EDITORIAL-ANALYSIS-2023-06-27

Laying the foundation for a future-ready digital India

Context:

The Ministry of Electronics and IT has initiated consultations on the “Digital India Bill” to address the need for a new law that replaces the outdated Information Technology (IT) Act, which has been in effect for 23 years. The primary objective is to update the existing legal framework to effectively tackle emerging challenges in the digital realm, such as user harm, competition, and misinformation.

Relevance:

GS-03 (Cyber security, IT and Computers)

GS-02 (Government intervention and Policies)

Prelims:

  • Digital India Act, 2023
  • Information technology act (IT Act) of 2000
  • Cyber security
  • Digital personal data protection Bill

Mains Questions:

  • Discuss the significance of classifying digital intermediaries into different categories and assigning specific responsibilities and liabilities. How can this approach help in regulating technology and ensuring a safer online environment?

Dimensions of the article:

  • Shortcomings of the Current Legal Regime
  • International Frameworks on Proportionate Regulation of Intermediaries
  • Focus Areas for India’s Digital India Bill

1.Shortcomings of the Current Legal Regime

  • Broad and ambiguous definition of “intermediaries”: The IT Act defines an “intermediary” as any entity between a user and the Internet, but the lack of specificity in this definition has resulted in confusion. This broad definition encompasses a wide range of services, including video communications, matrimonial websites, email services, and online comment sections on websites. Such a broad categorization fails to differentiate between different types of intermediaries and their respective roles and responsibilities.
  • Classification of intermediaries: The IT Rules further classify intermediaries into three main categories: Social Media Intermediaries (SMIs), Significant Social Media Intermediaries (SSMIs), and Online Gaming Intermediaries. However, these classifications do not adequately address the diverse nature of digital platforms and their associated risks. Consequently, the rules impose stringent obligations on various intermediaries, treating ISPs, websites, e-commerce platforms, and cloud services in a similar manner. This approach fails to consider the varying degrees of risk and harm associated with different types of intermediaries.
  • Stringent obligations for most intermediaries: The current legal regime imposes stringent obligations on intermediaries, including a 72-hour timeline for responding to law enforcement requests and content takedown requests. While these obligations are important for maintaining online safety and addressing illegal activities, they are applied uniformly to different types of intermediaries without considering the differences in their nature of services. This results in increased costs of compliance and unnecessary liability for intermediaries that pose lower risks.
  • Inadequate differentiation: The current legal framework treats licensed intermediaries such as Microsoft Teams or customer management solutions like Zoho in the same manner as conventional social media platforms. This approach overlooks the fact that licensed intermediaries often have a closed user base and present a lower risk of harm from information going viral. Treating these intermediaries similarly to social media platforms not only increases their cost of doing business but also exposes them to greater liability without significantly reducing the risks associated with the internet.

II. International Regulatory Frameworks on Proportionate Regulation of Intermediaries

  • The European Union’s Digital Services Act: The Digital Services Act introduced by the European Union provides a developed framework for regulating intermediaries. It introduces exemptions and creates three tiers of intermediaries: hosting services, online platforms, and “very large online platforms.” Each tier has increasing legal obligations based on the size and nature of the intermediary.
  • Australia’s classification system: Australia has adopted an eight-fold classification system, including separate industry-drafted codes for social media platforms and search engines. This system requires intermediaries to conduct risk assessments based on the potential exposure to harmful content such as child sexual abuse material (CSAM) or terrorism. The regulatory approach is tailored to the specific risks associated with different types of intermediaries.

III. Focus Areas for India’s Digital India Bill

  • Granular classification framework: Instead of a product-specific classification, a more future-proof approach is needed. The bill should establish a classification framework that defines a few distinct categories of intermediaries and requires them to undertake risk assessments. This approach will allow for adaptability as technology evolves and new types of intermediaries emerge.
  • Differentiation and proportionate obligations: To minimize the burden on intermediaries, the bill should clearly distinguish between communication services (where end-users interact with each other) and other types of intermediaries like search engines and online marketplaces. The obligations placed on intermediaries that are not communication services should be proportionate, considering their risk profile. While lesser obligations may be applicable, intermediaries should still be required to appoint a grievance officer, cooperate with law enforcement, identify advertising, and take down problematic content within reasonable timelines.
  • Risk assessment for communication services: Communication service intermediaries, such as social media platforms, should conduct risk assessments based on factors such as the number of active users, potential harm, and the likelihood of harmful content going viral. Large communication service platforms could be subject to special obligations such as appointing India-based officers and setting up in-house grievance appellate mechanisms with independent external stakeholders to enhance confidence in the grievance process.
  • Periodic review and industry consultation: The effectiveness of the proposed framework relies on defining metrics for risk assessment and appropriate thresholds. These metrics should be periodically reviewed in consultation with industry stakeholders to ensure their relevance and effectiveness in addressing evolving challenges.

Way Forward

To establish accountability and online safety while minimizing the legal obligations for a large number of intermediaries, the following steps should be considered:

  • Exemption for micro and small enterprises: Micro and small enterprises, along with caching and conduit services, should be exempted from major regulatory obligations. This approach recognizes their limited resources and ensures that compliance does not hinder their growth.
  • Circuit breakers and alternative approaches: Alongside traditional content takedown mechanisms, alternative approaches such as circuit breakers to slow down the spread of harmful content should be explored. These mechanisms can help mitigate the virality of harmful content without imposing excessive burdens on intermediaries.

Conclusion

The Digital India Bill presents an opportunity to redefine the legal and regulatory framework governing technology in India. By addressing the shortcomings of the current regime, adopting a proportionate approach, and ensuring periodic review and consultation, the bill can establish a regulatory environment that promotes accountability, online safety, and business growth. It is essential to strike a balance between the obligations placed on intermediaries and the evolving nature of technology to create a safer and thriving Internet ecosystem.