[This post has been authored by Raashi Vaishya, a fourth year student at the NMIMS Kirit P. Mehta School of Law, Mumbai.]
The sentiment of intermediary liability in India can be felt from the dialogue that transpired between Cleopatra and the messenger who informed her about Antony’s marriage. When Cleopatra threatened to treat the messenger’s eyes as balls, he replied, “Gracious madam, I that do bring the news made not the match.”
In today’s contemporary world, unfettered access to the internet has led to a colossal upsurge in the quantum of users on social media platforms, by virtue of which the volume of illegal activities has spiralled through the roof. The crucial question that lies here is whether ‘intermediaries’ can be held liable for the felonious acts of third parties and to what extent?
What are Intermediaries?
In the milieu of internet, intermediaries include all people and establishments who furnish the fundamental framework required to carry out online operations on the web. While one cannot draw out a single and succinct function of an intermediary, it predominantly tethers data between countless nodes of the internet. The legal definition of this term is enshrined in Section 2(1)(w) of the IT Act, 2000.
What are Safe Harbour Provisions?
The cosmic growth of the internet has led to sheer magnitudes of data being transmitted online. Although much of it is encrypted, intermediaries still run the risk of being held liable for information that they do not “generate, modify, review or select.” Since they are mere “intermediate conduits,” it would be unjust to hold them accountable for any spurious, obnoxious or offensive content posted by third parties. Safe harbour provisions grant exemption to intermediaries from prosecution against illegal or criminal activities of third parties, subject to satisfaction of certain requirements.
Key Issues With The Current Safe Harbour Regime
The prerequisites for availing safe harbour protections are exceptionally rigid and have deviated from the world’s realities.
To reap the benefits of safe harbour protection under the IT Act, intermediaries must confine their roles to mere technical assistance wherein it offers automated processing of user-generated material. As soon as an intermediary assumes an active role by taking knowledge or control over user-generated data, it stands a risk of losing its immunity. The Delhi High Court, in the landmark judgement of “Christian Louboutin SAS v. Nakul Bajaj” comprehended the meaning of “passivity” and drew up an exhaustive list of functions attributable to an active intermediary. These functions are wide in itself to cover most, if not all, intermediaries within its ambit and thus, drastically diminishes the probability of securing safe harbour protection under the It Act.
Rule 3(4) of the Intermediary Guidelines, 2011 embeds the takedown provision which affixes legal onus on the intermediary to exercise their “own judgement” and withdraw any content in breach of Rule 3(2) within thirty-six hours of attaining “knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature…” This rule was criticised as it led to arbitrariness in removal of material deemed to be unlawful. This issue was rectified in the case of “Shreya Singhal v. Union of India” wherein the Supreme Court narrowed down the scope of “actual knowledge” contained in Section 79(3)(b) of the IT Act, 2000 and Rule 3(4) of the Intermediary Guidelines, 2011 to denote either an intimation by way of a court order or notification by the Government. In contrast, the case of “Super Cassettes Industries Ltd. vs Myspace Inc.” saw the Delhi High Court rule that “specific knowledge” through intimation by the copyright owner, in the format provided in its website, is sufficient.
Recently, in the matter of “Swami Ramdev and Anr. vs. Facebook Inc. & Ors,” the Delhi High Court opined that the Indian takedown policy imposes an obligation on intermediaries to takedown that specific unlawful material globally. It is pertinent to note that some content may not be unlawful as per the laws of other jurisdictions and in such circumstances, the intermediary may be held accountable for an “unlawful takedown” in jurisdictions where hosting such content legally permissible.
Key Concerns With The Proposed Amendments To The Intermediary Guidelines, 2011
The draft Intermediary Guidelines (Amendment) Rules, 2018 (hereinafter “The Draft Rules”) impose inevitably arduous provisions which intermediaries must oblige with if they want safe harbour protection under the IT Act.
Firstly, the intermediaries are expected to notify their users, at least once every month, about their compliance with the user-agreement norms. The bigger issue here lies in the ambiguity of the mode of sending monthly notifications to the users.
Secondly, the Draft Rules expect the provision of mandatory assistance by intermediaries to “any Government agency” within 72 hours of such request being raised. The IT Act itself enlists specific officers eligible to investigate the corresponding cyber offences; Thus, the Draft Rules materially dilute these set criteria by imposing a duty on intermediaries to cater to “any Government Agency.”
Thirdly, Rule 3(5) of the Draft Rules states the intermediaries’ duty to trace out the original source of any information published or communication exchanged on their platform. This not only interferes with the privacy of the users guaranteed as a Fundamental Right in “KS Puttaswamy v. UOI,” but also neglects the intermediaries’ inability to detect the originator of information in end-to-end encrypted applications like Signal, Whatsapp, etc. Since such service providers do not have access to the content shared by users on such platforms, locating the originator of data would be an unconquerable obstacle.
Fourthly, Rule 3(9) of the Draft Rules obligates intermediaries to employ a devoted screening mechanism that filters out any unlawful content published online. As soon as intermediaries start scanning content by exercising their “own judgement,” they tend become active participants who regulate and modify information resulting in them losing safe harbour protection under the IT Act. While automated tools can be deployed to auto-filter unlawful content, it may still be prone to errors as they do not warranty hundred percent accuracy.
Lastly, Rule 3(7) of the Draft Rules mandates all intermediaries having user traffic of more than 5 million users in India to be incorporated along with a permanently registered office in India. Not only would this requirement inflict adverse tax implications, but will also escalate operational expenses. The obligation to appoint a “nodal person” is synonymous to the appointment of an “alternate senior designated functionary” as deputed under the Draft Rules and thus, comes off as unreasonable and preposterous.
Proposing such drastic amendments would not only take intermediaries’ productivity to back seat but would also pose great economical and practical challenges for intermediaries. However, employing a “laissez-faire” approach by granting absolute freedom to intermediaries is indeed not a sagacious option. The Draft Rules must depict a methodical way of dealing with the removal of content deemed to be unlawful without having a chilling effect on free speech. It must avoid using vague terminologies at all costs and ensure that the rights of users are not compromised. The intermediaries should engage in educating users about disinformation and invest in tools that safeguard their platforms from any data, security, or other legal breaches. While intermediaries should focus on reducing the echo-chamber and filter bubble effect, the need of the hour is to devise strong safe harbour protection laws that permit intermediaries to operate freely without fretting about prosecution. It is time to rekindle a flame in the dying fire of the Indian safe harbour protection laws.
 William Shakespeare, Antony and Cleopatra, Act II Scene 5.
 Information Technology Act 2000, s 79(2), s 79(3)
 Christian Louboutin SAS v. Nakul Bajaj  253 DLT 728, 
 Shreya Singhal v. Union of India  5 SCC 1,