Check out our E-Book on Metaverse and Smart Contracts: Challenges and Key Considerations

WhatsApp and Facebook move to court against the Indian Government over the new IT rules

Author: Gaurav Shanker, Managing Partner And Yamini Mishra, Associate |

Article by Business Law Chamber

Since the time Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Rules) have been introduced the social media intermediaries are apprehensive of the traceability prerequisites.

The traceability requirement in the Rules is a pre-requisite that directs all significant social media intermediaries (i.e., those who have more than 50 lakh registered users in India) to identify the first originator of a message on receiving a judicial order or an order issued by a competent authority under Section 69 of the Information Technology Act. The intermediaries were given a three-month timeline to comply with the guidelines.

Recently, WhatsApp and its parent company, Facebook in order to defend themselves have filed two separate writ petitions in Delhi High Court concerning its inability to comply with the traceability requirement. Further, in the petition, the tech giants have opined that the traceability clause will undermine the constitutionally guaranteed right of privacy and freedom of free-speech as traceability will break the end-to-end encryption. WhatsApp has explained that to trace even a single message, it would be required to trace every message and, in this way, it will end up in the collection of permanent identity stamps of every message conveyed through the platform which will violate the user’s privacy rights.

They further contend that the traceability clause fails to satisfy the three requirements of the Puttaswamy I test laid down by the Supreme Court in the case of K.S. Puttaswamy v. Union of India, 2017, which states that the three essentials that must be fulfilled to permit for invasion of the right to privacy are: legality, necessity, and proportionality. The petitions state that there is no legislative framework that allows the Indian Government to violate the privacy rights of their citizens via traceability on end-to-end encrypted services, and thus the legality pre-requisite cannot be fulfilled. The petitions further argue that the traceability requirement is not reasonable and does not guarantee against arbitrary State action as it allows the government to trace records without any judicial overview. The traceability requirement is not a proportionate requirement as it would require intermediaries to first build a

WhatsApp and Facebook move to court against the Indian Government over the new IT rules mechanism to enable traceability and the companies would then be required to enable it for every user and each piece of communication, irrespective of whether or not they are even being investigated. Therefore, no criminal liability should be imposed in case of non-compliance with traceability requirements.

Moreover, the Rules have not specified the time limit for which the data must be stored, and in this way, the intermediaries will be forced to accumulate the data for an unspecified time. If the rules are complied with, all messages which were used to be end-to-end encrypted in India can be easily linked to the user, including personal and sensitive messages that are sent by law-abiding Indian citizens and would undermine users' anonymity forever.

In response to the petitions filed by Facebook and WhatsApp, the Ministry of Electronics and Information Technology issued a statement that the traceability requirement passes the test of proportionality and conveyed that it is in the public interest that whoever started the mischief leads to such crime must be detected and punished. Further, in October 2021 the Government filed an affidavit in response to the petitions, defending the legal validity of the Rules, wherein, it stated that the law empowers it to expect such entities to create safe cyberspace and counter illegal content either themselves or by assisting the law enforcement agencies. The affidavit also claimed that platforms "monetize users' information for business/ commercial purposes and are not legally entitled to claim that it protects privacy. One of the main contentions of the Government as if the intermediary is not able to prevent or detect the criminal activities happening on its platform, then the problem lies in the platform's architecture and the platform must rectify its architecture and not expect the change of legislation. Reasons regarding 'technical difficulties cannot be an excuse to refuse compliance to the law of the land.

Clearly, the lawsuit has escalated the growing struggle between the Indian Government and tech giants including Facebook, WhatsApp, Google, and Twitter in their global key market. The petition is pending before the Court, however, all eyes will be on what happens next as the fate of this matter will decide the fate of the Rules in the country.

Disclaimer: The views in this article are the author's point of view. This article is not intended to substitute legal advice. In no event, the author or Business Law Chamber shall be liable for any direct, indirect, special, or incidental damage resulting from or arising out of or in connection with the use of this information. For any further queries or follow up, please contact us at: