Photo: iStock
Photo: iStock

Opinion | Foreign firms need to provide grievance redressal mechanism

Despite data breaches, these social media companies have faced no penal action

The cyber ecosystem in India has four primary stakeholders—technology companies, government, judiciary, and the public. A comprehensive system that is beneficial and accountable to all is required. Blue Whale, PUBG, and TikTok are only a small part of a growing list of apps and games that have faced legal action by governments and in courts with no material consequences. These apps are considered to be “intermediaries" under the Information Technology Act, 2000. They are governed by rules made in 2011, which continue to remain unenforced. In 2012, K.N. Govindacharya approached Delhi High Court. Acting on his plea, the court in August 2013 directed the government to ensure that intermediaries appoint a grievance officer. While Google and Facebook both appointed grievance officers, they were based in the US and Ireland, respectively. How can compliance of Indian law be made through an appointment in the US? Unfortunately, both the UPA and the NDA government did nothing to ensure that the grievance officer of intermediaries must be located in India. A 2018 report in The Guardian revealed that internet companies during that period were extensively lobbying across the developing world, including in India.

Against this backdrop, the government published draft Intermediaries Guidelines in 2018, which would have amended the 2011 Rules. Since 2017, the government has also been working on a data protection law. These are two separate actions, which are often, unfortunately, deliberately muddled in the public discourse to create confusion. Thus, this has resulted in a delay in enacting a data protection law, despite multiple assurances by the government.

Intermediaries, especially social media platforms, are making billions of dollars from Indian operations. Why then should they be permitted to circumvent Indian laws? Where does a user whose fake account has been created on a social media platform go to address their grievance? Due to a complicated procedure and the companies being situated abroad, even dignitaries are forced to approach the police, which is already overburdened. It should also be noted that the RBI has mandated data localization for payment systems. Why should nodal or grievance officers not then be based in India to ensure safety and accountability towards users’ data?

The negative impact of the laissez-faire regime extended to internet companies have shown their true effects in the form of interference in elections & circulation of fake news leading to mob lynching incidents. Our failure to regulate intermediaries has also had an unintended consequence. State governments now prefer to completely shut down the Internet by using policing powers instead of cracking down on specific websites or apps.

The draft rules mandate for a nodal officer with a registered address who may coordinate with law enforcement agencies. Such rules are applicable to any traditional business and there is no reason why intermediaries should be given undue exemptions. beyond the scope of Sec 79 of the IT Act. It is also a fact that the nodal officer so appointed will constitute a permanent establishment and the company will become liable for payment of taxes in India and various other compliances under the Companies Act, 2013.

The defence of freedom of speech raised by internet companies is not only preposterous but also contemptuous towards Indian law. In the WhatsApp NSO hack, Indian users may have had a remedy and sought answers if there was an Indian entity or nodal officer of WhatsApp. The public has the right to take government to court and enforce their rights. Where will the public go in case of foreign entities? There must be an answer.

Virag Gupta is an advocate at the Supreme Court

Close