Tech giants comply with IT rules, concerns remain | Economic Times

Global technology leaders may have complied with several key requirements under India’s new IT intermediary guidelines, yet they are awaiting clarity from the government on some of the other mandates under the rules, which took effect from May 26.Internet giants including Google, Facebook and LinkedIn have – to comply with the rules - appointed officers who are resident in India, published contact details on their websites and submitted physical addresses of their India offices. They have also put out monthly transparency reports for the first time. These reports disclose the number of takedown requests they have received as well as the actions taken.These companies are, however, still figuring out ways to align with most of the remaining requirements under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and have not yet implemented several mandates under the revised rules, an ET analysis showed.For example, many do not know how to let users voluntarily verify their identities and distinctly display their verified profiles. Some have not appointed permanent officials for key positions, while others like instant messaging platform WhatsApp have taken the government to court over a rule requiring traceability of message origin. This has come even as there is no information on whether similar encrypted platforms like Signal and Telegram have complied with the traceability mandate.Progress so farMicroblogging platform Twitter, which had come under fire from the government for delaying its compliance, said last week that it had begun to conform, albeit after a nudge from the Delhi High Court. Facebook published the first edition of its monthly India Report under the rules on July 2.It uploaded physical contact addresses on its website and said it was improving technology to weed out material pertaining to women and child abuse.It has also appointed officers but they are only “interim” right now to comply with the rules.“These are critical roles and would include recruitment of uniquely qualified personnel to lead these responsibilities, which takes time,” a Facebook spokesperson told ET.The US-based social media network has taken significant efforts to comply with the provisions of the IT rules, but “it continues to discuss a few of the issues which need more engagement with the government,” the spokesperson said. “We respect Indian law, and we are fully committed to the agenda of safety and privacy of people on our platform…” the company added.Search giant Google has appointed a grievance officer, nodal officer, and a chief compliance officer, as mandated. It has published its first transparency report and has invested significantly in automated detection systems to filter out harmful content.“Majority of Google products can be accessed by a single Google login account and in some cases through mobile numbers. For reasons of security and account verification, we encourage users to link their accounts to their working mobile numbers; hence a mechanism for users to do voluntary verification exists,” a spokesperson for Google said.Google did not elaborate on how it would distinguish verified profiles from unverified ones, as required under the IT rules.“We respect India’s legislative process… We will continue to refine our existing approaches and evolve our policies and be as transparent as possible about how we make decisions,” the spokesperson added.Professional networking site LinkedIn, owned by tech behemoth Microsoft, said it was “committed” to keeping the platform trusted and professional.“We have updated the Ministry (of Electronics and IT) on our compliance status, and we have taken steps to adhere to the IT rules, including publishing our first Compliance Report, and the appointment of a Grievance Officer, Nodal Officer and a Chief Compliance Officer in India,” a spokesperson for LinkedIn told ET.On its part, Twitter has appointed a resident grievance officer for India and published a monthly compliance report. It appointed an interim chief compliance officer on July 6 and is looking to appoint an interim nodal contact person within the next two weeks.The company admitted to the Delhi High Court that it was in breach of the new intermediary guidelines and would not seek protection from future action but sought more time to comply with the Rules.The US-based platform, however, said it “reserves its right to challenge the legality, validity, and vires of the Rules” and that its submissions regarding compliances are filed “without prejudice” to its right to challenge the rules.Clarity on key provisionsBe that as it may, while most of these firms have rushed to meet the basic requirements, they have also asked the government to clarify some of its other important provisions.They have expressed concern over a clause pertaining to personal criminal liability imposed on their chief compliance officers and have asked for information about “standard operating procedures” on a range of issues.The Ministry of Electronics and IT (MeitY) is working on a draft of Frequently Answered Questions (FAQs) and Standard Operating Procedures (SOPs) that will spell out the details. It is expected to release those in the public domain in the next few weeks.“This content takedown provision has been expanded from the central government alone, as was the case under Section 66A of the IT Act, and now been given to multiple designated agencies across central and state governments. It requires capacity enhancement on our side, but work is required…there are certain safeguards that don’t exist,” an industry executive said. Section 66A of the IT Act – which dealt with offensive online communication -- has been struck down by the Supreme Court.Currently, there is no laid down procedure for law agencies to send take down requests - for instance, the question of whether a small police station in a rural area is authorised to send such notices - or what will amount to non-compliance by the social media intermediary that can lead to jail terms for the compliance officers.“We have given suggestions for a central portal or a common email address through which these requests can be routed, so that there is a proper established process in place. It is now up to the Ministry of Home Affairs and MeitY to take a call,” the person added.A second industry official who did not wish to be named said, “Given the challenges of the second Covid-19 wave and the short time available to comply with all the requirements under the new IT rules, we have done our best to put in new process flows across the wide variety of products.”The industry is awaiting clarity around a few provisions in the rules through the FAQs and SOPs, the person said.The IT rules have created inconsistent new requirements that harm internationally protected human rights, said Raman Jit Singh Chima, Asia Policy Director and Senior International Counsel at Access Now.“The rules create a legally unclear and rights harming environment, increasing litigation and incentivising tech companies to violate people’s rights by retaining data, undermining encryption, and doing more content takedowns,” Chima said.Significant social media intermediaries (SSMIs) are “mostly compliant” with the rules, said Prasanto K Roy, who advises global companies on tech policy.“But most SSMIs are also non-compliant with at least one or two key provisions. For instance, Rule 4(2) - tracing first originator – none of the end-to-end encrypted platforms will/can be compliant at this point. This includes WhatsApp, but also Signal and (Apple's) iMessage,” Roy pointed out.The compliance is a work in progress, he said, adding that a hard scan of all SSMIs might net a few violations – such as a lawyer’s name being used for one of the three statutory officials required under the new rules.“Some or even most of the rules are well intentioned, but the contentious ones will end up hurting citizen rights, freedoms and privacy, more than they will end up making citizens safer,” Roy added.Issues such as the timeframe for which data has to be retained and the checks and balances required for requests from the government on content removal, also need to be sorted out, officials said.84504166Companies are trying hard to counter the menace of nudity and violence on their platforms, but no system is “fool proof” since they deal with user-generated content, they added.“Despite the best efforts, there might be five cases where something shows up, what happens then? Companies also need to know what's the hearing process in place before they are charged,” said one of the industry executives mentioned earlier.A third industry executive cited the recent “Sulli Sale” scandal, where pictures of Muslim women were posted on the internet, offering them for sale.“Platforms including ours took it down as soon as it was flagged, but every day there is something new. The Rules say companies will endeavour to ensure that content related to abuse of children and women is removed, but it can’t be 100% all the time,” the person said, adding that platforms should not be pulled up for it.Some home-grown technology firms are more inclined towards the new rules.They said not much had changed since they already comply with several of its provisions.“As far as the criminal liability provision is concerned, we are not too perturbed because being an Indian company our Board is anyway liable for prosecution under the law,” one person said, requesting anonymity as Indian companies - to show solidarity with the industry - do not want to express their views publicly.Companies are also reporting an increase in requests for takedowns from users since the Rules came into effect, although this “was expected,” said one of the executives.There is no clarity on whether a company is considered a SSMI if it has 5 million active users or over 5 million users since inception.“Large tech companies have several products, there can’t be a standard ask of voluntary verification across all products. We are not disagreeing on it, but we have to figure out how to implement it,” another industry insider said.Deadline extensionEven before the Rules were notified on February 25, several Indian as well as Indo-American industry associations had petitioned the IT ministry to extend the deadline for compliance and waive off clauses relating to criminal liability, among others.“Owing to the widespread impact these rules are going to have on intermediaries, and the volume of data, complaints as well as the multiplicity of processes and authorities that may engage with an intermediary or SSMI, it is important that the government issue Standard Operating Procedures which could be collaboratively developed with industry stakeholders,” the Internet and Mobile Association of India had said in a letter.The industry body had said that the SoPs would not only reassure intermediary or SSMI employees of their liability but will also significantly simplify doing business.Experts said the rules do not clarify how they will balance social media platforms’ need for accountability with freedom of speech“Social media platforms need to be held accountable for how they curate and amplify content on their platforms - in this sense, the government is not entirely incorrect - because of their curatorial role, they cannot be considered only as intermediaries, particularly as their business models are intimately tied in with playing this role,” said Urvashi Aneja, founding director, Tandem Research. “But these rules do not adequately address this issue and instead will pose a grave threat to the freedom of speech.”Aneja added that was not good for the digital ecosystem in India, or democracy.“But this is also not unique to India - once platforms become such large and influential public squares, states seek to control these spaces.”