A notice has been issued to the Union government by the Delhi High Court on WhatsApp’s petition opposing the traceability clause mentioned in the Information Technology (Intermediary Liability and Digital Media Ethics Code) Rules, 2021, LiveLaw reported. The notice was issued after Senior Advocate Mukul Rohatgi, who appeared on behalf of WhatsApp, objected to the Centre’s demand for an adjournment.
In May this year, WhatsApp filed a lawsuit against the Indian government over the new IT Rules, 2021, arguing that the rules would compel the messaging platform to break encryption and infringe upon user privacy. WhatsApp moved the High Court a day after the May 25 deadline announced by the government for compliance with the rules.
The IT Rules have come under tremendous scrutiny as they have a fundamental impact on how internet-based companies operate in India. They cast doubt on the sanctity of the right to privacy, speech, expression, press freedom, violations of human rights in some instances, and pave the way for a tightly-regulated internet.
What happened in the hearing?
The matter was heard by the division bench comprising Chief Justice DN Patel and Justice Jyoti Singh, according to LiveLaw.
“On first date of hearing, other side came and said they want to seek some instructions. So notice was not issued. Today again they moved a letter seeking adjournment. At least issue notice, let them file a reply. It’s a very serious question raised in relation to validity IT Rules 2021. We are not asking for an interim order just now.” Rohatgi argued In his submission to the Court.
The next hearing has been scheduled on October 22, 2021.
Details about WhatsApp’s petition
WhatsApp’s petition contends that the “traceability” clause mentioned under Rule 4(2) of the IT Rules is a violation of a person’s right to privacy.
Decrypting end-to-end encryption for traceability
- The Rules require a significant social media intermediary providing services primarily in the nature of messaging to enable the identification of the first originator of a message.
- The Rules require platforms to only provide this information for people credibly accused of wrongdoing.
- WhatsApp, however, said that this cannot be done for specific people and it would have to break end-to-end encryption for both receivers and originators of a message in order to comply with the law.
There is no law enacted by Parliament that expressly requires an intermediary to enable the identification of the first originator of information in India on its end-to-end encrypted platform or otherwise authorizes the imposition of such a requirement through rule-making. While Impugned Rule 4(2) seeks to impose such a requirement, the Impugned Rule is not a valid law as it is subordinate legislation, passed by a Ministry and not Parliament, that is ultra vires its parent statute, Section 79. — WhatsApp petition
Failing the Puttuswamy test
WhatsApp’s petition refers to the triple test laid down by the landmark privacy judgement (KS Puttuswamy v. Union of India) by the Supreme Court in 2017. The test says that privacy must be protected except in cases where legality, necessity, and proportionality all weighed against it. The petition said:
- The new rules fail all three of those tests laid down by Article 21 of the Indian constitution.
- The rules were in violation of Article 14, the Right to Freedom of Speech and Expression.
- They contravene sections 79 and 69A of the Information Technology Act.
Impugned Rule 4(2) allows for the issuance of orders to identify the first originator of information in India without judicial oversight, let alone prior judicial oversight, which means there is no “guarantee against arbitrary State action”. Impugned Rule 4(2) therefore should be struck down as it is an unconstitutional invasion of the fundamental right to privacy. — the petition.
Other requirements for social media intermediaries under IT Rules
A significant social media intermediary is described as a platform having more than 50 lakh registered users. Some of the guidelines laid down are:
Grievance redressal mechanism: The companies need to publish the name of a grievance officer to whom users or victims can make complaints against violations of the Rules. These complaints must be acknowledged within 24 hours, and disposed within 15 days of receipt. They also have to appoint Chief Compliance Officer, and a Resident Grievance Officer.
Transparency reports: Companies must publish compliance reports every month with details of complaints received and action taken, and “other relevant information”. These reports must also contain the number of links or information that it has removed using proactive monitoring by automated tools.
Content removal within 36 hours of an order: All intermediaries are expected to remove content or prevent access less than 36 hours after getting an order from the Court or a government agency. The Rules also direct companies to provide information which can prevent crime and aid investigations within 72 hours of a legal order. A nodal person of contact should be appointed for coordination with law enforcement agencies and officers to ensure compliance of their orders.
Voluntary takedowns: The Rules also ask for the companies to take down content which is defamatory, obscene, pornographic, paedophilic, invasive of privacy, insulting or harassing on gender, and related to money laundering or gambling.
Disabling content within 24 hours of complaints: Intermediaries will have to remove content that exposes a person’s private parts (partial and full nudity); shows any sexual act; is impersonation; is morphed images within 24 hours of individuals (users or victims) reporting the grievance.
Taking down content using automated tools: Significant social media intermediaries will be expected to deploy technology-based measures such as automated tools to proactively identify information that depicts rape, child sexual abuse (CSA), or any other information. The measures will have to be proportionate with regard to the right to free speech and expression and user privacy.
Voluntary verification of users: Significant social media intermediaries will be required to allow users in India to voluntarily verify their accounts using “any appropriate mechanism”.
- IT Rules 2021: CEO Will Cathcart Says WhatsApp Hopes To Find Solution To Traceability Without Breaking Encryption
- Indian Government Responds To WhatsApp Court Plea: Right To Privacy Is Not Absolute
- Identifying A Message’s Originator Undermines End-To-End Encryption: Internet Society
- Government contemplates single law to regulate all media as IT Rules face legal challenges
Have something to add? Post your comment and gift someone a MediaNama subscription.