
  • The regulations should clarify the applicability of this only for intermediaries who create and host their own content, and not intermediaries that host third-party created/owned content

On registration and permanent establishment – Rule 3(7)

  • It may be “beneficial to make the proposed changes more stringent” and “ensure that any sizeable or relevant intermediary entity (Indian and foreign) providing goods/services through a digital platform in India is made subject to this provision and is required to have a permanent establishment in India.”
  • This requirement would help address the current enforcement issues and ensure that all intermediaries do not evade other regulations that would be applicable

Further suggestions:

  • The intermediary registered in India should provide the services directly to its users to ensure that it can be approached for any breaches and noncompliances
  • The user base threshold for an intermediary that falls under this provision should be reduced to 10 lakh
  • The term “users” should include any and all persons from whom data is collected and/or are registered on the platform (either as a service provider or a service recipient)

On monitoring content – Rule 3(9)

  • This must apply only to intermediaries hosting content from users (ie not licensing directly from content creators)
  • An exemption from liability for any non content based platforms that are pure aggregators for services and
  • Certain types of content can be filtered under this provision, such as explicit, hateful or harmful content that can have social or political repercussions.

Note: Counter comments may be sent to gccyberlaw[at]meity[dot]gov[dot]in / pkumar[at]meity[dot]gov[dot]in / sathya.s[at]meity[dot]gov[dot]in on or before February 14.