Skip to main content

Legal Obligations of Technology Service Providers as Intermediaries


A database of millions of customers including their contact details are found freely accessible online and are available for sale at a very nominal price at various online social media platforms has brought a serious and basic question in focus- who all can be held responsible and accountable for such unauthorize and illegal acts?
Prima facie, the person who is selling the database is responsible under the eyes of law, but do the technology services providers or the platform where such database is been listed, owes any obligation to the customers and can be held responsible for unauthorize acts by a third party on their platform?
The technology service providers or the online platform operators are commonly known as “Intermediaries”.
In India, these technology service providers or Intermediaries are governed by the provisions of Information Technology Act, 2000 (“IT Act”) along with Information Technology (Intermediaries Guidelines) Rules, 2011 (“Intermediary Rules”)
Section 2 (1) (w) of the IT Act define intermediary as follows:
Intermediary with respect to any electronic messages means any person who on behalf of another person receives, stores or transmits that messages or provides any service with respect to that messages and includes:
Ø Telecom service providers;
Ø Network service providers;
Ø Internet service providers;
Ø Web hosting service providers;
Ø Search engines;
Ø Online payment sites;
Ø Online auction sites;
Ø Online market places; and
Ø Cyber cafes
The intermediaries play a very important role in the enforcement of various provisions under the IT Act. In any technology services, there are multiple players involved in provision of services such as setting up web page or website, ISP providing internet connectivity, service provider for registration of domain name and hosting the domain, different service provider for uploading the web pages etc. The present definition of intermediaries is broad enough to encompass every technology service provider involved in any manner in transmission, retention or hosting of electronic records. The IT Act places substantial burden on the intermediaries as briefed below:
1.        Section 67C: Intermediaries to preserve and retain the information as prescribed under the IT Act and any intentional or knowingly contraventions are punishable with 3 years’ imprisonment and fine;
2.        Section 69: Intermediaries are required to comply with an order passed by the Central or State Government directly or through designated agency for granting access or securing access to the computer resource containing the information or intercepting, monitoring or decrypting encrypted data or provide information stored in a computer resource. Failure to assistance to the said Government or its designated agency is punishable with 7 years’ imprisonment and fine;
3.        Section 69A: An intermediary may be directed by the order of the Central Government to block access by the public or cause to be blocked for access by public, any information generated, transmitted, received, stored or hosted in any computer resource, which such intermediary has to comply with. Failure to do so would entail maximum imprisonment of 7 years’ and fine;
4.        Section 69B: The Central Government may direct an intermediary to provide technical assistance and extend all facilities to its designated agency or authority, to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information, as required by such agency and non-compliance with such order may be prosecuted and the intermediary may be punished with 3 years’ imprisonment and fine;
5.        Section 70B: CERT-IN may call for information or give directions to intermediaries and any intermediary fails to comply with such directions may be punished with 1 year imprisonment and fine;
6.        Section 72A: An intermediary who discloses personal information obtained while providing services under the terms of lawful contract, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain, without the consent of the person concerned, or in breach of a lawful contract, may be punished with 3 years’ imprisonment or fine of maximum Rs. 5 lakhs or with both. With respect to compliance with Section 72A, the intermediary is required to comply with the guidelines set out in the IT (Reasonable Security Practices And Procedures And Sensitive Personal Information) Rules 2011, which sets out the procedure for collection, retention, use and dissemination of sensitive personal information pertaining to users.
Section 79 of the IT Act exempts the intermediary from any liability under the IT Act from prosecution for third party actions, on fulfillment of the following requisite:
a.        That the intermediary’s role is limited to providing access to a communication system, which is used by third parties to transmit, store or host information;
b.        That the intermediary did not initiate the transmission, and did not select the receiver of transmission and also did not select or modify the information forming part of such transmission;
c.         That the intermediary observed due diligence and complied with the guidelines set out by the Central Government, while discharging its duties under the IT Act
However, the intermediary cannot claim exemption under Section 79 of the IT Act on the following conditions:
a.        An intermediary is involved in the commission of an unlawful act, either through conspiring, abetting or aiding such act or had induced, whether through threats or promises or otherwise the commission of the unlawful act;
b.        An intermediary, after having received actual knowledge, by itself or through notification from the appropriate Government or its agency, that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary, is being used to commit an unlawful act, fails to expeditiously remove or disable access to that material on that resource, without vitiating the evidence in any manner.
An intermediary is required to act on information received about violation of any laws within 36 hours of such receipt and the intermediary is required to ensure that removal of content from a website or computer resource would not affect the evidentiary value of such content.
Moreover, the intermediary is requisite to demonstrate due diligence and publish rules & regulations, data privacy & protection, usage policy and user agreement for access or usage of the intermediary’s online platform or computer access along with details of grievance officer who has to dispose of the matter within one month from date of receipt of complaint.
With ongoing evolution in the business world, the technology service providers are part and parcel of each and every business & their role as intermediary has increased manifold.
To know further details and other legal aspects of intermediaries including the data privacy & usage policy, user rights, compliance under IT Act & Regulations, please connect with us at admin@equicorplegal.com / +91 8448824659

Comments

Popular posts from this blog

PSARA License: To Start a Private Security Agency Business in India

Private Security Agency business is one of the most sought and rapid growing business in India with huge demand and potential. Due to ever evolving demand for private security by industry & business segments, the Private Security Agency business is growing for more than 20% and there is still huge untapped market still wide open for the future ventures. Today in any and every aspect, private security has an important role to play, whether its transfer of cash to ATM, transportation of valuables or protection to key members of business conglomerates. Any Private Security Agency cannot commence its business and operations in India without procurement of license under Private Security Agencies (Regulation) Act, 2005 also known as PSARA License . PSARA License is obtained state wise & is valid for 5 years and had to be renewed after every 5 years. The government fees for PSARA License is as following: 1.        For one (1) District- Rs. 5,000/- 2.        For more th

Non-Banking Financial Companies (NBFC)

A Non-Banking Financial Company (NBFC) is a  company registered under the Companies Act, 1956 and is engaged in the business of loans and advances, acquisition of shares stock/bonds/debentures/securities issued by Government or local authority or other securities of like marketable nature, leasing, hire-purchase, insurance business, chit business but does not include any institution whose principal business is that of agriculture activity, industrial activity, sale/purchase/construction of immovable property. A non-banking institution which is a company and which has its principal business of receiving deposits under any scheme or arrangement or any other manner, or lending in any manner is also a non-banking financial company (Residuary non-banking company). Advantages of NBFC a)       it can provide loans and credit facilities, b)       it can trade in  money market instruments c)       it can do wealth management such as Managing portfolios of stocks and shares d)     

Investment Frauds by Investment Advisers

Today driven by the promise of higher returns than the saving accounts or fixed deposits, most of the small and retail investors are moving their investments under the guidance of Investment Advisers. “ Investment Advisers ” means any person, who for consideration, is engaged in the business of providing investment advice to clients or other persons or group of persons and includes any person who holds out himself as an investment adviser, by whatever name called. Investment Advisers who make public appearance or make recommendations or offer an opinion concerning securities or public offers through public media while making recommendations through public media are required to comply with the relevant applicable laws. What is an Investment Advice: - “ Investment Advice”  is an advice relating to investing in, purchasing, selling or otherwise dealing in securities or investment products, and advice on investment portfolio containing securities or investment products, whether

NCLT has Exclusive Jurisdiction for all the Company Matters

In deciding an appeal in the matter of MAIF Investment India PTE Ltd. v/s Ind-Barath Power Infra Limited & Ors ., Company Appeal (AT) No. 334 of 2018, NCLAT has reviewed and decided on the issue of exclusive jurisdiction of NCLT in all the company matters and to bar the jurisdiction of civil courts including   complex and contentious one. The appeal was against the order given by NCLT, Hyderabad, where the NCLT, Hyderabad bench declined to entertain the petition under Section 59 of the Companies Act, 2013 for seeking a rectification in the register of members. The alleged dispute involved conversion of compulsory convertible debentures without requisite consent and quorum. NCLT, Hyderabad dismissed the petition stating the reason that issue raised were complex or contentious issue which required the examination of the Arbitration Act, 1996 & Insolvency & Bankruptcy Code, 2016. While dismissing the petition, NCLT, Hyderabad had relied on Supreme Court’s 1998 judge

Types of Companies under New Companies Act-2013

With new testament of Corporate law in force has introduced several different types of companies with special features. ONE PERSON COMPANY (OPC) One Person Company is defined in Sub- Section 62 of Section 2 of The Companies Act, 2013, which reads as follows: 'One Person Company means a company which has only one member' It shall also be important to note that Section 3 classifies OPC as a Private Company for all the legal purposes with only one member. All the provisions related to the private company are applicable to an OPC, unless otherwise expressly excluded. Ø   Only a natural person who is an Indian citizen and resident in India- ü   shall be eligible to incorporate a One Person Company; ü   shall be a nominee for the sole member of a One Person Company. Ø   No person shall be eligible to incorporate more than a One Person Company or become nominee in more than one such company. Ø   No minor shall become member or nominee of the One Person Company

Nidhi Companies in India

This article enumerates the brief transaction procedure involved in the establishment of a Nidhi Company and the laws relating to Nidhi Company in force in India. It shall be noted that the activities described hereunder covers various relevant legislations, regulations and rules, for the time being in force in India and the legal entity has to obtain approval/register itself with Ministry of Corporate Affairs (“ MCA ”). Preface In the Indian financial sector, Nidhi Company refers to any mutual benefit society notified by the MCA. They are created mainly for cultivating the habit of thrift and savings amongst its members. The amount of business conducted by Nidhi Companies is not as big as commercial banks or deposit taking Non-Banking Finance Companies. Nidhi Companies are highly localized and mostly single office institutions. They are also referred to as mutual benefit societies, because they accept deposits and give loans to only their own members; and membership is limited