The IT Rules, 2021 and its Application to Significant Social Media Platforms- An Explainer (A GUEST POST)

A Guest Post by the very articulate lawyer Siddharth Shivakumar. First published on his blog ‘Quoting The Courts‘, accessible here.

Here goes:

The recent Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 has caused quite a stir and has left Indian netizens confused and worried about the future of the social media platforms that they relentlessly use. Thus, in this piece, I try to breakdown these Rules and hopefully answer some of the frequently asked questions.

These Rules define a social media platform as an intermediary “which primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services”. According to these Rules, these social media platforms have to undertake due-diligence and establish a grievance redressal mechanism. However, the Rules cast additional obligations on ‘significant’ social media intermediaries. Through a notification dated 26th February 2021, the Central Government declared that all social media platforms having more than 50 Lakh users would be classified as ‘significant’ social media intermediaries. Thus, all popular platforms such as WhatsApp, Twitter, Facebook, Instagram, etc. are significant social media intermediaries.

At the outset, the objective of mandating social media platforms to conduct due-diligence and establish a grievance redressal mechanism sounds laudatory rather than problematic. However, the manner and extent to which these Rules mandate these platforms to observe, preserve and monitor their user’s behaviour poses a serious threat to the right to privacy of millions of Indians.

On a combined reading of these Rules and the Notification of the Central Government, it is understood that these significant social media platforms had to comply with the additional obligations by 26th of May 2021. According to these additional obligations, these platforms are required to appoint a Chief Compliance Officer, a Nodal Contact Person and a Resident Grievance Officer.

The Chief Compliance Officer has to be a key managerial personal or senior employee. Her job profile would be to ensure compliance with these Rules and the IT Act, 2000. However, if she fails to ensure that the intermediary observes due diligence while discharging its duties, she can be held liable under the law. On the other hand, the Nodal Contact Person’s duty is “24×7 coordination with the law enforcement agencies and officers to ensure compliance to their orders and requisitions”. The Resident Grievance Officer, though has the unenviable job of acknowledging every complaint made by a user within 24 hours and disposing off such complaints within just 15 days. Apart from this, these significant social media platforms will have to publish a monthly compliance report including the details of the complaints and the action taken on those complaints.

These measures definitely force these significant platforms to function in a more transparent manner. It also ensures that user complaints are taken seriously by these platforms. However, the sudden increase in workload, especially disposing complaints in a time bound manner (which even our well-structured judiciary fails at) might be a huge challenge, especially when politically organised ‘IT cells’ -known for propagating fake news, extreme opinions and also for their hyper-sensitive reactions to opposing views- dominate these spaces. Further, compelling 24×7 coordination with law enforcement agencies will definitely raise privacy concerns, and could be used to intimidate and silence political rivals as well as these social media intermediaries themselves. (Cc-Delhi Police Special Cell).

Apart from this, ordinary law-abiding users such as you (hopefully law-abiding) and I, should be more concerned about the provisions contained in Sub-Rule 2 of Rule 4. As per this Sub-Rule, messaging apps may be compelled through a Court Order or by the Executive itself, to identify the first originator of information for the purpose of investigation, detection and prosecution of certain crimes. While most of these crimes are of serious nature, the list also includes offences related to “public order”, which is a wide term that could allow for potential misuse and abuse of this power. Even if this Rule is not misused, it is still extremely problematic. This is because, this Rule effectively kills the idea of an end-to-end encrypted confidential communication, since at any time these apps could be called on to identify the first originator of messages, thus, allowing these apps complete access to our conversations. So, if you were one of those who thought that WhatsApp’s privacy policy was worrying, then you should definitely be frightened by these Rules.

Further, the Rules explicitly encourage significant social media platforms to develop technology-based measures including automated tools to detect any information depicting rape and child sexual abuse or conduct. It is not anybody’s case that action against these deplorable acts must not be taken. It is an extremely grave and serious problem that has to be tackled. However, is encouraging the development of automated tools that could potentially be used to track and examine in-depth user behaviour, patterns and information- a potential surveillance system- the right solution? This could be a potential problem-solution mismatch. Although there are safeguards coded into the Rules such as, these measures must be proportionate and must factor-in free-speech and privacy concerns. Further, the Rules also calls for periodic review of these tools with regard to their propensity of bias and discrimination, fairness and accuracy, and privacy and security concerns. 

Thus, the Rules themselves recognise that these tools could pose a serious problem to the lives of millions of users. Yet, it encourages the use of these tools and only calls on these platforms to review these issues periodically.

Lastly, if this brings you any cheer, the Government cannot ban your favourite apps. Non-compliance with these Rules does not entail a ban. Instead, these non-complying social media platforms can now be held liable for any third-party information, data, or communication link hosted by them and would also be liable for punishment under the Indian Penal Code. This, essentially means that even social media giants like Facebook and Twitter can be made liable for any criminal activity undertaken by a user on these apps.

In conclusion, it is surprising to see the State take exception to WhatsApp’s privacy policy on the ground that it violates the privacy of Indians, but at the same time, the State through these Rules has systematically weakened and diluted our claim to that fundamental, inalienable right to privacy. Hopefully, this tussle between the State and these significant social media platforms is an opportunity to bring attention back to the primary stakeholder in this debate- The User!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



  1. Gaurav Mehta

    Traceability and end-to-end encryption cannot co-exist. Here comes the issue of privacy which then leads an inquiry into the intended object sought to be achieved vis-a-vis the proportionality of the measure. The said Rules in the nature of a delegated legislation, it becomes all the more necessary for the Executive to substantiate the non-availability of less intrusive means. This also assumes significance in the wake of meta data which is already available and, which in fact, is provided to law enforcement agencies (such as identity based details like the User-ID, location of the user, to whom one is talking or the links clicked with the App, etc.) as and when needed.

    Another aspect which can’t be lost sight of is that these big tech giants (with all the data at their disposal) in the name of free speech behave like anything but intermediaries by tracking users and their behaviour; for this is central to their revenue. Recently, in this regard changes were made in WhatsApp’s privacy policy; the issue currently being adjudicated in Court as well as by the Competition Commission of India as the commonly-used messaging App has a dominant presence in the market.

    Also, it no secret that the Governments since time immemorial are more inclined to control information and thereby push their objectives and exercising better surveillance over them.

    The fact that the Union of India in a challenge pending in the Delhi High Court to undermine privacy policy by WhatsApp has taken the stance that the same is against right to privacy of citizens is no less surprising as rightly mentioned in the above piece. At one end, the State is putting forth the idea that these changes undermine the fundamental right to privacy, but at the other end, it is vying for piercing end-to-end encryption, which becomes all the more serious an issue in the absence of Data Protection law.

    Ultimately, it’s all about finding that delicate balance between protecting and empowering the users, at the same time!



    Respected Bharat Sir, the IT rules have once again, created a situation where is much for ethics to do to clarify the principles of responsible image making and how those principles apply to difficult cases.You’ve very kindly enlightened us with the considered view of Respected Sri Siddarth Sivakumar on this topic.I admire your attitude of getting us the BEST available knowledge on your blog,even if,the article is by a Senior Advocate-such virtue is very Rare and you must keep it up.And,in humour,may I ask now this article,if presumed against IT rules who will be responsible or originator.

    Today, citizens write in ways that fall under the general description of a journalists as someone who regularly writes on public issues for a public or audience.
    It is not always clear whether the term “Ethics” begins or ends. If comedian Jon Stewart refuses to call himself a journalist, but magazines refer to him as an influential journalist (or refers to him as someone who does engage in journalism) is Stewart a journalist?
    What is the status of a person expressing their opinions on their Facebook site?

    The changes challenge the foundations of social media ethics. The challenge runs deeper than debates about one or another principle, such as objectivity. The challenge is greater than specific problems, such as how social media networks can verify content from citizens. The revolution requires us to rethink assumptions. What can ethics mean for a profession that must provide instant tweet,messages and posts by billions of users where everyone with a modem is a publisher?

    Kindly convey my regards to Sri Siddarth Sivakumar for his Marvelous Blog.I shall start reading his blog Beautifully titled”Quoting The Courts”now onwards.

    Kind Regards/SRA


%d bloggers like this: