The Centre on 25 February announced new intermediary guidelines, or IT rules, and gave significant intermediaries (platforms with over 5 million users) like Facebook, Twitter, WhatsApp, and Instagram three months to comply, a deadline that ended on Tuesday. What’s next?
Will Facebook, Twitter etc., shut down?
No. Neither the government, nor the rules have mentioned any ban. In fact, experts say the rules cannot lead to a ban. Non-compliance with the rules only means that social media intermediaries and internet firms won’t get safe harbour protections mentioned in Section 79 of India’s Information Technology (IT) Act. This is the part that protects these companies from being sued for posts, comments and text messages that users send over their platforms. Non-compliance with the IT rules will, at best, mean that these intermediaries will function without safe harbour protections for the time being.
What do the new IT rules require?
A key provision empowers the government to ask companies to track down the originator of posts, tweets, and texts within the country. The rules state that if an offensive post is found, the government can lawfully ask these companies to identify the first person who shared it in India. The rules also require intermediaries to appoint Indian citizens in compliance roles, create automated processes for taking down pornography, set up mechanisms to respond to complaints, and remove offending content within 36 hours of receiving a legal order.
Have platforms complied with the rules?
Home-grown Twitter alternative Koo announced its compliance on 22 May. The Centre’s citizen engagement platform MyGov too is in compliance with the laws. Facebook has said it would comply with these rules as well. WhatsApp, on the other hand, has sued the government, arguing that the rules breach the Supreme Court’s 2017 Right to Privacy ruling.
Why is traceability a problem for apps?
Messaging apps like WhatsApp, Signal and Telegram use end-to-end encryption (E2EE), which prevents anyone except the sender and receiver of a text from reading it. However, the platforms say the new rules will require them to digitally fingerprint all messages on their platforms, and keep records of them, in order to be ready for legal requests. This is against the fundamentals of E2EE technology and will require platforms to build backdoors into their code, which can eventually be exploited by cybercriminals.
Are the IT rules only norms for privacy?
No. Experts say the government wouldn’t have faced the legal cases and pushback if it had passed the Personal Data Protection (PDP) Bill first. The PDP will make regulations clearer and once it becomes a law, it will make it easier for the government to lay down traceability norms. A joint parliamentary committee last year proposed the Bill should focus on digitization and localization of data. A final draft of the Bill is expected later this year, though experts say it too could face pushback from social media firms.
Never miss a story! Stay connected and informed with Mint.
our App Now!!