The proposed Digital India Act, 2023 (the “DIA”) will replace the Information Technology Act of 2000 (the “IT Act”). The need for the DIA has emanated due to the altered internet landscape of today, which includes widespread internet penetration, numerous internet intermediaries, and complex user harms.
In addition to emphasizing the necessity of “global standard” cyber laws to guarantee an open, secure, and dependable internet, it was also emphasized that such laws act as a catalyst for technology innovation and growth, manage the complexity of intermediaries, safeguard citizen rights, and address risks associated with emerging technologies. Additionally, the significance of a framework that was both future-proof and ready was given a lot of weight.
The following four pillars were proposed for the comprehensive digital framework: an all-encompassing Digital India Act that would regulate information technology law and a telecommunications law framework, the Draft Indian Telecommunications Bill, 2022 (the “Telecom Bill”), which was recently made available for public comment; and the personal data-related proposed law known as the Digital Personal Data Protection Bill, 2022(the “DPDP Bill”). All these laws are still in the draft stage. The National Data Governance Framework Policy (the “Data Governance Policy”), a separate framework for the regulation of non-personal data, was also recently proposed.
Key points of regulation
1. Important aspects of open internet regulation: The importance of an open internet was emphasized in the presentation. An open internet gives customers more options, encourages digital player competition, increases online diversity, makes it easier for new businesses and start-ups to get fair market access, makes it easier to do business, and makes compliance easier. The open internet objective proposes the following key elements:
• The DIA would protect innovation to make it possible for new technologies like the internet of things, distributed ledger technology, artificial intelligence, and machine learning to grow and develop. However, it is not clear whether the DIA would include anonymization guidelines to make it easier to generate training data.
• The promotion of digital governance and the delivery of public services via online platforms, mobile applications, and other digital means would also be fuelled by this framework.
• It is possible that the legislation that is being considered will recognize the function and impact of “digital gatekeepers” in the operation of the internet, such as those who create or limit entry barriers, create an ecosystem of services, and establish a level playing field.
2. Security online: Additionally, several aspects pertaining to online safety and user trust are included in the proposed legislation. The Bill aims, among other things, to:
• Moderation of fake news and other false online content published on social media platforms, websites, and other forums.
• Regulation of high-risk AI systems through quality testing frameworks, algorithmic accountability, threat and vulnerability assessments, content moderation, etc.
• Regulating privacy-invading devices like spy cameras, wearable technologies, and other hardware (which was also provided in the Report of the Joint Committee);
• Empowering agencies for cyber resilience like the Indian Computer Emergency Response Team (CERT-IN); issuing advisories on information and data security practices; strengthening penal consequences for non-compliance. monetization guidelines for platform-generated and user-generated content.
Adjudicatory and appellate mechanisms for digital operators, digital contraventions or offenses, algorithmic transparency, and periodic risk assessments applicable to players were also proposed as part of an accountability framework.
3. New mechanism for adjudication: For the purpose of dealing with both civil and criminal offenses committed online, a specialized “Adjudicatory Mechanism” will be established. There exists an urgent need for a specialized and dedicated adjudicatory mechanism for online civil and criminal offences. The adjudicatory mechanism should be easily accessible, deliver timely remedies to citizens, resolve cyber disputes, develop a unified cyber jurisprudence, and enforce the rule of law online.
4. Safe Harbour: To address recent regulations requiring compliance with takedown orders and legal requirements, the concept of “safe harbour,” which shields social media platforms from liability for user-generated content, will be reviewed. One of the DIA’s main powers is to regulate social media platforms. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the “Rules”)’ current framework of due diligence and prescriptions provide obligations for all intermediaries regarding prompt action by intermediaries in responding to and removing unlawful content, disclosure of information to law enforcement authorities, and reporting cyber security incidents.
5. Framework for Intermediary: At the start, it was perceived that the idea of mediators and pretended by them have changed fundamentally and are practically unique. There are a variety of types of intermediaries, including conduits (technical providers of internet access or transmission services), hosts (providers of content or platform services), and others. They can also be categorized according to their level of involvement in peer-to-peer information sharing, the kind of work they do, platform content in comparison to user-generated content, and so on. This is very different from the IT Act’s one-size-fits-all approach.
There are already a variety of intermediaries in the digital space, and this number is only expected to grow in the future. Platforms for e-commerce, search engines, social media, digital media, gaming, and pure-play intermediaries like telecom service providers and internet service providers are examples of these. Introduce a nuanced regulatory approach and distinct rules for each class of them, as well as treat each of them differently in terms of their role. The Government can use the DIA to recognize that internet intermediaries cannot be categorized into a “one-size-fits-all” category and instead classify them and introduce differential obligations based on their roles, such as those of internet access providers and hosting providers, which play a more passive role, in contrast to social media platforms or messaging services, which are more actively engaged with users.
An appropriate regulatory framework is required to govern the changed nature of internet intermediaries, their interactions with users and other stakeholders, and the concerns that result from these interactions since the IT Act was enacted. Internet access providers and web hosting services are not the only internet intermediaries that have changed since then. The proposed framework must be designed with sufficient care to consider the existing legal framework and introduce unified regulations to prevent social media platforms from having decisional control over content and to reduce the burden of compliance.
It is also possible to reevaluate the role of intermediaries as impartial “platform providers” and avoid obligations that go against that role, such as proactive monitoring and identification of content and the removal of user content based on user complaints (except for highly sensitive content like child pornography). This could have an impact on internet free speech as well as compromising the independence of such platforms, which would be contrary to the ruling in Shreya Singhal. It is imperative that regulators be given the task of striking a balance between the protection of citizens’ fundamental rights and content regulation. Platforms, which may not be equipped to make such decisions, should not be given this responsibility.
Given that the IT Act approaches this issue by extending safe harbour to all intermediaries, significant concerns were also raised regarding the suitability of safe harbour for all intermediaries. The DIA, on the other hand, may observe a novel approach to intermediary regulation.
In contrast to the IT Act, which only applies to third-party content, the new approach may invite certain new requirements linked to definitive penalties for noncompliance. While some broad obligations regarding due diligence, content restrictions, and grievance redressal are likely to remain,
This could include a proposal to restrict safe harbour to “pure-play” intermediaries like hosting and cloud providers, as well as telecom and internet service providers. However, it is unclear whether intermediaries that moderate content or selectively propagate (sponsored or otherwise) content would be able to take advantage of the safe harbour provisions. Many intermediaries, including online content platforms, social media, search engines, e-commerce portals, and other intermediaries that facilitate the uploading of sponsored content, may also suffer from this. It may be necessary to make a distinction between content created by platforms and content created by users, and additional research may be required to determine the (decisional) role that intermediaries may play in relation to the latter.
6. Governance of emerging technologies: new technologies like artificial intelligence and the internet of things may be governed by the DIA, which may also address regulatory concerns related to them. It would also need to consider the impact of new technologies like robotics, hyper automation, decision-intelligence, and the internet of bodies. It would also need to set up a dynamic framework for governing these technologies with a primary focus on preserving user autonomy and individual rights without affecting innovation or the growth of the digital economy.
Challenges involved:
Some of the challenges with respect to the implementation of the DIA include:
- Some social media platforms and intermediaries may oppose it because they do not agree with the proposed changes to the moderation policies and safe harbour principle.
- In order to effectively enforce and resolve disputes and offenses committed online, it may be necessary to have strong infrastructure and skilled personnel.
- It might have to strike a balance between the interests of users, businesses, the government, and civil society while maintaining transparency and accountability.
- Emerging technologies like AI, deepfakes, and distributed ledger technology, as well as their potential risks and benefits, may require it to deal with their complexities and uncertainties.
- In some areas of the country, there may be a lack of Wi-Fi hotspots and a slow internet connection and the same can pose hurdles to the implementation of the act.
Implementation of the DIA will encourage fair competition among digital players and give you more options for utilizing online services and platforms. On social media platforms, it will safeguard your fundamental speech rights and provide you with a grievance redress mechanism for content complaints Through the DPDP Bill, you will be able to exercise control over your data and have your privacy rights protected. It will protect you from cybercrimes and malicious activities like deepfakes, cyber stalking, trolling, and doxing while also enhancing your online safety and security. It will enable us to take advantage of the innovation and expansion of emerging technologies like artificial intelligence, machine learning, the internet of things, and distributed ledger technology, among others. which may boost the effectiveness and quality of a variety of industries, including e-governance, agriculture, health care, and education.
The proposed DIA, along with other complementary legislation, has the potential to establish a comprehensive regulatory framework that supports the growth of the digital economy while protecting the rights of Indian citizens. With the proliferation of emerging technologies and increasing concerns around cybersecurity and data privacy, a well-defined legal framework is essential for India to maintain its position as one of the fastest-growing digital economies in the world. The proposed legislation includes provisions for the classification of intermediaries, safe harbour protection, emerging technologies, online safety, and governance mechanisms. It is likely to be a mammoth task for the Government to introduce such legislation covering everything in the digital space. Given that India lacks a comprehensive framework for data protection for about half-a-decade since the Puttaswamy verdict affirmed the right to privacy, there is a winding path to traverse in developing such a robust legal framework governing technologies of today and the future If the government effectively implements the proposed legislation, India could become a global leader in the digital economy, providing a fair playing field for digital operators, ensuring online safety and trust, and protecting the rights of digital users.
– J. Gowri and Anupam Prasad
References
1.Proposed Digital India Act,2023, Presentation made on 09/03/2023 at Digital India Dialogues,
2.The Information Technology Act,2000, https://www.indiacode.nic.in/bitstream/123456789/13116/1/it_act_2000_updated.pdf
3. Draft of Indian Telecommunications Bill,2022, https://dot.gov.in/relatedlinks/indian-telecommunication-bill-2022
4. Digital Personal Data Protection Bill,2022, https://www.meity.gov.in/writereaddata/files/The%20Digital%20Personal%20Data%20Potection%20Bill%2C%202022_0.pdf
5. Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (the “Rules”), https://www.meity.gov.in/writereaddata/files/Revised-IT-Rules-2021-proposed-amended.pdf
