Untangling the new rules of information technology (guidelines for intermediaries and code of ethics for digital media), 2021. – Confidentiality


To print this article, simply register or connect to Mondaq.com.

Much has been written and spoken about the new rules of information technology (guidelines for intermediaries and code of ethics for digital media), 2021. Through this article, we reveal the scope and scope of these rules and their shortcomings.

The video notification from the central government dated February 25e, 2021 promulgated the 2021 Information Technology Rules (Intermediary Guidelines and Code of Ethics for Digital Media) (hereinafter referred to as the “2021 Rules”). These 2021 rules were adopted to replace the 2011 rules on information technology (guidelines for intermediaries)1.

The 2021 Rules dynamically modify the technological regulation space. With the new rules, several duties and guidelines were imposed on “intermediaries”, which are entities that store or transmit data on behalf of other people without any intervention. Thus, Intermediaries are internet or telecom service providers; online marketplaces and social media platforms. Among the guidelines, the focus is on due diligence by intermediaries. Due diligence encompasses in its scope the duties of Intermediaries such as: Informing users of the rules and regulations, the privacy policy and the conditions of use of its services; block access to illegal content within 36 hours by court or government order; and retain user information collected at the time of registration for 180 days after cancellation or withdrawal of registration. 2In addition, a provision for reporting cybersecurity incidents has been imposed on the intermediaries of the Indian Computer Emergency Response Team.

While due diligence has been extensively emphasized in the 2021 Rules. Other aspects of the Rules include, a three-step grievance system, a code of ethics for digital media publishers, content blocking in emergency cases and finally, the most controversial aspect which consists in identifying the first sender of information by intermediaries providing in particular messaging services. The crucial aspect of this is that intermediaries providing messaging services use end-to-end encryption to protect the privacy of their users and provide free space for communication and expression. However, with identifying the first sender, the main concern is user privacy. Another aspect of concern is that according to the 2021 rules, the first sender if not located in India, the user who first transmits the same information to India would be considered the first sender. This aspect of the Rules raises serious threats to the privacy of individuals / users not only in India but also globally.

The other aspect of these 2021 Rules is the enormous burden placed on Intermediaries. In addition, intermediaries were required to hire compliance officers and grievance officers. In imposing these obligations, the economic impact of due diligence practices and these agents has not been duly taken into account. Intermediaries have been subject to strict regulation and the consequence of non-compliance is the threat of losing their privileges under Article 79 of the Information Technology Act. Article 79 of the IT law grants intermediaries immunity from any type of liability for content published on their platform by a third party. Thus, the loss of this immunity exposes the Intermediaries to the risk of prosecution for any content published on their platform by any user / third party.

The 2021 rules are facing a strong backlash not only from intermediaries, but also from citizens fearing that their right to privacy will be violated as well as their right to freedom of speech and expression. Whatsapp LLC in its written petition to the Delhi High Hon’ble Court challenged the
vires of rule 4, paragraph 2, of the 2021 rules, relating to the disclosure of information concerning the first ordering party. Messaging platforms like Whatsapp use end-to-end encryption, thus securing the privacy of its users. In their written request, Whatsapp claims that Rule 4 (2) violates its fundamental privacy-safeguarding functions and that a sender’s messages or calls can only be decrypted by the recipient of the sender. Thus, the identification of the first perpetrator would not only constitute an invasion of privacy, but would seriously and irrevocably violate the right to freedom of speech and expression guaranteed by article 19 of the Indian Constitution of 1950. Although arguments on behalf of Whatsapp LLC seem solid, the Government of India relies on several judgments of the Honorable Supreme Court and mainly on KS Puttaswamy and Anr. Vs. Union of India3. Under this 9-judge judgment of the Hon’ble Apex Court, the right to privacy is not absolute and may be violated by the state in the interest of national security and other reasonable restrictions. Thus, the Government of India justifies the vires of Rule 4.2) under reasonable restrictions. Whatsapp’s petition is
deputy judge.

While the regulation of ever-growing social and media forums in a democracy is essential, given the current scenario and sensitivity to various types of content, regulatory mechanisms with a strong governmental repulsion scope could hamper not only creativity and freedom of expression but would inevitably end in an operational nightmare. The balance between ensuring national security and at the same time protecting the privacy of citizens and individuals as well as freedom of speech and expression is undoubtedly transparent, however, so will the implementation and spirit of the 2021 Rules.


1.https: //mib.gov.in/sites/default/files/IT%28Intermediary%20Guidelines%20and%20Digital%20Media%20
Ethics% 20Code% 29% 20Rules% 2C% 202021% 20English.pdf

2. Rule 3 (1) (a) and (b) of the 2021 Information Technology Rules (Intermediary Guidelines and Code of Ethics for Digital Media).

3. (2017) 10 SCC 1

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.

POPULAR POSTS ON: Privacy from India

Data Protection Laws In India – Everything You Need To Know

Vaish Associates Advocates

Data protection refers to all of the privacy laws, policies and procedures that aim to minimize the privacy intrusion caused by the collection, storage and dissemination of personal data. Personal data generally refers to information or data that relates to an individual who can be identified from that information or data, whether collected by a government or a private organization or agency.

The right to be forgotten

Lawyers SS Rana & Co.

The very idea of ​​privacy has been challenged by the widespread use of the Internet. Privacy as such is very difficult to enforce, compared to the days before the Internet and social media.

Pegasus and the law

Khurana and Khurana

The recent news regarding Pegasus, a surveillance software developed by an Israel-based cybersecurity company, has sparked much controversy.


About Author

Comments are closed.