By: Ramesh Vaidyanathan
Of late, Facebook, MySpace, LinkedIn, Twitter and YouTube have all been dominating the headlines. In one high-profile story from 2009, it was reported that hackers managed to hijack the Twitter accounts of more than 30 celebrities world-wide, including U.S. President Barack Obama and pop singer Britney Spears. And who can forget the most recent spam attack on a social networking site, which unleashed a spate of violent and pornographic images across users’ newsfeeds for more than 24 hours? Such incidents bring to light the dark and unglamorous side of social networking sites, rendering them to be uncharted liability minefields. These social media sites are perceived to be a veritable Pandora’s Box, exposing their owners/operators and users to myriad risks, such as copyright and trademark infringement, defamation, privacy and data security issues and consumer fraud.
For instance, Universal Music Group had filed a copyright infringement suit against MySpace for allowing users to upload and download songs and music videos, reportedly claiming damages of nearly $ 150,000 per song or video posted. Media company Viacom had filed a copyright infringement suit against YouTube and its parent Google, seeking approximately $ 1,000,000,000 in damages. More recently in India, the Delhi High Court held MySpace liable for copyright infringement, where some music titles over which T-Series had copyright were uploaded by users on MySpace. In a recent lawsuit filed against the social network site “Tagged”, allegations of misappropriation of member information were made, for using members’ email address books without their permission inorder to solicit new members.
Many a time, social networking sites do not violate the privacy of their users themselves, but indirectly become a platform for such violations. Also, quite often the privacy of persons not using these sites gets compromised when others innocently post or blog about them or tag their photographs. Does our legal framework hold social networking sites accountable in such cases?
Liability under the Information Technology Act, 2000 (I.T Act) and the Rules thereunder:
Post the amendments to the I.T Act in 2008, intermediaries are not liable for any third party content made available or hosted by them, subject to them fulfilling certain conditions prescribed under the I.T Act and observing due diligence while discharging their duties. However, the intermediary cannot avoid liability in case of undesirable content created by third parties such as pornography, false advertisements and copyright infringement or in cases where the intermediary has conspired or abetted the unlawful act. The recently notified Information Technology (Intermediaries Guidelines) Rules, 2011 also mandate an intermediary to take necessary action and disable any objectionable content within 36 hours of receiving complaint from any user and preserve the same for at least 90 days for investigation purposes. Any victim of the objectionable content posted or published in violation of these Rules can file a complaint against such content with the Grievance Officer designated by the intermediary. Such complaint must be redressed within 1 month from the date of its receipt.
The I.T Act also protects users from breach of confidentiality and privacy of personal data, unauthorized access of the computer system and hacking, by imposing a penalty of imprisonment or fine or both on the offender. The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, also prescribe various guidelines for reasonable security practices and procedures to be adopted by body corporates holding or dealing with the sensitive personal data or information of users.
Liability under other Indian Laws:
Social media sites may also be held liable under the law of contracts, if suitable clauses have been included in the user agreements between the users and the owners/operators of such websites.
Further, if any material posted by a user on a social media site amounts to infringement of copyright of another, various civil and criminal remedies are available to the copyright holder under the Copyright Act, 1957 and in such a case, the intermediaries may not have refuge under the I.T Act.
Users of social networking sites may also choose to exercise their rights as consumers, since the services provided by these sites may be considered to be ‘services’ under the Consumer Protection Act, 1986, depending on the facts and circumstances in the matter.
Under Indian law, social networking sites cannot be held liable for third party content that they merely transmit and which does not actually originate from such sites, unless it is shown that such sites failed to exercise due diligence while regulating the content posted by its users. It is the responsibility of such sites to have efficient mechanisms in place for reviewing the items posted and to remove offensive or abusive content.
Further, social media sites should obtain the informed consent of its users before using their personal information. These sites should also make it simpler for their users to report abuse and prompt action must be taken by the websites when such abuse occurs. They can also help by undertaking and supporting campaigns to increase awareness among users on how to remain alert and prevent misuse of data and violation of privacy.
One can only hope that our legal and regulatory framework evolves rapidly and soon matches pace with the dynamic social trends and changing technology. Till then, the burden invariably remains on the users of social networking sites to be pro-active and protect their own privacy and personal information.
Ms. Nazneen Ichhaporia also contributed to this article.
This article was first published in http://www.thehindubusinessline.com/info-tech/where-does-the-blame-lie/article3509353.ece