‘Safe harbor’ clause in IT law Flashcards
What is the Safe Harbour Clause?
The “safe harbour” provision in the Information Technology (IT) Act refers to legal protection for Internet service providers (ISPs) and other intermediaries that host or transmit third-party content online.
Under Section 79 of the IT Act, ISPs and other intermediaries are not held responsible for any third-party content that they host or transmit on behalf of others, as long as they comply with certain conditions. These conditions include:
They must not initiate the transmission of the content
They must not select or modify the content
They must observe due diligence in the operation of their services
They must remove or disable access to the content upon receiving actual knowledge or notification of the content’s illegality
The safe harbour provision is intended to encourage the growth of the Internet and e-commerce by providing legal certainty for intermediaries that enable the flow of information and services online, while still holding them accountable for illegal content if they have actual knowledge of it.
Need for reconsidering safe harbour:
The Information Technology Act of 2000 currently serves as the main regulatory framework for online businesses. The law must be updated, though, as it was created for a time when the Internet was substantially different from what it is today. The government has occasionally found it challenging to enact regulations because of the parent Act’s restrictions due to its narrow scope.
The new Digital India Bill’s main goals are to speed up the development of technological innovation and provide an open and secure Internet in the nation in order to protect users’ rights and lower their online risks. The proposed Digital Personal Data Protection Bill, 2022, the Indian Telecommunication Bill, 2022, and a policy for non-personal data governance are all components of a larger framework of technological rules that the centre is constructing.
Need for balancing fundamental rights (freedom of speech and expression) with the dignity of the individual and misinformation.
The emergence of different types of intermediaries like e-commerce, digital media, search engines, gaming platforms, significant social media intermediaries, fact-checking portals, etc.
Digital India Act, 2023
The Ministry of Electronics and Information Technology will soon come up with the Digital India Act, 2023 which will replace the Information Technology Act (IT Act) of 2000.
The Indian parliament plans to implement the Digital India Act alongside the Digital Personal Data Protection Bill, 2022, proposed in November 2022, where the two legislations will work in tandem with each other.
NEED
Since the IT Act of 2000 was enacted, there have been many revisions and amendments (IT Act Amendment of 2008, IT Rules 2011) in attempts to define the digital space in which it regulates while trying to put more emphasis on the data handling policies.
However, because the IT Act was originally designed only to protect e-commerce transactions and define cybercrime offenses, it did not deal with the nuances of the current cybersecurity landscape adequately nor did it address data privacy rights.
Without a complete replacement of the governing digital laws, the IT Act would fail to keep up with the growing sophistication and rate of cyber-attacks.
The new Digital India Act envisages to act as catalysts for Indian economy by enabling more innovation, more startups, and at the same time protecting the citizens of India in terms of safety, trust, and accountability.
What are the Likely Provisions under Digital India Act 2023?
Freedom of Expression:
Social media platforms’ own moderation policies may now be reduced to constitutional protections for freedom of expression and Fundamental speech rights.
An October 2022 amendment to the IT Rules, 2021 says that platforms must respect users’ free speech rights.
Three Grievance Appellate Committees have now been established to take up content complaints by social media users.
These are now likely to be subsumed into the Digital India Act.
Online Safety:
The Act will cover Artificial Intelligence (AI), Deepfakes, cybercrime, competition issues among internet platforms, and data protection.
The government put out a draft Digital Personal Data Protection Bill in 2022, which would be one of the four prongs of the Digital India Act, with the National Data Governance Policy and amendments to the Indian Penal Code being others, along with rules formulated under the Digital India Act.
New Adjudicatory Mechanism:
A new “Adjudicatory Mechanism” for criminal and civil offenses committed online would come into place.
Safe Harbour:
The government is reconsidering a key aspect of cyberspace — ‘safe harbour’, which is the principle that allows social media platforms to avoid liability for posts made by users.
The term has been reined in recent years by regulations like the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which require platforms to take down posts when ordered to do so by the government, or when required by law.
What Data Protection Laws are there in other Nations?
European Union Model:
The General Data Protection Regulation focuses on a comprehensive data protection law for processing of personal data.
In the EU, the right to privacy is enshrined as a fundamental right that seeks to protect an individual’s dignity and her right over the data she generates.
US Model:
There is no comprehensive set of privacy rights or principles in the US that, like the EU’s GDPR, addresses the use, collection, and disclosure of data.
Instead, there is limited sector-specific regulation. The approach towards data protection is different for the public and private sectors.
The activities and powers of the government vis-a-vis personal information are well-defined and addressed by broad legislation such as the Privacy Act, the Electronic Communications Privacy Act, etc.
For the private sector, there are some sector-specific norms.
China Model:
New Chinese laws on data privacy and security issued over the last 12 months include the Personal Information Protection Law (PIPL), which came into effect in November 2021.
It gives Chinese data principals new rights as it seeks to prevent the misuse of personal data.
The Data Security Law (DSL), which came into force in September 2021, requires business data to be categorized by levels of importance, and puts new restrictions on cross-border transfers.
