india-map

FIND YOUR MP

Switch to Hindi (हिंदी)

Applications for LAMP Fellowship 2025-26 are now open. Apply here. The last date for submitting applications is December 21, 2024

  • The PRS Blog
  • Govt. gives itself the master key to access sensitive personal information
Miscellaneous

Govt. gives itself the master key to access sensitive personal information

Chakshu Roy - May 9, 2011

The government has given itself the “master key” to access major consumer databases maintained by companies in different sectors. Under new regulations made under the Information Technology Act, government can ask companies to share sensitive personal information about their customers. Sensitive personal information would cover medical records and history, information about physical, physiological and mental health, sexual orientation, credit and debit cards, biometric information and passwords. Under the new rules any government agency required under law to obtain information for the purpose of verifying identity, or for prevention, detection, investigation, prosecution, and punishment of offences can ask a company to give sensitive personal information held by it about an individual. There are no checks on this power, except that the request for information be made in writing, and stating clearly the reason for seeking the information.  Usually information requests have certain inbuilt checks.  For example, search warrants in criminal cases are issued by a court.  Tapping of telephones or interception of electronic communication can only be authorised by the Union or the State Home Secretary after following a prescribed process.  The new Bill for Unique Identification Number (UID) permits such use only by the order of a court, or for national security (by an order of an authorised officer of at least Joint Secretary rank in the central government).

Policy

Explained: Draft amendments to the IT Rules 2021

Omir Kumar - June 9, 2022

On June 6, 2022, the Ministry of Electronics and Information Technology released the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules, 2021) for public feedback.  The IT Rules were notified on February 25, 2021, under the Information Technology Act, 2000 (IT Act).  The Ministry noted that there is a need to amend the Rules to keep up with the challenges and gaps emerging in an expanding digital ecosystem.  In this blog post, we give a brief background to the IT Rules, 2021 and explain the key proposed changes to the Rules.

Background to the IT Rules, 2021

The IT Act exempts intermediaries from liability for user-generated content on their platform provided they meet certain due diligence requirements.  Intermediaries are entities that store or transmit data on behalf of other persons and include telecom and internet service providers, online marketplaces, search engines, and social media sites.  IT Rules specify the due diligence requirements for the intermediaries.  These include: (i) informing users about rules and regulations, privacy policy, and terms and conditions for usage of its services, including types of content which are prohibited, (ii) expeditiously taking down content upon an order from the government or courts, (iii) providing a grievance redressal mechanism to resolve complaints from users about violation of Rules, and (iv) enabling identification of the first originator of the information on its platform under certain conditions.  It also specifies a framework for content regulation of online publishers of news and current affairs and curated audio-visual content.  For an analysis of the IT Rules 2021 please see here.

Key changes proposed to the IT Rules 2021

Key changes proposed by the draft amendments are as follows:

  • Obligations of intermediaries:  The 2021 Rules require the intermediary to “publish” rules and regulations, privacy policy and user agreement for access or usage of its services.   The Rules specify restrictions on the types of content that users are allowed to create, upload, or share.  The Rules require intermediaries to “inform” users about these restrictions.  Proposed amendments seek to expand the obligation on intermediaries to include: (i) “ensuring compliance” with rules and regulations, privacy policy, and user agreement, and (ii) "causing users to not" create, upload, or share prohibited content.
     
  • The proposed amendments also add that intermediaries should take all reasonable measures to ensure accessibility of their services to all users, with a reasonable expectation of due diligence, privacy, and transparency.   Further, intermediaries should respect the constitutional rights of all users.  The Ministry observed that such a change was necessary as several intermediaries have acted in violation of the constitutional rights of citizens.
     
  • Appeal mechanism against decisions of grievance officers:  The 2021 Rules require intermediaries to designate a grievance officer to address complaints regarding violations of the Rules.  The Ministry observed that there have been instances where these officers do not address the grievances satisfactorily or fairly.  A person aggrieved with the decision of the grievance officer needs to approach courts to seek redressal.  Hence, the draft amendments propose an alternative mechanism for such appeals.  A Grievance Appellate Committee will be formed by the central government to hear appeals against the decisions of grievance officers.  The Committee will consist of a chairperson and other members appointed by the central government through a notification.  The Committee is required to dispose of such appeals within 30 days from the date of receipt.  The concerned intermediary must comply with the order passed by the Committee.  Note that the proposed amendments do not restrict users from directly approaching courts.
  • Expeditious removal of prohibited content:  The 2021 Rules require intermediaries to acknowledge complaints regarding violation of Rules within 24 hours, and dispose of complaints within 15 days.  The proposed amendments add that the complaints concerning the removal of prohibited content must be addressed within 72 hours.  The Ministry observed that given the potential for virality of content over internet, a stricter timeline will help in removing prohibited content expeditiously.

Comments on the draft amendments are invited until July 6, 2022.   

Recent Posts

  1. 1. A note of gratitude to Mr. N. Vaghul
  2. 2. What is Fuelling Power Sector Losses?
  3. 3. First no-confidence motion of the 17th Lok Sabha discussed today
  4. 4. Anti-cheating laws for competitive examinations
  5. 5. Uttarakhand Assembly concludes 2-day session; 13 Bills introduced and passed