Safe harbour at risk: On the impact of the proposed Digital India Act, 2023
Why in News?
The Government is reconsidering a key aspect of cyberspace — ‘safe harbour’, which is the principle that allows social media platforms to avoid liability for posts made by users. The Ministry of Electronics and Information Technology will soon come up with the Digital India Act, of 2023 which will replace the Information Technology Act (IT Act) of 2000.
The Indian Parliament plans to implement the Digital India Act alongside the Digital Personal Data Protection Bill, 2022, proposed in November 2022, where the two legislations will work in tandem with each other.
What is the Need for a New Act?
- Since the IT Act of 2000 was enacted, there have been many revisions and amendments (IT Act Amendment of 2008, IT Rules 2011) in attempts to define the digital space which it regulates while trying to put more emphasis on the data handling policies.
- However, because the IT Act was originally designed only to protect e-commerce transactions and define cybercrime offences, it did not deal with the nuances of the current cybersecurity landscape adequately nor did it address data privacy rights.
- Without a complete replacement of the governing digital laws, the IT Act would fail to keep up with the growing sophistication and rate of cyber-attacks.
- The new Digital India Act envisages acting as catalysts for the Indian economy by enabling more innovation, and more startups, and at the same time protecting the citizens of India in terms of safety, trust, and accountability.
What are the Likely Provisions under Digital India Act 2023?
Freedom of Expression:
- Social media platforms’ own moderation policies may now be reduced to constitutional protections for freedom of expression and Fundamental speech rights.
- An October 2022 amendment to the IT Rules, 2021 says that platforms must respect users’ free speech rights.
- Three Grievance Appellate Committees have now been established to take up content complaints by social media users.
- These are now likely to be subsumed into the Digital India Act.
- The Act will cover Artificial Intelligence (AI), Deepfakes, cybercrime, competition issues among internet platforms, and data protection.
- The Government put out a draft Digital Personal Data Protection Bill in 2022, which would be one of the four prongs of the Digital India Act, with the National Data Governance Policy and amendments to the Indian Penal Code being others, along with rules formulated under the Digital India Act.
New Adjudicatory Mechanism:
- A new “Adjudicatory Mechanism” for criminal and civil offences committed online would come into place.
- The Government is reconsidering a key aspect of cyberspace — ‘safe harbour’, which is the principle that allows social media platforms to avoid liability for posts made by users. The term has been reined in recent years by regulations like the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which require platforms to take down posts when ordered to do so by the government, or when required by law.
|What Data Protection Laws are there in other Nations?
European Union Model:
● The General Data Protection Regulation focuses on a comprehensive data protection law for the processing of personal data.
● In the EU, the right to privacy is enshrined as a fundamental right that seeks to protect an individual’s dignity and her right over the data she generates.
● There is no comprehensive set of privacy rights or principles in the US that, like the EU’s GDPR, addresses the use, collection, and disclosure of data.
● Instead, there is limited sector-specific regulation. The approach towards data protection is different for the public and private sectors.
● The activities and powers of the Government vis-a-vis personal information are well-defined and addressed by broad legislation such as the Privacy Act, the Electronic Communications Privacy Act, etc.
● For the private sector, there are some sector-specific norms.
● New Chinese laws on data privacy and security issued over the last 12 months include the Personal Information Protection Law (PIPL), which came into effect in November 2021.
● It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.
● The Data Security Law (DSL), which came into force in September 2021, requires business data to be categorized by levels of importance and puts new restrictions on cross-border transfers.