Liabilities of intermediaries as provided under the Information Technology Act, 2000

The concept of “intermediary” has been defined under the Information Technology Act, 2002 concerning any particular electronic message and means any individual who on behalf of another individual receives, stores or transmits such a message or provides any service for such message. This list is non-exhaustive and also includes Internet Service providers (“ISPs”) as well as many websites that provides user-generated content.

However, it’s not an easy task for such intermediaries to regulate the data flowing through them owing to the fact of their large size. These platforms have failed many times to protect their users in various religious, socio-political as well as economic cases which have referred to misuse of data and free speech. The increase in spreading of false news on Facebook and WhatsApp has incited riots, murders, mob-lynching, as well as mass-scale migration and the involvement of Facebook and Twitter in the US presidential elections in 2016, have also led to a widespread distrust of such platforms. There is various harmful content ranging from hate propaganda to fake news to child pornography. Therefore, there is a strict need for imposing greater liability on these intermediaries.

In India, the regulation of these intermediaries is provided in various laws and legislations. Further, there have been several cases in India and the Indian courts have been proactive in adjudicating on these cases.

Under the IT Act, initially, only network service providers (NSP) were protected “for the involvement of any third party information or data made available by them if it is proved that the offence or contravention was committed without their knowledge or that they had exercised all due diligence to prevent the commission of such offence or contravention.” Thus, the original IT Act provided minimum or no safe harbour protection to these intermediaries.

After the amendment made to the IT Act in 2008, the Government of India introduced the Intermediary Guidelines, which were mandatory for all the intermediaries to follow for providing and claiming safe harbour protection. Such guidelines are to be read concerning the IT Act and the due diligence requirements that must be observed by intermediaries, are as provided under Rule 3:

1. Intermediaries must publish rules and regulations, privacy policy and user agreement;
2. Rules and regulations, terms and conditions or user agreement should specify all prohibited acts, i.e. belonging to other persons, grossly harmful, harassing or unlawful, harms minors, infringes any intellectual property rights, violates any law, is deceiving or misleading, impersonates any person, contains a virus, threatens India etc. and the intermediary should inform users that violation of same shall lead to termination of access,
3. Intermediaries to not knowingly publish or host information as specified in sub-rule (2),
4. Intermediaries must disable such information within 36 hours and storage of same information for 90 days must be made for investigation purposes,
5. Intermediaries must assist authorised government agencies,
6. Intermediaries must take all reasonable measures to secure its computer resource,
7. Intermediaries must report cybersecurity incidents to the Indian Computer Emergency Response Team and
8. Intermediaries to appointment and publish the details of a Grievance Officer on its website.

However, the IT Act and the Intermediary Guidelines were inundated by various issues such as ambiguity in prohibited content and forced decision by intermediaries. Further, any person could request the intermediaries to take down the unlawful content