The Dialogue along with the Internet and Mobile Association of India conducted an impact study to address the key operational and implementational aspects of the IT Rules, 2021 for determining the ease of doing business, and safety and privacy implications of these rules.
The study pertains to Part II of the IT Rules, 2021. The study interviewed 70 intermediaries who are regulated by Part II of the rules, including civil society organizations, women and child safety bodies, lawyers, public policy professionals, and cybersecurity experts.
The following are the key findings and recommendations of the study.
Greater platform accountability
The delineation of specific timelines for acknowledgment and redressal of user grievances and publication of monthly transparency reports received better responsiveness from the intermediaries. The study recommends that sustained consultation with civil society and technical experts will drive global best practices for platform accountability in the Indian regime.
Onerous threshold
The majority of the surveyed intermediaries noted that setting a threshold of 5 million users for designating as a significant social media intermediary in a country like India with a population of 1.3 billion will be burdensome from an ease of doing business standpoint. The study recommends that this threshold be revisited according to the global best practices and India’s economic interests. It also recommends using a clear method for threshold computation.
Timelines for content takedown and information assistance
Most of the intermediaries who deal with large amounts of user-generated content thought that singular timelines for takedown of all grades of harmful content impact investment and are overwhelming. The study recommends adopting a risk-based content gradation mechanism and deciding the response timelines for takedowns and information assistance accordingly.
Privacy Concerns in the data retention mandate
Many legal and technical experts indicated the inconsistency of the data retention mandate with the principles of data minimization. The study recommends adopting a 90+ 90 days approach where the intermediaries can store the data for the original 90 days. The dataset may be retained further, or else deleted.
Ramifications of personal liability
The study found that the personal liability mandate is inconsistent with the established criminal law principles. This has led to an excessive compliance burden which impacts the ease of doing business for the intermediaries. The study suggests removing the personal liability provision because of its legal infeasibility and economic repercussions. This can be replaced with corporate financial penalties as the norm.
Infeasibility of originator traceability
Implementing originator traceability was found to be technically infeasible and would weaken end-to-end encryption. The study proposes to refrain from implementing the traceability mandate. It also recommends enhancing the meta data analysis capabilities of the law enforcement ecosystem.
Proactive Monitoring
Most intermediaries believe that proactive monitoring is a critical tool for tackling the deluge of harmful content. The study suggests that Standard Operating Procedures (SOPs) be developed to guide the deployment of tools for proactive monitoring. It also recommends the intermediaries invest in developing more innovative tools for ensuring online safety.
Safe Harbour
Most stakeholders found that the compliance requirements contemplated in the IT Rules, 2021 are diluting safe harbour laws established by the Apex Court. The study recommends upholding the broad immunity protection for intermediaries according to the Shreya Singhal mandate for preserving the free, open, and secure nature of the internet.
Impact of the IT Rules 2021 on Ease of Doing Business
Over 75% of the intermediaries as well as other key stakeholders noted that the mandates under Part II of the rules could create entry barriers and impact the ease of doing business in India. Hence, clear and implementable SOPs must be published with expert inputs for addressing all the operational concerns that impact the smooth implementation of the above rules.
Proposed Overhaul of the IT Act
Due to growing digitalization in society, it is necessary to revisit the existing IT Act to address the challenges of cybersecurity and online safety while promoting digital innovation. For this, the study recommends institutionalizing a multi-stakeholder approach for policy-making and adopting a collaborative Rule making approach for the revamp of the IT Act, 2000.
Read next: India bans the use of VPNs for government employees
