Two of the government’s own legal advisers warned it that the new Information Technology (IT) Rules were beyond the scope of the law and required parliamentary approval, but law secretary Anoop Mendiratta overruled this advice for “the larger public interest,” Article 14 reported on Monday. This information was revealed based on internal communication documents obtained by independent journalist Saurav Das under the Right to Information Act.
This advice, however, was given in January and February last year and pertains to an earlier draft of the rules and not the final version. On November 11, 2020, the government issued a gazette notification bringing OTT streaming platforms and digital news media under the Ministry of Information and Broadcasting. Following this, the previously finalized rules were reworked to include a mechanism to regulate OTT platforms and digital news media, the report stated. It is not known if the legal advisers had a chance to review the changes and make comments following the inclusion of OTT platforms and digital news media. Based on the documents obtained by Article 14, the law ministry advisers did not seem to comment on the inclusion of OTT platforms and digital media in the IT rules, but noted that there was “no specific provision in the IT Act enabling (sic) to impose any penalty or to take penal action against the intermediaries or digital media.” The law ministry indicated that violators will be liable under “relevant law” and not under IT Act because the latter would need amendments to allow the same.
Make suitable amendments to IT Act first: Deputy legal adviser
The Information Technology (Guidelines For Intermediaries And Digital Media Ethics Code) Rules, 2021, formulated under the IT Act 2000, was passed on 25 February 2021 to regulate social media companies, but it contains provisions that have been challenged by multiple stakeholders as being overbroad and beyond the scope of the parent act. As a result, the rules are currently facing legal challenges in the high courts of Delhi, Kerala, and Karnataka.
A deputy legal adviser from the Ministry of Law and Justice warned the Ministry of Electronics and Information Technology (MeitY) in January last year to first make “suitable amendments” to the IT Act, 2000 before promulgating the new IT Rules. “It may be advisable to act fairly by the administrative authorities to ensure the rule of law and prevent failure of justice while executing the proposed guidelines to avoid any embarrassment at later (sic) point in time,” the deputy legal adviser said on three occasions last year, the report stated.
“As the proposed guidelines are being subordinate in nature and there is no explicit provision in the Act empowering the central government to make a comprehensive scheme for taking action against intermediaries it may be advisable to explore the option of bringing suitable amendments in the Act to evolve a comprehensive scheme or mechanism to regulate the intermediaries. ” — Deputy legal adviser at the law ministry (emphasis ours)
New rules suffer from the ‘vice of excessive delegation’: Law Ministry Joint Secretary
According to the report, a law ministry joint secretary and legal adviser wrote a three-page note in February 2020 expanding on the advice given by the deputy legal adviser. Referring to section 79 of the IT Act, which provides an exemption to intermediaries from liability in certain cases, the joint secretary said that an intermediary shall only be liable if it is found to be “conspiring, abetting, aiding or inducing the commission of an unlawful act” or “if the intermediary fails to expeditiously remove or disable access to such unlawful material on being notified by the Government/its agency or upon receiving actual knowledge” or “when it does not provide access, help intercept, monitor or decrypt information, or provide information stored in its computer resource upon receiving an order from the government for the interception, monitoring or decryption purposes under sec 69 of the IT Act.”
The joint secretary noted that the new rules “give a wide amplitude to the duties and functions of intermediary” and “seems to extend beyond the scope of third party information, data or communication link made available or hosted by him,” the report stated. The joint secretary also reminded the government that the executive has no power to turn “a particular act into an offence and prescribe punishment for it.”
Stating that the new rules suffered from “the vice of excessive delegation,” the joint secretary further laid out specific provisions of the new rules that need a relook:
- The terms “social media”, “social media intermediary” and “significant social media intermediary” are not mentioned in the parent Act. “Had the terms been present in the Act, the differentiation or criteria thereof in subordinate legislation can be justified,” the joint secretary wrote.
- The term “user” needs to be redefined in the Act on the lines of “addressee” and “originator.”
- The Chief Compliance Officer cannot be held liable for an intermediary’s non-compliance with the rules because this is not defined as an offence in the parent Act.
- The traceability mandate that requires a significant social media intermediary to be able to track the first originator of a message “does not appear to be supported by the provisions of section 69(3).”
- The requirement for significant social media intermediaries to enable users to verify their accounts and provide them with a visible mark of verification is not supported by the parent Act.
Concurring with the deputy advisor, the joint secretary said that the new rules “may require certain corresponding amendments in the IT Act 2000 to justify its vires.”
However, two weeks after sending this note, the joint secretary approved the rules without further discussion after the IT ministry incorporated a preamble. The joint secretary said that “the preamble to the Rules takes care of most of the concerns raised earlier… the same being in general and greater public interest is justifiable.”
MediaNama discussion on legal challenges and compliance burden of the IT Rules
In a panel discussion held by MediaNama last month on the Impact of the IT Rules 2021 on Intermediaries, experts shared their views on the legal aspects of the Rules and whether they will survive a legal challenge.
Are the Rules constitutional? Rahul Narayan, advocate-on-record at the Supreme Court, pointed out that the Rules seem to overstep the remit of subordinate legislation, in line with the views of the government legal advisers. “Rules typically have to be in conformity with the parent act. One of the strongest grounds of challenge in the court is that these rules go well beyond what the parent ever envisaged. And therefore, what needed to have been done was that if you wanted to do something like this, there should have been an amendment in the law rather than making rules.” “When you have rules which really go beyond the scope of the Act, they’re actually bypassing the role of Parliament in a way. So they’re taking power away from the representatives of the people to the government,” Narayan added.
Can Rules create ‘social media intermediary’ definition: Narayan’s view on this concur with that of the legal advisers: “I think the absence of certain definitions in the Act is pretty important. Like it’s difficult for you to create a new category and define that in the rules itself, it would have been far more prudent, for example, for the Act to have been amended to make certain rules.” But Harshitha Thammaiah, General Counsel at Xiaomi India, said that whether the Rules could, in fact, create new definitions was “eminently arguable.”She argued that while the Rules are creating a completely different kind of obligation for intermediaries, it wasn’t possible for a parent Act to contain comprehensive definitions. This was especially true in fields like information technology where things were fast-moving.
Personal liability of compliance officer: The final rules left in place the liability provision for the Chief Compliance officer despite the advice of the joint secretary. The only changes made in the final rules was to provide an option for the officer to be heard. Thammaiah called the Chief Compliance Officer’s position a “very vulnerable” one since the Rules allow the government to take direct action. “[I]n cases where we are talking about something to do with national sovereignty, or if you’re talking about criminal defamation, or anything under the Unlawful Activities (Prevention) Act, etc… If those things — which are pretty draconian— are involved, this Chief Compliance Officer is directly going to the jail.”
Voluntary verification of users: what it means? The joint secretary, in his advice to the government, raised objection to social media platforms being obliged to support user verification. But the final version went ahead with this provision, raising an important question: Does this seem like the first step towards an “Aadhaarified” social media, where everyone’s online persona is traceable. Narayan admitted that this might be the case. “Frankly, I thought the government had actually decided as a couple of years back that they’re not going to make Aadhar mandatory for social media accounts, but it seems to be the first step in that sort of industry direction, I didn’t see the utility as to why it’s done. And I don’t see any real advantages to it,” he said.
- #NAMA: Will IT Rules 2021 Pass The Muster Of Legal Challenges?
- #NAMA: The Traceability Mandate And What It Means For End-To-End Encryption
- #NAMA: Impact Of IT Rules 2021 On Intermediaries, Platform Power And Compliance Burden
- #NAMA: Govt Intention Is Higher Accountability From Platforms: MEITY’s Rakesh Maheshwari On IT Rules 2021