The laws governing intermediaries1 in India have been changing constantly to adapt to the dynamic nature of the internet. With an unimaginable amount of data being shared between users in a matter of seconds, it is highly impossible for intermediaries to effectively regulate it that is being exchanged over their platforms. However, the law as it stands today is much more relaxed and has taken several amendments to the Information Technology Act ("IT Act") and rules thereunder, as well as judicial rulings to bring about relaxations in the liability of intermediaries.  

Earlier challenges faced by intermediaries

When the IT Act came into force in 2000, it only recognised network service providers as intermediaries and thereby placed on every other internet platform the burden of regulating content stored or shared by third parties via their platform. The liability of internet platforms was connected with every bit of content that was stored or uploaded on their platform, which was a cause of concern. It was the case of Avnish Bajaj v. State2 that triggered the much-needed amendment to the IT Act, wherein, the lack of safeguards for internet platforms almost saw the Managing Director of the website 'www.bazee.com' facing criminal prosecution for third party content. The Court recognised that while the third party content displayed on the website was illegal by law, the Managing Director could not be implicated in this matter in lieu of the company he managed.

Much needed changes

Safe Harbour Protection - The 2008 amendment to the IT Act brought in the protection under Section 79 and the same was done keeping in mind the case of Avnish Bajaj, wherein, it was made clear that the definition of intermediaries required expansion to include various internet platforms that handle third party content and also provide such intermediaries protection against liability for third party content on their platforms. Certainly, the protection provided under Section 793 of the IT Act was not blanket protection, certain conditions needed to be met in order to claim such protection, such as:

"(a) The function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or

(b) the intermediary does not– (i) initiate the transmission, (ii) select the receiver of the transmission, and (iii) select or modify the information contained in the transmission;

(c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf."

It is prudent to note that the protection under the section does not apply in cases wherein the intermediary themselves conspired, abetted, aided or inducing the unlawful act and in cases wherein the intermediary has received actual knowledge of such content, but failed to act upon it. Intermediaries are required to follow a set of rules and regulations in the discharge of their duties, in order to claim protection under Section 79 of the IT Act, accordingly, the Government of India introduced The Information Technology (Intermediary Guidelines) Rules, 2011. While intermediaries were to some extent free from prosecution for third party content on their platforms, their problems were far from over.

No duty to entertain all user requests - As the internet grew in its user base, the number of end users on such intermediaries was numerous, and more than often they would flag down offensive or unlawful content by reporting the same to the intermediary. Such intermediaries would be flooded with user requests and attending to each and every request was a colossal task. Relief was provided to intermediaries in the case of Shreya Singhal v. Union of India4, wherein, the Supreme Court held that it would be difficult for intermediaries to act upon every user request to take down allegedly unlawful content. The Court further interpreted the term 'actual knowledge' under Section 79(3)(b) of the IT Act, to exclude such user requests and mean a court order or upon being notified by the appropriate government or its agency.

No duty to screen illegal content or copyright infringement – The case of My Space Inc. v. Super Cassettes Industries Ltd.5, further relaxed the obligations and duties of intermediaries to pre-screen content that is being stored or uploaded onto their platform. Here the Delhi High Court stated that if intermediaries were to take up such pre-screening responsibility, it would curtail free speech and censorship would be in the hands of private entities. However, the Court noted as an exception that when the intermediary is notified by any content owner about any infringement, they should take appropriate steps to take down the same and there shall be no requirement for a court order or notice from the government in such cases.

It is pertinent to note that for intermediaries to avail the safeguards above mentioned, they would require to have in place appropriate due diligence measures to try and avoid such situations to the best of their ability. The Delhi High Court reinstated the same in the case of Christian Louboutin SAS v. Nakul Bajaj and Ors6, the Court held that failure to observe due diligence could amount to conspiring, aiding, abetting or inducing the unlawful conduct.

Latest changes

While the above relaxations restricted the liability of intermediaries in many ways, the government still wanted to tighten the existing rules and ensure that the residual responsibilities of intermediaries are adhered to diligently. Accordingly, the Government of India notified The Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021.7 For the benefit of intermediaries, it is clear from the various rules formulated under the IT Act that the government has taken into account judicial precedents and has understood that intermediaries have limited control over third party content on their platform and thereby cannot be held liable for the same, except under certain circumstances.

But the new rules have given an exhaustive list of duties that intermediaries must follow, such as:

  1. Publish rules and regulations, privacy policy and user agreement that provide such information to its users about how and how not to use their platform, as well as what content they may or may not store or upload.
  2. Inform their users periodically or at least once a year or when any changes are made, to adhere to their rules and regulations, privacy policy and user agreement, failing which the user account could be terminated.
  3. When a user registers on its platform, the user's data shall be retained for a period of one hundred and eighty (180) days after cancellation or withdrawal of registration.
  4. Shall take all such necessary security measures and procedures to safeguard its platform and the information thereon.
  5. Shall comply within thirty-six (36) hours any court order or notice from the government or its agency, for the removal of any content on its platform which is prohibited by law.
  6. Shall store all such data or information that is required to be removed under sub-clause (c) for a period of one hundred and eighty (180) days for the purposes of investigation.
  7. Shall provide any assistance or such data or information required by a government agency within seventy-two (72) hours of receipt of notice; such notice shall specifically state the reasons for which the information or assistance is needed.
  8. Publish the name of its Grievance Officer and the procedure that should be followed by a user in making a complaint about a contravention of the rules under the IT Act.
  9. Shall report any cybercrime incidents on its platform to the Indian Computer Emergency Response Team.
  10. While intermediaries have no duty to entertain all user requests, on receipt of a complaint by an individual regarding any non-consensual material that exposes the complainant partially or fully or depicts the complainant in a sexual act or conduct, or shows a morphed image of the complainant, then the intermediary shall remove or disable access to such content within twenty-four (24) hours.

In order to tighten the grip of the executive over intermediaries, the rules have further gone on to differentiate social media intermediaries as well as significant social media intermediaries (which shall be determined by the number of users), placing on them additional responsibilities given that their platform is used by much more users.

Conclusion

The changes to the IT laws over the years with regard to intermediaries have been tremendous and are constantly undergoing changes; while the liability over third party content has decreased significantly, the duties of intermediaries have been increased considerably. These changes have ensured that the plain meaning of the term intermediaries is upheld and that online platforms are just a space for interaction between end users, wherein the platform itself shall not be liable for any wrongful acts of its users. The decision in the case of Avnish Bajaj v. State is the most notable decision and the starting point of the major amendments to the IT Act with regard to intermediaries. Further, the increase in duties through various amendments and rules should only be taken in a positive light, as it is only a means for intermediaries to safeguard themselves and avoid liability from the wrongful acts of users who use their platforms. However, it should be noted that these duties are strict in nature and failure to perform such duties would reopen the liability of intermediaries to the full extent as per the IT Act.

Footnotes

1 Intermediary, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.

2 (2008) 150 DLT 769

3 Exemption from liability of intermediary in certain cases.–(1) Notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him.

4 (2015) 5 SCC 1

5 236 (2017) DLT 478

6 2018(76) PTC 508(Del)

7 https://pib.gov.in/PressReleasePage.aspx?PRID=1700749

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.