In providing comments on the proposed Intermediary guidelines, the undersigned suggested a new system of Governance of Intermediaries through the comments submitted by FDPPI. The suggestion was made that a new system of dispute resolution on the lines of the domain name dispute resolution policy (IDRP) could be used for detailed due diligence guidelines for the intermediaries.
The IDRP (or whatever other name by which it may be called) is essentially a “Self Commitment” by the Intermediary to a set of due diligence guidelines.
The IDRP will be developed by voluntary agencies who will be the Intermediary Disputes Management centers (IDMC) and such agencies will accredit themselves with the MeiTy/CERT-IN.
The Intermediary in its Privacy Policy and Terms declare that they will subject themselves to the IDRP of the specific IDMC.
The IDMC will be responsible for resolving disputes that arise in the course of the activities of the Intermediary.
The IDMC can introduce three levels of dispute resolution namely
a) Ombudsman who will assess a complaint and provide his award which if accepted will close the dispute.
b) Mediation (Preferably online) as per the general principles of the Indian Arbitration and Conciliation Act as amended, which if successful result in the resolution documented as a conciliation agreement.
c) Arbitration (preferably online) as per the general principles of the Indian Arbitration and Conciliation Act as amended , which if accepted will be the final arbitration of the dispute, except for any permitted legal challenges under the said Arbitration Act.
It is envisaged that the CERT-In will take the lead in ensuring that the Intermediaries follow specified guidelines as are relevant for National Security and in conformity with the principles of the Constitution. Hence at the time of accreditation of an IDMC, the CERT-In will scrutinize the registered policy of an IDMC and approve it after discussion.
This approved policy of an IDMC will be similar to the “Certification Policy Statement” or CPS of a Certifying Authority for issue of digital certificates.
This policy which will be called IDRP of …….. (Name of IDMC) and will be tagged with a “Version Number”. It can be modified from time to time by the IDMC as it may deem fit but each such modified version needs to be approved by the registering authority (CERT-IN).
The IDMC will be bound to faithfully resolve disputes in accordance with the declared policy and any disputes thereof failing which it would be disenfranchised by the CERT-In based on a complaint.
It is envisaged that a suitable customer friendly procedure would be developed by each IDMC for the purpose of dispute resolution. It is recommended that an ODR process would be used. A recommended ODR process is available at www.odrglobal.in for consideration.
The IDRP will take into account all the legal issues that will be considered as an obligation of the Intermediary and the Privacy Policy and Terms that the Intermediary otherwise adopts would be “Subject to the IDRP Version xx of ….. ” and will only contain the functional aspects as are relevant to the services rendered by the Intermediary.
The scope of IDRP would be to settle disputes as regards “Due Diligence” and record the findings. If after a settlement under IDRP, the aggrieved party goes to Court on any contravention and seeks to arraign the Intermediary as a respondent for any liability, civil or criminal, the Intermediary can hold out the defense in the form of a faithful following of due diligence as per IDRP. It will be left to the Courts to take a final call if the Intermediary should still be considered liable or not. Hopefully Courts will in most cases respect the due diligence process if it has been properly implemented. Hence unless the Intermediary is found to have “abetted” in the crime, it should get the protection it envisages under Section 79.
The MEITY as in the case of accreditation of agencies under the Digital Locker System, Certifying agencies etc., may issue general directions on the qualifications for accreditation (which should be predominantly Techno Legal) along with other conditions that are reasonable and necessary. The detailed procedure for dispute resolution would be developed by each IDMC for itself. It may function like a specialized Arbitration Center for Intermediary disputes.
This system will ensure
a) Different IDRPs can be constructed to suit different types of Intermediaries and hence the charge that “One notification fits all will not be correct” is addressed.
b) IDRP will offload all the legal obligations on to a Non Government organization so that the suspicion of Government interference is addressed.
c) Since IDRP will be subject to the Indian Arbitration Act, it is within the domain of the judicial system as accepted and will be further within the writ jurisdiction of the Courts so that any charge of “arbitrariness” or “Vagueness”, “Constitutional Impropriety” etc would be addressed.
I request all the agencies that have submitted their comments now may take a deep look at this suggestion and check if all their concerns can be addressed through this system. If so, there can be a consensus on the system and the Government may be suggested to adopt it.
Towards this objective, the suggestion as filed by FDPPI (Page 21-28 of the first compendium of 609 pages) is reproduced as under:
Rule 14: to be introduced
Notwithstanding what is contained above, an intermediary at his sole option may opt to adopt the “Intermediary Dispute Resolution Policy “ (IDRP) as defined here under.
a) The Intermediary Dispute Resolution Policy may be created and defined by a “Intermediary Dispute Management Center” (IDMC) that intends to specialize in resolving consumer disputes related to the use of Intermediary services and registered with the IN-CERT
b) Any Intermediary can voluntarily associate itself to an “Intermediary Dispute Management Center” and adopt the Intermediary Dispute resolution Policy of that Center.
c) The IDRP shall represent the basic commitment provided by the Intermediary for compliance of the Act and other legal obligations and may include intermediary specific policies as may be required.
d) After adoption of IDRP the Intermediary may disclose the same in its terms and conditions and the Privacy Policy that it shall bind itself to the IDRP of the designated IDMC and that such IDRP shall also be binding on the users. It shall also inform the users that all disputes relating to the service shall be subject to the resolution through an Ombudsman/Mediator/Adjudicator as determined by the policy of the IDMC without any prejudice to the supervisory authority of any Court in India.
e) Adoption of the IDRP as a means of defining the Terms and Privacy Policy and it may restrict its policy declarations to only the functional aspects of its service which will supplement the IDRP.
f) Use of IDRP shall be purely voluntary on the part of the Intermediary.
g) The IN-CERT will receive the necessary applications from intending IDMC s along with their self developed “Dispute Resolution Policy Disclosure Document” and upon satisfaction, shall list such an agency as an accredited IDMC. Such approvals will be provided by a committee headed by the Secretary MEITY and consisting of the Director General of CERT-IN with three co-opted members from the industry with adequate experience and reputation.
We may however add an additional para to accommodate the dis-accreditation requirement in case of necessity.
This could be stated as follows.
h) In the case of any IDMC not adhering to the declared policy or if the policy is considered inappropriate, Any person may raise an objection thereof with the CERT-In and seek dis accreditation of the IDMC. The request shall be reviewed by the designated committee and after providing a reasonable opportunity to the Intermediary and a decision in writing would be issued by the committee either rejecting the request or approving the request. This request itself could be subject to further judicial scrutiny in the appropriate Courts.
I look forward to the reactions on this suggestion. Such comments can be sent to the undersigned or FDPPI or directly to the Government as part of the Counter comments that may be submitted.
Naavi
