In his article in the Washington Post, Facebook founder Mark Zuckerberg suggested the need for new rules from lawmakers to balance the interests and responsibilities of all the different stakeholders’ i.e. people, companies and governments. He called for regulation on four areas require an active role of governments and regulators: harmful content, election integrity, privacy and data portability.”

Key Legal Improvements that Mark Zuckerberg suggested (Read)

1. Harmful Content

  • Content takedowns subject to appeals: In the absence of any legal standards, most of the social media platforms adopt self-regulation, but struggle because of a large base. Zuckerberg says that people should understand the difficulty that internet companies face in “deciding what counts as terrorist propaganda, hate speech and more”, that Facebook realises that they have “too much power over speech” and therefore to reduce it, the decisions regarding any speech should be subjected to an appeal before independent bodies. Nikhil adds: this seems to be how Facebook is looking to limit the move away from self regulation.
  • Define standards for harmful content: There is a need of defining standards by third-party bodies on harmful content against which the distribution of harmful content will be governed and measured. “Internet companies should be accountable for enforcing standards on harmful content”. Zuckerberg proposes that “regulation could set baselines for what’s prohibited and require companies to build systems for keeping harmful content to a bare minimum”.
  • Quarterly compliance reports: He also suggested an idea of mandating the publication of transparency reports in every quarter of the year by every major Internet service company, which Facebook already publishes. He says that this “is just as important as financial reporting.”

Indian scenario on harmful content:

  • The government released a draft of The Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018 on 24th December 2018, which are intended to curb the misuse of social media and stop the spreading of ‘unlawful content’. Although no clarity on the definition of “unlawful” content has been provided, leaving it open to abuse.
  • As there is no standard has been adopted to filter the “unlawful” content in the draft, it forces companies to take judgment calls regarding content on the basis of “take down first, think later”. However, the draft promotes the deployment of “automated tools to filter content”.

2. In terms of Election Interference: It is important to highlight the importance that Zuckerberg has given to the legislation for creating common standards in terms of regulations that govern political information campaigns and verification of political actors. “Facebook has already made significant changes around political ads: Advertisers in many countries must verify their identities before purchasing political ads”, he says, while adding that “deciding whether an ad is political isn’t always straightforward”.

  • Updating online political advertising laws: “Online political advertising laws primarily focus on candidates and elections, rather than divisive political issues where we’ve seen more attempted interference.” Laws related to elections are temporal even when political campaigns are non-stop and may include controversial use of data and targeting. Therefore, he said that “legislation should be updated to reflect the reality of the threats and set standards for the whole industry”.

Indian scenario on online Election Interference:

  • Election laws in India are very ill-equipped when it comes to dealing with online political advertisements. The Election Commission, which is the constitutional authority that regulates state and national elections, is itself relying on online platforms to self-regulate and prevent ‘illegal’ content. In absence of any comprehensive legislation that can provide Election Commission with the authority to make rules and standards for monitoring the online political advertisements, these online platforms are open to censor or amplify certain information without transparency.
  • In January, the committee led by senior deputy election commissioner Umesh Sinha submitted its report to the commission that recommended modifying the provisions of Section 126 (prohibits displaying any election matter by means, inter alia, of television or similar apparatus, during the period of 48 hours before the hour fixed for conclusion of poll in a constituency) and certain other provisions of the Representation of the People Act, 1951, including provisions of the Model Code of Conduct to bring Social Media platforms under its purview.
  • Chief election commissioner Sunil Arora said all major social media platforms — Facebook, Twitter, Google, WhatsApp and Share Chat — are taking measures such as verification of political advertisers’ credentials, sharing expenditure on it with the Election Commission (EC) through public databases and adhering to the “silence period” that comes into effect 48 hours before the polls.

3. In terms of Data Protection and Privacy:

  • Adopting GDPR as a globally harmonized framework: Reiterating the common demand of entrepreneurs for a globally harmonized framework of regulations on data protection, Zuckerberg agrees that there is a need to develop privacy regulations in line with the European Union’s General Data Protection Regulation (‘GDPR”). He further insists that “New privacy regulation in the United States and around the world should build on the protections GDPR provides”. GDPR approach to privacy regulation serves as the best example for the common global framework as it provides certain standard protections  – protects the right to choose how the information should be used and does away from the process of data localisation as it subjects the data to unwarranted access. Such protections together will establish a framework under which companies like Facebook can be held accountable when it makes mistakes.
  • The Data Protection framework must not be ambiguous: Lawmakers should adopt new privacy regulations which must be clear on the points that even GDPR failed to clarify. “We need clear rules on when information can be used to serve the public interest and how it should apply to new technologies such as artificial intelligence”.

Indian Scenario on Privacy Regulations:

  • Till now the only legal protection provided to personal information in India is through section 43A of the Information Technology Act and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 developed under the section. This provision mandates that a body corporate which ‘receives, possesses, stores, deals, or handles’ any ‘sensitive personal data’ to implement and maintain ‘reasonable security practices’, are held liable to compensate those affected when they failed to implement such practices. Given the maturity of privacy jurisprudence in the most countries around the world, these rules are just a half-hearted approach cutting a sorry figure.
  • In its landmark judgment in the Justice KS Puttaswamy case in August 2017, the Apex Court ruled the privacy as the fundamental right under Article 21 of the Constitution of India, though not in its absolute sense. Since then the government has taken significant steps to modify the privacy regulations in the line of GDPR of EU.
  • As the Personal Data Protection Bill, 2018 as recommended by the Justice Srikrishna Committee is all set to be introduced in next session of the Parliament. It covers basic protections and even recommends the data localisation which has raised concerns among various Internet services.

4. Data Portability: “Regulation should guarantee the principle of data portability. If you share data with one service, you should be able to move it to another”. The data portability will provide the choice to people to select between competing for internet services. This can actually serve in balancing the interests of people and innovators. However, the application of data portability requires clear rules of about the liabilities of protecting information when data is transferred from one service to the other. According to Zuckerberg, “this also needs common standards” and the open source Data Transfer Project is a suggested standard data transfer format.

Indian Scenario on Data Portability

Data portability may also be considered an upgraded version of the right to access and the right to erasure of personal data, both of which are present in the current Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.