Compliance complications for small digital media after May 26th 2021

Over the last few days, developments regarding Cyber Law in India have overwhelmed most of us and left us engaged full time on following the developments.

In these discussions the future role of digital media is being re-defined and consequently  introduced some complications that require to be resolved quickly.

ITA 2000/8 identified “Intermediaries” which required a safe harbor provision to ensure that the mere act of being a conduit of a message does not make the intermediary liable for any contravention of law by the user of the intermediary service.  While this definition was more suitable for ISPs and MSPs, the inclusion of other services such as E Commerce platforms in the 2008 version introduced some confusion.

The definition of an intermediary under ITA 2000 version was

“Intermediary” with respect to any particular electronic message means any  person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;”

In amended version passed in 2008 and notified on 27th October 2009, the definition was expanded as follows.

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

The introduction of additional services as an explanation mixed up “Intermediaries” with entities which exercised control on the messages like what Twitter does. The moment an organization exercises control on initiating the transmission, selecting the receiver of the transmission and selecting or modifying the information contained in the transmission, they lose the status of an intermediary. Hence only such of those platforms which retain minimal control (excepting mandated control by law) will be eligible to be called Intermediaries. Most of the E Commerce platforms may have a small part of their activities such as “Advertising” in which they will be intermediaries. But in rest of their activities, they will not come under Section 79 but will fall under Section 43A for seeking any protection against vicarious liabilities.

In the meantime, PDPB 2019 introduced a term “Social Media Intermediary” stating

 “social media intermediary” is an intermediary who primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services, but shall not include intermediaries which primarily,—

(a) enable commercial or business oriented transactions;

(b) provide access to the Internet;

(c) in the nature of search-engines, on-line encyclopedias, e-mail services or on- line storage services.

The objective of this definition was to state that Social media intermediaries above a threshold of user base were to be classified as “Significant Data Fiduciaries” and were required to provide a voluntary technological means for users to identify themselves and display that identity in front of their messages.

With these statutory definitions behind us, the Intermediary Guidelines and Digital Media Ethical Code of February 25, 2021 gave further definition of a Social Media Intermediary as

‘social media intermediary’ means an intermediary which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services;

While the PDPB 2019 definition excluded the normal intermediaries such E Commerce entities, ISPs and search engines, the definition in the Intermediary guidelines was an extension from the definition of intermediaries without a proper explanation of what it does not include.

At the same time, the Intermediary guidelines defined the “Digital Media” as

‘digital media’ means digitized content that can be transmitted over the internet or computer networks and includes content received, stored, transmitted, edited or processed by-
(i) an intermediary; or
(ii) a publisher of news and current affairs content or a publisher of online curated content;

The Intermediary guideline also defined the “News and Current Affairs Content” so that a digital media who is also a publisher of of news and current affairs content could be identified for application of the ethical code and the self regulation.

This defined news and current affairs content as follows

‘news and current affairs content’ includes newly received or noteworthy content, including analysis, especially about recent events primarily of socio-political, economic or cultural nature, made available over the internet or computer networks, and any digital media shall be news and current affairs content where the context, substance, purpose, import and meaning of such information is in the nature of news and current affairs content.

From out of these “Social Media Intermediaries”, the class of “Significant Social Media Intermediary” was defined with a user base of 50 lakhs and above and were subjected to the specific guidelines as envisaged in the notification. Some part of the guideline such as the Grievance redressal as well as furnishing of information was applicable to a “Publisher of news and current affairs content and publisher of online curated content operating in India” for which a form was notified on May 26, 2021.

One important part of the guideline was that the “Publisher” was to preserve records of content transmitted by it for a minimum period of 60 days and make it available to the self regulating body of the Central Government.

All publishers were also required to follow the Level I self regulating mechanism which included the establishment of a grievance redressal mechanism, display of contact details etc and to become a member of a self regulating body formed under Level II.

The self regulatory bodies under Level II were to get themselves registered with the MIB.

In this entire maze of definitions and compliance requirements, many bloggers and companies publishing digital information are confused if they come under the definition of a “Digital Media” or a “Publisher” and whether they need to have new compliance measures.

We must consider that the regulations are evolving and there are many grey areas that need to be clarified.

Unfortunately the Level III regulatory mechanism which includes designation of a an “Authorized Officer” and publishing of a charter for self regulating bodies including Codes of Practices for such bodies has not yet been announced  by the MIB.

Without the MIB coming up with the Charter under which the Level II self regulatory bodies get themselves registered, Level I self regulation cannot be completed.

Further if the Level II regulatory bodies are headed by a retired Supreme Court judge etc, they will tend to be high cost bodies and the cost of maintaining a membership with such organizations will be prohibitive except for large digital publishing entities.

Currently these regulations are applicable (Clause 8 of the February 25 notification)  to all publishers where such publisher conducts systematic business activity of making its content available in India.

 “systematic activity” shall mean any structured or organised activity that involves an element of planning, method, continuity or persistence. 

Naavi.org has been trying to understand the applicability from the perspective of a website such as Naavi.org or FDPPI.in or dpji.in  or privacy.ind.in, etc. Obviously it is a question of interpretation whether Naavi.org is a “Digital Publishing” activity for the purpose of these regulations because it includes publication of some news and analysis of news.

The legislative intent of the notification obviously does not appear to make every blog owner register himself or even if he registers himself for the purpose of “Contact information” and “Grievance officer”, make it mandatory for him to be a member of a self regulatory body and incur costs.

Hence there is an urgent need for the MIB to clarify that ” Mandatory membership with a Level II Self Regulatory Body” is not applicable to all web site/blog owners.

Hence Rule number 11(2)(d) should be applied only to “Significant Social Media Intermediary” and not to all “Publishers”.

I request MIB to issue a clarification on this immediately since some Level II Self Regulatory Bodies are speaking of membership fees of Rs 50,000/- and above and it is unthinkable for blogs like Naavi.org to pay such fees.

If MIB remains silent, then there will be a new scam of Level II self regulatory bodies using this opportunity for exploiting small digital media establishments.

It must however be noted that at present, the February 25th notification is under Section 79 of ITA 2000 and hence does not come with any direct penal provisions. Hence no fines can be imposed for non compliance nor the non complying organizations will be required to shut down operations. The only loss if any would be the safe harbor protection.

Instead of letting the uncertainty prevail, it is better for MIB to provide a clarification that  a non significant social media intermediary needs to conform only to rule 11 (2) (a),(b) and (c) and membership of the Level II self regulatory body is optional.

In the meantime, Naavi is encouraging some like minded persons to come together in establishing  Level II Self regulatory body which will not charge Rs 50000/- membership and managed by media professionals though it is not headed by a retired Supreme Court judge.

Further, it must be recognized that just as PDPB 2019 declares that the regulator (DPA) is himself a Data Fiduciary, a Level II self regulatory body will also require to introduce  Level I self regulation. In other words the Level I and Level II regulation will be managed by the same organization unless the Government makes it mandatory that Level II self regulatory bodies introduce some cross certification of their self regulatory process. Alternatively, “Peer Review of Self Regulation” can be opened out to all Level I self regulation of non significant social media intermediaries.

It is possible that the Government has not thought through all these issues and were forced to fast track the system due to the Twitter controversy. But it would be necessary to fine tune the procedures to ensure that it does not create confusion in otherwise compliance oriented establishments.

(Comments are welcome)

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

2 Responses to Compliance complications for small digital media after May 26th 2021

  1. anuj agarwal says:

    can a rule introduce ‘social media intermediary’ which is not in the act

Leave a Reply to Vijayashankar Na Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.