Context:
The Ministry of Electronics and IT has been actively organizing consultations on the proposed “Digital India Bill” to build conceptual alignment on a new law that will replace India’s 23-year-old Information Technology (IT) Act (2000).
Goal: To upgrade the current legal regime to tackle emerging challenges such as user harm, competition and misinformation in the digital space.
Proposed Changes:
- To include a categorisation of digital intermediaries into distinct classes such as e-commerce players, social media companies, and search engines to place different responsibilities and liabilities on each kind.
- For the proposed approach to be effective, metrics for risk assessment and appropriate thresholds would have to be defined and reviewed on a periodic basis in consultation with industry.
- Accountability and online safety should be the priorities.
- In doing so, it could help create a regulatory environment that helps achieve the government’s policy goal of creating a safer Internet ecosystem, while also allowing businesses to thrive.
Features of Digital India Bill:
- Regulator: The bill aims to create a regulator for the internet.
- Privacy Concern: The bill aims to address the right of the individuals to protect their information and the need to use individual data for legal purposes.
- A threshold will be brought in to what extent the personal data of an individual shall be accessed for legal purposes.
- Exemptions: The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offenses.
- Adjudication: The central government will establish the Data Protection Board of India to adjudicate non-compliance with the provisions of the Bill.
About the current IT Act:
- Definition: It defines an “intermediary” to include any entity between a user and the Internet, and the IT.
- Rules sub-classify intermediaries into three main categories:
- Social Media Intermediaries (SMIs): It facilitates communication and sharing of information between users.
- Significant Social Media Intermediaries (SSMIs): These are the SMIs that have a very large user base.
- Online Gaming Intermediaries
Issues with current IT Act:
- Broad Definition: The definition of SMIs is so broad that it can encompass a variety of services such as video communications, matrimonial websites, email and even online comment sections on websites.
- Stringent Obligations: The rules lay down stringent obligations for most intermediaries, such as a 72-hour timeline for responding to law enforcement requests and resolving ‘content take down’ requests.
- Similar Treatment: Unfortunately, ISPs, websites, e-commerce platforms, and cloud services are all treated similarly.
- By virtue of being licensed, these intermediaries have a closed user base and present a lower risk of harm from information going viral.
- Treating these intermediaries like conventional social media platforms not only adds to their cost of doing business but also exposes them to greater liability without meaningfully reducing risks presented by the Internet.
Global Scenario: So far, only a handful of countries have taken a clear position on the issue of proportionate regulation of intermediaries.
- The European Union’s Digital Services Act: It is probably one of the most developed frameworks.
- It introduces some exemptions and creates three tiers of intermediaries — hosting services, online platforms and “very large online platforms”, with increasing legal obligations.
- Australia: The nation has created an eight-fold classification system, with separate industry-drafted codes governing categories such as social media platforms and search engines.
- Intermediaries are required to conduct risk assessments, based on the potential for exposure to harmful content such as child sexual abuse material (CSAM) or terrorism.
Way Forward:
- Evolve with Technology: While a granular, product-specific classification could improve accountability and safety online, such an approach may not be future-proof.
- As technology evolves, the specific categories we define today may not work in the future. Hence, we need to evolve with technology updates.
- Clear Classification Framework: It’s time for a few defined categories, requires intermediaries to undertake risk assessments and uses that information to bucket them into relevant categories.
- Less Obligations: The goal should be to minimize obligations on intermediaries and ensure that regulatory tasks are proportionate to ability and size.
- By Exemption: Exempt micro and small enterprises, and caching and conduit services from any major obligations
- By Distinction: Clearly distinguish communication services from other forms of intermediaries.
- By Grievance Redressal: Given the lower risks, the obligations placed on intermediaries that are not communication services should be lesser, but they could still be required to appoint a grievance officer, cooperate with law enforcement, identify advertising, and take down problematic content within reasonable timelines.
- Special Obligations: Intermediaries that offer communication services could be asked to undertake risk assessments based on the number of their active users, risk of harm and potential for virality of harmful content.
- The largest communication services (platforms such as Twitter) could then be required to adhere to special obligations such as appointing India-based officers and setting up in-house grievance appellate mechanisms with independent external stakeholders to increase confidence in the grievance process.
News Source: The Hindu
To get PDF version, Please click on "Print PDF" button.