Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Livemint
Livemint
Business
Gulveen Aulakh

Govt plans law to dilute ‘safe harbour’ for social media

The new legislation may replace the IT Act and include aspects of the draft data privacy bill while focusing on social media accountability. (Photo: AFP)

The new legislation would replace the existing Information Technology Act and include aspects of the draft data privacy bill while focusing on accountability of social media platforms as globally countries were moving away from granting safe harbour provisions in their data protection regulations.

“Safe harbour is an old construct. A lot has changed since the 1980s, when the concept was brought in, and the world is moving away from it. Look at the new data laws of Europe, Australia and even South Korea. Everyone is moving towards accountability of social media (platforms)," the official said, asking not to be named as the discussions were still in the initial stages.

The safe harbour rule, or Section 79 of the IT Act, says social media intermediaries won’t be held legally or otherwise liable for any third-party information, data, or communication link made available or hosted on its platform.

The European Commission introduced the Digital Services Act and Digital Markets Act in April with the aim to create safer internet where the rights of users are protected through regulating social media platforms and illegal content. The Digital Services Act is yet to become law, but once adopted, it will apply from 15 months or 1 January 2024, whichever is later. The proposed law says social media platforms and other intermediaries will not be liable for unlawful behaviour of users, but if they’re “aware of illegal acts and fail to remove them," then they will be held liable. The Act has put the onus on large online platforms and search engines—those having over 45 million active users in the EU - and therefore has stricter compliance requirements for them versus their smaller counterparts.

India has been working on a data protection bill, but ever since it was introduced in Parliament in 2019 and took the shape of the personal data protection bill, it has yet to take concrete shape. A joint committee of Parliament had recommended sweeping changes to the bill, including that the bill should include personal as well as non-personal data. The government is yet to come out with a revised bill.

Currently, India’s IT Act does not make intermediaries liable for third-party information or data hosted on their platforms. The government did come out with IT intermediary guidelines in 2021 to increase the accountability of social media platforms, but those have been challenged in various courts. “The IT Act is from a different era. We have to create legislation that addresses today’s concerns," the official said. “The IT rules have served their purpose. A new law has to come, which will look at providing a safe internet."

On the recent directive to virtual private network service providers to retain user data, the official said the government had to keep the records for five years and that the mandate had been issued after industry consultations. “It’s a fair ask, and it has been done with consultation with industry," he said. Cyber watchdog Indian Computer Emergency Response Team (CERT-In) - issued norms to the effect as part of their KYC policy on April 29, asking companies to comply within 60 days.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.