India’s new rules for Facebook, WhatsApp and other social media platforms explained in five points
- Social media platforms in India, like Facebook and its offshoot WhatsApp, Google’s YouTube, Twitter, and others now face a new set of rules and regulation set to be enforced after mid-May.
- The Indian government has laid rules for a physical presence, monitoring of harmful content, tracking down the first originator of mischief, and the voluntary verification of users.
- Here are the five most important things you need to know about India’s new IT Rules for social media platforms.
The Indian government has come up with a new set of rules and regulations to regulate social media platforms, messaging services, OTT platforms and news portals.
These regulations are called the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 (Rules). These Rules will require compliance even by foreign tech-giants operating in India such as WhatsApp, Facebook, Twitter, Netflix, Amazon etc.
The growth of digital media in India has largely been fuelled by a moderate regulatory framework in India until now. However, given the growing concerns around the information and content available over social media and OTT platforms, domestic and foreign, detailed regulations for digital media from the Government were imminent.
For social media platforms such as Twitter, Facebook and others, the Rules focus on issues like fake news, fake user accounts and monitoring of illegal content by platforms. Greater compliances are placed on social media platforms with larger user base. A key provision specific to messaging services is the requirement to identify the originator of messages in case of mischief.
Significant social media intermediaries — more on behaviour than stats
Social media platforms with minimum 50 lakh registered users are classified as significant social media intermediaries and are subject to maximum compliances. However, the Government may require any other social media platform to also comply with rules applicable to significant social media intermediaries if services of such platform create a material risk to the sovereignty or integrity of India.
While the actual implementation of this remains to be seen, at this juncture it appears that purely as a result of user behaviour, even smaller social media platforms could be brought under the ambit of stricter compliances under the rules.
If you are doing business in India, you need to be setup in India
All significant social media intermediaries are required to appoint:
- a Chief Compliance Officer
- a Nodal Contact Person
- and, a Resident Grievance Officer
Each of the above are required to be Indian residents.
The Rules also necessitate significant social media intermediaries to have a physical contact address in India. This mandatory physical presence in India will have significant implications for foreign players in terms of setting up infrastructure and deployment of resources and taxation.
However, absence of a registration or a mandatory licensing framework for digital media businesses, will hopefully continue to garner interest from foreign players to set up operations in India.
Active monitoring of harmful content — shifting the responsibility to ‘intermediaries’
In a departure from the previously applicable Information Technology (Intermediary Guidelines) Rules, 2011 (2011 Rules), significant social media intermediaries are now required to endeavour to deploy technology-based measures, including automated tools to identify information that depicts rape, child sexual abuse or conduct, or information that has previously been removed.
The rules also require maintenance of appropriate human oversight, and periodic review of automated tools. Such active monitoring by intermediaries dilutes the safe harbour protection that was available to intermediaries under the 2011 Rules.
Verification of users — security or risk to privacy?
Identification of ‘first originator’ of Information
Messaging services (with more than 50 lakh users) will be required to enable identification of the first originator of information if required by a court order or an order of the Government under Section 69 of the IT Act.
Such identification of a user brings into question the end-to-end encryption offered by services such as WhatsApp, Telegram, Signal, etc.; and whether identifying a user as the “first originator” of mischievous information accurately is practically possible for a platform.
*This was first published by Business Insider on 2 March 2021.