Friday, November 18, 2011

IT laws- due diligence by Intermediaries

Dear Friends,
 
As we all know, there is an Information Technology Act 2000 amended from time to time which governs our Cyber laws in India.  Under section 2(1)(w), it defines "Intermediary" with respect to any particular electronic records to mean any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.  

 Section 79 in Chapter XII of the Information Technology Act 2000 titled "Intermediaries Not To Be Liable In Certain cases" is about exemption from liability of intermediary in certain cases. Section 79(1) says that notwithstanding anything contained in any law for the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party information, data, or communication link  hosted by him. But sub-section (2) says that the provisions of sub-section (1) shall apply if there is certain conditionality. Among the conditions are that under section 79(2) (c) which is related to the situation when the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.

In exercise of the powers conferred by clause (zg) of subsection (2) of section 87 read with sub-section (2) of section 79 of the IT, 2000, the Central Government made the Information Technology (Intermediaries guidelines) Rules, 2011.

 Here due diligence required from an intermediary was provided in Rule 3 as under-
The intermediary shall observe following due diligence while discharging his duties, namely : —
(1) The intermediary shall publish the rules and regulations, privacy policy and user agreement for access-or usage of the intermediary's computer resource by any person.
(2) Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that —
(a) belongs to another person and to which the user does not have any right to;
(b) is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
(c) harm minors in any way;
(d) infringes any patent, trademark, copyright or other proprietary rights;
(e) violates any law for the time being in force;
(f) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
(g) impersonate another person;  
(h) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource;
      (i) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation

Similarly, Rule 3(4) warrants that the intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes.
 
In Rule 11, there is a clear provision that the intermediary shall publish on its website the name of the Grievance Officer and his contact details as well as mechanism by which users or any victim who suffers as a result of access or usage of computer resource by any person in violation of rule 3 can notify their complaints against such access or usage of computer resource of the intermediary or other matters pertaining to the computer resources made available by it. It also says that the Grievance Officer shall redress the complaints within one month from the date of receipt of complaint.

Based on this information, I have the following points to submit-
1. What is ur opinion about the due diligence clauses required in the Indian law?
2. My personal opinion is that these due diligence, particularly as regards acting upon a complaint in 36 hours and about formulation of a Grievance Officer is very much required because presently there is almost no recourse for the users/consumers to present their grievance and get action done upon it or to report abuses and get suitable action upon them. Do u seem to agree to this
 
Amitabh Thakur
President, IRDS,
Lucknow
www.irdsindia.com
# 94155-34526

No comments: