Social media cos must take down illegal content within 24 hrs in Pakistan, according to new rules

Content takedowns within 24 hours, data localisation and physical office in Pakistan are some of the rules that social media companies will now have to follow to operate in Pakistan. The Pakistani Government notified its rules governing social media companies on February 13. Called the Citizens Protection (Against Online Harm) Rules, 2020 (available below), they are a part of Prevention of Electronic Crimes Act, 2016 (PECA).

Importantly, “Social media” is defined under the rule as “social media application or service or communication channel dedicated to community based input, interaction, content, sub content sharing and collaboration, and includes Facebook, Twitter, Google+, Youtube, Dailymotion, Instagram, Snapchat, Pinterest, LinkedIn, Reddit, TikTok and any other such application and service.”

How Social Media companies will need to deal with content takedowns

1. Content takedowns within 24 hours: The company will have 24 hours to remove, suspend or disable access to illegal online content when it receives such communication from the Pakistan Telecommunication Authority (PTA). This is only for online content, not for accounts themselves.
   • For emergencies: which will be solely determined by the National Coordinator, the social media company will have 6 hours.
   • Who decides: PTA or the National Coordinator (who will be appointed by the Minister of IT & Telecommunications) will determine what’s permissible according to law and this would take precedence over the social media company’s own community guidelines. Compare this to what UK’s delegation of power to Ofcom suggests — that for legal content, social media platforms themselves will determine what they will and will not allow.

2. Take down accounts of Pakistani citizens outside Pakistan for spreading fake news: The company must remove, suspend or disable access to account and online content of Pakistani citizens outside Pakistan that spread fake news, are defamatory, and violate the religious, ethnic, or “national security sensitivities of Pakistan”. No time frame for such take downs has been given.
3. Proactively prevent live streaming of illegal content: The social media company will “deploy proactive mechanisms” so that any illegal content is not live streamed through online systems. This includes, but is not limited to, content related to terrorism, extremism, hate speech, defamation, fake news, incitement to violence and national security.
4. Local registration, office and contact person: Within 3 months of notification of these rules, that is, by mid-May 2020, all social media companies will have to register with the PTA, establish a permanent registered office in Pakistan with physical address in Islamabad, and appoint a focal person based in Pakistan to coordinate with the Pakistan Telecommunication Authority (PTA) and the National Coordinator.
5. Data localisation: Within 12 months of notification of these rules, that is, by mid-February 2021, the social media company has to set up at least one “database server” “within the territorial boundaries” of Pakistan to record and store data/online content.
6. Label false content: On communication from PTA that the online content is false, the social media company must label it so.
7. Provide information to the Investigation Agency: For investigation purposes, the social media company must give the Investigation Agency any information/data/content/sub-content on any of its information systems in decrypted, readable and comprehensible format. This data may include subscriber information, traffic data, content data and any other information or data. This Investigation Agency is designated/established under PECA.
8. Failure to comply with the rules could result in:
   1. Blocking the online system and appealing it: The National Coordinator can instruct blocking of the entire online system (social media applications, over the top applications and any cloud-based content distribution services), or just the social media app, or just the “OTT Applications” owned/managed by the social media company. It is not clear if such instructions would be issued to an internet service provider too or only to the social media company. OTT Applications (or OTTAs) are defined in the rules as messaging, voice or video calling applications that are alternatives to text messaging services provided by the mobile network provider. These may include Whatsapp, Facebook Messenger, Viber, WeChat, Skype, Telegram, Line, Imo, Veon, Threema, Signal, QQ, Google Allo and similar apps.Importantly, the company can contest the order within 2 weeks of the date of its blocking before a Committee. After conducting a hearing on representation, the Committee must decide within 3 months. This Committee will be constituted by the Federal (Central) Government within 15 days of notification of rules (that is, by end of February 2020).
   2. Penalty: The National Coordinator can impose a penalty of up to PKR 500 million (~INR 23.12 crore).

Note that cloud-based content distribution services, though mentioned, haven’t been defined, neither in the Rules nor in the parent act. Netflix and Amazon would be such services but haven’t been included.

Anyone can file a complaint for blocking content

A complaint can be made to PTA to block/remove illegal content can be filed by any person aggrieved by the illegal content, and any ministry/department/office of the government including law enforcement and intelligence agencies. Additionally, PTA can take suo moto cognizance of illegal content and pass interim orders for 7 days which may be extended to maximum of 20 days, after which, PTA must issue a final order. Some norms:

• Data/content retention of illegal content: PTA can direct the service provider or the owner of an information system to secure illegal content that has to be blocked/removed for a reasonable period of time.
• Blocking/removal of content to be done on best effort basis: Any illegal content hosted on websites/web servers running on https or similar protocols will be done on a best effort basis given technical limitations. It is interesting that only https protocol is name-checked in the rules. A similar exception has not been made for end-to-end encrypted communication (as on WhatsApp, Signal, etc.) but the technical limitations exception might mean that platforms will not have to redesign their entire systems to comply with these rules.
• Complaints can also be filed directly with service providers: The PTA will have to provide a guidance on filing complaints directly with service providers “against any misuse or abuse of such platforms”.
• Exceptional situation: when the complaint deals with the ‘modesty’ of a natural person, the PTA must ensure that the contents and identity of the complainant may be kept confidential and be disclosed only to people directly responsible for receiving/processing the complaint. PTA may provide a separate secure mechanism for filing of such a complaint.

• Procedure to file a complaint: Complaints can be filed online, in person, or in writing. If it is filed by an organisation, it has to be made through its authorised representative only, and only through a web-based mechanism that the PTA will develop. PTA will also set up information desks at its headquarters, and zonal and regional offices, and a toll-free helpline to guide general public.
• PTA must dispose of a complaint within 30 days: PTA must decide through a written order within 30 days of receiving the complaint. Requests for removal, destruction or blocking access to information must be judged on the basis of reasonableness.
  • Exception: PTA may defer action on a complaint to aid in criminal investigation, but if the complaint deals with modesty of a natural person, the complainant must consent to the deferral.
• Application for review of an order can be filed by any person within 30 days of passing of the order. This review must be decided upon by the PTA within 60 days of receipt of review application.

• Appeal against PTA’s decision on the review application can be filed before a High Court within 30 days of order on the review application.

Criticism of the Rules

Given their rather stringent demands on social media companies that impinge on freedom of speech and expression, the Rules have been widely criticised.

1. Digital Rights Foundation: Nighat Dad, who runs Digital Rights Foundation in Pakistan, said that the new rules give authorities “unfettered power to call any online content illegal or extremist or anti-state,” Reuters reported. Farieha Aziz, founder a the digital rights advocacy group Bolo Bhi, called it “overreach”.
2. Pakistan Software Houses Association for IT & ITES (P@SHA), the country’s only IT and ITES trade association, said in its statement that these rules would “adversely affect Pakistan’s IT sector growth and its fledgling e-commerce industry”. The association highlighted the following problems with the Rules:
   1. Lack of engagement with stakeholders: These rules were drafted without engagement and consultation with the IT industry and other stakeholders.
   2. Reservations about the National Coordinator as s/he is the sole authority for determining emergency situations. This “may result in skewed person-dependent decisions impacting personal and commercial aspects of millions of online Pakistani users”.
3. Asia Internet Coalition (AIC), in its February 15 letter to Prime Minister Imran Khan, said that these Rules would “severely cripple the growth of Pakistan’s digital economy” as it would make it difficult for AIC members to offer services to Pakistani users and businesses. AIC’s members include Google, Facebook, Apple, LinkedIn, Amazon, etc. It had problems with the policy making process itself and urged the government to initiate a proper public consultation “to ensure wider participation to develop a new set of rules”:
   1. Constricting regulatory environment: Lack of consultation with stakeholders outside the government is causing international companies to reconsider the regulatory environment in Pakistan.
   2. Vague and arbitrary rules that undermine rights to expression and privacy: Symptomatic of lack of public consultation, the letter says, the rules overstep what is envisioned in the Pakistan Telecommunication (Re-Organisation) Act and PECA. PECA, in fact, grants safe harbour protection to intermediaries or social media platforms.

***Update (February 28, 2020 12:30 pm): The article was updated with link to the Rules on the Ministry of Information Technology and Telecommunication website.