We need to see Twitter’s stance for what it is – a choice to not comply with the personnel requirement under the IT Rules, or approach a court for interim relief against such compliance. But this, by itself, is not a criminal offence. A person can always choose to not opt for a statutory benefit, and face the consequences. Whether a separate offence has been committed, a fact entirely independent of this entire IT Rules imbroglio is something that must be determined by the courts of this land, and not the Government, writes VARUN THOMAS MATHEW.
reported that Twitter had lost its intermediary status for not complying with the recently notified IT Rules. This is entirely incorrect. Twitter cannot lose its intermediary status on account of non-compliance with the IT Rules, but instead, can only lose its protection from liability for the actions of users on its platform.N June 16, 2021, a range of news publications citing unnamed government sources
This is because an entity’s status as an ‘intermediary’ is not a privilege, but a fact derived from its functions. The Information Technology Act, 2000 (IT Act) identifies intermediaries as a special category of entities that process digital information on behalf of another person, typically by providing a digital platform or technology-enabled services.
Simply put, an intermediary is an entity that allows users to create, upload, store, and share digital content, without any direct involvement or control over such content in terms of creation, modification, etc.
SAFE HARBOUR ESSENTIAL
The IT Act provides intermediaries with a (conditional) protection from liability, also known as a safe harbour. Such protection – often described as a form of a legal subsidy to technology companies – was essential for enabling the growth of innovative technologies during the early days of the internet.
The 2004 Bazee.com case, where the CEO was arrested after a user uploaded a pornographic clip for sale on the platform despite the company having taken down the clip after it was brought to its attention, is an example of why such protection is needed.
Intermediaries that have no involvement with or control over the actions of the users, and take swift remedial action when they’re made aware of a legal violation, deserve (limited) protection.
This safe harbour is not absolute, and in India, it is subject to the satisfaction of certain requirements (known as diligences). The imposition of diligence requirements is essential, as large technology platforms can be leveraged for devastating criminal purposes–examples abound of how incendiary content has resulted in riots and even genocide.
Thus, the safe harbour must be tempered by an obligation on the intermediary to exercise diligence and comply with legal directives. Unlawful speech capable of inciting violence must be removed as soon as knowledge is received. The question of when awareness is attributable to an intermediary is a key aspect in the entire debate on intermediary liability–does knowledge exist the moment content is posted, or instead, only when it is flagged by someone? Keep in mind that there are millions of pieces of content uploaded on such platforms every day, and accurately and instantly evaluating each of them is (as yet) impossible.
The celebrated case of Shreya Singhal v. Union of India (Supreme Court, 2015) answered this question-an intermediary gets ‘actual knowledge’ only when it receives a notice from a court or a government authority; prior to this, the intermediary will have no liability for failing to remove content on the platform.
Thus, while an intermediary may always act proactively and per its platform policies, it need not remove content until it is directed to do so. This naturally required intermediaries to set up an adequate communication mechanism so that such directions can be promptly implemented on receipt (36 hours is the mandated timeline), and accordingly, specific personnel were appointed for direct communication lines with the government.
REFUSAL TO COMPLY
This system worked, albeit with issues; there have been instances where intermediaries have refused to take down content despite receiving directions from the government because they believed that such requests violated the freedom of speech guaranteed under the Indian Constitution.
Such a stance would automatically result in the loss of safe harbour for such intermediaries and open them to potential prosecution for unlawful content, but the government did not deem this an adequate consequence, and more stringent measures were sought to bring errant intermediaries to heel.
INCREASING SCOPE OF DILIGENCES
On February 25, 2021, the Central Government notified the Information Technology (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules), which substantially increased the number and scope of the diligences applicable to ‘significant social media intermediaries’. This includes the appointment of a resident employee as a Chief Compliance Officer (CCO) who would be responsible for ensuring compliance with the IT Rules.
Wonder what’s special about a CCO? The CCO ‘shall be liable in any proceedings where she fails to ensure that the intermediary observes due diligence’, quite literally making this position one of the most unpopular jobs in India.
Simply put, the CCO is the fall guy, and since he or she must be resident in India and a direct employee of the intermediary, the government gets a pawn with which they can force compliance by the intermediary – most of whom are foreign corporations with their primary technology-related operations conducted overseas, and thereby beyond the immediate reach of Indian law enforcement. In effect, a CCO is a glorified hostage.
Twitter has not yet appointed a CCO, which is the primary non-compliance alleged. This is undoubtedly a non-compliance with the IT Rules and therefore cause for the loss of Twitter’s safe harbour. Twitter’s reservations are understandable – it does not want to put an employee directly in harm’s way – but most other intermediaries have complied. Thus, it is now vulnerable to liability for its users’ actions.
Imposing strong compliance requirements on foreign intermediaries who use their offshore structure to evade local responsibilities is essential, and there are numerous measures that the Central Government could have adopted to enhance the cost of non-compliance on such intermediaries, including civil penalties.
Moreover, the Government already has extensive powers of blocking that was exercised in 2020 to ban a host of (allegedly Chinese) applications. However, there are problems with the IT Rules attempting to artificially affix criminal liability on a CCO for all proceedings stemming from the non-compliance by the intermediaries.
It is established law [see Sunil Bharti Mittal v. CBI, (Supreme Court 2015)] that the principle of vicarious liability in criminal law can be applied only in one direction – to hold a company liable for the acts of its employees or agents, and not the other way around.
Without a specific act attributable to an individual employee or representative, it is anathema to hold her strictly liable for all criminal actions attributable to non-compliance by a company.
CRIMINAL LIABILITY ONLY IF INTENTIONAL
There is a long line of judicial precedents holding that directors of a company may be held liable only when there is a specific role in or knowledge of the criminal action attributable to them; CCOs cannot be treated differently. Thus, only in cases where the CCO, with knowledge, refuses to implement a directive from a government authority (such as taking down hate speech), on account of which an offence occurs or continues, may the CCO be charged with criminal liability.
Moreover, the untrammelled power of a government body to unilaterally issue directives to intermediaries to remove content is constitutionally suspect, since the determination of whether content violates applicable law – which directly concerns the fundamental rights of the involved parties – is essentially a quasi-judicial function. This is reinforced where such determinations are made pre-emptively, to prevent the commission of offences.
Judicial and quasi-judicial functions cannot be entirely usurped by the Executive without fulfilling certain pre-requisite conditions, as they are required to act judicially in the discharge of such functions. And it is established law [see Madras Bar Association v. Union of India, (Supreme Court, 2014)] that members of a body entrusted with quasi-judicial functions must be drawn from sources possessed of expertise in the law and competent to discharge such judicial functions, such as persons possessing substantial experience in the practice of law, or the requisite qualifications to have been appointed as a High Court or a District Court Judge [see State of Gujarat v. Utility Users Welfare Association, (Supreme Court, 2018)]. Yet, the Executive routinely performs such determinations unilaterally, without fulfilling any of the underlying requirements.
Accordingly, there are deep-seated problems with the powers being wielded by the Executive, that are particularly evident in cases where the government is an interested and conflicted party in the outcome. The provisions of the IT Rules give wide and pervasive powers of control to the Executive, not only over intermediaries but also digital news publishers, and this sparks an imminent threat to the freedoms guaranteed under Article 19(1)(a) of the Constitution.
Currently, the IT Rules are being challenged across different High Courts, and it is imperative that the defects therein are judicially excised.
Of course, numerous other countries have passed stringent, and often problematic laws to counter unlawful speech online. An example is Germany’s Network Enforcement Act, known as NetzDG, which lays out stringent timelines for content removal, large monetary penalties for non-compliance, and mandatory law enforcement cooperation, all of which could undoubtedly negatively impact privacy and free speech. Thus, India’s IT Rules cannot be viewed in a vacuum.
But we need to see Twitter’s stance for what it is – a choice to not comply with the personnel requirement under the IT Rules, or approach a court for interim relief against such compliance (like Livelaw did before the Kerala High Court) – but this, by itself, is not a criminal offence. A person can always choose to not opt for a statutory benefit, and face the consequences. Whether a separate offence has been committed, a fact entirely independent of this entire IT Rules imbroglio is something that must be determined by the courts of this land, and not the Government.
(Varun Thomas Mathew is a New Delhi based lawyer. Views expressed are personal.)