Revisit IT liability rules

Safeguards must be brought in to protect privacy

Several major global non-profits such as the Wikimedia Foundation, which operates Wikipedia, code repository Github, and the Mozilla Foundation, which supplies the Firefox browser, have expressed reservations about the new Personal Data Protection Bill and allied changes in the IT intermediary liability rules, due to be notified this month. This will not only affect privacy and freedom of expression, according to an open letter from Wikipedia, but will also entail additional costs.
 
Provisions such as automated filtering, setting up local entities, fast takedown of content, and traceability may be impractical, or impossible to comply with, given that the Wiki relies on crowdsourcing content. If the Act is not amended, the free encyclopedia, which has content in 23 Indian languages, may be forced to exit India. That would be a tragedy. It was accessed over 771 million times by Indians in November alone and many Indians contribute to it.

 
In addition, as the open letter by Wikimedia points out, the government had been extremely secretive about the draft intermediary rules. Although public consultations were submitted over a year ago, the final format of the Rules, which are due to be notified by January 15, has not been released. This makes informed debate impossible.
 

These rules affect every intermediary platform with more than 5 million Indian users. Digital giants such as Google, Facebook, Amazon, Netflix, and others are also affected. There have been complaints by many organisations that they cannot prepare for a change in regime without a clear and complete picture of the proposed changes. Even the Internet and Mobile Association of India has expressed doubts, saying that the benefits are unclear and this imposes high costs on service providers.

 
Justice B N Srikrishna, who led the committee that drafted the proposed data protection Bill, has said the amendments could turn India into an “Orwellian surveillance state”. The Bill as passed by the Cabinet for presentation in Parliament on December 11 removes all checks and balances on state surveillance. The original draft by the Srikrishna Committee had suggested government collection of data without consent be “necessary and proportionate”, and for “reasonable purposes”.
 
Those safeguards have been removed. Hence, all organs of government can collect and process personal data without knowledge or consent. In addition, all “non-personal” data is to be made available to the government by any private organisation collecting it. Such anonymised data can be linked to specific individuals by matching the Aadhaar and Election Commission data. It would be easy to misuse such data for all sorts of nefarious purposes, including influencing elections.

 
Intermediaries, which host content, would have to set up a local entity with legal liability. They would need to ensure traceability of all content and comply within 72 hours for requests by local authorities for takedown of content. All sensitive personal data would have to be stored and processed locally, and content could be geo-blocked to make it unavailable in India.
 
Apart from expenses in moving to local servers and setting up local entities, some of this is technically unfeasible for a collaborative model like the Wiki. It may be technically impossible for anybody to trace content, given the use of virtual private networks and encryption. But it would be impossible for Wikipedia to comply on principle. It requires editors to collaborate across regions, and it avoids traceability to prevent harassment of content creators, who write on sensitive topics while based in undemocratic regimes. India could soon join Iran, Pakistan, Turkey, and China on the list of countries where Wikipedia is blocked.

 
Apart from the organisations mentioned above, there could be legal challenges based on infringements of the fundamental right to privacy. The Internet Freedom Foundation (IFF), an Indian organisation that advocates protecting digital rights, has requested the newly-formed parliamentary committee to review the Bill to undertake another, transparent public consultation. The Bill makes every Indian vulnerable to 24x7, 360-degree government surveillance. It would have a chilling effect on free speech, and on e-commerce. Amendments incorporating safeguards are necessary.