The Joint Parliamentary Committee’ (“JPC”) on the Personal Data Protection Bill, 2019 (“PDP Bill”) submitted its report on December 16, 2021 (“Report”). The Report contains several recommendations on various issues relating to the PDP Bill and on other pertinent issues pertaining to data protection and data privacy. The regulation of social media platforms is one of the key topics addressed by the JPC.
1. PDP Bill on regulation of social media platforms
Clause 26 of the PDP Bill which primarily deals with the classification of data fiduciaries as significant data fiduciaries, also lays down special provisions for classification of social media intermediaries as significant data fiduciaries.
The intent of the legislators was to attribute accountability to social media intermediaries which have a significant user base or whose action have or are likely to have a significant impact on electoral democracy, security of the State, public order or the sovereignty and integrity of India.
The explanation to Clause 26(4) of the PDP Bill defined a social media intermediary as follows:
“‘social media intermediary’ is an intermediary who primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services, but shall not include intermediaries which primarily,-
(a) enable commercial or business oriented transactions;
(b) provide access to the Internet;
(c) in the nature of search-engines, on-line encyclopedias, e-mail services or online storage services.”
Clause 26 (4) of the PDP Bill empowers the central government, in consultation with the data protection authority, to notify:
2. Concerns identified on regulation of social media platforms under the Report
With respect to the regulation of social media platforms the JPC identified the following areas of concern:
(i) Transparency and accountability of social media platforms; (ii) Categorization of such platforms as intermediaries; (iii) Profiling of personal data by such platforms; (iv) Instances of discriminatory use of AI by such platforms; (v) Privacy policy of such platforms; (vi) Ongoing investigations of such platforms in countries other than India; (vii) Privacy and content policy of such social media intermediaries; (viii) Intermingling of social media platforms and other OTT platforms; (ix) Ability to influence large segment of population through the use of AI; (x) Anonymous publication of content on such platforms (xi) Obscene and other illegal content; (xii) Criteria adopted by social media platforms for removal of content; (xiii) Code of Ethics for social media platforms.
The main concern raised by the JPC was that the Information Technology Act, 2000 and the rules framed thereunder (“IT Act”) designated social media platforms as 'intermediaries’ and as such the IT Act had failed to adequately regulate social media platforms.
In this regard, the JPC was of the view that the social media platforms act as publishers of content, whereby, they had the ability to select the receiver of the content, as well as control the access to any content posted on their platform and therefore should be made accountable for the content that they allow to be posted/hosted on their platforms.
3. JPC’s Recommendation
While making its recommendation on the regulation of social media platforms the JPC noted the following:
The salient points made under the JPC’s recommendation are summarised below:
In the Report, the JPC has stated that the PDP Bill does not intend to regulate social media platforms. Therefore, as of now It is unclear as to how the JPC intends to enforce these recommendations. Suitable amendments to the Intermediary Guidelines might be a better legislative approach to enforce these recommendations.
4. Changes to the PDP Bill proposed by the JPC
“social media platform means a platform which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services”
“26. (1) The Authority shall, having regard to the following factors, notify any data fiduciary or class of data fiduciary as significant data fiduciary, namely….
….
(f) any social media platform-
(i) with users above such threshold as may be prescribed, in consultation with the Authority; and
(ii)whose actions have or are likely to have a significant impact on the sovereignty and integrity of India, electoral democracy, security of the State or public order:
Provided that different thresholds may be prescribed for different classes of social media platforms”
(g) the processing of data relating to children or provision of services to them.”
The JPC noted that certain significant data fiduciaries may have to be regulated solely under the sectoral regulations in the greater interest of accountability and transparency and recommended that a new provision may be inserted to explicitly deal with sectoral regulation of significant data fiduciaries as Clause 26(4) which would read as follows:
“...(4) Subject to the provisions contained in section 56, the significant data fiduciary shall be regulated by such regulations as may be made by the respective sectoral regulators”
Clause 26, amended as per the JPC’s recommendations, is reproduced below:
"26 (1) The Authority shall, having regard to any of the following factors, notify any data fiduciary or class of data fiduciary as significant data fiduciary, namely:-
(a) volume of personal data processed;
(b) sensitivity of personal data processed;
(c) turnover of the data fiduciary;
(d) risk of harm by processing by the data fiduciary;
(e) use of new technologies for processing;(***)
(f) any social media platform-
(i) with users above such threshold as may be prescribed, in consultation with the Authority; and
(ii) whose actions have or are likely to have a significant impact on the sovereignty and integrity of India, electoral democracy, security of the State or public order:
Provided that different thresholds may be prescribed for different classes of social media platforms;
(g) the processing of data relating to children or provision of services to them; or
(h) any other factor causing harm from such processing.
(2) The data fiduciary or class of data fiduciary referred to in sub-section (1) shall register itself with the Authority in such manner as may be specified by regulations.
(3) Notwithstanding anything contained in this Act, if the Authority is (***) satisfied that any processing by any data fiduciary or class of data fiduciaries carries a risk of significant harm to any data principal, it may, by notification, apply all or any of the obligations (***) provided in sections 27 to 30 to such data fiduciary or class of data fiduciaries, as if it is a significant data fiduciary.
(4). (***)
(4) Subject to the provisions contained in section 56, the significant data fiduciary shall be regulated by such regulations as may be made by the respective sectoral regulators.”
5. Analysis
Prior to releasing its recommendations, the JPC had conducted detailed discussions regarding the regulation of social media platforms with the Ministry of Electronics and Information Technology (“Meity”). The JPC had questioned Meity on the absence of a code of ethics for social media platforms and stressed the inadequacies of self-regulation. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines”) were notified on February 25, 2021. Despite the promulgation of the Intermediary Guidelines, the JPC’s recommendations make it clear that the JPC is not satisfied with the current state of affairs.
Please find a copy of the Report, here, a copy of the PDP Bill, here and a copy of the Intermediary Guidelines, here.
This update has been contributed by Vinod Joseph (Partner) and Anurag Prasad (Associate).
Argus Knowledge Centre is now on WhatsApp! Send us a message on +91 8433523504 to receive updates from our Knowledge Centre.
7A, 7th Floor, Tower C, Max House,
Okhla Industrial Area, Phase 3
New Delhi – 110020
The rules of the Bar Council of India do not permit advocates to solicit work or advertise in any manner. This website has been created only for informational purposes and is not intended to constitute solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work in any manner. By clicking on 'Agree' below, you acknowledge and confirm the following:
a) there has been no solicitation, invitation, advertisement or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
b) you are desirous of obtaining further information about us on your own accord and for your use;
c) no information or material provided on this website is to be construed as a legal opinion and use of this website will not create any lawyer-client relationship;
d) while reasonable care has been taken in ensuring the accuracy of the contents of the website, Argus Partners shall not be responsible for the results of any actions taken on the basis of information provided in this website or for any error or omission in the website; and
e) in cases where the user has any legal issues, the user must seek independent legal advice.