India needs clearer personal data protection law to tame Twitter, others
<br>Unlike the European Union's General Data Protection Regulation (EU GDPR), and tougher cyber laws in countries like Singapore, South Korea and Australia, the Indian government is using several agencies to tame social media platforms in the absence of a nodal cyber regulator that separately deals with Big Tech.
In India, Twitter is in the eye of storm for not complying often with the new IT (intermediary) Rules, 2021.
The micro-blogging platform even witnessed a police raid on its offices in Delhi and Gurugram related to the alleged Congress toolkit controversy last year.
Twitter was at loggerheads with the Indian government last year over removal of certain posts and being compliant with the intermediary guidelines under the IT Act.
As and when the government sends stern notices to Twitter, Google, YouTube and Meta (formerly Facebook) under the available laws (like Section 69A of the IT Act, 2000) to remove controversial content, the platforms immediately knock at the door of the courts, resulting in zero action.
The tussle between Twitter, WhatsApp/Facebook and the government has reached its nadir, and the fact is that an absence of a stricter personal data protection law is forcing the concerned authorities to take routes like writing heaps of notices that have resulted in zero action to date, while social networking giants continue to take the country for a ride.
According to experts, while the government can initiate action for suspension or blocking of intermediary apps or websites if they fail to comply with its directions over various issues under current laws, a strong data protection law is what can tame the social media platforms, the way the GDPR in the EU has achieved.
In case Twitter fails to comply with the government directions, the latter has the powers to resort to penal consequences.
"In that direction, appropriate FIRs can be registered against intermediaries and service providers and their top management can also be made liable for the said contravention under Section 85 of the IT Act, 2000," Pavan Duggal, one of the country's top cyber law experts, noted.
The government can exercise its power under Section 69(A)(1). In case, any service provider or intermediary fails to comply with the provisions of the same, there are penal consequences prescribed under Section 69A(3) too.
Non-compliance with directions for blocking is a non-bailable serious offence punishable with imprisonment for a term which may extend to seven years and shall also be liable to fine.
India has to learn from the EU when it comes to formulating a legal framework to secure data and tackle hateful or abusive online content, the experts said.
The EU GDPR has been designed to harmonise data privacy laws across Europe -- to protect and empower all EU citizens' data privacy and to reshape the way organisations across the region approach data privacy.
The Indian government, time and again, has told Internet intermediaries and social media platforms to comply with the law of the land.
Minister of State for Electronics and IT Rajeev Chandrasekhar said in a tweet that all foreign intermediaries and platforms have a right to approach the court and judicial review in India.
"But equally, all intermediary/platforms operating here have an unambiguous obligation to comply with our laws and rules," Chandrasekhar posted last week, as Twitter moved the Karnataka High Court against the government's order to take down some content on its platform.
IT Minister Ashwini Vaishnaw said that "be it any company, in any sector, they should abide by the laws of India".
Twitter has clearly said that these blocking orders are being challenged on the basis that "they are procedurally and substantially deficient of the Section 69A requirements".
The micro-blogging platform last year clearly stated that they will listen to the Indian government's content removal demands seriously only when the Personal Data Protection Bill is firmly in place.
The proposed Personal Data Protection Bill also has provisions that impose heavy penalties on companies for non-compliance.
It has also proposed to term social media companies as publishers, which will make them liable for the content on their platforms.
The moot question is: Once the global tech giants respond to government notices, the matter ends and according to leading experts, data of crores of Indians are still being misused in the absence of a robust mechanism.
"As of today, India does not have a dedicated law on privacy or on cyber security," Duggal pointed out. "It does not have a legal framework in place for protecting all kinds of data. The Personal Data Protection Bill, 2019 is pending consideration before the Joint Parliamentary Committee. Further, India does not have a dedicated policy on data localisation."
According to legal experts, India must fight social media biggies with a strong data protection law in place.