FAQs miss bullseye on IT rules

By Freny Patel

The government’s attempt at providing clarity to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, in the form of a frequently asked questions (FAQ) document has failed to address the most controversial aspects, including the traceability provision, and part III of the rules that is aimed at regulating digital news publishers and OTT (over the top) platforms.

The IT Rules, which came into force on 26 May, enhance the government’s power over social media and news portals. They were released with the stated intention of empowering social media users to fight online abuse, as well as putting a check on fake news.

A series of lawsuits filed by some of the country’s leading media houses against the IT Rules are pending before several courts, so it is perhaps understandable that the FAQs do not or cannot clarify part III of the rules, lest it be construed as sub judice.

Several courts have imposed a stay on the government’s enforcement of the rules against digital news publications, which fear the rules will curb freedom of speech and expression.

The Ministry of Electronics and Information Technology (MeitY) has passed the buck, saying that clarification for news and current affairs content should be sought from the Ministry of Information & Broadcasting.

The FAQs are supposedly in response to general queries received by the MeitY, which clarified that the FAQs do not constitute a legal document and do not replace, amend or modify any portion of the Information Technology Act, or the rules.

While the clarification in the form of FAQs is “helpful”, Jyotsna Jayaram, Trilegal’s Bengalurubased partner, who is part of the firm’s TMT practice group, points out that it largely “reiterates what is contained in the rules”.

The rules had explained and fleshed out in more detail the obligations of intermediaries with respect to notifying and appointing relevant officers, said Jayaram.

“There was also some confusion on whether entities with multiple offerings would be able to appoint the same individual as the required officers for all its offerings,” she said, adding that this had since been clarified.

The FAQs help clarify that social media intermediaries can appoint common officers across all their products or services, not one for each product or service. However, they need to mention the contact details of each officer separately on each of their products or services.

The roles of the nodal contact person and the resident grievance officer may be performed by the same individual but a separate chief compliance officer will need to be appointed, the rules state.

This would help social media intermediaries streamline processes and avoid an undue compliance burden, pointed out an IT lawyer, who cited how Twitter nearly lost its legal indemnity clause over its failure to appoint statutory officers in compliance with the IT Rules. Delhi High Court finally granted the microblogging site a three-week extension to comply with the rules.

The FAQs would have caused Google to sigh with relief after the search engine petitioned Delhi High Court in June this year. Unlike Facebook, WhatsApp, Twitter or YouTube, it clarified that Google should not be characterised as a social media intermediary under the IT Rules, since search engines cannot be used to contact people.

A social media intermediary had to be one that primarily or solely enabled online interactions, and not one that incidentally enabled such interactions, said Jayaram. The FAQs had clarified that search engines and email service providers would not be treated as social media intermediaries, which was a helpful clarification, she added.

WhatsApp, on the other hand, continues to face a dilemma because the FAQs do not give any leeway on the need for social media intermediaries to provide identification of the first originator of messages if requested by the Indian government.

The day the rules came into effect, Facebook’s messaging service, WhatsApp, urged Delhi High Court to declare that the traceability provision under the IT rules was “unconstitutional”.

The government has stated that its intention on the first originator identification requirement was not to break or weaken encryption, and only required registration details of the first Indian originator of the message.

“It is up to the social media intermediary to figure out what systems they need to put in place to meet this, including how to generate the hash value based on which the originator may be identified,” Jayaram told India Business Law Journal. She said the FAQs stated this would not compromise the privacy of users because it would only be in accordance to lawful requests by the government.

WhatsApp told the court that the requirement to enable “the identification of the first originator of the information” would force the messaging service to break encryption and undermine users’ fundamental right to privacy.

It remains to be seen how the IT Rules-administered by two ministries, with certain operative portions stayed by courts-pan out, because the FAQs have certainly not addressed all the doubts and controversies created in the wake of the rules being released.

The Briefing is prepared by Freny Patel.