The Digital Personal Data Protection Bill, 2023 (2023 Bill) passed in the Lok Sabha and pending discussion in the Rajya Sabha can be termed the fifth iteration of the legislation. However, it bears several points of contention.
One striking inclusion is a clause allowing the government to block and remove access to content – an unexpected feature within a data protection legislation. This power stretches beyond the objective of personal data protection and was absent from the preceding four iterations, thus evading public consultation feedback.
This begs the question, how does a regulation for content blocking align with the Statement of Objects of a Data Protection Law? Can we manage two simultaneous frameworks for content blocking? And how should Parliament address this proposed provision?
An Unheard Of Data Protection Provision
Under Clause 37 of the 2023 Bill, the central government appropriates the authority to block and remove online content in cases where a data fiduciary, specifically an “intermediary”, breaches the law on more than one instance. The data protection board – an executive-led body outlined in the bill – can then advise the central government to restrict access to the platform's content.
Yet, given that the government already possesses blocking powers under Section 69-A of the Information Technology Act, one wonders why it seeks to duplicate this authority in another legislation. Such a provision is unheard of in the data protection law of any major democratic jurisdiction.
To clarify, let’s envisage a situation where a social media intermediary repeatedly infringes upon Clause 9 (protection of children’s data), resulting in multiple fines. Once this has been established, and the board advises governmental intervention, the government can proceed to issue orders blocking access to the platform’s content (text, images or video) to its subscribers.
Defined under the IT Act, an intermediary can be any platform serving as a conduit for receiving, storing or transferring information. This clause will impact not only platforms functioning on the content layer of the internet (social media, e-commerce) but also those operating on application and network layers.
Therefore, it will affect not only user-generated content platforms, but infrastructure providers as well, such as content delivery networks, cloud service providers and domain registrars. It could impact business to user services, as well as business to business services.
Given the structure of the internet, blocking imposed within its architectural hierarchy can unintentionally disrupt unrelated applications and services due to top-down interference with specific services and technologies. Moreover, content blocking has ramifications for businesses and users who could lose access to services vital to their livelihood, healthcare, education, etc.
Hence, even though it is the data fiduciary that might transgress, the presence of Clause 37 may inadvertently result in consequences for users and startups that are connected with such data fiduciaries.
Section 69A Vs Clause 37: Safeguards Missing
Content blocking is universally acknowledged as a delicate balance between security and free speech. Consequently, digital rights scholars underscore the necessity for more greater procedural safeguards under S.69-A of the IT Act and the ensuing Blocking Rules, which currently govern India’s content blocking framework.
Against this backdrop, the sudden introduction of an alternate blocking procedure under the data protection law raises concerns about further institutionalising content blocking – a move equally infeasible for fundamental rights and the digital economy.
The issue becomes more complex given that Section 69-A, even though lacks adequate checks and balances, offers some procedural safeguards under the Blocking Rules, such as a review committee and public availability of blocking orders (with exceptions).
However, Clause 37 of the 2023 Bill is devoid of even such basic protections. The clause dictates that the government must provide a hearing to the intermediary, but leaves questions regarding the qualifications of those conducting the hearing and whether the hearing process will be public, unanswered.
The Supreme Court of India, in the case of Shreya Singhal v. Union of India, validated the legality of Section 69-A, premising its judgement on the provision's inherent procedural safeguards (even though it is understood that within the Digital India Act, we need reforms around blocking procedures).
While this observation of the Court has been critiqued by several experts on the ground that the safeguards are replete with leakages, there is no doubt that the Apex Court also believes that the presence of procedural safeguards is imperative for the constitutional validity of any law which impinges upon Right to Free Speech under Article 19 of the Constitution. Therefore, can Clause 37, devoid of safeguards, pass the test of constitutionality?
Beware Of Excesses
The 2023 Bill, marking a significant step towards institutionalising data protection, calls for meticulous examination to prevent encroachment upon free speech and regulatory harmony. The introduction of Clause 37, with its prospective implications, starkly illustrates that while pursuing robust data protection, we must remain vigilant against unintentional fallouts from legislative overlaps and inconsistencies.
Excessive regulation and uncertainties surrounding compliance can impede business growth, which can impact the trillion-dollar digital economy objective.
Sectoral regulators can coordinate with the government and offer advice on critical matters. For instance, if the Data Protection Board discovers serious and repeated legal violations by a data fiduciary, it can communicate these to the government.
However, duplicating a provision on content blocking within an Act not intended for online content regulation seems unwise. As we anticipate the 2023 Bill’s discussion in Parliament, it's imperative that legislators reassess the feasibility of this provision and the final draft appropriately addresses these conflicts through diligent feedback assessment.
Shruti Shreya is Programme Manager, Platform Regulation, The Dialogue. Views are personal, and do not represent the stand of this publication.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
