Data protection bill may see social media firms lose safe harbour status
The change in the data protection bill will effectively make social media companies liable to be penalised for taking action against any content, whether pursuant with law, following government orders or in accordance with its terms of service, say experts.
The data protection bill, which is currently being reviewed by a joint parliamentary committee (JPC), may lead to social media companies losing their status as an intermediary, or protection from action for third party content, for “selecting, modifying, editing, blocking, muting, amplifying content or removing users from its platform”, if one of the changes proposed to its draft is accepted, people familiar with the matter said.

This will effectively make social media companies liable to be penalised for taking action against any content, whether pursuant with law, following government orders or in accordance with its terms of service, say experts.
The proposed move is to treat the companies as publishers instead of intermediaries. The data protection act, the proposals suggest, will supersede will the information technology act, section 79 of which provides intermediaries the protection from penal action for what users post, or third party content.
These are part of changes being considered by the JPC which is studying the personal data protection bill, sent to it for further deliberation after parliamentarians objected to the version introduced in parliament in 2019, the officials said.
The final report of the JPC is yet to be tabled and the committee has now sought until the winter session to submit its report. The joint parliamentary committee did a clause-by-clause reading in December last year but with a new chairperson, BJP MP PP Chaudhary, taking over; there are concerns that the panel may have to start discussions from scratch.
To be sure, the central government will decide the final shape of the bill that will be presented to parliament for legislation.
According to the discussions at present, one of the officials aware of it said, the future law could make it contingent upon social media companies to not “initiate transmission”, in keeping with the IT Act, if they want to retain their intermediary status.
The companies will also have to ensure that they do not indulge or associate in any act which is against the public or state policy, the other proposals suggest.
The bill will also define a threshold of users or impact to determine which social media companies constitute significant data fiduciaries or a class of intermediaries who will fall under this provision, according to the proposals.
The proposal for significant impact covers social media firms that could influence the sovereignty and integrity of India, electoral democracy, security of the state or public order, the person cited above said, adding that the proposals proceed to venture a definition of a social media platform.
Under the information technology act, 2000, an intermediary is not liable for any third-party information, data, or communication link made available or hosted by them -- a legal principle that is known as giving such companies safe harbour. This stems from Section 79 of the IT Act, which makes it conditional: an intermediary must not initiate the transmission, select the receiver of the transmission, and select or modify the information contained in the transmission.
The changes in the much-awaited data protection law also come at a time when the government is at loggerheads with social media firms over content moderation and compliance with the new social media and intermediary guidelines.
In May, Twitter tagged posts by Bharatiya Janata Party leaders “manipulated media” for carrying purported screenshots of a document that sought to implicate the opposition Congress in a plan to criticise Prime Minister Narendra Modi. The government cited “percepts of natural justice” to order Twitter to remove the tags, which the company has left up.
The additional clauses that, which set to take away the safe harbour status, are being considered under section 28 of the personal data protection bill, which will now be known as the data protection bill as it will also address non-personal data, the person cited above said.
According to Supreme Court lawyer and founder of Cyber Saathi NS Nappinai, the larger issue is how much the proposed legislation may be in excess of or possibly even negate existing laws. “Assuming these amendments are being proposed, substantial portions such as ‘initiate, select or modify’ already form part of section 79 IT Act,” Nappinai said.
“Other additions proposed may not be specifically adverted to under IT Act but may be read into them with checks and balances. It would, therefore, behoove the committee to evaluate the necessity for this addition and in doing so ensure both harmony between the provisions under both enactments and provide for checks and balances to ensure that protections under existing laws are not negated or free speech stifled due to ambiguity.”
She added that without the above, the proposed amendments would amount to government authorities shooting themselves in the foot. “The additions proposed will effectively negate all the benefits that accrue to victims and also government’s rights which form part of the IT Act and Rules framed therein,” she said.
