In the backdrop of the SC’s Section 66A judgment, India must update its cyber-laws in keeping with tech progress
The Supreme Court (SC) recently rendered a landmark judgment, declaring Section 66A of the Information Technology Act, 2000 (IT Act), as constitutionally invalid. The judgment comes as a breath of fresh air and has generated immense interest and debate.
Apart from striking Section 66A off the law book, the judgment, quietly, has now laid down the law pertaining to intermediary liability in the country. In India, the IT Act, 2000—as amended in 2008—had come up with a specific provision for digital-world intermediaries. A new, all-inclusive definition of intermediaries was inserted via the 2008 amendments. Section 79 talks of exemption from liability of intermediaries in certain cases.
The issue of constitutionality of Section 79 of the IT Act has also been finally settled by the aforesaid judgment. The present judgment has not only upheld Section 79 of the IT Act, 2000, but has further upheld the Information Technology (Intermediaries Guidelines) Rules, 2011, with a slight modification that an intermediary will have to remove or disable access to any electronic content only on the order of a court of competent jurisdiction or on an order of the relevant governmental agency. Thus, barring a small change, the Supreme Court has upheld the existing law of intermediaries’ liability in India.
Thanks to this judgment, now the law is crystal clear that an intermediary in India will not be liable for any third-party data, information or communication link made available or hosted by it if it undertakes certain mandatory compliances under the law. One of the mandatory compliances is that the intermediary has to observe due-diligence while discharging its obligations under the law. Further, the intermediary should not conspire or abet or aid or induce in the commission of the unlawful act; the intermediary complies with the IT Act and rules, and on getting actual knowledge, either from the government or a Court order directing the intermediary to remove or disable access to any illegal content, removes or disables access to such content.
So, clearly, the judgment is a wake-up call for all intermediaries in India to get their act together and have documented compliances done in keeping with the IT Act. This is very relevant in a country like India where 9 out of 10 companies qualify as intermediaries and where a majority of intermediaries do not undertake compliances and the requisite due-diligence under the IT Act.
The fundamental principle remains that intermediaries have to ensure the compliance with law, and only then they do not get liable for any third party data. But if they choose not to comply with the law, rules and regulations made thereunder, then they are in the same capacity as a co-accused.
This judgment will have a significant impact upon the dynamics of not just intermediary operations in India but also on the further growth of e-commerce in the country. Intermediaries will now increasingly have to incorporate compliance costs under the IT Act as part of their budgetary allocations for their business operations.
This judgment is landmark in this sense, because it reiterates the cyber-legal principles of intermediary liability. The said judgment could also have an impact upon the lives of common internet-users.
This becomes evident from the scheme of legal provisions in place. Earlier, under the Information Technology Rules, 2011, any affected person could notify the intermediary about any illegal or offending content residing on its network and that the intermediary was duty-bound to act. But thanks to the said judgment, the earlier remedy to affected persons is now not available.
The net effect of the said judgment is that you will have only two options as an affected person, who is affected by any offending content on the computer network and computer resources of the intermediary. You could obtain an order of taking down offending content from the court of competent jurisdiction and inform the intermediary and then the intermediary would comply with court order. Alternatively, you could get a governmental agency to notify the intermediary to take down any offending content and then the intermediary has to comply with such governmental direction. In both circumstances, it will take a lot of time, effort and energy for affected persons, thereby rendering the said remedy illusionary and non-effective.
There is lack of awareness on the nuances of the IT Act amongst all stakeholders, thus requiring further capacity-building.
The present environment is a fertile one for the government to seize the opportunity and amend the Indian cyber-law to make it more topical and in sync with the advancements of technology and the requirements of today’s times. It is a cardinal principle of cyber-legal jurisprudence that cyber-laws must be constantly updated, renewed and reinvigorated to match with the march of technology. Even a developed nation like the US has recognised and reaffirmed the said principle. It is time for India to act and make its cyber legislation updated and one of the foremost in the world.
The author is advocate, Supreme Court of India, and an expert on cyber-law. He can be reached at firstname.lastname@example.org and email@example.com