The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 may have announced several measures to make big social media intermediaries accountable but these have come at the cost of online privacy and risk to data of millions of internet users, said experts.
The rules do not fix liability on social media platforms about do's and dont's on storing and using user data, creating awareness about data sharing and consent especially for non-English speaking users. In absence of online privacy specific law in India, the new rules do not put a check on widespread gathering of personal information of users by social media platforms.
“There are some parts of the rules that may infringe on user privacy and go against the ‘data minimisation’ principle of the Data Protection Law," said Gurshabad Grover, senior policy officer at Centre for Internet and Society (CIS).
Simply put ‘data minimisation’ is a principle which advocates that only those amounts of (user) data should be collected and processed that are adequate and necessary for that purpose. Globally, it is being followed strictly under the European Union’s General Data Protection Regulation (GDPR).
The GDPR regulations, for instance, include requiring the consent of users for data processing, anonymising collected data to protect privacy, providing data breach notifications, safely handling the transfer of data across borders and requiring certain companies to appoint a data protection officer to oversee GDPR compliance. In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to this regulation.
This is in contrast to the new IT rules which mandates intermediaries to retain user information given during the registration process for 180 days (or six months) even after a user deletes his/her account. The rules also state that users who want to verify their accounts voluntarily should be provided with an appropriate mechanism. Private messaging platforms, which offer end-to-end encryption for greater privacy, have been asked to identify the ‘first originator’ which simply means identifying an internet user who starts sharing any type of mischievous information which is being perceived as an attempt of state surveillance.
"To comply with this rule, messaging platforms will have to store metadata which is often deleted as soon as a message is delivered. Clearly, the government is going in the territory of calling for constitutional scrutiny on the right to privacy and stepping into murky legal territory whether all of this is possible through delegated legislation," Grover noted.
Google and Twitter did not comment on the new rules. Facebook said it is committed to people’s ability to freely and safely express themselves on its platforms. "The details of rules like these matter and we will carefully study the new rules that were just published," said a Facebook spokesperson.
To be sure, data is collected through various means such as cookies and software development kits (SDKs) by or on behalf of corporations to create products and services for consumers. Social media platforms, in particular, collect data to serve customised and targeted advertising. However, user data also has the potential to be used to mould the opinions of individuals or disrupt public order.
There is widespread gathering of personal information of users, said Apar Gupta, executive director of Internet Freedom Foundation.
“What is required in India is sound public policy choices which can be made by the government to protect the rights and provide for the welfare of individual internet users in India. The new rules seem to fix accountability on big tech platforms such as Facebook or Google but at a much higher cost to end users by compromising the freedom of their speech and online privacy," he added.
There is also a rising concern on government asking intermediaries to rely on an underdeveloped technology like Artificial Intelligence (AI) for censoring abusive content by relying on and collecting massive amount of user data.
“Development of artificial intelligence (AI) tools of censorship is replete with a host of risks, including the underdeveloped and imperfect nature of AI in the current state-of-the-art," noted Gupta. “AI “learns" by examining vast amounts of data, and the development of a censorship AI is likely to require social media intermediaries to store and examine large amounts of user-generated content that does not in any way relate to the kind of content sought to be censored."
Supreme Court lawyer Virag Gupta thinks it is unfair to criticize IT rules when it comes to user privacy.
"The government needs to notify the impending Data Protection Law as mandated by 9 Judges Supreme Court Judgement to ensure that user data is well protected. In absence of a stringent law, there are 100 crore digital users whose right to privacy and life is being denied both by the government as well as tech giants," he added.
Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.