The internet has been a major engine of human development and India has been instrumental in the growth of the digital economy. But while the digital transition has driven social and economic empowerment on the one hand, it has enabled malicious elements to spread a range of online security threats on the other. In order to effectively address these challenges and ensure the continued growth of the digital economy, effective principles-based regulation is crucial. The Indian government has highlighted the need for updated legislation for the digital space and is actively working on the reform of the 22-year-old Information Technology Act 2000 (IT Act), which currently mainly governs Indian cyberspace.
While the government is moving in the right direction, there are crucial reform aspects in IT law from a platform regulation perspective. This was detailed in Volume 1 of The Dialogue and IAMAI’s impact assessment study on India’s platform regulatory regime, with input from 83 stakeholders including intermediaries such as social media, e-commerce, fintech and gaming platforms, as well as civil society, advocates and women’s and children’s rights organisations. The study recommended enabling a progressive liability regime for intermediaries, introducing procedural safeguards to assist law enforcement agencies, and promoting a unified and transparent content blocking regime.
Content Removal and Blocking Powers
Section 69-A was one of the most thoughtful provisions of the IT Act. It empowers the government to issue instructions to intermediaries to remove or block content that undermines the country’s national security. Over the years, the judiciary has identified the need to ensure adequate procedural safeguards in the exercise of the powers under this provision. The case of Shreya Singhal v. Union of India was the first case to entail extensive discussion on the subject. Although the Apex Court upheld the constitutionality of the provision, it referred to the requirement to ensure the existence of the necessary safeguards at the time of its application, including a reasoned order and a fair trial right for the parties concerned. Thereafter, several courts over the past five years have commented on the need to understand the limited scope of S.69-A and to subject its enforcement to appropriate scrutiny as it is likely to have a “deterrent effect” on the right to freedom of expression to exercise The Gujarat Supreme Court in Gaurav Sureshbhai Vyas v. State of Gujarat and the Apex Court in Anuradha Bhasin v. Union of India have held that the powers under this provision are limited to blocking specific Internet applications and not restricting access to the Internet itself. Additionally, in Facebook Inc. v. West Bengal, the Calcutta High Court held that claims at S.69-A are null and void for lack of due process.
While the substantive blocking power is provided for in Section 69A, the process for doing so was set out in the 2009 Blocking Rules, which require more transparency and controls. Rule 7 of the lockdown order, which provides for the creation of a committee to review lockdown orders, needs to be reformed to include retired judges and members of civil society in addition to government officials. The scope of Rule 8 also needs to be expanded to add the requirement to notify the user or publisher of the content of the details of the committee hearing in accordance with the principles of natural justice. The rules should also have a mechanism for users to appeal the government’s decision. Rule 16 provides an exception for the government to keep lockdown orders confidential in the interests of national security. This rule needs to be reformed to ensure adequate checks and balances of state authority, and the public accessibility of the orders should be ensured so that citizens can exercise their right to constitutional remedies and courts can exercise their powers of judicial review.
In the current scheme of things, there are two parallel blocking mechanisms: one under Section 69A of the IT Act and the other under Rule 3(1)(d) of the IT Regulations 2021. The two provisions must be interpreted harmoniously and a unified blocking mechanism required will. In addition, it is crucial that the blocking orders not only reflect the blocking reasons mentioned under § 69a and are justified and documented in detail. In situations where the order falls outside the scope of Section 69A, the order should be issued to the intermediaries only if accompanied by appropriate court orders.
Assistance with law enforcement, search and seizure
One of the key findings of The Dialogue and IAMAI’s impact assessment was the need for greater scrutiny and balancing of the powers of law enforcement agencies (LEAs) to seek information assistance from intermediaries and the need to designate specific officers who can make such requests.
Under Section 80 of the IT Act, any police officer, not below the rank of inspector or any other person cooperating with the central or state government and licensed by the central government, has the right to enter any public premises, search and make a detention without an arrest warrant if the accused person is suspected of a criminal offense under the IT Act. The provision lacks procedural fairness and guarantees to protect fundamental rights. The new framework of IT law should revise this power. The provision authorizing LEAs to conduct searches and seizures without a warrant should clearly identify officers. In addition, the number of such officers should be kept to a minimum in order to ensure a proportionate and measured use of this power. There is also a need to recognize the more formal legal channels established by intermediaries for LEAs to seek support. This ensures that teams trained to respond to legal takedown requests are directly involved and can respond in a timely manner.
Principles-based regulation to protect digital rights and foster innovation
Given the dynamic nature of the technology, it is crucial that the proposed framework is implemented after extensive multi-stakeholder consultation with input from industry, legal and cybersecurity experts, law enforcement officials, cybersecurity organizations and civil society. While it is important to regulate the internet and hold intermediaries accountable, proposed legislation should take a principles-based approach to regulation and uphold the principles of “safe haven” protection in line with the free speech jurisprudence provided in the Shreya Singhal case.
Similar to the 2013 amendments to the Companies Act and the proposed 2009 amendments to the Legal Metrology Act, the proposed framework should follow the trend towards decriminalization and replace criminal liability provisions with a structure of corporate fines. This move is intended to incentivize greater investment in the digital sector and reduce the economic burden on companies, particularly start-ups and MSMEs, which are struggling to fill vacancies where the personal criminal liability of employees also applies in the event of the failure of the company is required.
A statutory provision should also be included in the legislative proposal to strengthen and improve the ability of LEAs to deal with the technological and procedural aspects of information technology. The American Invest in Child Safety Act proposes mandatory $5 billion funding along with 100 FBI agents and 65 other agencies to fight online sex abuse. It is crucial that India learns from such progressive international regulatory frameworks to enable a safer and more pro-growth regime.
(Disclaimer: The views expressed by the author represent the views of DNA India.)