Proposed ‘Digital India Bill’
The Ministry of Electronics and IT has been actively organising consultations on the proposed “Digital India Bill” to build conceptual alignment on a new law that will replace India’s 23-year-old Information Technology (IT) Act.
The goal is to upgrade the current legal regime to tackle emerging challenges such as user harm, competition and misinformation in the digital space.
The bill aims to create a regulator for the internet.
The main challenge in data protection or regulation is the right of the individual to protect his information and the need to use individual data for legal purposes. The bill aims to address this challenge.
A threshold will be brought in to what extent the personal data of an individual shall be accessed for legal purposes.
Changes being proposed include a categorisation of digital intermediaries into distinct classes such as e-commerce players, social media companies, and search engines to place different responsibilities and liabilities on each kind.
Why the present regime is untenable
The current IT Act defines an “intermediary” to include any entity between a user and the Internet, and the IT Rules sub-classify intermediaries into three main categories.
Social Media Intermediaries (SMIs), Significant Social Media Intermediaries (SSMIs) and the recently notified, Online Gaming Intermediaries.
SMIs are platforms that facilitate communication and sharing of information between users, and
SMIs that have a very large user base (above a specified threshold) are designated as SSMIs.
However, the definition of SMIs is so broad that it can encompass a variety of services such as video communications, matrimonial websites, email and even online comment sections on websites.
The rules also lay down stringent obligations for most intermediaries,
Such as a 72-hour timeline for responding to law enforcement asks and resolving ‘content take down’ requests.
Unfortunately, ISPs, websites, e-commerce platforms, and cloud services are all treated similarly.
This one-size-fits-all approach fails to account for the varying degrees of risk and harm associated with different types of intermediaries.
For example:
Consider platforms such as Microsoft Teams or customer management solutions such as Zoho.
By virtue of being licensed, these intermediaries have a closed user base and present a lower risk of harm from information going viral.
Treating these intermediaries like conventional social media platforms not only adds to their cost of doing business but also exposes them to greater liability without meaningfully reducing risks presented by the Internet.
Focus areas for India
A classification framework that creates a few defined categories, requires intermediaries to undertake risk assessments and uses that information to bucket them into relevant categories.
As far as possible, the goal should also be to minimise obligations on intermediaries.
Ensure that regulatory asks are proportionate to ability and size.
One way to do this would be to exempt micro and small enterprises, and caching and conduit services (the ‘pipes’ of the Internet) from any major obligations.
Given the lower risks, the obligations placed on intermediaries that are not communication services should be lesser.
but they could still be required to appoint a grievance officer, cooperate with law enforcement, identify advertising, and take down problematic content within reasonable timelines.
Intermediaries that offer communication services could be asked to undertake risk assessments based on the number of their active users, risk of harm and potential for virality of harmful content.
The largest communication services (platforms such as Twitter) could then be required to adhere to special obligations such as
Appointing India-based officers.
Setting up in-house grievance appellate mechanisms with independent external stakeholders to increase confidence in the grievance process.
Alternative approaches to curbing virality, such as circuit breakers to slow down content, could also be considered.
Metrics for risk assessment and appropriate thresholds would have to be defined and reviewed on a periodic basis in consultation with industry.
Overall, such a framework could help establish accountability and online safety, while reducing legal obligations for a large number of intermediaries.
In doing so, it could help create a regulatory environment that helps achieve the government’s policy goal of creating a safer Internet ecosystem, while also allowing businesses to thrive.
Lessons from International Frameworks
So far, only a handful of countries have taken a clear position on the issue of proportionate regulation of intermediaries, so there is not too much to lean on.
The European Union’s Digital Services Act is probably one of the most developed frameworks for us to consider.
It introduces some exemptions and creates three tiers of intermediaries — hosting services, online platforms and “very large online platforms”, with increasing legal obligations.
Australia has created an eight-fold classification system, with separate industry-drafted codes governing categories such as social media platforms and search engines.
Intermediaries are required to conduct risk assessments, based on the potential for exposure to harmful content such as child sexual abuse material (CSAM) or terrorism.
COMMENTS