The government has given itself the “master key” to access major consumer databases maintained by companies in different sectors. Under new regulations made under the Information Technology Act, government can ask companies to share sensitive personal information about their customers. Sensitive personal information would cover medical records and history, information about physical, physiological and mental health, sexual orientation, credit and debit cards, biometric information and passwords. Under the new rules any government agency required under law to obtain information for the purpose of verifying identity, or for prevention, detection, investigation, prosecution, and punishment of offences can ask a company to give sensitive personal information held by it about an individual. There are no checks on this power, except that the request for information be made in writing, and stating clearly the reason for seeking the information. Usually information requests have certain inbuilt checks. For example, search warrants in criminal cases are issued by a court. Tapping of telephones or interception of electronic communication can only be authorised by the Union or the State Home Secretary after following a prescribed process. The new Bill for Unique Identification Number (UID) permits such use only by the order of a court, or for national security (by an order of an authorised officer of at least Joint Secretary rank in the central government).
On June 6, 2022, the Ministry of Electronics and Information Technology released the draft amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules, 2021) for public feedback. The IT Rules were notified on February 25, 2021, under the Information Technology Act, 2000 (IT Act). The Ministry noted that there is a need to amend the Rules to keep up with the challenges and gaps emerging in an expanding digital ecosystem. In this blog post, we give a brief background to the IT Rules, 2021 and explain the key proposed changes to the Rules.
Background to the IT Rules, 2021
Key changes proposed to the IT Rules 2021
Key changes proposed by the draft amendments are as follows:
Comments on the draft amendments are invited until July 6, 2022.