PreprintPDF Available

Digital Media Regulations in India: Some Reflections

Authors:
Preprints and early-stage research may not have been peer reviewed yet.

Abstract

Contemporary societies are marked by the omnipresence and pervasiveness of digital media. Through the mass diffusion of personal computers, smartphones, tablets and other mobile technologies, and an accompanying near-ubiquitous connectivity, digital media have entered into the daily life of ordinary people. In the last two decades, the media and communication scene in India has transformed, partly as a result of liberalization, deregulation, and privatization of media and cultural industries. The IT Act, 2000 and rules thereunder majorly regulate digital media and associated activities in India. Yet, much has happened in the digital domain since the IT Act was passed or even after significant amendments to this legislation in 2008. However, the emergence of the smartphone, app stores and a pervasive internet of things; increasing mobile internet penetration; cloud computing; and big data have weakened several substantive safeguards given in the IT Act. This chapter maps, the important regulatory framework in the new digital age. It first explains the term digital media, its definitions and other basic concepts associated therewith. It subsequently provides the regulatory structure and design for the public and private use of digital media, and where the current regulatory landscape in India falls short in these aspects.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
303
DIGITAL MEDIA REGULATIONS IN INDIA: SOME REFLECTIONS
Ajay Kumar
1
Abstract
Contemporary societies are marked by the omnipresence and pervasiveness of digital
media. Through the mass diffusion of personal computers, smartphones, tablets and other
mobile technologies, and an accompanying near‐ubiquitous connectivity, digital media have
entered into the daily life of ordinary people. In the last two decades, the media and
communication scene in India has transformed, partly as a result of liberalization, deregulation,
and privatization of media and cultural industries. The IT Act, 2000 and rules thereunder
majorly regulate digital media and associated activities in India. Yet, much has happened in
the digital domain since the IT Act was passed or even after significant amendments to this
legislation in 2008. However, the emergence of the smartphone, app stores and a pervasive
internet of things; increasing mobile internet penetration; cloud computing; and big data have
weakened several substantive safeguards given in the IT Act. This chapter maps, the important
regulatory framework in the new digital age. It first explains the term digital media, its
definitions and other basic concepts associated therewith. It subsequently provides the
regulatory structure and design for the public and private use of digital media, and where the
current regulatory landscape in India falls short in these aspects.
1. Introduction
The increasing availability of digital delivery and distribution mechanisms has created
new markets for media and communication products. Despite the very poor telecommunication
infrastructure, the internet has witnessed extraordinary expansion in India, as in 2000, there
were just 5.5 million Internet users in the country (barely 0.5 percent of the population), but by
2021 that figure had climbed to 825.30 million
2
(just over 59 percent of India’s 1.39 billion
population
3
). This was achieved largely by mobile-enabled internet services, making India the
1
Research Fellow, Department of Laws, Guru Nanak Dev University, Amritsar, Punjab-143005 (India)
2
‘Internet Users up Nearly 4% to over 825 Million in Q4 of FY21: TRAI DataBusiness Standard (27 August
2021) <https://www.business-standard.com/article/economy-policy/internet-users-up-nearly-4-to-over-825-
million-in-q4-of-fy21-trai-data-121082701105_1.html> accessed 30 October 2021.
3
‘India Population’ PopulationU.com (2021) <https://www.populationu.com/india-population> accessed 30
October 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
304
world’s second largest internet user after China.
4
India has more than ~500 million active
internet users. It has one of the world’s most affordable mobile data plans, which has also
promoted internet penetration in rural India, including high-speed 4G mobile networks with
low latency.
5
In India, 6.5 million cell phones are sold every month.
6
Every 10 percent increase
in internet subscribers in India led to an increase of 2.4 percent in state per capita GDP.
7
India’s
digital advertising revenue is forecast to expand at a CAGR of 20.6% between FY20 and FY22.
Digital advertising emerged as the second-largest advertising medium in India; generated
revenues worth Rs.199 crore (US$ 2.73 billion) in FY20. By FY22, the digital and OTT market
is expected to generate revenue of Rs.338 billion (US$ 4.63 billion) in India.
8
The Indian online
gaming industry was estimated to be US$ 1.1 billion in 2019 with ~5% share of the Indian
Media and Entertainment (M&E) industry. The gaming industry is expected to grow at a CAGR
of 40% until 2022, taking the market size to US$2.8 billion by 2022, and strengthening the
sector’s share of total M&E by 4−5%. This growth would be majorly driven by mobile gaming
as 85% of the online gaming in India takes place on mobile.
9
Digital subscription grew by
almost 50% as the pandemic and the consequent lockdown reduced fresh content on television,
online sports went behind a paywall and the pandemic forced much of the population for longer
periods indoors. Subscription revenue, which was 3.3% of the segment in 2017, had increased
to 19% by 2020. Approximately 5 to 7 million smart TVs were connected to the internet in
2020. Online video viewers increased 15% to reach 468 million in 2020 and are expected to
grow to 650 million by 2023. Around 200 million people of India streamed music online in
2020, on a monthly basis. Around 448 million Indians were active on social media in 2020, a
growth of 21% over 2019. Social media is now used by 32% of Indians aged 16 years and
above, up from 29% in 2019.
10
4
Joseph Johnson, ‘Countries with the Highest Number of Internet Users Q1 2021’ Statista (March 2021)
<https://www.statista.com/statistics/262966/number-of-internet-users-in-selected-countries/> accessed 30
October 2021.
5
‘Technology, Media, and Telecommunications Predictions 2021’ Deloitte (2021) 1
<https://www2.deloitte.com/content/dam/Deloitte/in/Documents/technology-media-telecommunications/in-tmt-
predictions-2021-noexp.pdf> accessed 15 November 2021.
6
Aswin Punathambekar and Sriram Mohan, Global Digital Cultures: Perspectives from South Asia (University
of Michigan Press, USA 2019).
7
Aman Grover and others, ‘Towards a Digital India for the World’ [2021] Koan Advisory Group 1
<https://www.koanadvisory.com/wp-content/uploads/2021/06/Digital-India-for-the-World-2021.pdf>.
8
‘Media and Entertainment’ Indian Brand Equity Foundation (January 2021)
<https://www.ibef.org/download/Media-and-Entertainment-January-2021.pdf> accessed 17 November 2021.
9
‘Technology, Media, and Telecommunications Predictions 2021’ (n 7).
10
‘Playing by New Rules: India’s Media & Entertainment Sector Reboots in 2020’ FICCI-EY (March 2021)
<https://www.ey.com/en_in/media-entertainment/playing-by-new-rules-media-and-entertainment-industry-
trends-2020> accessed 15 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
305
In India, the Information Technology Act, 2000
11
(hereinafter the ‘IT Act’) and rules
thereunder majorly regulate digital media and associated activities such as digital storage and
transfers, cyber-security, online behaviour and criminal conduct, intermediary liability and
diligence standards, protection of sensitive personal data and online surveillance key themes
linked with the use of the internet. Yet, much has happened in the digital domain since the IT
Act was passed or even after significant amendments to this legislation in 2008. However, the
emergence of the smartphone, app stores and a pervasive internet of things; increasing mobile
internet penetration; cloud computing; and big data have resulted in beneficial and new kinds
of innovation. But they equally weaken several substantive safeguards in the IT Act to protect
rights and freedoms of citizens, as well as stretch the limits of regulatory capacity envisaged
therein.
12
This chapter maps, the important regulatory framework in the new digital age. It focuses on
the possible regulatory responses to emerging concerns in digital media for several reasons.
The first of these is because data is arguably the most important asset for innovation and market
dominance in the digital age. Therefore, guidance on regulating this asset is inevitable for the
future of technology and innovation. The second is because digital media is a complex
innovation and ushers a host of new problems such as privacy, data security, intermediary
liabilities, etc. Hence this chapter first explains the term digital media, its definitions and other
basic concepts associated with digital media. It subsequently provides the regulatory structure
and design for the public and private use of digital media, and where the current regulatory
landscape in India falls short in these aspects.
2. What is Digital Media?
Media is all around, and digital media specifically, is becoming an omnipresent part of daily
lives. Which points the important question that what exactly does digital media mean? To put
it simply, digital media includes any device or medium that uses digital signals to convey
content. Examples of digital media in one’s daily life could be the video games, the podcast or
11
This Act has been substantially amended through the Information Technology (Amendment) Act, 2008. It
introduced Section 66A which penalized sending "offensive messages". It also introduced Section 69, which gave
authorities the power of "interception or monitoring or decryption of any information through any computer
resource". Additionally, it introduced provisions addressing - pornography, child porn, cyber terrorism and
voyeurism. The amendment was passed on 22 December 2008 without any debate in Lok Sabha. The next day it
was passed by the Rajya Sabha. It was signed into law by President Pratibha Patil, on 5 February 2009.
12
Ananth Padmanabhan Anirudh Rastogi, ‘Big Data’ in Devesh Kapur and Madhav Khosla (eds), Regulation in
India: Design, Capacity, Performance (Hart Publishing, Oxford, UK 2019).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
306
the touchscreen kiosk. Digital media, unlike traditional forms of media, such as printed books
or art, gives anyone the flexibility to access their favourite digital content where and when they
want it.
13
According to another definition, digital media includes any format or device used to
convey content using digital signals. Digital media is digitized content that can be transmitted
over the internet or computer networks. This can include text, audio, video, and graphics. This
means that news from a TV network, newspaper, magazine, etc. that is presented on a Web site
or blog can fall into this category. Most digital media are based on translating analog data into
digital data.
14
However, the term may also define as technology or content that’s consumed or encrypted
through a machine-readable platform. While the term ‘digital’ encompasses anything with
numeral digits, the term ‘media’ refers to a method of transmitting information. Therefore,
digital media can be defined as information shared through a digital device or screen.
Essentially, it’s any form of media that relies on an electronic device for its creation,
distribution, view, and storage.
15
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules,
2021 (hereinafter the ‘IT Rules 2021’) provides that ‘digital media’ means digitized content
that can be transmitted over the internet or computer networks and includes content received,
stored, transmitted, edited or processed by (i) an intermediary; or (ii) a publisher of news and
current affairs content or a publisher of online curated content.
16
3. Types of Digital Media
Digital media can be thought of in many different ways. One way to best understand digital
media is to break it down into broader categories. Which are:
17
13
‘Media + Gaming: What Is The Future of Digital Media? What Are Types of Digital Media?’ Builtin Beta
<https://builtin.com/media-gaming> accessed 14 November 2021.
14
Selçuk Bazarcı, ‘Real-Time Marketing as a New Marketing Approach in the Digital Age: A Study on the
Brands’ Social Media Sharing in Turkey’ in Serpil Kır (ed), New Media and Visual Communication in Social
Networks (IGI Global, USA 2020) <https://www.igi-global.com/chapter/real-time-marketing-as-a-new-
marketing-approach-in-the-digital-age/236561> accessed 19 November 2021.
15
‘Digital Media: Definition and Examples’ Copypress <https://www.copypress.com/kb/content-
marketing/digital-media-definition-and-examples/> accessed 19 November 2021.
16
Sec. 2(i) of the IT Rules 2021.
17
Ronn Torossian, ‘Types of Digital Media’ Commpro <https://www.commpro.biz/types-of-digital-media/>
accessed 14 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
307
3.1 Formats
3.1.1 Audio
Digital audio technologies are used in the recording, manipulation, mass-production, and
distribution of sound, including recordings of songs, instrumental pieces, podcasts, sound
effects, and other sounds. Modern online music distribution depends on digital recording and
data compression. The availability of music as data files, rather than as physical objects, has
significantly reduced the costs of distribution. Before digital audio, the music industry
distributed and sold music by selling physical copies in the form of records and cassette tapes.
With digital-audio and online distribution systems, companies sell digital sound files to
consumers, which the consumer receives over the Internet.
18
Streaming audio online or
listening to midi, WMA, .mp3 or .mp4 files are but some examples. iTunes, YouTube and
Google Play are among the most popular platforms.
19
3.1.2 Video
Digital video is an electronic representation of moving visual images (video) in the form of
encoded digital data. This is in contrast to analog video, which represents moving visual images
in the form of analog signals. Digital video comprises a series of digital images displayed in
rapid succession.
20
Video is both visual and auditory. Like audio, it can be accessed both online
and offline.
21
Because of the combination of pictures and sound, YouTube and Google Play
are very popular. Many sites also stream video which has been found to be a powerful sales
tool. “Live” video via webcam chats, video conferencing, etc. are also utilized a lot.
22
3.1.3 Image
A digital image is a representation of a real image as a set of numbers that can be stored and
handled by a digital computer. In order to translate the image into numbers, it is divided into
small areas called pixels (picture elements). For each pixel, the imaging device records a
number, or a small set of numbers, that describe some property of this pixel, such as its
brightness (the intensity of the light) or its colour. The numbers are arranged in an array of
rows and columns that correspond to the vertical and horizontal positions of the pixels in the
18
‘Digital Audio’ Wikipedia <https://en.wikipedia.org/wiki/Digital_audio> accessed 14 November 2021.
19
Torossian (n 19).
20
‘Digital Video’ Wikipedia <https://en.wikipedia.org/wiki/Digital_video> accessed 14 November 2021.
21
Dalia Goldberg, ‘What Is Digital Media and How Can It Help My Career?’ Springboard Blog (29 July 2019)
<https://www.springboard.com/blog/design/digital-media/> accessed 14 November 2021.
22
Torossian (n 19).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
308
image.
23
Depending on whether the image resolution is fixed, it may be of vector or raster type.
By itself, the term "digital image" usually refers to raster images or bitmapped images (as
opposed to vector images).
24
3.1.4 Text
Digital Text or e-text is an electronic version of a written text. It can be found on the internet
or on computer or on a variety of hand-held electronic devices. E-text is a general term for any
document that is read in digital form, and especially a document that is mainly text.
25
For
example, a computer-based book of art with minimal text, or a set of photographs or scans of
pages, would not usually be called an ‘e-text’. An e-text may be a binary or a plain text file,
viewed with any open source or proprietary software. An e-text may be an electronic edition
of a work originally composed or published in other media, or may be created in electronic
form originally.
26
Just about all digital media includes text. Text is particularly critical in
searches and websites.
27
3.2 Content Types
The aforesaid are some digital media types in terms of format, and the following are few types
of digital media in the sort of content. While format has to do with how one experience a piece
of media, content type refers to what the media is used for.
3.2.1 eBooks
An eBook (in full electronic book) is a digital file containing a body of text and images suitable
for distributing electronically and displaying on-screen in a manner similar to a printed book.
E-books can be created by converting a printer’s source files to formats optimized for easy
downloading and on-screen reading, or they can be drawn from a database or a set of text files
that were not created solely for print.
28
E-books can be read on dedicated e-reader devices, but
also on any computer device that features a controllable viewing screen, including desktop
computers, laptops, tablets and smartphones.
29
23
‘Digital Images’ Encyclopedia.com <https://www.encyclopedia.com/computing/news-wires-white-papers-and-
books/digital-images> accessed 14 November 2021.
24
‘Digital Image’ Wikipedia <https://en.wikipedia.org/wiki/Digital_image> accessed 14 November 2021.
25
‘Redefining Literacy’ Transforming Literacy <http://shardin.weebly.com/index.html> accessed 14 November
2021.
26
‘E-Text’ Wikipedia <https://en.wikipedia.org/wiki/E-text> accessed 14 November 2021.
27
Torossian (n 19).
28
Arthur Attwell, ‘E-Book’ Britannica (1 November 2021) <https://www.britannica.com/technology/e-book>
accessed 14 November 2021.
29
Emma Yates, ‘Ebooks: A Beginner’s Guide’ The Guardian (19 December 2001)
<https://www.theguardian.com/books/2001/dec/19/ebooks> accessed 14 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
309
3.2.2 Blogs/Articles
Blog posts and articles are another type of digital media. They are shorter than eBooks, can be
accessed online. The purpose of a blog post or article is to quickly inform the audience about
a certain topic.
30
The word blog is actually a shortened form of its original name, ‘weblog’.
31
A blog post is usually written from a personal perspective based on opinion, can include facts
or information however it is based on experience and includes more personality. An article is
typically written to convey facts, information, news and unbiased perspective.
32
3.2.3 Social Media
Social media is one of the most powerful digital tools and nowadays is integrated into the social
and economic life of people.
33
It refers to websites and applications that are designed to allow
people to share content quickly, efficiently, and in real-time. While many people access social
media through smartphone apps, this communication tool started with computers, and social
media can refer to any internet communication tool that allows users to broadly share content
and engage with the public.
34
Popular social media networks include Facebook, Twitter,
Instagram, and LinkedIn.
3.2.4 Advertising
Digital Advertising is an expression used to refer to advertising that involves computational
networks.
35
It is the practice of delivering promotional content to users through various online
and digital channels. It leverages mediums such as social media, email, search engines, mobile
apps, affiliate programs and websites to show advertisements and messages to audiences.
36
Some types of digital media ads include website banner ads, search ads, video ads, social media
ads, etc.
3.2.5 Art
In its broadest extant sense, digital art refers to art that relies on computer-based digital
encoding, or on the electronic storage and processing of information in different formatstext,
30
Goldberg (n 23).
31
Randy Duermyer, ‘What Is Blogging?’ The Balance Small Business (8 January 2021)
<https://www.thebalancesmb.com/blogging-what-is-it-1794405> accessed 14 November 2021.
32
‘Blog Posts vs Articles: What’s The Difference?’ (Start Small Media, 2020)
<https://www.startsmallmedia.com/blog-post-vs-article/> accessed 14 November 2021.
33
Cvetanka Ristova and Nikola Dimitrov, ‘The Value of Social Media as Digital Tool in Hospitality’ (2019) 11
International Journal of Information, Business and Management 179.
34
Matthew Hudson, ‘What Is Social Media?’ The Balance Small Business (23 June 2020)
<https://www.thebalancesmb.com/what-is-social-media-2890301> accessed 14 November 2021.
35
Andrew John McStay, Digital Advertising (2nd edn, Palgrave Macmillan, London 2016).
36
Indrajeet Deshpande, ‘What Is Digital Advertising and Getting Started as a Digital Advertiser’ Toolbox (4
February 2021) <https://www.toolbox.com/marketing/advertising/articles/digital-advertising-primer-martech-
101/> accessed 14 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
310
numbers, images, soundsin a common binary code. The ways in which art-making can
incorporate computer-based digital encoding are extremely diverse. A digital photograph may
be the product of a manipulated sample of visual information captured with a digital camera
from a “live” scene or captured with a scanner from a traditional celluloid photograph. Music
can be recorded and then manipulated digitally or created digitally with specialized computer
software.
37
3.2.6 Gaming
Gaming has had a meteoric rise towards becoming one of the world’s most popular forms of
digital media. Gaming is an important part of culture because of its innate ability to entertain
and be an inclusive form of digital media. By stunning visuals and epic storylines, video game
industry is too seizing significant share of digital media. The immersive and enthralling effects
of games are appealing gamers to consume more digital content. The gaming industry has also
spawned new forms of digital media, mainly with streaming platforms and e-sports.
Technological advancements in the gaming industry have made it one of the most exciting,
entertaining and important industries of digital media.
38
3.2.7 Digital Reality
Digital Realities is the collective term for Augmented Reality, Virtual Reality and Mixed
Reality. These are methods of visualising a digital object or environment in a more natural and
intuitive way. They provide the opportunity to overlay data making it easily accessible and
relevant. The term Extended Reality is also used to refer to all real and virtual combined
environments and human-machine interactions generated by computer technology and
wearables.
39
3.3 Marketing Types
The success of a company requires a strategic digital marketing plan to ensure brand
advertising reaches as many customers (potential, current and loyal) as possible. Employing
following three types of digital media marketing plan will boost both the number of customers
and consumers reached.
40
37
Katherine Thomson-Jones and Shelby Moser, ‘The Philosophy of Digital Art’ (2021) The Stanford
Encyclopedia of Philosophy 1 <https://plato.stanford.edu/archives/spr2021/entries/digital-art/>.
38
‘Media + Gaming: What Is The Future of Digital Media? What Are Types of Digital Media?’ (n 15).
39
Simon Bell, Mike Shilton and Simon Odell, ‘Digital Realities’ (2019) Technical Information Note 10/2019
<https://landscapewpstorage01.blob.core.windows.net/www-landscapeinstitute-org/2019/10/19-10-Digital-
Realities.pdf>.
40
Mary Jo Preston, ‘The Digital Media Trifecta: 3 Essential Strategies for Your Brand’ Stream Creative
<https://www.streamcreative.com/blog/the-digital-media-trifecta-3-essential-strategies-for-your-brand>
accessed 18 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
311
3.3.1 Paid
When a company pays to leverage their brand on a channel, this is considered paid media.
Different types of paid media, such as display ads, paid search ads, Facebook ads, and
commercials, exist and can be used in different ways.
41
3.3.2 Owned
Owned media is any online asset that one control and direct, and which is unique to his brand.
These types of digital media platforms include company’s website, blogs, social media
channels, mobile site, infographics and eBooks.
42
3.3.3 Earned
Earned Media is any sort of content or material that was written about a company, its brand, or
its business from an outside entity. This content was not created or paid for by the company,
someone simply wrote it because they believe in such company’s brand. This kind of media is
invaluable because it shows that another brand or company is giving such brand a seal of
approval out of their own pocket.
43
4. Characteristics that distinguish Digital Media
What distinguishes digital media from conventional media are six characteristics that will make
it difficult for existing categories of law to adjust to the protection of works in digital form.
They are:
44
the ease with which works in digital form can be replicated,
the ease with which they can be transmitted,
the ease with which they can be modified and manipulated,
the equivalence of works in digital form,
the compactness of works in digital form, and
the capacity they have for creating new methods of searching digital space and linking
works together.
5. Advantages of Digital Media?
The use of digital media provides several benefits for both individuals and businesses alike.
Following are some of the benefits that digital media provides:
45
41
ibid.
42
‘A Beginner’s Guide To The 3 Types Of Digital Media’ JonAllo.com <https://jonallo.com/3-types-of-digital-
media/> accessed 18 November 2021.
43
‘The 3 Types of Digital Media’ (Widsix) <https://widsix.com/written-word/3-types-of-digital-media/> accessed
18 November 2021.
44
Amitabh Singh and Shashank Chandel, ‘3D Printer: Needs Real Treat to Intellectual Property in Indian
Perspective’ (2019) 10 Indian Journal of Law and Justice 51.
45
‘Digital Media: Definition and Examples’ (n 17).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
312
5.1 Storage and preservation
Digital media is stored on digital storage devices such as Hard Drives and Flash storage. This
has allowed huge amounts of data to be stored on a small place with no risk of damage to the
data provided that the medium in which the data is stored in is not mistreated. An example: In
the past, photos were printed on Paper. This had a few disadvantages in terms of storage and
preservation. Large amounts of printed photos would quickly take up lots of space and there
was also the risk of the photos becoming damaged due to a lot of things such as weather, pests
and even time. Digital media has made these problems a thing of the past because as discussed
before, digital storage mediums can store a large amount of data in a small size device.
46
5.2 Social Interaction
Digital media has allowed both businesses and individuals to maintain relationships and
friendships across time and distance. It facilitates social interaction and allows people to
connect with others despite their location. While individuals use social media to express
sympathy, receive support, share updates, and to send messages to friends or family, businesses
use social media to connect with their target audience and to market their products and
services.
47
5.3 Distribution and Access
Digital media is very easy access and to distribute via digital storage mediums and the internet.
Compared to the past, where people wanted to share a large amount of data, it would take up a
lot of space and would take great effort in order to transfer it from one place to another. This
also limited the access people had to certain information. The advent of digital ways of
distribution has made it really easy to share and access information (provided that it is not
sourced illegally). Easier methods of distribution have allowed greatly improved
communication and knowledge of world affairs between countries and individuals and since
media can be accessed more easily than ever, the audience of digital media grows larger and
larger.
48
46
‘The Purpose and Characteristics of Digital Media’ (Digital Media Resources)
<https://digitalmediaresources.weebly.com/the-characteristics-and-purpose-of-digital-media.html> accessed 18
November 2021.
47
‘Digital Media: Definition and Examples’ (n 17).
48
‘The Purpose and Characteristics of Digital Media’ (n 48).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
313
5.4 Boost Productivity
Digitization of content and data, as well as new digital communication technologies, have
opened up novel opportunities for where, when, how and by whom work gets done. This is
changing the nature of the employment relationship. Many jobs now can be done anywhere, at
any time, facilitated by the availability of digital data, high speed internet, and better
messaging, audio and video technology.
49
5.5 Manipulation
Digital media can be easily manipulated by anyone with the necessary skills. Things such as
photos can be resized, cropped, and visually altered in ways to make it appear better or to
completely change the meaning. Things can be merged as well. In the past, manipulating audio
and visual data was extremely difficult since it was a tedious process to alter data seamlessly.
Present computers with powerful software have made it easy to manipulate data. For example,
the pitch, speed, length etc of an audio clip can easily altered with a computer.
50
5.6 Civic Participation
While traditional media has long been central to informing the public and focusing public
attention on particular subjects, digital media is helping to amplify the response to humanitarian
crises and to support those afflicted by these crises. During the Arab Spring of 2011-2012,
digital media served as a vehicle to mobilize resources, organize protests and draw global
attention to the events. Through digital media, users around the world collected $2 million in
just two days for victims of the Nepal earthquake of 2015.65 Refugees fleeing the war in Syria
have cited Google Maps and Facebook groups as sources of information that helped them to
not only plan travel routes but to also avoid human traffickers.
51
5.7 Cost
Easier methods of storage and distribution have made the costs of maintenance much lower.
This is because, for example, in the past an office may have stored a variety of important
documents in hard copy. If they were to be damaged, the office part of the business or company
would suffer major monetary loss. Also, the costs in keeping media in hard copy (e.g., paper)
49
‘Benefits and Opportunities’ World Economic Forum (2016) <https://reports.weforum.org/human-
implications-of-digital-media-2016/> accessed 19 November 2021.
50
‘The Purpose and Characteristics of Digital Media’ (n 48).
51
‘Benefits and Opportunities’ (n 51).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
314
has diminished due to media resorting to digital forms of storage. Easy distribution of media
via the internet has also made it able to reach a wider audience for less as there are less costs
in distribution in terms of postage and labour costs etc. Social media also provides a good
medium of advertising, allowing content to reach many different types of people.
52
6. Regulatory Framework of Digital Media
Although the IT Rules 2021
53
is the only legislation in India which specifically regulates digital
media space, however there are several other provisions in the existing legal arena which deals
with the subject too. Therefore, it is suitable to discuss firstly the IT Act (parent provisions of
IT Rules 2021) and other relevant provisions thereunder, before discussing the IT rules 2021.
These legislations and provisions are specifically enumerated as under:
6.1 The Information Technology Act, 2000
Under Chapter XI of the IT Act, Sections 65, 66, 66A
54
, 6C, 66D, 66E, 66F, 67, 67A and 67B
contain punishments for computer related offences which can also be committed through
digital media viz. tampering with computer source code, committing computer related offences
given under Section 43, sending offensive messages through communication services, identity
theft, cheating by personation using computer resource, violation of privacy, cyber terrorism,
publishing or transmitting obscene material in electronic form, material containing sexually
explicit act in electronic form, material depicting children in sexually explicit act in electronic
form, respectively.
55
Section 43A of the IT Act, newly introduced in 2008, makes a start at introducing a mandatory
data protection regime in Indian law. The section obliges corporate bodies who ‘possess, deal
or handle’ any ‘sensitive personal data’ to implement and maintain ‘reasonable security
practices’, failing which, they would be liable to compensate those affected by any negligence
attributable to this failure. There are three key aspects of this section that bear highlighting:
56
52
‘The Purpose and Characteristics of Digital Media’ (n 48).
53
The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
54
On 24 March 2015, the Supreme Court of India, gave the verdict that Section 66A is unconstitutional in entirety.
The court said that Section 66A of IT Act 2000 is "arbitrarily, excessively and disproportionately invades the right
of free speech" provided under Article 19(1) of the Constitution of India. But the Court turned down a plea to
strike down sections 69A and 79 of the Act, which deal with the procedure and safeguards for blocking certain
websites.
55
Shishir Tiwari and Gitanjali Ghosh, ‘Social Media and Freedom of Speech and Expression: Challenges before
the Indian Law’ SSRN (2014) 1 <http://dx.doi.org/10.2139/ssrn.2892537> accessed 15 November 2021.
56
Prashant Iyengar, ‘Privacy in India: Country Report, October 2011’ SSRN Electronic Journal (2013) 1
<http://dx.doi.org/10.2139/ssrn.2302978> accessed 15 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
315
It is only the narrowly-defined ‘body corporates’ engaged in ‘commercial or
professional activities’ who are the targets of this section. Thus, government agencies
and non-profit organisations are entirely excluded from the ambit of this section.
‘Sensitive personal data or information’ is any information that the Central Government
may designate as such, when it sees fit to.
The ‘reasonable security practices’ which the section obliges body corporates to
observe are restricted to such measures as may be specified either ‘in an agreement
between the parties’ or in any law in force or as prescribed by the Central Government.
Section 66E of the Act provides for punishment in cases of violation of privacy. It states that
any act by a person who, knowingly or unknowingly, without consent, takes a photograph of
the private areas of a person, or sends such a photograph to someone else or publishes such a
photograph, under circumstances which violate the person’s privacy, will be considered a
crime.
57
Section 69 of the Act grants power to the Central or a State Government to issue directions for
interception or monitoring or decryption of any information through any computer resource in
the interest of the sovereignty or integrity of India, defence of India, security of the State,
friendly relations with foreign States, public order, for preventing incitement to commission of
any cognizable offence, for investigation of any offence. Section 69A grants power to the
Central Government to issue directions to block public access of nay information through any
computer resource on similar grounds. Section 69B grants power to the Central Government
to issue directions to authorize any agency to monitor and collect traffic data or information
through any computer resource for cyber security.
58
The Act provides for liability of intermediary. An intermediary shall not be liable for any third-
party information, data or communication link made available or hosted by him in the following
cases:
59
a) His function is limited to providing access to a communication system over which such
information is transmitted, stored or hosted.
b) He does not initiate, select the receiver and select or modify the information contained
in the transmission.
c) He observes due diligence and other guidelines prescribed by the Central Government
while discharging his duties.
57
‘Cyberspace & Sexual Violence Laws’ Safecity <https://www.safecity.in/cyberspace-sexual-violence-laws/>
accessed 17 November 2021.
58
Tiwari and Ghosh (n 57).
59
Section 79 of The IT Act.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
316
Again, an intermediary shall be liable in the following cases:
60
a) He has conspired, abetted, aided or induced by threats, promise or otherwise in the
commission of the unlawful act.
b) He fails to expeditiously remove or disable access to the material which is being used
to commit the unlawful act, upon receiving actual knowledge or on being notified by
the Government.
If any intermediary fails to assist, comply with direction and intentionally contravenes
provisions under Sections 69, 69A and 69B respectively, he shall be liable to punishment.
Section 70B provides for an agency of the Government to be appointed by the Central
Government called the Indian Computer Emergency Response Team, which shall serve as the
national agency for performing functions relating to cyber security.
61
Section 46 of the Act empowers the Central Government to appoint any person not below the
rank of Director to the Govt. of India or an equivalent officer of a State Government to be an
adjudicating officer under the Act, and such an officer has the powers to hold inquiries and
award penalties, for the purpose of adjudicating any contravention under the Act, rules,
regulation, direction or order. This provision enables the government to appoint a quasi-judicial
authority to adjudicate upon these contraventions. The pecuniary jurisdiction vested upon the
adjudicating officer is to the extent of Rs. 5 crores, i.e., the adjudicating officer can order
compensation or penalties to the maximum amount of Rs 5 crores.
62
Under various sections of the IT Act, the government routinely gives notice of sets of
Information Technology Rules (‘the IT Rules’) to broaden its scope.
63
These IT Rules focus on
and regulate specific areas of collection, transfer and processing of data, and include, most
recently, the following:
6.2 The Information Technology (Procedure and Safeguards of Interception, Monitoring
and Decryption of Information) Rules, 2009
Section 69 of the IT Act allows for the interception, monitoring and decryption of digital
information in the interest of the sovereignty and integrity of India, of the defence of India,
security of the State, friendly relations with foreign nations, public order, preventing the
60
Section 79(3) of The IT Act.
61
Tiwari and Ghosh (n 57).
62
‘How to Recover Compensation under the Information Technology Act’ Ipleaders (2018)
<https://blog.ipleaders.in/compensation-under-the-information-technology-act/> accessed 18 November 2021.
63
Aditi Subramaniam and Sanuj Das, ‘The Privacy, Data Protection and Cybersecurity Law Review: India’ The
Law Reviews (2021) <https://thelawreviews.co.uk/title/the-privacy-data-protection-and-cybersecurity-law-
review/india> accessed 15 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
317
incitement to the commission of any cognizable offense relating to the above, and for the
investigation of an offense. While this provision is similar to interception provision under the
Telegraph Act
64
, it is noteworthy that it dispenses with the sine qua non of “the occurrence of
public emergency of the interest of public safety”, thus dramatically broadening the ambit of
powers. The Information Technology (Procedure and Safeguards of Interception, Monitoring
and Decryption of Information) Rules, 2009 (hereinafter the ‘IT Interception Rules 2009’)
framed under Section 69 and 69B of IT Act, include safeguards stipulating who may issue
directions of interception and monitoring, how such directions are to be executed, the duration
they remain in operation, to whom data may be disclosed, confidentiality obligations of
intermediaries, periodic oversight of interception directions by a Review Committee, the
retention of records of interception by intermediaries and to the mandatory destruction of
information in appropriate cases.
65
The definition of ‘interception’ under Rule 2(l) means the ‘acquisition’ of the contents of any
information carried out through the use of any means so that the information could be accessed
by any person other than the sender or recipient of that information. The definition also includes
the power to monitor, view, examine, inspect or even divert any information from its intended
destination to a different destination. Similarly, the definition of ‘monitor’ contained in Rule
2(o) brought within its ambit the power to record the information. The power to decrypt the
information under Rule 2(f) would further entail the conversion of information in the non-
intelligible form to an intelligible form through the complex use of algorithms and
mathematical formulae to make the information intelligible.
66
Rule 3 allows the ‘competent
authority’ to issue directions for monitoring for any of a number of specified purposes related
to cyber security.
67
Rule 4 of the IT Interception Rules 2009 provides that ‘the competent
authority may authorise an agency of the Government to intercept, monitor or decrypt
information generated, transmitted, received or stored in any computer resource for the purpose
specified in sub-section (1) of Section 69 of the Act’.
68
64
Section 5(2) of the Indian Telegraph Act, 1885
65
‘The Right to Privacy in India: Stakeholder Report Universal Periodic Review 27th Session, India’ (2016)
<https://www.upr-info.org/sites/default/files/document/india/session_27_-
_may_2017/js35_upr27_ind_e_main.pdf> accessed 15 November 2021.
66
Nipun Saxena, ‘Is It the Last Flight for Pegasus? [Part–II]’ The Leaflet (24 July 2021)
<https://www.theleaflet.in/is-it-the-last-flight-for-pegasus-part-ii/> accessed 15 November 2021.
67
‘The Right to Privacy in India: Stakeholder Report Universal Periodic Review 27th Session, India’ (n 67).
68
‘Some Points on Lawful Interception or Monitoring or Decryption of Information through Computer Resource’
Press Information Bureau (21 December 2018) <https://pib.gov.in/Pressreleaseshare.aspx?PRID=1556945>
accessed 15 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
318
According to the IT Interception Rules, 2009, only the competent authority can issue an order
for the interception, monitoring or decryption of any information generated, transmitted,
received or stored in any computer resource under sub-section (2) of section 69 of the IT Act.
69
At the State and Union Territory level, the State Secretaries respectively in charge of the Home
Departments are designated as ‘competent authorities’ to issue interception directions.
70
In
unavoidable circumstances the Joint Secretary to the Government of India, when so authorised
by the Competent Authority, may issue an order. Interception may also be carried out with the
prior approval of the Head or the second senior most officer of the authorised security agency
at the Central Level and at the State Level with the approval of officers authorised in this behalf
not below the rank of Inspector General of Police, in the emergent cases.
71
As per rule 22 of the IT Interception Rules, 2009, all such cases of interception or monitoring
or decryption are to be placed before the review committee headed by Cabinet Secretary, which
shall meet at least once in two months to review such cases. In case of State governments, such
cases are reviewed by a committee headed by the Chief Secretary concerned.
72
Rule 10 requires
the name and designation of the officer of the authorized\agency to whom such information
should be disclosed. Rule 13 requires the intermediary to provide all facilities, co-operation
and assistance for interception or monitoring or decryption of information.
73
On 20th December, 2018, the Ministry of Home Affairs issued a statutory order in accordance
with Rule 4 of the IT Interception Rules, 2009. This order authorised ten central bodies or
agencies to monitor, intercept and decrypt any information generated, received, transmitted, or
stored in any computer. The central agencies that have been given permission include the
Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, Central Board of
Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation; National
Investigation Agency, Cabinet Secretariat (R&AW), Directorate of Signal Intelligence (For
service areas of Jammu & Kashmir, North-East and Assam only) and Commissioner of Police,
Delhi.
74
69
Rule 3 of IT Interception Rules 2009.
70
Rule 2(d) of IT Interception Rules 2009.
71
‘The Right to Privacy in India: Stakeholder Report Universal Periodic Review 27th Session, India’ (n 67).
72
‘Some Points on Lawful Interception or Monitoring or Decryption of Information through Computer Resource’
(n 70).
73
Tiwari and Ghosh (n 57).
74
‘Home Ministry Allows 10 Central Agencies to Engage in Electronic Snooping’ The Wire (21 December 2018)
<https://thewire.in/government/home-ministry-allows-10-central-agencies-to-engage-in-electronic-interception>
accessed 18 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
319
6.3 The Information Technology (Procedure and Safeguards for Blocking for Access of
Information by Public) Rules, 2009
In exercise of the powers conferred by clause (z) of sub-section (2) of section 87, to be read
with sub-section (2) of section 69A of the Information Technology Act 2000, the Central
Government hereby makes the Information Technology (Procedure and Safeguards for
Blocking for Access of Information by Public) Rules, 2009 (hereinafter the ‘Blocking Rules,
2009’).
75
According to the Blocking Rules, 2009, the Central Government shall designate by notification
in official gazette, an officer of the Central Government not below the rank of joint secretary,
as the ‘designated Officer’, for the purpose of issuing direction for blocking for access by the
public any information generated transmitted, received, stored or hosted in any computer
resource under subsection (2) of section 69A of the Act.
76
The Blocking Rules provides that
every organisation for the purpose of these rules, shall designate one of its officer as the Nodal
Officer and shall intimate the same to the Central Government in the Department of
Information Technology under the Ministry of Communications and Information Technology,
Government of India and also publish the name of the said Nodal Officer on their website.
77
Further, the Designated Officer may, on receipt of any request from the Nodal Officer of an
organisation or a competent Court, by order direct any Agency of the Government or
intermediary to block for access by the public any information or part thereof generated,
transmitted, received, stored or hosted in any computer resource for any of the reasons specified
in sub-section (1) of section 69-A of the Act.
78
As per Rule 6(1) any person can send their complaint to the Nodal officer of the concerned
organization requesting the blocking of any content being 'generated, transmitted, received,
stored or hosted in any computer resource'. Moreover, such a request generated by the Nodal
officer can be sent directly to the designated officer but request other than the one from the
Nodal officer would require the assent of the Chief Secretary of the concerned territory or state.
After the Nodal Officer observes the merit in the complaint it is forwarded to the Designates
officer who then chairs a committee to scrutinize the validity of the request. The committee
under Rule 7 of the Act consists of the Designated officer as its chairperson and representatives
75
Himanshi Srivastava, ‘What Are the Laws Regarding Blocking of Website?’ Ipleaders (2017)
<https://blog.ipleaders.in/laws-regarding-blocking-website/> accessed 18 November 2021.
76
Rule 3 of the Blocking Rules, 2009.
77
Rule 4 of the Blocking Rules, 2009.
78
Rule 4 of the Blocking Rules, 2009.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
320
who should not be below the rank of Joint Secretary in Ministries of Law and Justice, Home
Affairs, Information and Broadcasting and the Indian Computer Emergency Response Team.
79
After the complaint is received by the committee the Designated Officer takes adequate steps
to identify the person or the intermediary responsible for hosting such content and even the
computer resource which has generated or is hosting the content. The intermediary after
identification, is served a notice to appear before the committee and submit its reply and
clarification to the same at a specified date and time which in any case shall not be less than 48
hours.
80
If the intermediary happens to be a foreign entity or body then the notice shall be sent
in the form of fax or emails and the intermediary shall respond to the same within the specified
time. In the case of non-appearance before the committee by both the intermediary within the
country as well as those as a foreign entity or body the committee shall issue recommendation
based on the complaint received and presented by the Nodal officer along with the sample
information available with the committee.
81
The recommendations of the committee are
submitted to the Secretary in the Department of Information Technology under the Ministry of
Communication and Information Technology under the Government of India.
82
After getting
the approval of the Secretary, Department of Information Technology, the Designated officer
has the power to mandate any agency of the government or an intermediary to block the
misleading and offensive information having being generated, received, stored or hosted in
their computer resource for public access.
83
Rule 9 of the Blocking Rules, 2009, however, may supersede Rules 6, 7 and 8 of the same
Rules if there is an emergency. Under Rule 9, the review by a committee is deferred, and an
interim decision to block access may be taken by the Secretary, Department of Information and
Technology via a written, reasoned order for the blocking of public access. This interim order
may be later confirmed as per the provisions of the Rule. Rule 10 the Blocking Rules, 2009
provides that the procedures contemplated by Rules 6 to 9 do not apply where there is a valid
court order for the blocking of public access to information. In such cases, the Secretary,
Department of Information and Technology only needs to be kept informed by the Designated
79
Nabilah Rahman, ‘Constitutionality Of The Website Blocking Law Of India And The Procedure Followed By
It’ Legal Services India (2021) <https://www.legalserviceindia.com/legal/article-5019-constitutionality-of-the-
website-blocking-law-of-india-and-the-procedure-followed-by-it.html> accessed 18 November 2021.
80
Rule 8(1) of the Blocking Rules, 2009.
81
Rule 8(3) of the Blocking Rules, 2009.
82
Rule 8(5) of the Blocking Rules, 2009.
83
Rule 8(6) of the Blocking Rules, 2009.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
321
Officer who is required to immediately initiate action to implement the court order.
84
Rule 13
provides that every intermediary shall designate a person to receive and handle directions for
blocking of information, who shall acknowledge receipt of the directions to the Designated
Officer within two hours of receipt through acknowledgment letter or fax or email.
85
The
committee under Rule 14 shall meet once in two months and take into account whether the
directions issued under the blocking order has been followed upon and if not the committee
shall set aside the directions earlier issued and generate an order for the unblocking of the said
information.
86
Finally, Rule 16 of the Blocking Rules states that ‘strict confidentiality shall be
maintained regarding all the requests and complaints received and actions taken thereof’.
87
A multipronged constitutional challenge was mounted to Section 69A of the IT Act and Rule
16 of the Blocking Rules 2009 in Shreya Singhal vs. Union of India
88
. It was contended that by
not affording an opportunity of being heard to the originator of the content, the provisions were
in strict disregard of the principles of natural justice and that the confidentiality provisions
affected the fundamental rights of citizens. However, the Supreme Court upheld the validity of
Section 69A and Rule 16 by observing that the provisions contained sufficient procedural
safeguards such as mandating a reasoned order in writing, hearing before a committee which
is tasked with the responsibility to ascertain whether there is a necessity to block information,
etc. The Supreme Court observed that these procedural safeguards enabled an aggrieved party
to challenge the blocking order in a writ petition under Article 226 of the Constitution.
Therefore, it thus flowed from this ruling that in order for the blocking orders to be challenged,
such blocking orders must be made available to the public.
89
While the blocking rules provided
a framework for giving an opportunity of being heard to the originator of the information, there
is not even a single instance of such hearing till date (March 2021). Further, despite the
judgement by the Supreme Court in Shreya Singhal
90
and Anuradha Bhasin vs. Union of India
91
reiterating that government orders which affect the lives, liberty and property of the citizens
84
Nandita Saikia, ‘The Applicability of the 2009 IT Act Rules to Blocking Online Information’ IN Content Law
(23 August 2012) <https://copyright.lawmatters.in/2012/08/the-applicability-of-2009-it-act-rules.html> accessed
19 November 2021.
85
Tiwari and Ghosh (n 57).
86
Rahman (n 81).
87
Saikia (n 86).
88
AIR 2015 SC 1523.
89
Shambhavi Sinha and Nirmal Mathew, ‘Why the New IT Rules Beg Urgent Judicial Review’ The Wire (2 March
2021) <https://thewire.in/government/digital-platforms-intermediary-it-rules-india-freedom-of-speech-internet-
control> accessed 19 November 2021.
90
AIR 2015 SC 1523.
91
2020 SCC ONline SC 25.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
322
must be made available to enable citizens to challenge them, the Ministry of Electronics and
Information Technology (MeitY) continues to cite the confidentiality provision in an
authoritarian style to deny information on blocking orders.
92
6.4 The Information Technology (Procedure and Safeguard for Monitoring and
Collecting Traffic Data or Information) Rules, 2009
The Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic
Data or Information) Rules, 2009 (hereinafter the ‘Traffic Data Rules 2009’) are made by the
Central Government in exercise of its power under Section 87(2) (za) with regard to the
procedure and safeguards for monitoring and collecting traffic data or information under
Section 69B (3) of IT Act.
93
The Traffic Data Rules 2009 provides that no directions for monitoring and collection of traffic
data or information under sub-section (3) of section 69B of the IT Act shall be issued, except
by an order made by the competent authority.
94
The competent authority may issue directions
for monitoring for any or all of the following purposes related to cyber security, namely:
95
a) forecasting of imminent cyber incidents;
b) monitoring network application with traffic data or information on computer resource;
c) identification and determination of viruses or computer contaminant;
d) tracking cyber security breaches or cyber security incidents;
e) tracking computer resource breaching cyber security or spreading virus or computer
contaminants;
f) identifying or tracking of any person who has breached, or is suspected of having
breached or being likely to breach cyber security;
g) undertaking forensic of the concerned computer resource as a part of investigation or
internal audit of information security practices in the computer resources;
h) accessing a stored information for enforcement of any provisions of the laws relating
to cyber security for the time being in force;
i) any other matter relating to cyber security.
92
Sinha and Mathew (n 91).
93
N Karthikeyan, ‘Social Media Regulations in India’ Cyber Crime Chambers
<https://www.cybercrimechambers.com/blog-social-media-regulations-in-india-197.php> accessed 20
November 2021.
94
Rule 3(1) of Traffic Data Rules 2009.
95
Rule 3(2) of Traffic Data Rules 2009.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
323
Any direction issued by the competent authority for monitoring and collection of traffic data
or information under sub-section (3) of section 69B of the IT Act shall contain reasons for such
direction and a copy of such direction shall be forwarded to the Review Committee withing a
period of seven working days.
96
The direction of the competent authority for monitoring and
collection of traffic data or information may include the monitoring and collection of traffic
data or information from any person or class of persons or relating to any particular subject
whether such traffic data or information, or class of traffic data of information, are received
with one or more computer resources, being a computer resource likely to be used for
generation, transmission, receiving, storing of traffic data or information from or to one
particular person or one or many set of premises.
97
Rule 2(d) defines competent authority as the Secretary of the Government of India in the
Department of Information Technology under the Ministry of Communications and
Information Technology. Rule 4 provides that the competent authority may authorize any
agency of the Government for monitoring and collection of traffic that or information who shall
designate a nodal officer to send requisition conveying direction under Rule 3 to the Designated
Officer of the intermediary.
98
The intermediary or person in-charge of computer resources shall put in place adequate and
effective internal checks to ensure that unauthorised monitoring or collection of traffic data or
information does not take place and extreme secrecy is maintained and utmost care and
precaution is taken in the matter of monitoring or collection of traffic data or information and
also that this matter is handled only by the designated officer of the intermediary or person in-
charge of computer resource.
99
The intermediary or person in-charge of computer resource
shall be responsible for the actions of their employees also, and in case of violation of the
provision of the Act and rules made thereunder pertaining to maintenance of secrecy and
confidentiality of information or any unauthorised monitoring or collection of traffic data or
information, the intermediary or person in-charge of computer resource shall be liable for any
action under the relevant provision of the laws for the time being in force.
100
The Review
Committee shall meet at least once in two months and record its finding whether the directions
issued under sub-rule (2) of rule 3 are in accordance with the provisions of sub-section (3) of
96
Rule 3(3) of Traffic Data Rules 2009.
97
Rule 3(4) of Traffic Data Rules 2009.
98
Tiwari and Ghosh (n 57).
99
Rule 5 of Traffic Data Rules 2009.
100
Rule 6 of Traffic Data Rules 2009.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
324
section 69B of the IT Act and where the Review Committee is of the opinion that the directions
are not in accordance with the provisions referred to above, it may set aside the directions and
issue order for destruction of the copies, including corresponding electronic record of the
monitored or collected traffic data or information.
101
6.5 Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules, 2011
At present, the IT Act and rules notified thereunder largely govern data protection in India. On
August 24, 2017, a Constitutional Bench of nine judges of the Supreme Court of India in Justice
K.S. Puttaswamy (Retd.) v. Union of India
102
upheld that privacy is a fundamental right, which
is entrenched in Article 21
103
of the Constitution. This led to the formulation of a
comprehensive Personal Data Protection Bill 2019 (hereinafter the ‘PDP Bill’). The PDP Bill
is currently pending consideration of the Indian Parliament and may undergo significant
changes to its current form, based on a report submitted by a Joint Parliamentary Committee
formed to analyse the PDP Bill. The enactment of the PDP Bill will overhaul the personal data
protection and regulatory regime in India. Until such time, the IT Act and rules provided therein
govern data privacy in India. India’s IT Ministry adopted the Information Technology
(Reasonable Security Practices and Procedures and Sensitive Personal Data or Information)
Rules (hereinafter the ‘Privacy Rules, 2011’), notified under the Act. The Privacy Rules, which
took effect in 2011, require corporate entities collecting, processing and storing personal
information, including sensitive personal information, to comply with certain procedures.
104
The Information Technology (Amendment) Act, 2008 inserted Section 43A in the IT Act and
the Central Government, in exercise of the powers conferred by clause (ob) of sub-section (2)
of Section 87 read with Section 43A of the IT Act notified the Privacy Rules, 2011.
105
On 11th
April 2011, Department of Information and Technology vide notification no. G.S.R. 313(E)
notified these Rules 2011. The main objective of these Rules is to ensure protection to sensitive
personal data or information provided by individuals to bodies corporate and to prevent its
101
Rule 7 of Traffic Data Rules 2009.
102
Writ Petition No. 494/ 2012.
103
Right to Life & Personal Liberty.
104
‘Data Protection Laws of The World: India’ DLA Piper (31 December 2020) 1 <file:///E:/1. Research Work/0.
Digital Media/Acts/IT Act/Data-Protection-India.pdf> accessed 18 November 2021.
105
SS Rana & Co, ‘India: Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules, 2011’ Lexology (4 September 2017)
<https://www.lexology.com/library/detail.aspx?g=35f56a2a-c77c-49e7-9b10-1ce085d981dd> accessed 18
November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
325
misuse.
106
The Privacy Rules, 2011 only apply to bodies corporate and persons located in India
as clarified vide a press note dated August 24, 2011 issued by the Ministry of Communication
and Information Technology.
107
Rule 3 provides a list of items that are to be treated as ‘sensitive
personal data’, and includes inter alia information relating to passwords, credit/ debit cards
information, biometric information (such as DNA, fingerprints, voice patterns, etc. that are
used for authentication purposes), physical, physiological and mental health condition, etc. It
is further clarified that any information is freely available or accessible in the public domain is
not considered to be sensitive personal data.
108
The Privacy Rules, 2011 imposes a duty on Body Corporates seeking sensitive personal data
to draft a privacy policy and make it easily accessible for people who are providing the
information. The privacy policy should be clearly published on the website of the body
corporate and should contain details on the type of information that is being collected, the
purpose for which it has been collected and the reasonable security practices that have been
undertaken to maintain the confidentiality of such information.
109
Rule 5 provides the
guidelines that need to be followed by a Body Corporate while collecting information and
imposes the following duties on the Body Corporate:
110
a) Obtain consent from the person(s) providing information in writing or by Fax or by e-
mail before collecting such sensitive personal data.
111
Vide the press note dated August
24, 2011 issued by the Ministry of Communication and Information Technology it was
clarified that consent includes consent given by any mode of electronic
communication;
112
b) Information shall not be collected unless it is for lawful purpose, and is considered
necessary for the purpose. The information collected shall be used only for the purpose
106
GS Rao, ‘Reasonable Security Practices and Procedures and Sensitive Personal Data or Information’ Legal
Services India (2018) <http://www.legalservicesindia.com/law/article/982/6/Reasonable-security-practices-and-
procedures-and-sensitive-personal-data-or-information> accessed 18 November 2021.
107
‘Clarification on Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules, 2011 Under Section 43A of the Information Technology ACT, 2000’ Press
Information Bureau (2011) <https://pib.gov.in/newsite/erelcontent.aspx?relid=74990> accessed 18 November
2021.
108
SS Rana & Co (n 107).
109
Rule 4 of The Privacy Rules, 2011.
110
SS Rana & Co (n 107).
111
Rule 5(1) of The Privacy Rules, 2011.
112
‘Clarification on Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules, 2011 Under Section 43A of the Information Technology ACT, 2000’ (n
109).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
326
for which it is collected and shall not be retained for a period longer than which is
required;
113
c) Ensure that the person(s) providing information are aware about the fact that the
information is being collected, its purposes & recipients, name and addresses of the
agencies retaining and collecting the information;
114
d) Retain the information for no longer than is required for the purposes for which the
information may lawfully be used or is otherwise required under any other law for the
time being in force;
115
e) Offer the person(s) providing information an opportunity to review the information
provided and make corrections, if required;
116
f) Before collection of the information, provide an option to the person(s) providing
information to not provide the information sought;
117
g) Maintain the security of the information provided;
118
and
h) Designate a Grievance Officer, whose name and contact details should be on the
website who shall be responsible to address grievances of information providers
expeditiously. A maximum period of one month has been provided for resolution of
such grievances.
119
It provides that a Body Corporate must seek prior permission of the information provider before
disclosing such information to a third party. However, no prior permission is required if request
for such information is made by government agencies mandated under law or any other third
party by an order under law.
120
Rule 8 provides the reasonable security processes and
procedures that may be implemented by Body Corporates.
121
International Standards (IS / ISO
/ IEC 27001) is one such standard which can be implemented by a body corporate to maintain
data security.
122
It is pertinent to note that an audit of reasonable security practices and
procedures shall be carried out by an auditor at least once a year or as and when the body
113
Rule 5(2) of The Privacy Rules, 2011.
114
Rule 5(3) of The Privacy Rules, 2011.
115
Rule 5(4) of The Privacy Rules, 2011.
116
Rule 5(6) of The Privacy Rules, 2011.
117
Rule 5(7) of The Privacy Rules, 2011.
118
Rule 5(8) of The Privacy Rules, 2011.
119
Rule 5(9) of The Privacy Rules, 2011.
120
Rule 6 of The Privacy Rules, 2011.
121
Rule 8(1) of The Privacy Rules, 2011.
122
Rule 8(2) of The Privacy Rules, 2011.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
327
corporate or a person on its behalf undertake significant upgradation of its process and
computer resource.
123
It was clarified by the Ministry of Communications and Information Technology that any Body
Corporate providing services relating to collection, storage, dealing or handling of sensitive
personal data or information under contractual obligation with any legal entity located within
or outside India was not subject to the requirements of Rules 5 & 6. However, body corporates
providing services to the provider of information under a contractual obligation directly with
them, as the case may be, are subject to Rules 5 & 6.
124
6.6 The Information Technology (Intermediary Guidelines and Digital Media Ethics
Code) Rules, 2021
After years of discussions and debates, the Ministry of Electronics and Information Technology
(MeitY), Government of India has notified new rules under the IT Act for monitoring digital
media platforms. The new rules, viz. Information Technology (Intermediary Guidelines and
Digital Media Ethics Code) Rules, 2021 (hereinafter ‘the IT Rules 2021’) inter alia aims to
serve a dual-purpose: (1) increasing the accountability of the social media platforms (such as
Facebook, Instagram, Twitter etc.) to prevent their misuse and abuse; and (2) empowering the
users of social media by establishing a three-tier redressal mechanism for efficient grievance
resolution. The IT Rules 2021 have been framed in exercise of powers under section 87(2)
125
of the IT Act and supersede the previous Information Technology (Intermediary Guidelines)
Rules, 2011 (hereinafter ‘the IT Rules 2011’).
126
6.6.1 Important Definitions
“Intermediary” with respect to any particular electronic records, means any person who on
behalf of another person receives, stores or transmits that record or provides any service with
respect to that record as per section 2(w) of the IT Act. An intermediary also includes websites,
apps and portals of social media networks, media sharing websites, blogs, online discussion
forums and other such functionally similar intermediaries as per the IT Rules 2021. ‘Social
123
Rule 8(4) of The Privacy Rules, 2011.
124
SS Rana & Co (n 107).
125
Which gave the central government the power to frame rules to block content under the grounds mentioned in
Section 69A of the IT Act. Such grounds are Sovereignty and integrity of India, defence of India, security of the
State, friendly relations with foreign States or public order or for preventing incitement to the commission of any
cognizable offence relating to above.
126
Dhruv Manchanda and Priyam Raj Kumar, ‘The Information Technology (Intermediary Guidelines And
Digital Media Ethics Code) Rules, 2021: Impact On Digital Media’ Mondaq (2021)
<https://www.mondaq.com/india/social-media/1063198/the-information-technology-intermediary-guidelines-
and-digital-media-ethics-code-rules-2021-impact-on-digital-media-> accessed 20 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
328
Media Intermediary’ means an intermediary which primarily or solely enables online
interaction between two or more users and allows them to create, upload, share, disseminate,
modify or access information using its services.
127
‘Significant Social Media Intermediary’
means a social media intermediary having a number of registered users in India above such
threshold as notified by the Central Government as per rule 2(v) of the IT Rules 2021.
128
6.6.2 Due Diligence to Be Followed by intermediary
IT Rules 2021 discusses the aspect of due diligence that intermediaries must obey. It also
clarifies the scope of the safe harbor protections outlined in Section 79 of the Information
Technology Act of 2000. Per se the rules, Intermediaries must exercise due diligence such as:
129
a) Providing users, the privacy policy, rules and regulations, and terms and conditions for
using its services.
130
The policy must provide that the user is prohibited from hosting,
displaying, uploading, modifying, publishing, transmitting, storing, updating, or
sharing any information that is contrary to societal norms, immoral, defamatory to the
general public or misleads the general public.
131
b) Upon a court or government order, blocking access to illegal information within 36
hours.
132
c) The intermediary shall not publish any information that is against the interests, unity,
integrity, and sovereignty of the state.
133
d) Within 24 hours of receiving a complaint, the intermediary shall take all appropriate
steps to disable access to material that is non-consensual and sexual in nature.
134
e) Identification of the First Originator of Information.
135
f) After a user's registration has been cancelled or withdrawn, the information gathered
for registration should be stored180 days.
136
g) A grievance Officer to oversee victim complaints must be appointed and his
information should be published on the intermediary's website or application.
137
127
Rule 2(w) of the IT Rules 2021.
128
Lexlife Editor, ‘The Information Technology (Intermediary Guidelines And Digital Media Ethics Code) Rules,
2021’ Lexlife India (30 June 2021) <https://lexlife.in/2021/06/30/information-technology-intermediary-
guidelines-and-digital-media-ethics-code-rules-2021/> accessed 20 November 2021.
129
Vibhuti Kaushik, ‘Brief Note On The Information Technology (Intermediary Guidelines And Digital Media
Ethics Code) Rules, 2021’ Mondaq (2021) <https://www.mondaq.com/india/social-media/1074450/brief-note-
on-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021> accessed 20
November 2021.
130
Rule 3(1)(a) of the IT Rules 2021.
131
Rule 3(1)(a) of the IT Rules 2021.
132
Rule 3(1) (d) of the IT Rules 2021.
133
Rule 3(1)(b)(viii) of the IT Rules 2021.
134
Rule 3(2)(b) of the IT Rules 2021.
135
Rule 4(2) of the IT Rules 2021.
136
Rule 3(1) (h) of the IT Rules 2021.
137
Rule 3(2)(a) of the IT Rules 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
329
h) Mandatorily publishing a Monthly Compliance Report containing details of complaints
received and action taken thereon.
138
i) As per the rules the intermediaries must appoint Chief Compliance Officer, a Nodal
Contact Person, and a Resident Grievance Officer.
139
j) Additionally, for social media intermediaries there is an additional proviso for
'Voluntary User Verification.
140
k) Significant Social Media Intermediary ‘shall endeavour to deploy’ technology-based
measures such as automated tools or other frameworks for proactively identifying any
information that depicts any act or stimulation, whether explicit or implied with regards
to rape, child sexual abuse or conduct and information identical to the content that has
been removed/disabled.
141
6.6.3 Digital Media Publishers
The IT Rules 2021 prescribe certain requirements for online publishers of:
142
(i) news and
current affairs content which include online papers, news portals, aggregators and agencies;
143
and (ii) curated audio-visual content, which is defined as a curated catalogue of audio-visual
content (excluding news and current affairs) which is owned by, licensed by, or contracted to
be transmitted by publishers and available on demand.
144
The Rules institute a three-tier
structure for regulating these publishers: (i) self-regulation by publishers, (ii) self-regulation
by associations of publishers, and (iii) oversight by the central government.
145
6.6.4 Grievance Redressal System
Under Rule 10 a grievance redressal mechanism has been established. A publisher has to give
an acknowledgment of the grievance to the complainant, within a period of twenty-four hours.
The publisher must address the grievance and it has to convey its decision to the complainant,
within fifteen days from the registration of the grievance. If the grievance remains unaddressed
even after fifteen days, it will be escalated to the self-regulating body at level two of the three
tier grievance redressal mechanism. The grievance redressal mechanism has three levels:
146
138
Rule 4(1)(d) of the IT Rules 2021.
139
Rule 4(1) of the IT Rules 2021.
140
Rule 4(7) of the IT Rules 2021.
141
Rule 4(4) of the IT Rules 2021.
142
Saket Surya, ‘Rules and Regulations Review: The Information Technology (Intermediary Guidelines and
Digital Media Ethics Code) Rules, 2021’ PRS Legislative Research (17 September 2021) 1
<https://prsindia.org/files/bills_acts/bills_parliament/2021/Rules and Regulations Review-IT Rules_2021.pdf>
accessed 20 November 2021.
143
Rule 2(1)(m) of the IT Rules 2021.
144
Rule 2(1)(q) of the IT Rules 2021.
145
Rule 9(3) of the IT Rules 2021.
146
Kaushik (n 131).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
330
Self-regulation by the publisher (Level 1): This level entails the grievance redressal
mechanism established by the Publisher. Rule 11 provides that an applicable entity must
appoint a Grievance Redressal Officer who must resolve the grievance received by it
within 15 days. The said officer would also serve as a point of contact for complaints
related to the Code of Ethics.
Self-regulation by the self-regulating bodies of the publishers (Level 2): Rule 12
establishes one or more self-regulatory bodies consisting of publishers. Thus, this stage
is self-regulation by the aforementioned bodies. These bodies must be registered with
the Ministry of Information and Broadcasting. This body will monitor the publisher's
compliance with the Code of Ethics, resolve complaints that have not been settled by
the publisher within 15 days, and hear appeals lodged by complainants against the
publisher's decision.
Oversight mechanism by the Central Government (Level 3): There is the formation of
Oversight Mechanism, which ensures adherence to the Code of Ethics by the
publishers. This mechanism initiates an Inter-Departmental Committee for hearing
grievances. The Authorized Officer will lead the committee, which will hear and
investigate complaints or grievances received from Level I/ Level II or the ones made
to Ministry of Information and Broadcasting (‘MIB’).
6.6.5 Code of Ethics
The Code of Ethics under the Rules apply to publishers of digital media including such as news
and current affairs content providers and OTT platforms.
147
a) Code of Ethics for Publishers of News and Current Affairs: The IT Rules 2021 require
the publishers of news and current affairs content to adhere to the Norms of Journalistic
Conduct of the Press Council of India, the Programme Code under section 5 of the
Cable Television Networks Regulation Act, 1995 and content which is prohibited under
any law for the time being in force shall not be published or transmitted.
148
b) Code of Ethics for Publishers of Online Curated Content (OTT): The IT Rules 2021,
prohibit the publishers of online curated content from transmitting, publishing or
exhibiting any content which is prohibited under any law or by any court of competent
147
Avimukt Dar and others, ‘New Rules for Digital Media Platforms and Intermediaries’ Induslaw (1 March
2021) 1 <https://induslaw.com/app/webroot/publications/pdf/alerts-2021/Infolex-Alert-2021-IT-Rules-March-1-
2021-v3.pdf> accessed 11 November 2021.
148
No. (I) of Appendix annexed to the IT Rules 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
331
jurisdiction.
149
Publishers of online curated content are required to exercise due caution
and discretion while featuring the activities, beliefs, practices or views of any racial or
religious groups.
150
Publishers of online curated content should classify all content
transmitted, published or exhibited by them, based on the suitability of such content for
viewers of different ages [Universal, U/A 7+, U/A 13+, U/A 16+, and Adult].
151
The
content should also be classified based on the context, theme, tone, impact and target
audience of such content as detailed in the schedule annexed to the IT Rules 2021
(‘Schedule’).
152
Further, publishers of online curated content should display the rating
of any online curated content along with explanation of the relevant content descriptor,
in a prominent manner.
153
Publishers should ensure availability of access control
mechanism,
154
including a parental lock to facilitate compliance of age classification of
content.
155
Any publisher transmitting, exhibiting or publishing content suitable only
for viewers above the age of 18 years, should implement a reliable age verification
mechanism for viewership of such content.
156
The publishers of online curated content
are further required to take reasonable efforts to improve the accessibility of online
curated content transmitted by them to persons with disabilities
157
through
implementation of appropriate access services.
158
6.6.6 Blocking of Information
In an emergency, authorized officers may investigate digital media material and the Secretary,
MIB, may issue an interim order blocking the use of such content. The final order for blocking
will be passed only after the Inter-Departmental Committee gives the approval.
159
6.7 IT Rules 2021 and Indian Judiciary
The IT Rules 2021 have drawn widespread criticism
160
for being undemocratic and
unconstitutional, and challenges to their constitutionality are currently pending before
149
No. (II)(A)(a) of Appendix annexed to the IT Rules 2021.
150
No. (II)(A)(c) of Appendix annexed to the IT Rules 2021.
151
No. (II)(B)(i) of Appendix annexed to the IT Rules 2021.
152
No. (II)(B)(ii) of Appendix annexed to the IT Rules 2021.
153
No. (II)(C)(a) of Appendix annexed to the IT Rules 2021.
154
See Rule 2(1)(a) of the IT Rules 2021 for ‘access control mechanism’.
155
No. (II)(C)(b) of Appendix annexed to the IT Rules 2021.
156
No. (II)(C)(c) of Appendix annexed to the IT Rules 2021.
157
No. (II)(E) of Appendix annexed to the IT Rules 2021.
158
See Rule 2(1)(b) of the IT Rules 2021 for ‘access services’.
159
Rule 16 of the IT Rules 2021.
160
Karan Tripathi, ‘Why India’s New IT Rules Violate International Human Rights Law’ The Quint (22 June
2021) <https://www.thequint.com/news/law/why-new-it-rules-violate-international-human-rights-law#read-
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
332
numerous courts including the high courts of Bombay, Kerala, Delhi and Madras (discussed
hereinafter) and also before the Supreme Court. The latest development in this saga comes in
the form of an interim order passed recently by the Madras high court. While other courts have
also passed interim orders in the matters challenging the Intermediary Rules, the Madras high
court’s order is the first one that pertains to Part II of the Rules i.e., the part governing digital
intermediaries.
161
Earlier, interim orders had all been in relation to Part III of the Rules which have anyway been
widely argued to be outside the rule-making scope of the IT Act. For instance, the Bombay
high court has stayed the operation of rules which require publishers to adhere to a Code of
Ethics and establish a grievance redressal mechanism for ensuring such compliance. The
Kerala high court has similarly restrained any coercive action against LiveLaw under Part III.
Although the petitions in these and other cases pertain broadly to the entirety of the
Intermediary Rules (i.e., both Part II and III), the Madras high court’s order is unique in being
the first one to deal with the more contentious Part II of the Rules.
162
6.7.1 High Court of Bombay
In Agij Promotion of Nineteenonea Media Pvt. Ltd. Vs. Union of India
163
and Nikhil Mangesg
Wagle Vs. Union of India,
164
the Bombay High Court, on the eve of India’s 75th Independence
Day, granted an interim stay on Rule 9(1) & 9(3) of the IT Rules, 2021 which mandated
adherence by publishers of online news & current affairs and publishers of online curated
content (referred to as OTT in common parlance) to an external and prescribed ‘Code of
Ethics’. The HC found these two subrules to be prima facie violative of the fundamental right
to speech and expression and beyond the rule-making powers available to the central
government under the parent law viz. the IT Act, under which these Rules were framed.
165
The petitioners mainly argued that regulating online content publishers is outside the scope of
the IT Act. Rules 7, 9, 14 and 16 of the IT Rules go beyond the ambit of the IT Act, which is
more> accessed 20 November 2021; The Wire Staff, ‘Why The Wire Wants the New IT Rules Struck Down’ The
Wire (9 March 2021) <https://thewire.in/media/why-the-wire-wants-the-new-it-rules-struck-down> accessed 20
November 2021.
161
Smitha Krishna Prasad and Madhavi Singh, ‘IT Rules: Why Madras HC’s Ruling on Digital Intermediaries Is
Significant’ The Wire (25 September 2021) <https://thewire.in/law/it-rules-madras-high-court-ruling-digital-
intermediaries-significant> accessed 11 November 2021.
162
ibid.
163
WRIT PETITION (L.) NO.14172 of 2021.
164
PUBLIC INTEREST LITIGATION (L.) NO.14204 OF 2021.
165
Ranjana Adhikari, Shashi Shekhar Misra and Arjun Khanna, ‘The Recap: A Round-Up of Media,
Entertainment & Gaming Industries’ Legal Updates’ (2021) 1 Induslaw 1
<https://induslaw.com/app/webroot/publications/pdf/alerts-2021/Induslaw_The Recap_Volume 1_ 2021.pdf>.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
333
to provide legal recognition to transactions using electronic data and electronic information.
The Petitioner also argued that the IT Rules violated the constitutional rights to freedom of
speech and expression and the Supreme Court's decisions in K.S Puttaswamy v. Union of
India
166
and Shreya Singhal v. Union of India.
167
Rule 9(1) of the IT Rules requires publishers to adhere to a 'Code of Ethics', which comprises
the Norms of Journalistic Conduct of the Press Council of India (‘Norms’) and the Programme
Code under the Cable Television (Network) Regulation Act 1995 (‘Code’). Rule 9(3) of the IT
Rules sets out a three-tier grievance redressal mechanism which allows anyone to raise
complaints against publishers. It includes an oversight mechanism to be constituted by the
Government. However, The Court stayed the operation of Rules 9(1) and 9(3), on two grounds.
First, that they imposed an obligation on publishers to observe the Code of Ethics provided
under a completely different statutory regime (print journalism and cable TV), alien to the IT
Act. The Court noted that Section 87 of the IT Act does not empower the government to impose
these compliances upon publishers. The Norms are guidelines framed by the Press Council of
India. The sanction of the Norms is moral and not statutory, in its usual journalistic setting.
However, the Code of Ethics has placed the Norms to the status of mandatory compliance.
Second, that Rule 9 of the IT Rules prima facie infringed the constitutional guarantee to
freedom of speech granted by Article 19(1)(a), by requiring publishers to comply with the
Norms.
168
Although challenges were also made against the application of Rules 7, 14 and 16 of the IT
Rules, the Court refused to stay their application. On Rule 7, which states that a violation of
the IT Rules by an intermediary would lead to loss of safe harbour protection and the
intermediary becoming liable under applicable laws, the Court was not satisfied that the
petitioner (in this case) was an intermediary under the IT Act. On Rule 14, which sets out the
constitution and grievance redressal procedure of an inter-departmental committee by the MIB,
the Court held that there was no immediate urgency as the Government had not constituted the
committee and the oversight mechanism was not effective yet. On Rule 16, which permits
blocking of information in case of an emergency, the Court found it to be traceable to Section
166
AIR 2017 SC 4161.
167
AIR 2015 SC 1523.
168
Vikram Jeet Singh and Kalindhi Bhatia, ‘Bombay High Court Stays OTT Code Of Ethics Under The New IT
Rules’ Mondaq (27 September 2021) <https://www.mondaq.com/india/it-and-internet/1114962/bombay-high-
court-stays-ott-code-of-ethics-under-the-new-it-rules> accessed 11 November 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
334
69A (1) of the IT Act, which is line with Article 19(2) of the Constitution that allows placing
reasonable restrictions on the freedom of speech.
169
6.7.2 High Court of Madras
The public interest litigation was moved by the Carnatic musician TM Krishna and a second
petition was filed by the Digital News Publishers Association (DNPA), comprising of thirteen
media outlets, as well as journalist Mukund Padmanabhan wherein the petitioners contended
that the IT Rules, 2021 are ultra vires, inter alia, to Articles 14 and 19 of the Constitution of
India. In particular, the petitioners referred to Rule 9 of the IT Rules, 2021 which pertains to
observance and adherence to the Code of Ethics by publishers in India as laid down in the
Appendix to the IT Rules, 2021. The petitioners contended that they are "wary of the oversight
mechanism of the Central Government indicated as the final tier of the process of regulation"
and also pointed out that along with the obligation imposed on the intermediary under Rule
3(1)(c) of IT Rules, 2021 to terminate the access or usage rights of users for non-compliance
with the provisions of Rule 3(1)(b) thereof, the provisions for grievance redressal have been
made stringent. Furthermore, Rule 7 of the IT Rules, 2021 has been incorporated making an
intermediary liable for punishment upon the intermediary failing to observe the IT Rules,
2021.
170
The Hon'ble Court vide its order dated September 16, 2021, inter alia, held that:
171
Prima facie,
there is substance in the petitioners' grievance that an oversight mechanism to control the media
by the government may rob the media of its independence and the fourth pillar, so to say, of
democracy may not at all be there. The order passed by the High Court of Bombay staying the
operation of Rule 9(1) and Rule 9(3) of the IT Rules, 2021 "ought to have a pan-India effect"
and the Court noted that the Additional Solicitor-General, representing the Union, accepted
that the order passed by the High Court of Bombay would have pan-India effect. The other
ground of immediate challenge, which is not covered by the order of the High Court of
Bombay, pertains to Rules 3 and 7 of the IT Rules, 2021. In light of the Supreme Court
judgment, wherein Section 79(3)(b) of the IT Act has been read down and it has observed
therein that unlawful acts beyond what is laid down in Article 19(2) of the Constitution
169
ibid.
170
Seema Jhingan and Priyam Raj Kumar, ‘Code Of Ethics Under The Information Technology Rules, 2021: Stay
Orders By The High Courts Of Bombay And Madras’ Mondaq (7 October 2021)
<https://www.mondaq.com/india/media-entertainment-law/1118278/code-of-ethics-under-the-information-
technology-rules-2021-stay-orders-by-the-high-courts-of-bombay-and-madras?> accessed 11 November 2021.
171
W.P.Nos.13055 and 12515 of 2021.
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
335
"obviously cannot form any part of Section 79" of the IT Act, there is substantial basis to the
petitioners' assertion that Article 19(1)(a) of the Constitution may be infringed in how the Rules
may be coercively applied to intermediaries.
172
The Madras high court relies on the standards applicable to restrictions on the freedom of
speech and expression under the IT Act, as set out in the Supreme Court’s landmark judgement
in Shreya Singhal v. Union of India.
173
. The court in Shreya Singhal had held that “any law
seeking to impose a restriction on the freedom of speech can only pass muster if it is
proximately related to any of the eight subject matters set out in Article 19(2)”. Under Article
19(2) right to freedom of speech and expression can be restricted in the interest of sovereignty
and integrity of India, the security of the state, friendly relations with foreign states, public
order, decency or morality or in relation to contempt of court, defamation or incitement to an
offence. The Madras high court in its order refers to this test in Shreya Singhal while
considering Rule 3(1)(b)(x) which prohibits an intermediary from publishing any information
that is “patently false and untrue”, and is written or published, with the “intent to mislead or
harass” for financial gain or to cause any injury. The Madras high court has noted that at the
outset, these restrictions seem to be beyond the scope of Article 19(2). The court has also
acknowledged the impact of the rules on individual citizens observing that “there is a genuine
apprehension, that a wink or a nod from appropriate quarters may result in the platform being
inaccessible to a citizen”. It is important to note that even after making these prima facie
observations about Rule 3, the court did not actually stay its operation.
174
6.7.3 High Court of Kerala
LiveLaw Media Pvt. Ltd., which owns and operates the legal news portal, and courtroom live
update service, LiveLaw.in, filed a writ petition in the Kerala High Court challenging the
Intermediary Rules 2021 on the following, among other, grounds: First, the Intermediary Rules
2021 are ultra vires the IT Act; and second, they overrule the effect of the judgment of the
Supreme Court in Shreya Singhal which provided immunity to intermediaries and laid down
the procedure in respect of ‘content takedown’ orders. The writ petition also argues that the
Intermediary Rules 2021 violate the fundamental right to freedom of speech, expression and
access to information under Article 19(1)(a) of the Constitution, violate the fundamental right
to freedom of profession, business, trade and occupation under Article 19(1)(g) of the
172
Jhingan and Kumar (n 172).
173
AIR 2015 SC 1523.
174
Prasad and Singh (n 163).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
336
Constitution, and violate the fundamental right to privacy under Article 21 of the
Constitution.
175
The Kerala High Court on March 10, 2021 restrained the Centre from taking coercive action
against Live Law Media Private Ltd. for any non-compliance with Part III of the IT Rules,
2021. The court issued notice to the Centre on a petition filed by the firm challenging the rules
regulating digital news media, curated content (OTT platforms), and social media
intermediaries.
176
In another petition, the Kerala high court on July 9th,2021, directed the Union
government not to take any coercive action against members of News Broadcasters Association
(NBA), which represents several news channels, over non-compliance of the new IT rules.
Justice P.B. Suresh Kumar also issued notice to the Union and sought its stand on the plea by
NBA which has contended that the new IT Rules give government authorities “excessive
powers” to “unreasonably and impermissibly restrict” the freedom of speech and expression of
the media.
177
Recently, a fresh petition in the Kerala high court has challenged provisions of the IT Rules
2021, noting that parts of the Rules infringe upon constitutional rights of equality before law
and freedom of speech. The plea was filed by software developer and member of the Free
Software Community of India, Praveen Arimbrathodiyil. He has sought the quashing of Part II
of the IT Rules which deal with ‘due diligence by an intermediary’ and the ‘grievance redressal
mechanism’ called for by the government.
178
6.7.4 The Supreme Court of India
A transfer petition has also been preferred by the central government before the Supreme Court
to transfer all pending petitions against the IT Rules 2021 to the Supreme Court to avoid
contradictory findings by different High Courts in the country.
179
But, on July 9th, 2021, Justice
A.M. Khanwilkar and Justice Sanjiv Khanna tagged these four transfer petitions with a petition
175
‘Kerala HC Restrains Coercive Action on the Operation of Part III of the Intermediaries Rules, 2021 for
LiveLaw’ Internet Freedom Foundation (10 March 2021) <https://internetfreedom.in/kerala-hc-grants-a-stay-of-
the-operation-of-part-iii-of-the-intermediaries-rules-2021-to-livelaw/> accessed 20 November 2021.
176
‘New IT Rules: Kerala High Court Restrains Centre’ The Hindu (11 March 2021)
<https://www.thehindu.com/news/national/new-it-rules-kerala-high-court-restrains-centre/article34039353.ece>
accessed 20 November 2021.
177
The Wire Staff, ‘IT Rules: Kerala HC Gives News Broadcasters Association Interim Protection From Coercive
Action’ The Wire (9 July 2021) <https://thewire.in/law/kerala-hc-nba-it-rules-petiton> accessed 20 November
2021.
178
The Wire Staff, ‘“Unreasonable Restrictions”: Software Engineer Petitions Kerala HC Against Part II of IT
Rules’ The Wire (22 October 2021) <https://thewire.in/law/it-rules-kerala-high-court-part-two-petition> accessed
20 November 2021.
179
Adhikari, Misra and Khanna (n 167).
Suggested citation: Ajay Kumar, ‘Digital Media Regulations in India: Some Reflections’ in Pawandeep Kaur (ed), Emergent
Regulatory Governance: Key to Indian Regulatory Laws 303-337 (Indu Book Services Pvt Ltd, New Delhi 2022).
337
previously filed by Justice for Rights Foundation seeking stricter content guidelines for Over-
The-Top (OTT) streaming platforms such as Netflix and Amazon. At this hearing the Union
sought to stay the proceedings in the High Courts be halted while the Supreme Court decides
on the transfer petitions. The Bench refused this prayer. Hence, various High Courts continue
to hear these challenges and the High Courts of Kerala, Bombay and Madras have issued
interim orders barring the government from taking action against non-compliance with the
rules.
180
7. CONCLUSION
It is clearly evident that digital media is a very powerful means of exercising one’s
freedom of speech and expression. However, it is also been increasingly used for illegal acts
which has given force to the Government’s attempts at censoring digital media. Where on the
one hand, the misuse of digital media entails the need for legal censorship, on the other hand,
there are legitimate fears of violation of civil rights of people as an inevitable consequence of
censorship.
The Government of India has observed the models prevailing in different countries such as
Singapore, Australia, European Union and the United Kingdom when contemplating the extent
and nature of the proposed framework for regulating social media and digital media platforms
in India.
181
The development of the IT Rules 2021 is essentially an attempt to develop a
quintessential soft-touch, self-regulatory architecture combined with a three-tier grievance
redressal mechanism for digital media platforms operating in India. Through the Code of Ethics
prescribed under the IT Rules 2021, an attempt is also made to regulate the classification of
films and other entertainment programs including web series on the basis of the nature of
content. However, compliance with the provisions of the Intermediary Guidelines is likely to
be a difficult task for the social media and digital media platforms and is also being argued as
an attempt to restrict the freedom of speech and expression. So, a tightrope balance would be
needed to address the issues of protection and safeguarding of rights of victims of social media
versus the individual freedom of expression.
*****
180
Ayushi Saraogi, ‘Kerala High Court Stays IT Rules’ Supreme Court Ovserver (6 August 2021)
<https://www.scobserver.in/journal/kerala-high-court-stays-it-rules/> accessed 20 November 2021.
181
Manchanda and Kumar (n 128).
ResearchGate has not been able to resolve any citations for this publication.
Reasonable Security Practices and Procedures and Sensitive Personal Data or Information
  • Gs Rao
GS Rao, 'Reasonable Security Practices and Procedures and Sensitive Personal Data or Information' Legal Services India (2018) <http://www.legalservicesindia.com/law/article/982/6/Reasonable-security-practices-andprocedures-and-sensitive-personal-data-or-information> accessed 18 November 2021.
112 'Clarification on Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 Under Section 43A of the Information Technology ACT
Rule 5(1) of The Privacy Rules, 2011. 112 'Clarification on Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 Under Section 43A of the Information Technology ACT, 2000' (n 109).
Rules and Regulations Review
  • Saket Surya
Saket Surya, 'Rules and Regulations Review: The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021' PRS Legislative Research (17 September 2021) 1
Why India's New IT Rules Violate International Human Rights Law' The Quint
  • Karan Tripathi
Karan Tripathi, 'Why India's New IT Rules Violate International Human Rights Law' The Quint (22 June 2021) <https://www.thequint.com/news/law/why-new-it-rules-violate-international-human-rights-law#read-