Delhi HC has expanded the scope of injunction orders in Internet jurisdiction: Geo-blocking to Global-blocking in IT law

This post has borrowed extensively from an earlier blog-publication by Aryan Babele on Tech Law Forum @ NALSAR.

On 23rd October 2019, the Delhi HC has delivered an impactful judgment authorizing Indian courts to issue “global takedown” orders to Internet intermediary platforms like Facebook, Google and Twitter against illegal content as uploaded, published and shared by their users. The Delhi HC delivered the judgment on the plea filed by Baba Ramdev and Patanjali Ayurved Ltd. requesting the global takedown of certain videos which are defamatory in nature.

The Court passed the order in the context of its observation that there is a ‘hare and tortoise race’ between technology and law such that the ‘technology gallops, the law tries to keep pace’. Such observation reflects that the Court’s intention is to interpret IT law in the manner which will ensure the effective implementation of the judicial orders throughout the internet jurisdiction and mitigate the circumvention of such orders by use of the advanced technology.

However, the Court’s order is attracting criticism globally from several internet-freedom activists. It seems that the Court has made a hasty attempt to win the ‘hare and tortoise race’ and has missed on considering the far-reaching implications of it on the IT law jurisprudence and conflict of law provisions. This article aims to analyze and indicate the significant points in the Delhi HC’s judgment, which the Court lacked in considering while relying on the unsettled jurisprudence of global injunction orders.

Background- The case of Swami Ramdev v. Facebook

In Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC], Swami Ramdev (a prominent yoga guru and public figure) filed a case before the Court against Facebook, Google, YouTube and Twitter, inter-alia, praying for the global take down of defamatory contents (videos) as uploaded, published and shared by users of these intermediary platforms.

The given case stems out of the publication of videos on defendants’ platforms, which are based on those particular offending portions of the book titled “Godman to Tycoon: The Untold Story of Baba Ramdev’ by Priyanka Pathak Narain, which are already undergoing an ad-interim injunction as granted by the Court in Swami Ramdev v. Juggernaut Books [CM (M) 556/2018] in May 2018.

Subsequently, in January 2019, the Court passed an interim injunction against the defendants’ platforms to disable access to the offending URLs and weblinks for the Indian domain as per Section 79 of the Information Technology Act, 2000, [hereinafter referred as IT Act 2000] i.e. ordered geo-blocking.

However, the plaintiff argued that the geo-blocking is an ineffective solution as the objectionable content is widely available on the global internet and internet users in India can still access such content using VPNs and other such mechanisms. Therefore, the only effective remedy, according to the submission of plaintiff, is to issue a global blocking order.

Internet intermediaries have contended against such a global take down mechanism as it poses a number of technical and legal difficulties for them. Firstly, cross-jurisdictional laws vary in standards for determining defamation, and hence disabling access globally will breach the principles of international comity. Secondly, in order to globally disable access to the content, the intermediary platforms have to monitor every upload on their platforms which is technically difficult and legally wrong.

The Delhi HC’s Judgment

The Court agreeing with the plaintiffs’ submission went on to held that the online intermediary platforms can be ordered to take down content globally by a competent court in India, as the content is published on their global services. It observed that the complete removal is needed because there are easy –to-use technology applications available widely that helps local users in circumventing the geo-blocking and render the take-down order useless. Therefore, an absolute removal globally is an absolute remedy, as per the Court’s observations.[1]

Further, the following directions, hereby in brief, have been put forth by the Court to support its order:

  • The Court broadened the interpretation of Shreya Singhal v. Union of India: As per the Court, Section 79 of the IT Act 2000 provides that in order to avail the safe-harbor immunity, “intermediaries have to take down and disable access to the offending material residing in or connected to a computer resource in India”. It interpreted the definition of ‘Computer Resource’ as given in the IT Act, such that the “Computer Resource” as per the judgment “encompasses within itself a computer network, which would include a maze or a network of computers. Such a computer network could be a global computer network”.[2]
  • Global take downs are technologically possible: The Court held that whenever any content violates the community standards of the internet intermediary platforms, such content is taken down globally by the platform on its own. Therefore, it observed that it is technologically possible for the platforms to take down content globally on the orders of the competent courts as well.
  • Application of IT Act in extra-territorial jurisdiction: In order to justify the global take down, the Court explained that, “a perusal of Section 75 of the Act shows that the IT Act does have extra territorial application to offences or contraventions committed outside India, so long as the computer system or network is located in India”.[3] Therefore, the Court held that as long as the content has been uploaded from the Computer Resource located in India, Indian courts will be competent to pass the global injunction/ take down orders.
  • Allowing the direct ‘Notice-and-Takedown’ mechanism for the future uploads of the objectionable content: The Court has held that the plaintiffs can approach the intermediaries directly if it finds the publication of the questionable content again on their online platforms in future. However, the Court has provided an option of the counter-notice system for intermediaries, by opting which the intermediaries can refute claims of illegality and shift the onus of proof back on plaintiffs, such that after which the plaintiffs will have to approach the Courts for an appropriate remedy.

Observations: the Loopholes, Unsettled Jurisprudence and the Comment

The Loopholes

It is completely understandable that the Court is favouring the global take-down order to make its injunction orders against global services more effective. Unfortunately, in its broad evaluation of legal feasibility of the global injunction order and technological capabilities of intermediaries to obey the same, the Court missed on considering certain very significant arguments[4]:

  • Use of VPNs another way around: The Court agreed to the plaintiffs’ argument that due to the wide availability of the easy-to-use applications like VPN, the geo-blocking is circumvented. However, it didn’t consider the circumvention in the case other way around, in which the user can upload the content using VPN and other web proxy services, and can further easily fake the IP address to make it look like as if the content is being uploaded from outside India, negating the Court’s jurisdiction. Therefore, global takedown order, even at prima facie, doesn’t seem to be the appropriate remedy.
  • In denial of the principle of international comity and right to information: The cross-jurisdictional defamation laws vary on a large scale. If global takedown was mandated, the platforms will be wary of falling foul of the law in other countries. For eg., if Indian courts mandate the global takedown of the content which is not at all questionable as per the laws of certain countries, the takedown order will be in contravention of the right to information of citizens of that country. Not respecting the laws of other country amounts to the breach of the principle of international comity and conflict of laws.[5]
  • Without due consideration to the rights to free speech and privacy: The Court failed to understand the technicalities that involved in the operation of global take down orders, the intermediary platforms have to start monitoring each and every content that is being uploaded in order to stop the dissemination globally. This will further impose the risk of private censorship on the Internet and affect the right to free speech and privacy of users. The constant and close monitoring has been held as not warranted by law as per various precedents of Indian courts.[6]
  • Shifting away from the law established by the Manila Principles on Intermediary Liability and Shreya Singhal case: The Court has allowed plaintiffs to directly approach the intermediary platforms in case of re-uploading of the objectionable content in future. This is a great shift away from the existing process under Section 79 of the IT Act, 2000 as established by the Supreme Court’s landmark judgment in the Shreya Singhal case, which requires intermediaries to take down or disable the access to the content only in cases of receiving an order from either the government or the Court to do so. The same is considered global best practice according to the Manila Principles on Intermediary Liability.
  • The question of extraterritorial application of the IT Act in the present case: As per the Section 75 of the IT Act 2000, it is clear that the Act applies extra-territorially to certain offences or contraventions committed outside of India if the same is committed using “a computer, computer system or computer network located in India, the contraventions as contemplated under the Act are provided for in Sections 43, 43A, 66A, 66B, 66 66E and Section 66F.” Defamation is not covered in any of these provisions.[7]

Heavy reliance on the unsettled jurisprudence

The Court has heavily relied on certain foreign judgments while reaching the conclusion in its own judgment. The issue with the same is that the jurisprudence around geo-blocking and global injunctions is unsettled and still developing; with the Delhi HC’s order adding more confusion to the same.

The Court has relied on the case of Google Inc. v. Equustek Solutions Inc., which is the living proof of the unsettled jurisprudence.[8] The Supreme Court of Canada ordered Google to de-index listings from its search results in order to provide protection to trade secrets of a subject from Google globally. While, the Supreme Court of Canada upheld a global injunction against Google, the US Court sided with Google ruling that the Canadian order “threatens free speech on the global internet”.

The Court also relied on the case of Eva Glawischnig-Piesczek v. Facebook Ireland Limitedin which the CJEU ordered Facebook and other platforms to remove questionable content, copies of the same and block the access to the same, globally. While emphasizing on the case, the Delhi HC didn’t consider at all the CJEU decision in the case of Google v. CNIL[9], in which it was held that the Google is not required to de-reference listings from its global service, just because the content has been declared to be illegal by an EU member state.

Comment

It is clear that the Delhi HC left a lot to consider before delivering the judgment such that from the complexities of territorial jurisdiction to the difference in nature of cross-jurisdictional laws. In the present case, the Court mainly failed to understand the varying nature of defamation laws across jurisdictions— such that in the UK, the burden of proof is on the defendants to prove that the content is not defamatory, while in the US, a heavy onus of proof is placed on the plaintiff.

The Court also failed to consider certain very important foreign judgments which have specifically highlighted the issue of difference in the nature of law. In Google v. CNIL, CJEU held that the ‘right to be forgotten’ (which was the main issue in the case) has differences in standards for its application and interpretation around the world. Therefore, it agreed that it is enough for Google to block access to the questionable content from the EU domain only. Further, in Bachchan v. India Abroad Publications Inc.[10], the Supreme Court of New York County refused to enforce a defamation judgment awarded by the High Court of Justice in London, England, ruling that it will be a threat to the free speech protections as offered by the First Amendment to the US Constitution.

Unarguably, internet jurisdictions have always been a challenge for the courts and governments. Courts have always been behind the technology in the race and unable to assert absolute jurisdiction. This makes the internet risks become a proverbial ‘wild west’ with no single comprehensive applicable law. The fact that injunction against an intermediary, on a global scale, doesn’t make it necessarily invalid and aggressive. After all, the limited denial of access in the local domain is not protecting the underlying rights at stake; global takedown seems the right method to ensure effectiveness. But all of this is required to be done while mediating the conflicting interests as well as recognizing the protection to certain forms of speech.

As Gautam Bhatia said in the context of Swami Ramdev v. Juggernaut Books last year, “Indian courts seem to increasingly view freedom of speech as a mere annoyance to be brushed aside when confronted with competing claims”. If global take-down orders will become mainstream, the regressive laws on freedom of speech and expression online will become a norm. The Courts and governments, in order to win this ‘hare and tortoise race’, shall not ignore the countervailing arguments in relation to freedom of speech and right to privacy. These rights shall not be considered under-weighed against the values like national integrity, security interests, etc., rather an effort shall be made to strike the balance between both the sides.

The judgment is under challenge now by Facebook before a Division Bench, and the matter is listed for final hearing on January 31, 2020. The Court must set a precedent in the unsettled jurisprudence that will consider the free speech and privacy rights in the world of internet at the intersection of technology and laws such as defamation law.

References:

[1] Para. 87, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[2] Para. 78, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[3] Para. 86, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[4] Apoorva Mandhani, Why Baba Ramdev’s win against Facebook, Google in Delhi HC only adds to judicial confusion, The Print, https://theprint.in/india/governance/judiciary/why-baba-ramdevs-win-against-facebook-google-in-delhi-hc-only-adds-to-judicial-confusion/312403/.

[5] Balu Nair, Delhi HC Gives Expansive Interpretation to Section 79 of IT Act: Issues Global Blocking Order Against Intermediaries, SpicyIP, https://spicyip.com/2019/11/delhi-hc-gives-expansive-interpretation-to-section-79-of-it-act-issues-global-blocking-order.html.

[6] Delhi High Court Approves Take Down of Content Globally, SFLC, https://sflc.in/del-hc-orders-global-take-down-content.

[7] Para 16, Swami Ramdev v. Facebook [CS (OS) 27/2019 – Delhi HC]

[8] Google Inc. v. Equustek Solutions Inc., Cambridge Core, https://www.cambridge.org/core/journals/american-journal-of-international-law/article/google-inc-v-equustek-solutions-inc/E667668ED944EBE52233E17320478448/core-reader.

[9] Google v. CNIL, CJEU Case C-507/17.

[10] Bachchan v. India Abroad Publications Inc., 154 Misc 2d. 228, 585 N.Y.S.2d 661.

Facebook’s Clampdown on the business of generating fake likes and followers: ‘Inauthentic Behavior’ on Instagram

Facebook has announced in a blog release titled “Preventing Inauthentic Behavior on Instagram” that Facebook and Instagram have sued a company and three individuals based in New Zealand for making a business of selling fake likes, views and followers on Instagram. It has filed a lawsuit in US federal court alleging that “the company and individuals used different companies and websites to sell fake engagement services to Instagram users”.

It said it issued warnings to the company and suspended company’s associated accounts for violating Facebook’s Terms of Use, but the activities persisted. By filing the lawsuit Facebook wants to send a message that fraudulent activity is not tolerated and it will protect the integrity of its platform.

The lawsuit

The lawsuit asks the Court to prevent the defendant company from “engaging and profiting in the sale of fake likes, views and followers on Instagram”. It also seeks to prevent a “violation of its Terms of Use and Community Guidelines”. Further, it aims to prevent a “violation of the Computer Fraud and Abuse Act and other California laws for distributing fake likes on Instagram in spite of Facebook suspending their accounts and revoking access”.

The Lawsuit details that company called Social Media Series has various websites and services to generate fake likes and followers for Instagram users who wanted to inflate their followers. Customers paid ranging $10 to $99 per week depending on the number of likes they want to purchase for their accounts which then generate almost within seconds of posting a new photo.

The lawsuit says that “through their business, Defendants [Social Media Series Limited and its directors] interfered and continue to interfere with Instagram’s service, create an inauthentic experience for Instagram users, and attempt to fraudulently influence Instagram users for their own enrichment”.

As the lawsuit further claim, the company and its directors has “unjustly enriched themselves at the expense of Facebook and Instagram in the amount of approximately $9,430,000”, since July 2018.

Inauthentic experience

Facebook said in the blogpost that “Inauthentic activity has no place on our platform”. It claims that the social media giant “devote significant resources” to detect and stop the inauthentic behavior. This includes “blocking the creation and use of fake accounts, and using machine learning technology to proactively find and remove inauthentic activity from Instagram”.

It further said that, “today’s lawsuit is one more step in our ongoing efforts to protect people and prevent inauthentic behavior on Facebook and Instagram”. Facebook expects to be paid unspecified damages for manipulating Instagram’s platform.

Clamping down on “Inauthentic Behavior”

Facebook now has multiple lawsuits in the works relating to individuals or companies that sell fake engagement on its social media platforms. Facebook recently removed or unpublished over 1,000 Facebook pages and Instagram accounts from India and Pakistan for ‘inauthentic behavior’. It filed a lawsuit in March 2019  against several companies and individuals based in China claiming that they are engaged in selling of fake accounts, likes, and followers on Facebook and Instagram. In November 2018, Instagram warned users to avoid inauthentic follows and likes generated by third-party apps and services, as reported by Cult of Mac.

Key Points from Mark Zuckerberg’s call for regulation of the Internet: harmful content, data portability, election interference, privacy

This article authored by Aryan Babele has been first uploaded in MediaNama.

In his article in the Washington Post, Facebook founder Mark Zuckerberg suggested the need for new rules from lawmakers to balance the interests and responsibilities of all the different stakeholders’ i.e. people, companies and governments. He called for regulation on four areas require an active role of governments and regulators: harmful content, election integrity, privacy and data portability.”

Key Legal Improvements that Mark Zuckerberg suggested (Read)

1. Harmful Content

  • Content takedowns subject to appeals: In the absence of any legal standards, most of the social media platforms adopt self-regulation, but struggle because of a large base. Zuckerberg says that people should understand the difficulty that internet companies face in “deciding what counts as terrorist propaganda, hate speech and more”, that Facebook realises that they have “too much power over speech” and therefore to reduce it, the decisions regarding any speech should be subjected to an appeal before independent bodies. This seems to be how Facebook is looking to limit the move away from self-regulation.
  • Define standards for harmful content: There is a need for defining standards by third-party bodies on harmful content against which the distribution of harmful content will be governed and measured. “Internet companies should be accountable for enforcing standards on harmful content”. Zuckerberg proposes that “regulation could set baselines for what’s prohibited and require companies to build systems for keeping harmful content to a bare minimum”.
  • Quarterly compliance reports: He also suggested an idea of mandating the publication of transparency reports in every quarter of the year by every major Internet service company, which Facebook already publishes. He says that this “is just as important as financial reporting.”

Indian scenario on harmful content:

  • The government released a draft of The Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018 on 24th December 2018, which are intended to curb the misuse of social media and stop the spreading of ‘unlawful content’. Although no clarity on the definition of “unlawful” content has been provided, leaving it open to abuse.
  • As there is no standard has been adopted to filter the “unlawful” content in the draft, it forces companies to take judgment calls regarding content on the basis of “take down first, think later”. However, the draft promotes the deployment of “automated tools to filter content”.

2. In terms of Election Interference: It is important to highlight the importance that Zuckerberg has given to the legislation for creating common standards in terms of regulations that govern political information campaigns and verification of political actors. “Facebook has already made significant changes around political ads: Advertisers in many countries must verify their identities before purchasing political ads”, he says, while adding that “deciding whether an ad is political isn’t always straightforward”.

  • Updating online political advertising laws: “Online political advertising laws primarily focus on candidates and elections, rather than divisive political issues where we’ve seen more attempted interference.” Laws related to elections are temporal even when political campaigns are non-stop and may include controversial use of data and targeting. Therefore, he said that “legislation should be updated to reflect the reality of the threats and set standards for the whole industry”.

Indian scenario on online Election Interference:

  • Election laws in India are very ill-equipped when it comes to dealing with online political advertisements. The Election Commission, which is the constitutional authority that regulates state and national elections, is itself relying on online platforms to self-regulate and prevent ‘illegal’ content. In absence of any comprehensive legislation that can provide Election Commission with the authority to make rules and standards for monitoring the online political advertisements, these online platforms are open to censor or amplify certain information without transparency.
  • In January, the committee led by senior deputy election commissioner Umesh Sinha submitted its report to the commission that recommended modifying the provisions of Section 126 (prohibits displaying any election matter by means, inter alia, of television or similar apparatus, during the period of 48 hours before the hour fixed for conclusion of poll in a constituency) and certain other provisions of the Representation of the People Act, 1951, including provisions of the Model Code of Conduct to bring Social Media platforms under its purview.
  • Chief election commissioner Sunil Arora said all major social media platforms — Facebook, Twitter, Google, WhatsApp and Share Chat — are taking measures such as verification of political advertisers’ credentials, sharing expenditure on it with the Election Commission (EC) through public databases and adhering to the “silence period” that comes into effect 48 hours before the polls.

3. In terms of Data Protection and Privacy:

  • Adopting GDPR as a globally harmonized framework: Reiterating the common demand of entrepreneurs for a globally harmonized framework of regulations on data protection, Zuckerberg agrees that there is a need to develop privacy regulations in line with the European Union’s General Data Protection Regulation (‘GDPR”). He further insists that “New privacy regulation in the United States and around the world should build on the protections GDPR provides”. GDPR approach to privacy regulation serves as the best example for the common global framework as it provides certain standard protections – protects the right to choose how the information should be used and does away from the process of data localisation as it subjects the data to unwarranted access. Such protections together will establish a framework under which companies like Facebook can be held accountable when it makes mistakes.
  • The Data Protection framework must not be ambiguous: Lawmakers should adopt new privacy regulations which must be clear on the points that even GDPR failed to clarify. “We need clear rules on when information can be used to serve the public interest and how it should apply to new technologies such as artificial intelligence”.

Indian Scenario on Privacy Regulations:

  • Till now the only legal protection provided to personal information in India is through section 43A of the Information Technology Act and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 developed under the section. This provision mandates that a body corporate which ‘receives, possesses, stores, deals, or handles’ any ‘sensitive personal data’ to implement and maintain ‘reasonable security practices’, are held liable to compensate those affected when they failed to implement such practices. Given the maturity of privacy jurisprudence in the most countries around the world, these rules are just a half-hearted approach cutting a sorry figure.
  • In its landmark judgment in the Justice KS Puttaswamy case in August 2017, the Apex Court ruled the privacy as the fundamental right under Article 21 of the Constitution of India, though not in its absolute sense. Since then the government has taken significant steps to modify the privacy regulations in the line of GDPR of EU.
  • As the Personal Data Protection Bill, 2018 as recommended by the Justice Srikrishna Committee is all set to be introduced in next session of the Parliament. It covers basic protections and even recommends the data localisation which has raised concerns among various Internet services.

4. Data Portability: “Regulation should guarantee the principle of data portability. If you share data with one service, you should be able to move it to another”. The data portability will provide the choice to people to select between competing for internet services. This can actually serve in balancing the interests of people and innovators. However, the application of data portability requires clear rules of about the liabilities of protecting information when data is transferred from one service to the other. According to Zuckerberg, “this also needs common standards” and the open source Data Transfer Project is a suggested standard data transfer format.

Indian Scenario on Data Portability

Data portability may also be considered an upgraded version of the right to access and the right to erasure of personal data, both of which are present in the current Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.