By Sanjay Aggarwal
Social media has become an important part of one’s life. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 released by the Ministry of Electronics and Information Technology (Meity) aim to empower ordinary users of social media platforms and OTT platforms. New IT rules have come into force due to concerns about issues relating to increased frequency of abusive posts on digital platforms and social media, wide circulation of obscene content and spread of obnoxious content related to incitement of violence, public order etc.
The specific clause in new IT rules imposes a personal criminal liability on the chief compliance officer of social media. This provision needs to be re-considered in the interest of “ease of doing business” as well as better “enforcement of laws”. This would enhance legal risks for employees of entities covered by the IT Rules 2021. This should be substituted with an appropriate provision on personal liability as this affects employee morale and confidence. Government should publish the standard operating procedures for provisions for safeguarding the employees in this regard along with case studies and redraft operational clauses for more clarity. It should also provide qualifying definitions and limits. The guidelines can explain circumstances where a compliance officer will be held accountable; possible defenses available to him/her should also be highlighted. Criminal proceedings must be the last resort. This will create a compliance regime based on trust rather than fear. This will also add safeguards for the all stakeholders and help in confidence building for Compliance officers in India.
The responsibilities imposed on intermediaries in the light of new IT rules may have detrimental impacts on ease of doing business. Ease of Doing Business (EoDB) and Unclogging the Justice System by De-Criminalization of Certain Laws is on the radar of government for a long time. There is an increased traction by corporate in jurisprudence towards replacing criminal liability with monetary penalties. Due to the fear of criminal prosecution, pivotal players of a growing economy are hesitant to make financial decisions. It is necessary that timely and in sync with the need for restoring confidence of trade and industry, some bold steps should be taken. These steps should surmount any fear of being penalized for small/bonafide mistakes (which are rectified). This is the immediate need of time.
These rules can result in multiple layers of authorities to comply with which can significantly impact business operations. The proposed Personal Data Protection (PDP) Bill may also impose further restrictions and increase bureaucratic hurdles. The compliance process will impact costs as there is mandatory reporting at monthly intervals. SMEs and Startups will be at grave risk of non-compliance. From organizations’ perspective as well as users’ side, this may result in increased litigation. Cases are filed in Kerala, Delhi and Karnataka High courts against the IT Rules 2021 by individuals and organizations. This may force the courts to lay down the final law.
Globally, governments are trying to address the issue of information asymmetry and data privacy. No country is threatening private company employees with criminal liability for user generated content. In the view of pandemic, government should consider a one-year compliance window as intermediaries may find it extremely arduous for configuring their operations with the obligations imposed on them. The cost of compliance is going to be very high. At the same time personal liability on Chief Compliance Officer is a grave concern. It is recommended to remove personal liability clause. There is anticipation that the personal liability clauses of the IT Rules 2021 will increase the cost of hiring at senior levels with increasing cost of compliance and reporting. Concern of skillsets and experience of candidates when hiring for such a role as well as availability of candidates with such skillsets, coupled with willingness to face legal action is not palatable.
Ministry of Electronics and Information Technology held some consultations with industry associations in 2018 on some clauses of the Intermediary Rules as well as on issued about encryption and privacy. But it seems that the IT Rules 2021 in its presence form does not reflect industry sentiments. It is recommended that more consultative rounds with social media organizations, technical experts and legal practitioners should be held to make the rules industry compliant. Government can hold consultative sessions with industry also on content filtering privacy and monitoring. The implementation of IT Rules 2021 should be postponed for such time till the required inputs of the stakeholders are incorporated for a comprehensive platform regulation regime in India.
(The Author is the President of PHD Chambers of Commerce).