At a recent consultation on the Digital India Act (DIA) in Mumbai, which proposes to replace the decades-old Information Technology (IT) Act, 2000, Rajeev Chandrasekhar, the Union Minister of State (MoS) for Electronic and Information Technology asked if safe harbour protections for digital entities should be done away with. A collective gasp went up in the room. Those present realised that the Minister’s rhetorical question could have profound implications for companies and innovators hoping to build a trillion-dollar digital economy for India by 2026.
Safe harbour protections are the result of a criminal case that shook up India’s nascent IT-enabled industry way back in 2004. Avnish Bajaj, the then CEO of e-commerce platform Bazee.com, suddenly found himself behind bars. Someone had posted an advertisement on it to sell a CD with a pornographic clip. With thousands using the platform to hawk their wares, Bazee.com had no means to track what was being sold. The reaction was ham-handed, and the police arrested the CEO sending shockwaves across the IT industry.
The Safe Harbour Conundrum
The IT industry and policymakers were convinced that they needed protection from the mistakes, deliberate or otherwise, of their users. This became the “safe harbour” protections that were added to the IT Act in 2008 as a set of amendments.
If these protections are to be taken away, it could seriously jeopardise the promise of ushering in India’s “techade” (technology decade) with Indian digital companies and innovations emerging as global leaders. It could end India’s aspirations to be a global digital economy prematurely.
The growth of the internet has given rise to a plethora of harms. Protecting users from such harms is the fiduciary responsibility of any government. In India, between 2015 and 2022, the government blocked over 55,580 URLs, applications, and social media accounts. However, in 2021, less than 40 hearings were held to redress such blocks.
The government claims that such a crackdown on content and intermediaries is necessary to prevent user harms. However, whether, or the extent to which, intermediaries can be held liable for what their users do, remains a classic conundrum of intermediary liability. It needs careful deliberation before the proposed DIA becomes law.
How Others Approach Safe Harbour
In India policymakers could look at how the European Union (EU), UK and the US approach safe harbour.
So far, India’s approach has shared similarities with the EU and UK and adopted a “conditional liability framework” for its digital intermediaries under the existing IT Act. This means that intermediaries enjoyed legal immunity (or safe harbour) under section 79A of the IT Act and rules if they fulfilled certain conditions.
In some cases, intermediaries face additional obligations in proportion to the enhanced risks their users may face. India’s IT Rules impose greater obligations on online gaming intermediaries and those known as Significant Social Media Intermediaries (SSMIs) which are intermediaries with more than 5 million users.
However, the EU and UK also classify intermediaries using well-laid scientific principles to grade their liability.
Shedding Adhocism
But in India this classification is largely done in an ad hoc manner. As a result, the penalties are disproportionate and online platforms face great regulatory uncertainty. In April 2023, the government issued a fresh set of rules under the IT Act that suddenly mandated that intermediaries pro-actively monitor their platforms for “illegal content”.
However, it was not clear what can be construed as “illegal content”, under what circumstances and what the thresholds will be. As a result, online platforms are constantly worried that any user behaviour could suddenly become “illegal” and lead to denial of safe harbour protections. Clearly, such uncertainty on a day-to-day basis is not conducive for Indian companies to innovate, grow a digital business and build a trillion-dollar digital economy.
The EU and UK’s treatment of intermediaries can inform the DIA’s approach.
Carefully Calibrate Intermediary Obligations
The EU’s Digital Services Act does not impose any general monitoring obligations of intermediaries. Similarly, the UK’s Online Safety Bill also accepts that intermediaries cannot prevent all online harm. Instead, it requires that they demonstrate their processes as effective in protecting users, especially children, from online risks. So, it is not incumbent upon the intermediaries to constantly monitor or adjudicate the illegality of content on their platforms.
EU and UK laws recognise that private players lack the legal authority to adjudicate what is legal or illegal. Instead, it is left to the courts to decide, making it easier for intermediaries to go through a well-laid out process before they face any penalties, if at all.
Another notable difference is that while the EU and UK enforce compliance through monetary or civil penalties, India threatens loss of safe harbour. This is an extreme measure and completely disproportionate. Can online platforms, like news platforms be hauled up or suspended just because a reader left behind offensive comments? Or can a social media platform be subjected to thousands of legal notices, simply because someone took offence to a post?
For A Forward-Looking Liability Framework
In the US, a case filed last year against Google LLC has led to a high-quality debate on safe harbour. Reynaldo Gonzalez, a citizen whose daughter was killed in a coordinated terror attack, filed a case against Google. The petition argued that Google’s YouTube videos had been used by terror groups to spread their virulent ideology that led to the attacks. Hence, Google and other intermediary companies were liable for what their users posted. But the US Supreme Court unanimously ruled that the intermediaries could not be prosecuted under anti-terrorism laws.
One of the legal briefs filed by the Internet Infrastructure Coalition in this case pointed out that these companies were more than social media companies. In fact, as companies that fall under the definition of “interactive computer service” under section 230(c)(1) of the Communications Decency Act, they provide the infrastructure that keeps the internet active. If the safe harbour protections are taken away, then the internet could cease to exist!
The Digital India Act (DIA) is an opportunity to provide greater regulatory and legal protection by adopting a risk-based approach. This means safe harbour protections continue and ensure proportionality in the obligations and penalties of online platforms.
Importantly, the DIA should avoid general content monitoring obligations, which impose tremendous legal and compliance costs. These can be done using sound scientific principles when classifying intermediaries and provide mechanisms that ensure access to remedy and reinstatement of legally valid content.
Only then will the proposed DIA truly deliver on India’s global digital ambitions.
This is the first of a series on the proposed path-breaking Digital India Act.
Gauri S Kumar is a Programme Associate with DeepStrat, a New Delhi-based think tank and strategic consultancy. Views are personal, and do not represent the stand of this publication
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
