Right To Privacy – Can Intermediaries be held Liable?


In the present time and day, the internet is no more a luxury in people’s lives but rather a necessity to keep up with the day to day work. People have become extremely reliant on the internet. Right from ordering groceries to online banking, everything can be done virtually with the help of internet. Today, when the world has come to a stop owing to the novel coronavirus pandemic, the only thing keeping the countries functioning and economies from not completely collapsing is the presence of Information Technology.

We can clearly see the heavy dependence people have on the internet today. Internet is indeed a beneficial tool for us but there are many problems, such as data security, breach of privacy, etc., which arise from it too. In a world where the use of social media and online websites are at its prime, a steady escalation of unlawful activities being conducted on these platforms is observed. These lead to many questions, such as ‘Who can be held liable for such unlawful activities‘ or, ‘To what extent can they be held liable?‘ To be able to find the answers to these questions, we must first understand what an intermediary is, what are their functions and the role they play in our lives.

What are Intermediaries and Intermediaries Liability?

Intermediaries, according to the ‘Information Technology Act 2002‘ means: ‘Any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message‘. In a layman’s language, an intermediary can be compared to a middle man. For example, when a person A wants to buy a house, he goes to a broker named B. B shows A the house of C who is the owner of the house which is up for sale. Here, B is a middle man who helps A get in contact with C and hence, an intermediary. This analogy helps us to understand the working of an intermediary.

Intermediaries are essentially the joining link between the person seeking information and the person putting up the information. It provides a platform through which people can exchange information with each other. To get a better understanding of intermediaries, let’s see how it plays a role in our daily life. For example, A wants to buy a toy gun, B wants to sell a toy gun, B puts up an advertisement on a website C, through this website A finds B and the transaction takes place. Here A is the buyer, B is the seller and C the website is an intermediary.

Now, let us understand the concept of Intermediary liability, continuing with the same example but making a few changes. A is the buyer looking to buy a toy gun. B is a seller, illegally selling guns. B puts up an advertisement on website C to sell this gun. Keep in mind, buying and selling a gun in India is an offence and requires having a valid license. A, through website C, sees B selling a gun. Here, though it is B who has committed a crime, it is C’s liability to regulate the content that is being posted on his website. This indirect liability is ‘Intermediary’s liability‘.

It is mandatory for an intermediary to regulate the content that is being put up on their platform. In the words of Rebecca MacKinnon, ‘Intermediary liability means that the intermediary, a service that acts as ‘intermediate’ conduit for the transmission or publication of information, is held liable or legally responsible for everything its users do‘.

Intermediary liability is based on the principle of vicarious liability. (Vicarious liability is a situation in which one party is held partly responsible for the unlawful actions of a third party. The third party also carries his or her own share of the liability.) Therefore, making use of this principle we can see why the service provider must also be held accountable for the illegal act of the user of that platform.

However, it is extremely challenging for intermediaries to protect their users and regulate the data which is being circulated, owing to their enormous user-base. Time and again, these intermediaries have failed to safeguard their users from religious, socio-political, and economic causes, which have led to an abuse of data and rights. The fake news that is being peddled on Facebook or WhatsApp has been the reason behind communal riots, murders and in certain areas, even mob-lynching.

The best example of social platforms being misused is the involvement of Twitter and Facebook in the 2016 Presidential Elections which caused a mutual distrust among people for these platforms. Such platforms, on one hand, cater to our needs but on the other hand, also harbour harmful content such as child pornography and promote hate propagandas. These are few of the reasons owing to which it is considered imperative to impose a greater intermediary liability.

Development of Intermediary Liability in India

The Information Technology Act, 2000 protects only service providers. Intermediaries are given almost no protection or safeguard under this Act. In another case, the Supreme Court observed that there is a growing necessity to widen the scope of protection given to intermediaries and this led to the amendment to the IT Act in the year 2008. This Amendment, through Section 79, provides a safe harbor to intermediaries. It is an exemption provision that provides conditional immunity to the intermediaries as long as they follow the provisions/conditions of the section. Section 79 of the IT Act 2000 states that an intermediary should not be held liable for third-party information, data, or communication links being hosted by them, but the section further provides for exceptions in subsection (3).

According to this subsection, an intermediary can be held liable if they had conspired, abetted, aided, or induced the commission of the unlawful act. The second exception under this subsection states that the intermediaries can be held liable if they fail to take down the illegal material even after it was brought to their notice. This method of notice and takedown has been criticized by experts from all over the world as this allows any private party to take objection to the material and then that material must be taken down. It would lead to intermediaries over regulating the internet.

 A solution to this could be that only through Court orders can the intermediaries be asked to take down the material. In 2011, the Government of India introduced the Intermediary Guidelines. There were issues between the IT Act and the Intermediary Guidelines such as the forced decision of intermediaries and the presence of ambiguity in the prohibited content.

To a large extent, these various issues were resolved in the case of Shreya Singhal v. Union of India. In this landmark judgment, the Supreme Court struck down Section 66A of the IT Act and recognized free speech rights over the internet of the Indian Citizen. Additionally, they held that ‘Section 79 is valid subject to Section 79(3)(b) being read down to mean that an intermediary on being notified by the appropriate government or its agency, or upon receiving actual knowledge from a court order that unlawful acts relatable to Article 19(2) are going to be committed if-then fails to expeditiously remove or disable access to such material…. Similarly, the Information Technology “Intermediary Guidelines” Rules, 2011 are valid subject to Rule 3 sub-rule (4) being read down in the same manner as indicated in the judgment.

 The Court also observed that ‘it would be very difficult for intermediaries like Google, Facebook etc. to act when millions of requests are made and the intermediary is then to judge as to which of such requests are legitimate and which are not.

Right to Privacy and Intermediary Liability

A 92-page report was made after studying the various laws being practised internationally pertaining to privacy and comparing it to the existing laws in India for the same. The report stated that the law of privacy must be recognized on a constitutional basis, as presently, the right to privacy is derived from Article 21 of the Constitution of India and asserted by precedence. They laid down nine fundamental principles that would form the base for privacy laws. These principles were:

  • Notice
  • Choice and Consent
  • Collection Limitation
  • Purpose Limitation
  • Access and Correction
  • Disclosure of Information
  • Security
  • Openness
  • Accountability

These fundamentals of Privacy laws are based on the concept that any information forms a part of a person’s dignity and therefore, must be protected. While the present laws do cover these principles partially, much improvement is needed in this field. The report also talks about the lacunae in the present law and recommendation to overcome them have been mentioned. The recommendations were:

  • A change in privacy policy should be informed to both the public and the individual.
  • The information must be destroyed once it has been used for the identified purpose.
  • Data Controllers must necessarily provide notice of disclosure to third parties.

The committee made many recommendations which were later incorporated in the Privacy Bill 2014. The Privacy Bill would apply to any person who ‘shall collect, process, or otherwise deal with personal data of any individual‘. This law would be applicable to all residents of India and not just to the citizens of India. The Bill also incorporates the creation of a Data Protection Authority (DPA). This Data Protection Authority would have the power to investigate the actions taken by the data controllers and they would also be given the power to issue directives pertaining to the discharge of any of its functions. This bill is yet to become a law.

In 2018, the Ministry of Electronics and IT published a set of draft rules to amend the key provisions of the Information Technology (Intermediaries Guidelines) Rules 2011. The primary objective of this draft amendment is to attract greater accountability on the intermediaries in relation to the content being put up on their platforms. This prescribed amendment emphasizes the fact that intermediaries must identify the originator of the content being published when asked by authorities. They must also identify and remove unlawful material from their platforms with the use of appropriate technology and mechanisms. If this becomes the law, it would be a major shift from the existing laws where the intermediaries are given immunity and they are only required to remove the unlawful material when told to do so through court order or a government directive. The final amendments are due in 2020.


The statutory provisions and judicial holdings clearly show that the laws regulating intermediary liability are dynamic in nature and keep evolving continuously. The trend shows that India is moving towards more stringent intermediary liability. The law on intermediary liability and right to privacy suggests that India is making progress and is taking steps in the right direction. A balance between intermediary liability and the right to privacy must be attained for the smooth functioning of laws relating to IT in India. The right to privacy is a long way from being settled in India but the Court has seen to it that proper measures are being taken to protect the rights of the individuals.

The Court has time and again made sure that all the concerns people have in relation to their privacy are resolved in this world of rapidly advancing technologies, which constitutes an intermediary. While the IT Act 2000 and the IT Rules 2011, protect the right of privacy to some extent, the settled law is needed to secure the cyberspace. This can be done in the present time with the introduction of the Privacy Bill and the Amendments prescribed by the Ministry of Electronics and IT. A greater liability must be imposed on the intermediaries as the problems arising from these unlawful materials do not just cause minor issues but are responsible for serious altercations such as murder and mob lynching as mentioned before. It is to be seen what the Government does to address these issues, whether they choose to adopt the Privacy Bill and Amendments prescribed or not?

Leave a Reply

Your email address will not be published. Required fields are marked *