Multi-Billion Dollar Enterprises Mining And Monetizing Private Data Of Users Cannot Claim Any Representative Privacy Right: Centre's Reply To WhatsApp's IT Rule Challenge
The Centre has filed its affidavit in response to the Petition filed by WhatsApp and Facebook challenging the 2021 IT Rules requiring messaging apps to trace the first originator of the information, saying that the law empowers it to expect such entities to create safe cyberspace and counter illegal content either themselves or by assisting the law enforcement agencies.
The Centre has said in the Affidavit that Section 87 of the Information Technology Act gave it the power to formulate Rule 4(2) of the Intermediary Rules, which mandates a significant social media intermediary to enable the identification of the first originator of information in legitimate state interest of curbing the menace of fake news and offences concerning national security and public order as well as women and children.
In response to the argument of the Petitioners that breaking the encryption invades its users' privacy, the Centre has claimed that platforms monetize users' information for business/ commercial purposes are not legally entitled to claim that it protects privacy.
Petitioners (WhatsApp and Facebook), being multi-billion dollar enterprises, almost singularly on the basis of mining, owning and storing the private data of natural persons across the world and thereafter monetizing the same, cannot claim any representative privacy right on behalf of the natural persons using the platform, said the affidavit filed by Ministry of Electronics and Information Technology.
WhatsApp collects users' personal information and shares it with Facebook and third-party entities for business/commercial purposes (WhatsApp's privacy policy of 2016 and its 2021 update). In fact, the regulators of various countries dearly hold that Facebook should be fixed with accountability for its services and data management practices, it added.
The Centre has argued that reasons regarding 'technical difficulties' cannot be an excuse to refuse compliance with the law of the land, and if a platform does not have the means to trace the first originator without breaking the encryption, then it is the platform which ought to develop such mechanism in larger public duty.
The Rule does not contemplate the platforms breaking the end-to-end encryption. The Rule only contemplates the platform to provide the details of the first originator by any means or mechanism available with the platform. If the platform does not have such means, the platform ought to develop such mechanism considering the platform's widespread prevalence and the larger public duty, the affidavit said.
The Ministry has said that if the intermediary is not able to prevent or detect the criminal activities happening on its platform, then the problem lies in the platform's architecture and the platform must rectify their architecture and not expect the change of legislation. Reasons regarding 'technical difficulties' cannot be an excuse to refuse compliance of the law of the land.
In August, a bench headed by Chief Justice DN Patel had sought the Centre's stand on the petition challenging new rule on the ground it violates the right to privacy and is unconstitutional.
In its plea, WhatsApp had said that the traceability requirement forced it to break end-to-end encryption and thus infringe upon the fundamental rights to privacy and free speech of the hundreds of millions of citizens using its platform to communicate privately and securely.
The Centre, in its response, has said that the petition by WhatsApp is not maintainable as a challenge to the constitutionality of any Indian law is not maintainable at the instance of a foreign commercial entity.
It further claimed that Rule 4(2) is an embodiment of competing rights of citizens of India and aims to preserve the rights of vulnerable citizens within cyberspace, who can be or are victims of cyber-crime.
The Centre has said that there are checks and balances to ensure that the rule is not misused or invoked in cases where other less intrusive means are effective in identifying the originator of the information.
The identification of the first originator pertains only to viral content relating to heinous crimes, as specified in the rule, and not identifying all users or citizens, it said.
If the IT Rules 2021 are not implemented, the law enforcement agencies will have difficulty in tracing the origin of fake messages and such messages will percolate in other platforms thereby disturbing peace and harmony in the society further leading to public order issues, the affidavit said.
The Centre has also said that in case of any legal proceeding involving any message on the platform as evidence, WhatsApp would lose the defence of 'intermediary protection', however, that it does not mean that WhatsApp will be held guilty and its officials would be legally responsible.
The courts can include WhatsApp as a respondent and consider 'Contributory Negligence' and 'Vicarious liability on WhatsApp and its executives' (under Section 85). Such liabilities will fructify only when such a case comes up and WhatsApp is named as an entity and it is sufficiently proved that it has contributed to the commission of the crime, it added.
The center also said that the Supreme Court itself had asked the Central government to take all the steps necessary to identify persons who create and circulate electronic information about certain offences such as sexual abuse.
With PTI inputs