Indian government plans law to dilute ‘safe harbour’ for social media
Source:Taipei World Trade Center Liaison Office In Kolkata
From:Taipei World Trade Center Liaison Office In Kolkata
Update Time:2022/05/18
The Indian government is considering a new legislation that will substantially dilute the safe harbour immunity granted to social media platforms to address accountability concerns, protection of personal data and improve cyber security, a top government official said.
The new legislation would replace the existing Information Technology Act and include aspects of the draft data privacy bill while focusing on accountability of social media platforms as globally countries were moving away from granting safe harbour provisions in their data protection regulations.
“Safe harbour is an old construct. A lot has changed since the 1980s, when the concept was brought in, and the world is moving away from it. Look at the new data laws of Europe, Australia and even South Korea. Everyone is moving towards accountability of social media (platforms)," the official said, asking not to be named as the discussions were still in the initial stages.
The safe harbour rule, or Section 79 of the IT Act, says social media intermediaries won’t be held legally or otherwise liable for any third-party information, data, or communication link made available or hosted on its platform.
The European Commission introduced the Digital Services Act and Digital Markets Act in April with the aim to create a safer internet where the rights of users are protected through regulating social media platforms and illegal content. The Digital Services Act is yet to become law, but once adopted, it will apply from 15 months or 1 January 2024, whichever is later. The proposed law says social media platforms and other intermediaries will not be liable for unlawful behaviour of users, but if they’re “aware of illegal acts and fail to remove them," then they will be held liable. The Act has put the onus on large online platforms and search engines—those having over 45 million active users in the EU - and therefore has stricter compliance requirements for them versus their smaller counterparts.
India has been working on a data protection bill, but ever since it was introduced in Parliament in 2019 and took the shape of the personal data protection bill, it has yet to take concrete shape. A joint committee of Parliament had recommended sweeping changes to the bill, including that the bill should include personal as well as non-personal data. The government is yet to come out with a revised bill.
Currently, India’s IT Act does not make intermediaries liable for third-party information or data hosted on their platforms. The government did come out with IT intermediary guidelines in 2021 to increase the accountability of social media platforms, but those have been challenged in various courts. “The IT Act is from a different era. We have to create legislation that addresses today’s concerns," the official said. “The IT rules have served their purpose. A new law has to come, which will look at providing a safer internet."
In the recent directive to virtual private network service providers to retain user data, the official said the government had to keep the records for five years and that the mandate had been issued after industry consultations. “It’s a fair ask, and it has been done with consultation with industry," he said. Cyber watchdog Indian Computer Emergency Response Team (CERT-In) - issued norms to the effect as part of their KYC policy on April 29, asking companies to comply within 60 day.