On 22 November, the Joint Parliamentary Committee on Personal Data Protection Bill, 2019 adopted a report on the proposed legislation, which will form the basis for a data protection law in India. It will be tabled in Lok Sabha towards the end of the winter session of Parliament, proposing to treat social media companies as ‘publishers of content’ in certain situations, such as posts by unverified accounts. In a recent interview, Minister of State for Electronics and Information Technology Rajeev Chandrashekhar said that such a move can help fix accountability for any wrong or illegal content on platforms, adding that currently, neither users nor platforms are held responsible for doing so.
The JPC’s line of thinking is visible in the law-making efforts in other countries as well. Australia recently announced that it will introduce a new law under which platforms may be required to reveal the identities of users posting defamatory content, or incur liability for it.
Earlier this year, US Senators Mark Warner, Mazie Hirono, and Amy Klobuchar proposed the Safeguarding Against Fraud, Exploitation, Threats, Extremism and Consumer Harms (SAFE TECH) Act, which might make platforms liable for advertisements or other paid content. In this context, the JPC’s recommendations may seem like an efficient solution to problems that plague the social media ecosystem. However, they require a rethink for three reasons.
Also read: Parliamentary panel recommends new regulator to oversee Facebook, Twitter
The new data law will be out of place
First, these solutions can lead to a data protection law that will determine the liability of social media platforms for certain kinds of content. However, such laws are enacted to protect the rights of individuals over their personal data. They typically regulate the collection, transfer, storage, and usage of such data. Therefore, regulating social media content and fixing responsibility for posting it is outside their purview.
This is not the first time that this point has been made in India. The Personal Data Protection Bill, 2019 required social media platforms notified as significant data fiduciaries to enable voluntary verification of user accounts, if their services were either registered from or used in India. Several stakeholders noted that these requirements do not belong in a data protection law. Even the aforementioned legal reforms in Australia and the US are being proposed as reforms to defamation and communications laws respectively.
Also read: Meta’s new safety measures to prevent spread of non-consensual intimate images
Regulatory uncertainty for social media companies
Second, the JPC’s recommendations can increase regulatory uncertainty for social media platforms in India and hurt its burgeoning digital economy. The JPC wishes to address the accountability of social media platforms under a data protection law because it believes that existing laws have not done enough. This gap is precisely why the Ministry of Electronics and Information Technology (MeitY) issued the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. In FAQs regarding the IT Rules, MeitY said that they will help in addressing concerns regarding online safety, trolling, hate speech and misinformation, and increase social media platforms’ accountability.
While some measures under the IT Rules help attain these objectives (such as requirements to track the status of user complaints), several others have created an uncertain regulatory environment for social media platforms. For instance, the IT Rules take away their immunity under the Information Technology (IT) Act, 2000 in case of non-compliance, which has been questioned by experts and challenged before the judiciary. These platforms are incurring significant costs while navigating this new regulatory landscape, even as courts are deliberating the legality of several provisions under the IT Rules. The situation is even more difficult for early-stage social media start-ups, which are struggling to afford compliance costs. In such an environment, subjecting social media platforms to a separate framework might increase confusion and dent MeitY’s ambition to achieve a $1 trillion digital economy. Instead, it is better to wait for some clarity regarding the final shape of the IT Rules, and assess their effectiveness in addressing issues over time.
Also read: Decentralizing Cloud Computing, One Chip at a Time!
Over-censorship on the cards?
Finally, such a move does not necessarily improve consumer protection. If social media platforms are held liable for content from unverified accounts, they will unwittingly become the arbiters of online speech. This might lead to over-censorship to avoid any possible liability. In an earlier explainer, we highlighted the lack of transparency in platforms’ content moderation practices and showed how this creates greater confusion for users online. We also noted the need for social media regulation to empower users. By increasing the platforms’ discretion over user-generated content, the JPC’s recommendation may reduce rather than increase their accountability to users.
Measures like mandatory identity verification of social media users might not be helpful either. In 2015, researchers from the Arizona State University and the Pohang University of Science and Technology found that the top-down enforcement of policy measures like identity verification actually increases the probability of inflammatory comments online. Their study noted that it is likely that those willing to incur the transaction costs of verification have stronger opinions, increasing the possibility of them being verbally aggressive against opposing points of view. It also found that a reliance on voluntary self-disclosures significantly reduces inflammatory behaviour. Further, civil society organisations have cautioned against the effect that identity verification measures might have on freedom of expression and privacy online.
Also read: Safer and More Convenient: Nearly 2 in 10 in APAC embrace digital payments during the pandemic
One-size-fits all isn’t the solution
The harms that the JPC wishes to address are complex, and looking for unilateral fixes is an ill-advised way to devise solutions. Online harms are perpetrated due to several factors such as the broader cultural norms influencing behaviour in cyberspace, the lack of digital literacy, and the use of algorithms to increase online engagement, among others. Any attempt to address them must resist the temptation to reach for low-hanging fruits.
The author works at Koan Advisory Group, a technology policy consulting firm. Views are personal.
This article is part of ThePrint-Koan Advisory series that analyses emerging policies, laws and regulations in India’s technology sector. Read all the articles here.
(Edited by Humra Laeeq)