The Protection Of Privacy And Personal Data In Social Media – An Analysis Of The Indian Information Technology Act

The prolific growth of information and communication related technology has spawned myriad social media networking sites. However, the use of these technologies also presents new dangers for the privacy of individuals. Information is at the risk of being gathered without an individual’s knowledge. It may be reused for unauthorized purposes, retained for months and years, passed on to third parties, and published or circulated without permission. Increasingly, data available on social media sites is being used by several entities to track individuals’ preferences, interests, movements, networks and activities. The information that is gathered is widely used, among other things, to customize an individual’s email access as well as webpage that the individual may visit. This raises questions of privacy and data protection.

The Information Technology Act, 2000 (“IT Act”) was focused on the recognition of electronic records and facilitation of e-commerce. The emphasis of the Information Technology (Amendments) Act, 2008 was on Cyber Terrorism and to a significant extent, Cyber Crime. However, it also contains provisions that apply to data protection and privacy. The two statutes are collectively referred to as the IT Act.

The scope of this article is to highlight some of the important provisions of the IT Act relating to data protection and privacy vis-à-vis social media.

Data Protection

The IT Act (section 43) imposes civil penalties in the event of the commission of certain acts without the permission of the owner or person in charge of the computer or computer systems such as: (i) securing access (without permission); (ii) downloading or copying of data stored in a computer or computer system; (iii) introducing computer viruses; (iv) damaging computers and or data stored therein; (v) disrupting computers; (vi) denial of access; (vii) abetting such acts; or (viii) illegal charging for services on another’s account. The IT Act has included two additional violations (i) destruction, deletion and alteration of information residing on a computer and (ii) theft, concealment, destruction, alteration, (or to abet in the theft, concealment, destruction, or alteration), of any computer source code used for a computer resource with an intention to cause damage.

Further, the IT Act holds any “Body Corporate” possessing, dealing with or handling any “sensitive personal data or information” in a computer resource it owns, controls or operates, liable for negligence, if it fails to maintain “reasonable security practices and procedures[i]” and thereby causes wrongful loss or wrongful gain to any person. “Body Corporate” is defined in the IT Act as any company and includes a firm, sole proprietorship (sic) or other association of individuals engaged in commercial or professional activities

Apart from the Civil Penalties contained in the IT Act there also are criminal provisions, a few of which relate to data protection.

The IT Act provides that any act set out under section 43, if committed “dishonestly or fraudulently,” would amount to a criminal offence, punishable with imprisonment of up to three years or fine of a maximum of Rupees Five Lakh (approximately US$ 10,000) or both. The IT Act also makes the receipt or retention of a stolen computer resource or communication device punishable with imprisonment up to three years or with fine up to Rupees One Lakh or both. The term “computer resource” is defined under the IT Act as a “computer, computer system, computer network, data, computer database or software.” This provision applicable to the receiver of stolen computer resources, such as data and software, could prove to be substantially useful when faced with issues of data misuse or theft from a social networking site.

Under the IT Act the onus of implementing “Reasonable Security Practices” is on the business entity. “Reasonable security practices and procedures” are defined as “security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem it.” Therefore, social media sites would be required to show that they have adopted such practices in case there is a violation on their site to help mitigate their liability.

Confidentiality and Privacy

The IT Act provides for the protection of physical or personal privacy of an individual. Also, the IT Act contains provisions against the dissemination of personal information obtained without the individual’s consent through an intermediary or under a services contract, with the intent to cause wrongful loss or wrongful gain. The maximum punishment prescribed for this offence is three years imprisonment, or fine up to Rupees Five Lakhs or both. These provisions protect privacy and personal information to a certain extent. In particular, service providers on the Internet, social networking sites, companies, firms, individuals and other intermediaries need to exercise caution in the collection, retention and dissemination of personal data.

The IT Act makes the dishonest or fraudulent use of a person’s electronic signature or identity, password or any other unique identification feature punishable as theft with imprisonment of up to three years and fine up to Rupees One Lakh.

The statute further makes cheating by impersonation through a computer resource punishable with imprisonment of up to three years and fine up to One Lakh Rupees.

The liability of an intermediary under this section is limited in specific instances, i.e., if he provides access to communication systems for transmission or temporary storage of third party information, data or communication links made available or hosted by him. The intermediary should however observe due diligence and comply with the prescribed guidelines, while discharging his duties.

The IT Act imputes vicarious liability in case of offences by companies and provides substantial and relevant rights allowing victims to seek redress in cases of violations. As most of the offences under the IT Act are cognizable, this provision is a cause for concern for social media entities and their management.

In comparison to the laws of developed nations, India requires laws that define data based on utility and importance. Rules related to data extraction and data destruction needs to be improvised. Stringent and comprehensive laws for the protection of data are the need of the hour. In 2011, the Government of India proposed the “Right to Privacy Bill”. However, we still await the final and conclusive draft of the Bill. Until then, businesses must implement appropriate safeguard policies and maintain an awareness of compliance obligations

Vidhi Agarwal is a partner at LawQuest International, a general practice law firm in Mumbai, India. She with a Masters Degree in Law as well as Commerce is admitted as an advocate to the Bar Council of Maharashtra and Goa. Vidhi may be reached at

Annu Sharma is an Associate at LawQuest. She has completed her LL.B from K.C. LawCollege, Mumbai. She holds a B.Sc Degree from K.C. College of Arts, Commerce and Science. She can be reached at



By Vidhi Agarwal and Annu Sharma






Saving The Starving Artist

The authors and music composers who are left in the cold in the penumbral area of policy should be given justice by recognizing their rights when their works are used commercially separately from cinematograph film and the legislature should do something to help them.

In keeping with the spirit of the above view of Justice Krishna Iyer, both Houses of the Indian Parliament unanimously passed the Copyright Amendment Bill, 2012, bringing about considerable changes to the Copyright Act, 1957 (“Copyright Act”) in relation to, inter-alia, the rights of artists. The Bill received Presidential assent on June 07, 2012 and the Copyright (Amendment) Act, 2012 came into force on June 21, 2012 (“Amendment Act”).


The most significant and much debated provision in the Amendment Act is the right granted to authors and music composers in the works they create. Before the Amendment Act came into force, ownership of the copyright in underlying works in a cinematograph film was deemed to belong to the producer of the film, who is considered the owner of the copyright in a cinematograph film, unless there is a contract to the contrary between the authors / composers and the producer. Producers usually entered into contracts with the authors of the underlying works, getting such authors to assign the entire bundle of rights in such underlying works to the producer. As a result, many felt that such authors and composers were left in the lurch as the producers reaped all the benefits of such underlying works while authors and composers did not get what was rightfully due to them. The cases of shehnahi maestro Bismillah Khan and music composer Ravi have been quoted in the media as examples of how talented artists are deprived of their dues due to lack of legislative protection available to such artists, and therefore do not have the means to even pay for housing and medical care.


The Amendment Act seeks to protect the interest of such artists by including provisions granting certain rights to the authors and music composers of underlying works in a cinematograph film. The authors of underlying works incorporated in a cinematograph film may retain all the rights in their work except to the extent assigned for use in the cinematograph film. The assignment too has been subject to certain safeguards.

The authors of literary and musical works incorporated in cinematograph films, or sound recordings not forming part of the cinematograph film, have the right to receive royalties equal to the royalties received by the assignee of such rights, for utilization of such work in all forms other than communication of the cinematograph film to the public in cinema halls. The author can also assign the right to receive royalties to legal heirs or to a copyright society for collection and distribution. Any agreement that seeks to assign or waive the above right granted to authors of literary and musical works will be considered void.

Further, an assignment is not to be applicable to any medium or mode of exploitation of the work that did not exist or was not in commercial use at the time the assignment is made, unless the assignment specifically refers to such medium or mode of exploitation.

Moreover, an assignment of copyright in any work to make a cinematograph film or sound recording is not to affect the right of the author to claim royalties and consideration in case of utilization of the work in any form other than as part of the cinematograph film in a cinema hall.


The Amendment Act also grants certain rights to performers. Prior to the Amendment Act coming into force, although performers were granted certain rights, once a performer consented to the incorporation of his performance in a cinematograph film, the rights of the performance were deemed to have been waived.

As an initial matter, the Amendment Act has modified the definition of a performer. Earlier, a “performer” included “an actor, singer, musician, dancer, acrobat, juggler, conjurer, snake charmer, a person delivering a lecture or any other person who makes a performance.” The Amendment Act has added a proviso to state that, in a cinematograph film, a person whose performance is casual or incidental in nature and, in the normal course of the practice of the industry, is not acknowledged anywhere including in the credits of the film shall not be treated as a performer except for the purpose of attributing moral rights. Moral rights have been given the nomenclature of ‘Author’s Special Rights’ under the Copyright Act. They include the right to paternity which is the right to claim authorship of the work; and the right to integrity which is the right to restrain or claim damages in respect of any distortion, mutilation, modification or other act in relation to the said work if such distortion, mutilation, modification or other act would be prejudicial to the honour or reputation of the author.

The Amendment Act provides that the performer would have the right to make a sound recording or a visual recording of the performance and the right to broadcast or communicate the performance to the public except where the performance is already broadcast. Once a performer has, by written agreement, consented to the incorporation of his performance in a cinematograph film, he shall not object to the enjoyment by the film producer of the performer’s right therein unless there is a contract to the contrary. However, the performer is entitled to royalties where his performance is put to commercial use.


The Copyright Act recognized certain special rights of the authors of a work. The moral rights of an author include the right to claim authorship of the work and the right to restrain or claim damages in respect of any distortion, mutilation, modification or other act in relation to the work if such distortion, mutilation, modification or other act would be prejudicial to his honour or reputation. The Copyright Act stated that the right to restrain or claim damages as above could also be exercised by the legal representatives of the author (but not the right to claim authorship).

The Amendment Act now permits the legal representatives of the author to also exercise the right to claim authorship of the work.

The Amendment Act also grants performers certain moral rights that were not granted to them under the Copyright Act. For example, the performer has the right to claim to be identified as the performer of his performance, except where omission is dictated by the manner of the use of the performance. The performer also has the right to restrain or claim damages in respect of any distortion, mutilation or other modification of his performance that would be prejudicial to his reputation.


Earlier, the Copyright Act provided that cover versions, if made following the conditions prescribed, were an exception to infringement. The Amendment Act has made it a separate right instead, by granting statutory licenses for such recording. Any person desirous of making a cover version, being a sound recording in respect of any literary, dramatic or musical work, where sound recordings of that work have been made by, or with the license or consent of, the owner of the right in the work, may do so subject to the conditions provided in the Amendment Act. No cover versions can be made until the expiration of five calendar years after the end of the year in which the first sound recording of the work was made. Royalty shall be paid for a minimum of fifty thousand copies of each work during each calendar year in which copies are made.


There are various aspects with respect to the implementation of the above-mentioned rights of artists that remain unclear. The Amendment Act states that the authors of the underlying works will be entitled to receive royalties equal to the royalties received by the assignee of such rights, for utilization of such work in all forms other than communication of the cinematograph film to the public in cinema halls. However, the Amendment Act does not explicitly state who will be liable to pay the royalty to the authors of the underlying works. There is also lack of clarity on who would be liable to pay performers their royalties. Since the authors of the underlying works will be entitled to receive royalties equal to the royalties received by the assignee of such rights, one may assume that the assignee will be responsible for payment of royalties to the authors of underlying works. The assignee could be the producer of the cinematograph film. Or it can be argued that a broadcaster that is exploiting the cinematograph film is responsible for payment of royalties to the authors of underlying works. Still another option could be that it is the responsibility of copyright societies to collect royalties from the assignee and pay the same to the authors of underlying works. However, due to the lack of an express provision in relation to responsibility for payment of royalty, there is considerable confusion on this aspect of the Amendment Act. Therefore, contracts need to be structured and drafted in a manner that addresses these issues of payment of royalties and the rights and obligations of various parties involved.

There is also lack of clarity in the Amendment Act on how the royalty payable to the authors of underlying works is to be calculated. If there are multiple authors of an underlying work, will the royalty be equally divided between each of the authors and the assignee? Or will the assignee be entitled to 50% of the royalties and all the underlying authors share the remaining 50% of the royalties? Also, when there are music and lyric rights in a song, will the music and lyric rights be treated as separate underlying works, and therefore the music composer separately shares the royalty with the assignee for the music right and the lyricist separately shares the royalty with the assignee for the lyrics? None of these questions have been adequately addressed in the Amendment Act. The calculation of payment of royalty to performers too has not been expressly addressed in the Amendment Act.

Also, the Amendment Act has granted moral rights to performers. However, while the Amendment Act states that the legal representatives of authors of a work can exercise the moral rights, there is no mention in the Amendment Act of the legal representatives of performers being entitled to exercise such moral rights.

The Amendment Act will definitely have an impact on the entertainment industry. Producers may have to share their profits with underlying authors or they will need to pass on the responsibility of payment of royalties to the broadcasters. The agreements between broadcasters and producers and the underlying authors will have to be carefully drafted to address the issues of sharing of royalties between various artists and the assignee.    

The Amendment Act has been a step in the right direction to address the issues faced by the authors of the underlying works and to implement the observation made by Justice Krishna Iyer. However, the Indian legislature will need to frame rules to plug the deficiencies in the Amendment Act regarding the implementation of its various provisions.

Seema Sukumar is a Senior Associate

With J. Sagar Associates, based out of Bangalore. She can be contacted at



By Seema Sukumar


Case Notes – Bharat Aluminum Restores Pro-Arbitration Regime

By Dipankar Vig

In its genuine effort to restore the pro-arbitration regime in India, the Constitutional Bench of the Hon’ble Supreme Court of India has delivered a conclusive judgement on the role of Indian courts in international commercial arbitrations rendered in a foreign seat. (“Bharat Aluminum”).

The Arbitration & Conciliation Act 1996 (‘the Act’), an enactment based on the UNCITRAL model has always provided for two regimes of dispute resolution depending on the seat of arbitration. Part-I provides for the domestic as well as international arbitrations where the seat of arbitration is in India and Part-II contains provisions for recognition and enforcement of awards rendered in a foreign jurisdiction.

The Bharat Aluminum case has overruled the apex Court’s earlier interpretation laid down in the case of Bhatia International, which was subsequently upheld in the case of Venture Global Engineering and Indtel Technical Services.

  1. Decision in Bhatia International, Venture Global and Indtel Technical Services

The Bhatia International ruling gave the Indian Courts a right to set aside an award made in a foreign seat. In Venture Global, applying the same principle, the Court set aside a London Court of International Arbitration (‘LCIA’) award rendered in London.

Therafter, in Indtel Technical Services, the Court held that it could appoint arbitrators in the case of a deadlock, even though the arbitration was to be conducted in a foreign seat.

  1. Highlights of the Bharat Aluminum Case
  1. Applicability of Part- I of the Act

The Hon’ble Supreme Court has categoricallly laid down that Part-I of the Act is applicable only to the arbitrations which take place within the territory of India and it would have no application to international commercial arbitrations rendered in a foreign seat. In other words, the Indian Courts will not be allowed to exercise their powers under Part-I of the Act in respect of arbitrations having a foreign seat.

  1. Interim Reliefs by Courts

The Hon’ble Court further held that in a foreign seated international commercial arbitration, no application for interim relief would be maintainable under Section 9 or any other provision, as the applicability of Part-I of the Act is limited to all arbitrations which take place in Similarly, no suit for interim injunction would be maintainable in India, on the basis of an international commercial arbitration with a seat outside India.

  1. No Annulment of Foreign Awards

The Hon’ble Court has clarified that the regulation of conduct of arbitration and challenge to an award would have to be done by the courts of the country in which the arbitration is being conducted. Such a court is then the regulatory court possessed of the power to annul the award.

Previously, a foreign award could be set aside on the ground that its enforcement would be opposed to “public policy”, in the context of Section 34 of the Act. However, subsequent to this judgement, a foreign award cannot be set aside in India under Section 34 of the Act.

  1. Prospective Application

The Hon’ble Court also held that the amended position shall apply prospectively from the date of judgement i.e it shall apply only to arbitration agreements made after September 06, 2012.

By this landmark judgement, the Hon’ble Supreme Court has put an end to the unwelcome judicial interference in foreign seated arbitrations and has put to rest the host of inconsistent judicial decisions on arbitration.

A Look at India’s Employee Privacy Policy in a Global Context


Companies today increasingly employ workers across multiple jurisdictions. For the sake of equality and efficiency a multinational prefers to apply a single uniform set of human resource (“HR”) standards to its entire global employee base. However, HR uniformity becomes difficult when different countries impose different HR laws. These dilemmas are especially troubling in the realm of employee privacy.

This article outlines the approaches to employee privacy pursued in the United States and European Union. Following that is a snapshot of employee privacy in India, which has not yet committed to the U.S. or EU approach. The discussion will examine which policy direction would be most beneficial for India. It will be shown that on balance, India’s best interests will be served by following the U.S. model, which fully protects employee privacy while preserving the regulatory flexibility India needs to attract and retain foreign direct investment.

Divergent Approaches to Privacy: European Union and United States

The European Union’s policy stance is clear: privacy is a human right and government involvement is a must. The European Privacy Directive of 1995 is a guidance document for the 26 EU nations, which all now have their own laws and enforcement arms—Data Protection Authorities. This heavily regulated approach, which requires companies that process data to register their activities with the government, creates serious concerns for multinational companies from the U.S. that operate under a much different, and perhaps more practical, approach.

Nuances between EU countries exist, but generally speaking in Europe employers cannot read workers’ private e-mails, and personal information cannot be shared by companies or across borders without express permission from the data subject. These types of regulations hamstring companies doing business in Europe with unending red tape that may or may not have any actual impact on the given individual, known in E.U. privacy parlance as the “data subject.” In fact, a study from the Ponemon Institute showed that despite the absence of stringent privacy laws in the United States, “U.S.-based multinational firms scored higher than their European counterparts on five of eight common privacy practices, including having a dedicated privacy officer and better data security.”

Data privacy in the United States is regulated in a sector-specific manner. The Federal Trade Commission (FTC) is the lead regulatory agency tasked with protecting consumer privacy rights through its authority to prohibit unfair or deceptive acts or practices. Laws are on the books that do require prior consent for certain personal information. For example, a U.S. employer must obtain the prior written consent of a job applicant to access the applicant’s credit report for purposes of completing the background investigation stage of the hiring process.

The current legal framework surrounding employment privacy law, including the National Labor Relations Act (“NLRA”), helps to refine HR privacy policies and provides ample safeguards against corporate abuse of private, or personal, information. And without a broad-based policy directive from the government, U.S. companies can do a more efficient and effective job of moderating how, when, why and what sensitive personal information is used.

For example, the National Labor Relations Board (“NLRB”) recently released its second report to help guide HR departments when crafting their social media/privacy policies. One point emphasized that such policies must be “narrowly tailored” so as not to prohibit union organizing activity protected under the NLRA. This means that even though the employee may surrender his or her privacy rights to certain information, the way in which the company can use such information is limited.

In the U.S. employee privacy is protected not only by the U.S. Constitution and federal statutes but state constitutions and state statutes. For example, states grapple with the subtleties of when and how an employer may interview job applicants and monitor employee email, Internet use, and physical space.

In the U.S. more than in the E.U., employers have legal obligations that compel them to engage in employee monitoring. For example, a U.S. employer may need to investigate the transmission of an item of sexually-oriented Internet humor among its employees to defend against claims of a “hostile work environment.” Alternatively, an employer may need to install a surveillance camera at a worksite parking lot to guard against potential liability from “security negligence” (the failure to ensure security for employees and others in the workplace).

Even when employer monitoring is not legally required it can be a necessary business practice. Banks commonly use surveillance cameras to guard against robberies. Companies in the business of transporting goods may need to track their vehicles with GPS location monitoring systems.

The U.S. government takes privacy seriously, but its approach differs from the European approach in large part because it relies more on self-regulating corporate codes of conduct. Only when a company deviates from an applicable code will a U.S. government agency intervene with an enforcement action. That way companies have the flexibility they need to adopt privacy policies appropriate for their particular situations.

India’s broader privacy framework

India’s labor laws do not at present address rights surrounding employee privacy, let alone follow the employee privacy policies of the E.U. or U.S. However, general privacy laws were set forth in the Information Technology Act of 2000 (“IT Act”), which provided legal recognition for e-commerce and sanctions for computer misuse. Subsequently, India has passed legislation in 2008 and then again in 2011 to further develop its broader privacy policy objectives.

In an attempt to broaden the enforcement scope of the law, India passed the IT (Amendment) Act of 2008, which incorporates two new sections of the IT Act: most notably, Section 43A to provide a remedy for persons whose personal data is compromised by a security breach.

Under section 43A, “bodies corporate,” which includes a corporation[s], firm[s], association[s], sole proprietorship[s], and any other associations or individuals engaged in “commercial or professional activities,” can be liable for failing to maintain “reasonable security practices and procedures” to protect “sensitive personal data and information.” “Sensitive personal data” was not defined in this Amendment. Furthermore, absent a contract, reasonable security practices and procedures were also not specifically defined and were left for the central government to prescribe. Following these Amendments, Section 43A fell under criticism for its broad definition of “body corporates” and absence of clarity on several other fronts, such as whether an Indian call center was required to obtain a foreign customer’s consent before collecting the individual’s personal data (the answer turned out to be no).

The latest announcement attempted to address some of this criticism, when in August 2011 the Government of India issued the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (“Data Privacy Rules”).

First, in order for a body corporate to comply with India’s privacy regime, it must implement security practices and procedures which include a “comprehensive documented information security programme and information security policies.” Such policies must contain managerial, technical, operational, and physical security control measures commensurate with the information assets being protected.

Second, the Data Privacy Rules define “sensitive personal data and information” to include:

  • passwords;
  • financial information such as bank accounts, credit and debit card details;
  • physiological and mental health condition, medical records;
  • biometric information;
  • information received by body corporate under lawful contract or otherwise;
  • user details as provided at the time of registration or thereafter; and
  • call data records.

And lastly, India’s Data Privacy Rules also clarify that a body corporate must get the consent from the provider of information and identify the purpose for collecting such data.

Although India has made strides in clarifying its data protection and privacy policies, these efforts are far from complete and comprehensive given the challenges jurisdictions must face with international information exchange through social media and cloud computing.   First and foremost, the Data Privacy Rules are to include Indian companies only. Furthermore, an exemption was added for Indian outsourcing entities under contract with a legal entity outside of India.

Additionally, India’s definition of “sensitive personal data and information” is defined narrowly, and does not include information in the public domain or information accessible under the Right of Information Act. The Data Privacy Rules’ consent requirement is also less stringent than it appears at first glance. Under the rules, a body corporate must only receive consent from the person or entity that provided the information, not from the individual to whom the information relates.

The result is an Indo-centric policy that does not quite yet affect cross-border communication of multinationals. The Data Privacy Rules could be read as the Government of India’s attempt to demur on the issue of privacy protection in the global context. It is no surprise to see India take this stance given the impact such policies have on business, especially multinational companies that exchange information and data on a daily basis from one country to another. If a multinational with operations in a dozen countries were required to comply with a dozen different sets of privacy laws the potential liability and administrative burden would be potentially enormous. The risks may well discourage the company from investing in a certain nation.

India requires a high level of foreign investment to maintain adequate GDP growth. Any new layer of regulation that discourages such investment could be damaging to its overall economy. Therefore it would be strategically wise for the Indian government to keep regulatory burdens such as privacy laws as flexible and streamlined as possible.

Cultural Underpinnings of Privacy Policy

A nation’s culture forms the tenets of its privacy policy. In European nations individuals tend to be more skeptical of corporations than governments. For example, European employees have high expectations of privacy in the workplace, and personal information is preferably kept personal. The European emphasis on worker privacy may be a natural result of its traditionally left-leaning political orientation, which has long supported workers’ rights.

In the United States, by contrast, the culture is relatively more supportive of free enterprise and distrustful of government. Efforts to restrain government power can be traced as far back as the Federalist Papers.  Consequently, expectations of workplace privacy are viewed in a different light in America. For example, an American employer can be found liable for not investigating a claim of sexual harassment by one employee against another. In the context of an employee’s Internet privacy, the expectation is that emails, Facebook posts and Tweets from company computers are not private, and that work computers and mobile devices are monitored. On the other hand, American employers are legally required to maintain strict confidentiality for employee data such as credit reports and health care information, which could be damaging to workers if inappropriately accessed or misused.

So far India’s treatment of privacy protection has not followed the rigid, pervasive, pro-employee regulatory approach of the E.U. This may reflect a cultural preference for the more flexible, contextual, balanced approach of the U.S. If so, India’s instincts are good. As explained above, a fast-growing emerging economy is better positioned to attract foreign investment if it adopts legal standards that investors can readily meet. One way a nation can maintain such reasonable standards is to preserve flexibility in its privacy laws.


Technologies such as mobile telephones, cloud computing, and social networking have blurred the line between workplace and personal activity. As a result, it is now more difficult to safeguard employee privacy while protecting business interests.

One way to resolve this policy challenge is to adopt laws that definitively favor one side or the other. The EU approach does this by favoring employee rights through a strict and highly regulated privacy regime. However, this approach could rapidly multiply a company’s liability without necessarily producing any practical benefits for employees. At the same time, such an approach could discourage companies from investing in the employee-biased countries.

Given the fluid nature of the above technologies and the novel nature of the related issues of workplace privacy, it will take time and thoughtful discussion to strike the right balance between the privacy interests of labor and the business interests of management. In this complex and subtle legal environment a flexible approach would be more accommodating. Self-regulatory corporate codes of conduct, backed by the threat of government enforcement, have worked well to protect privacy so far. As long as these codes are permitted to evolve with changing business needs and privacy expectations they will likely continue to serve us well in the future.

For this reason the U.S. approach seems preferable for a country such as India. By relying on self-regulation implemented through HR policies, India may find that its employees enjoy just as much privacy protection as their counterparts in the EU. At the same time, India would not need to risk alienating foreign investors. Indeed, American and European companies alike could continue to invest in India without fear of increasing their India-based liability or triggering conflicts with their home country laws.

Michael Green is a Manager at the U.S.-India Business Council (USIBC) responsible for the Life Sciences and Legal Services portfolios. Michael can be contacted at  



Michael Green

Caution Isn’t Kosher – Why India Needs To Adopt The IINET Guidelines For ISP Liability

The February 2011 decision of the Federal Court of Australia in Roadshow Films Pty Ltd v iiNet Ltd [2011] FCAFC 23exonerated Australia’s second-largest internet service provider (“ISP”) from claims that it authorized primary copyright infringement of the works of a 34-member rightsholder conglomerate called the Australian Federation Against Copyright Theft. The decision represents a significant breakthrough in the field of liability for an internet-based intermediary (essentially any entity that receives, transmits and/or provides other services with regard to an electronic message over the internet) since-the lead opinion by Judge Emmett puts forward an innovative set of criteria for evaluating intermediary liability of ISPs. Paragraph 257 of Judge Emmett’s opinion captures these criteria in the following words:

“[W]hile the evidence supports a conclusion that iiNet demonstrated a dismissive and, indeed, contumelious, attitude to the complaints of infringement by the use of its services, its conduct did not amount to authorisation of the primary acts of infringement on the part of iiNet users. Before the failure … to suspend or terminate its customers’ accounts would constitute authorisation of future acts of infringement, the Copyright Owners would be required to show that at least the following circumstances exist:

(a) iiNet has been provided with unequivocal and cogent evidence of the alleged primary acts of infringement …

(b) The Copyright Owners have undertaken:

(i) to reimburse iiNet for the reasonable cost of verifying the …infringement alleged and of establishing and maintaining a regime to monitor the use of the iiNet service … and

(ii) to indemnify iiNet in respect of any liability reasonably incurred by iiNet as a consequence of mistakenly suspending or terminating a service on the basis of allegations made by the Copyright Owner.”

These criteria form a good point of departure for Indian copyright law, which is still struggling to answer some basic questions on how liability for copyright infringement should apply to ISPs.

In India, intermediary liability is addressed by the Information Technology (IT) Act, 2000, Section 2(1)(w), whichincludes ISPs in its definition of -‘intermediaries’. Section 79(3)(b) of the IT Act holds ISPs liable only if they have actual knowledge of infringing content or have received a notification to that effect by a government agency and the threshold of due diligence in acting expeditiously to remove content or disable access to it. This permits ISPs to be painted with the same brush as other online intermediaries such as websites, social networking portals and the like, which perhaps answer more faithfully to the definition of intermediaries in this context. This is particularly damaging since it leaves the door open for generalizations and characterizations to be made of ISPs when, certainly in terms of business models and incentive structures, ISPs bear little resemblance to online intermediaries that better fit the definition.- Separating ISPs from other online intermediaries has been fairly successful under 17 U.S.C. § 512(k)(1)(A) in the United States, which segregates ISPs from other types of intermediaries within a broad framework which sets out the conditions in which content posted by intermediaries online will not be considered infringing.

Even allowing for the deliberate vagueness necessary to bring all of Section 2(w) within its sweep, Section 79(3)(b) of the IT Act remains rudimentary at best from a substantive perspective, primarily because it does not recognize the significant compliance costs incurred by ISPs and the genuine dilemma for such service providers of being caught between intellectual property enforcement efforts and potentially losing a large proportion of their customer.

Charting a balanced way forward for the Indian law on intermediary liability is vital in light of Super Cassettes Industries Ltd v. MySpace Inc. 2011 (47) PTC 49 (Del), India’s first substantive decision on intermediary liability, which found the social networking website MySpace liable for authorizing copyright infringement of works by its users on an interpretation of Section 51(a)(ii) of the Copyright Act, 1957. Section 51(a)(ii) saves from infringement an intermediary who is not aware and has no reasonable ground for believing that the communication of the work would be infringing. This “knowledge and reasonable belief” standard (paragraph 47) applied in MySpace highlighted the acute need for a robust substantive standard on intermediary liability.

ISPs need to be more proactive than reactive in confronting copyright infringement and – owe a general duty to assist in copyright enforcement. However, guided by iiNet, this general duty should only extend to cases where other stakeholders such as internet users and the State regulatory agencies are not unreasonably prejudiced, whether on legal, economic or moral grounds. The iiNet guidelines show ISPs a feasible way out of the enforcement problem, especially since the fallout of the decision appears to have enabled ISPs to protect their business interests while complying with the law but making few, if any, changes to their -copyright enforcement commitments.

  1. The iiNet decision

The seemingly onerous demands required by Judge Emmett to be met by copyright holders in order to get ISPs to aid in copyright enforcement indicates that the threshold of ‘authorisation’ – which is understood to be the grant or purported grant of the right to do the act complained of – is being met increasingly easily by ISPs. Indeed, the ingredients of authorisation identified by Judge Emmett in the excerpt from his opinion provided above – (i) the power to-control the means of infringement, (ii) making that means available to others and (iii) failure to take reasonable steps to limit infringement — are more in line with those recently outlined in Twentieth Century Fox v. Newzbin Ltd. [2010] EWHC 608 (Ch) (involving a website service that made copyrighted content available to its users) than those provided over two decades ago in CBS Songs v. Amstrad [1988] 1 AC 1013 (involving tape recording facilities that allowed buyers to create copies of copyrighted musical works), where, arguably, elements of these ingredients were present and yet not held to constitute authorisation.

In place of authorisation, Judge Emmett- correctly recognizes that in order to expect ISPs to side with enforcement rather than infringement, two main concerns need to be addressed. First, the holders’ claims must be based on strong, cogent evidence and not infringement notices, which are assertive and speculative. To this end, they must provide indemnity to ensure that when the ISP pulls the plug on infringing users, it is not held liable for doing the holders’ bidding. This addresses the fact that infringement surveillance mechanisms remain unreliable and terminating internet connections on the basis of mere allegations would violate procedural fairness (P. Yu, ‘The Graduated Response’ (2010) 62 Florida Law Review 1373). Second, ISPs must be compensated for the considerable costs likely to be incurred in surveillance, policing and data retention for the purpose of enforcement. This responds to the concern that enforcing holders’ copyrights would unfavourably skew ISPs’ profit structure, making it difficult to offer low-cost and quality service to users (Yu).

Judge Emmett – also wisely leaves these requirements open-ended by using the words ‘at least the following circumstances’, allowing for flexibility to be built into these requirements over time. The overall standard required to be met by copyright holders is a justifiably high one, indicating judicial cognizance of the extreme (and often disproportionate) nature of the measure of disconnection as an enforcement action (Yu) and a more balanced approach to enforcement by requiring from full confirmation of an infringement before taking enforcement action (see H. Travis, ‘Opting Out of the Internet in the United States and theEuropean Union: Copyright, Safe Harbors, and International Law’ (2008)

84 Notre Dame Law Review 331 -).

  1. Passive-reactive to active-preventive ISPs

The articulation of pre-enforcement requisites to be fulfilled by copyright holders in iiNet could also be seen as going some way towards stabilising the position of ISPs vis-à-vis enforcement obligations. It assumes greater significance in the context of the recent shift from clearly defined ISP safe harbours to a co-operative model of graduated sanctions, which responds to the evolution of ISPs from being passive carriers of information to active managers of content, possessing direct enforcement means (Annemarie Bridy, ‘Graduated Response and the Turn to Private Ordering in

Online Copyright Enforcement’ (2010) 89 Oregon Law Review 81; -; Jeremy de Beer and Christopher Clemmer, ‘Global Trends in Online

Copyright Enforcement: A Non-Neutral Role for Network Intermediaries?’

(2009) 49 Journal of Jurimetrics 375). Indeed, in the present scenario in the U.S. for instance, while there is no affirmative requirement for ISPs to implement technological/monitoring measures to claim safe harbour protection (Yu), it would be difficult to do so without implementing some policy against repeat infringers (Bridy).

Interestingly, this trend has not been instigated purely by pressure from copyright holders. ISPs’ self-interest has also played an important role in the voluntary assumption of these responsibilities in at least two ways—first, the burden imposed by infringers’ file-sharing on ISPs’ network resources and second, the scope for synergy between holders (content suppliers) and ISPs (distribution networks) in offering an integrated product (Yu; de Beer/Clemmer).

  1. When should ISPs owe a duty to prevent infringement?

If indeed ISPs’ self-interest suggests that complying with enforcement demands of copyright holders may not be onerous under some circumstances, the next question is of what these circumstances are. Given that the law protects copyright per se (rather than making protection contingent on a feasibility-of-enforcement analysis), ISPs should owe a general duty of co-operation to assist in copyright enforcement. However, this duty should only extend in circumstances where enforcement does not unreasonably prejudice other parties on legal, moral or economic grounds.

Legal grounds

One set of situations where unreasonable prejudice may be caused to users is where their individual liberties are violated without any procedural safeguards in place (Yu). This would cover cases where a user is disconnected from the internet on the basis of merely alleged infringement, where such a measure is not preceded by a formal notice of infringement, where disconnection is not an ‘appropriate, proportionate and necessary measure’ (Yu) and where the individual does not have an opportunity for judicial redress.

These concerns are addressed by the Digital Economy Act, 2010 (“DEA”) in the UK, which incorporates two important procedural guarantees as part of a graduated response—inserting a three-stage notification process to subscribers under Section 124A of the UK’s Communications Act, 2003 (which, ideally, should coalesce multiple infringements over the relevant period into a single notice rather than direct separate notices for every individual infringement; Bridy) and measures for an independent system for appeals by users (which would ensure fairness by adjudicating each case on its merits; Bridy), including a right to anonymity (Ofcom, Online Infringement of Copyright and the Digital Economy Act 2010:

Draft Initial Obligations Code (28 May 2010) -).

As the DEA implementation strategy correctly acknowledges, the educative and rehabilitative functions of these procedures must also be taken seriously and preliminary infringement notices in particular must outline, in simple language, the nature of the alleged infringement, possible corrective measures and legal options in terms of challenging the alleged infringement (Ofcom Draft Code; Yu).

Further, in line with the iiNet conditions, the DEA recognises that procedural fairness also requires that allegations of infringement should be based on credible evidence and not mere allegations. This is this important from a procedural perspective and anchoring infringement allegations to credible evidence also increases the likelihood that the eventual enforcement measure will be proportional to the infringement (Yu).

To this end, a ‘quality assurance report’ for infringement reports has been proposed, which would require holders to reveal measures taken to assure the integrity, accuracy and legality of evidence of infringement (Ofcom Draft Code). This system would impart sufficient flexibility to allow copyright holders to develop the necessary technical measures while preserving scope for intervention vis-à-vis the substance of the reports, either by Ofcom or by the appellate body (Ofcom Draft Code).

Another legal safeguard that may need to be contemplated relates to the appellate body. Even where infringement notices are based on credible evidence, since the case against the user is of infringement, the adjudicating authority must be willing to consider defences to copyright infringement (Yu). Additionally, given the criticality of internet access to many ISP users, the adjudicating authority should give due weight to the absolute nature of internet disconnection and the possibility for alternative arrangements for internet access (Yu).

These provisions should go a long way towards placating concerns of procedural fairness in the enforcement process, especially if further reforms such as mandatory requirements for ISPs to disclose their copyright enforcement practices (including any invasive technological monitoring measures used) to their users (Bridy). ISPs could then be justifiably required to use the means at their disposal to assist in enforcement.

Economic and moral grounds

There is a further reason for requiring ISPs to assist in copyright enforcement—since ISPs benefit indirectly from infringement (through more users and greater usage) and exercise greater control than in the past over user content, they should also bear fair share of responsibility for assisting with enforcement (Yu; Bridy).

However, this responsibility depends on the ISP’s scale because as unreasonable as it is to allow large ISPs with several thousands of users to be unaccountable for infringement by those users, it is equally unreasonable to require, say, a small ISP to incur significant costs to comply with legislation designed to address infringement which it does not notably contribute to (Ofcom Draft Code).

A balance between these extremes could be attempted along the lines of Section 124C(5) of the UK’s Communications Act under which a moving target threshold can be set to identify ‘qualifying’ ISPs. The flexibility in this measure would ideally allow a regular review of the threshold to ensure that infringing users are not out of the reach of enforcement by migrating to smaller ISPs that perpetually remain below the threshold (Ofcom Draft Code). This is supplemented by Section 124M(3)(a) which allows scope for ISPs to claim costs of enforcement from copyright holders, reflecting another of the iiNet conditions.

While this threshold establishes a workable basis for determining which ISPs should owe a duty to assist in copyright enforcement, there remains the possibility that, in practice, enforcement actions by ISPs will disproportionately target small users. This is because the economic loss to ISPs resulting from these users being bumped off the network for infringement is likely to be far lesser than if large users with deep pockets are disconnected (Yu).

Even if such open discrimination is not practiced, there could be interference by ISPs with the principle of network neutrality (requiring no restrictions on internet content accessible to users) by using technological measures to restrict/prohibit certain types of bandwidth-intensive activities (de Beer/Clemmer). While such measures would broadly appear to be in aid of copyright enforcement, they would do so by unreasonably prejudicing that demographic of users.

To that end, there is a need to ensure that copyright enforcement by ISPs (though more an obligation than a duty in such cases) does not so discriminate between infringers, possibly by strengthening procedural safeguards for users and allowing a broad scope for the adjudicating authority to scrutinise ISPs’ enforcement policies.

Eashan Ghosh graduated with Distinction Honours on the Bachelor of Civil Law (B.C.L.) programme at the University of Oxford in 2011 and is a multiple gold medalist on the B.A. LL.B. (Hons.) programme at the National Law School of India University (NLSIU), Bangalore. He is currently an Associate with Fidus Law Chambers, a leading Indian intellectual property law firm, and practices intellectual property law at the Delhi High Court.



By Eashan Ghosh

Copyright Infringement And Intermediary Liability

The plight of online music sites, file sharing sites, and social networking sites that provide options for upload of audio and video files (categorized as “Intermediaries” under Indian laws) may hardly be considered enviable, given the growth in the number of cases filed against them in various courts. A few of these cases relate to alleged copyright violations due to the upload of music and video files, and injunctions through an Ashok Kumar (or John Doe) order. An Ashok Kumar order is an ex parte injunction issued against unknown individuals restraining them from uploading, distributing, or in general making available copyrighted materials online.

The Information Technology Act, 2000 (“the IT Act”) and the provisions of the Copyright Act, 1957 (“the Copyright Act”) are relevant with respect to this issue. Both these laws are sole legislations on their respective subjects. The IT Act deals with data and communication of data in electronic form. The IT Act also includes provisions for the liability of Intermediaries. The Copyright Act deals with the protection of copyright in India. Music and films have been considered as musical works and cinematograph works respectively and are therefore protected under the provisions of the Copyright Act. With the advent of the internet as a mode of communication, it is easy to transfer music and film through the internet. These transfers are mostly through the abovementioned sites. In most instances, users may be uploading the music and film files. However, under the provisions of the IT Act, online music sites, file sharing sites, and social networking sites may still be considered as liable.

This article discusses the issue of violation of copyright vested in music or films on the internet and the liability of intermediaries. The article further discusses the implications of obtaining an Ashok Kumar or John Doe order for Intermediaries.

Who are Intermediaries?

Section 2 (w) of the IT Act defines an “Intermediary” as follows:

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.

An Intermediary stores, receives, transmits and provides other services with respect to electronic records on behalf of other persons. Intermediaries do not provide content. They are mere conduits over which information is made available. In the context of music and films, sites that host music and video files, social networking sites providing facility for the upload of audio and video files, file sharing sites and online market places that provide for the sale of audio and video files are the sites which may be covered within the definition of Intermediaries. The term Intermediary may further include internet services providers that provide internet connectivity to the sites allowing upload or download of audio and video files. Though internet service providers may not be impacted by the issue of copyright infringement due to the upload of music and films, they may nonetheless be subject to Ashok Kumar orders.

As stated above, Intermediaries are not content providers and, therefore, they presumably do not upload materials infringing copyright. However, once user-generated content is uploaded, aggrieved music and film producers can [approach] a court of law against the unfortunate Intermediary.

Film and music producers contend that they have made substantial investments in their films or music. If the music or films are available online then there is a loss of revenue as the user may not buy the movie or music from an authorized, revenue-generating source. Intermediaries on the other hand may contend that any restraint on the Intermediaries may lead to reduction in the number of website hits. Most Intermediaries do not charge the users for the upload or download of files and rely on advertisements hosted on the websites. In the event the number of hits is reduced, advertisers may not be keen to provide the advertisements to such websites. Consequently, there is a loss of revenue for the Intermediaries. Further, if the website is blocked the Intermediary may not be able to generate revenue at all whether through the user or advertisements. Therefore, while the entertainment industry does have an argument of loss of revenue, removal or blocking of content does not augur well for the Intermediary’s balance sheet.

View of the IT Act

The IT Act is the only legislation that deals with the liability of Intermediaries. Such liability may include the liability arising out of the violation of copyright. The IT Act also includes provision pertaining to the applicability of the Copyright Act in the event of violation of copyright through the electronic medium. Therefore review of the IT Act is important to analyse the liability of Intermediaries on the issue of copyright violations in cyberspace.

Section 79 is the relevant provision that deals with the liability of Intermediaries. Section 79 (1) of the IT Act stipulates that an Intermediary is not liable for any third party information, data, or communication link made  hosted by it. Section 79 (2) specifies the instances when Intermediary]may not be liable. Sections 79 (2) (a) stipulate the Intermediary may not be liable if it is acting as a mere conduit and not a content provider. Section 79 (2) (b) stipulates that provisions of Section 79 (1) may not apply if the Intermediary does not:

  1. Initiate the transmission;
  2. Select the receiver of transmission; and
  • Select the information contained in the transmission; or
  1. Modify the information contained in the transmission.

In order to be absolved of its liability the Intermediary is required to prove that:

  1. it has complied with Section 79 (1); and
  2. either of Sections 79 (2) and 79 (3).

Section 79 (3) obligates the Intermediary to observe due diligence while discharging its duties.

Intermediary may be liable under the IT Act if:

  1. the Intermediary has conspired, abetted, aided or induced the commission of the unlawful act; or
  2. has failed to remove or disable access to the content after having received the actual knowledge of the presence of such data or link.

Copyright violations on the Internet may be placed on different footing due to Section 81 of the IT Act. Proviso to Section 81 stipulates that provisions of the IT Act may not restrict any person from exercising his rights under the Copyright Act or the Patents Act, 1970. Therefore, in the cases of copyright infringement the aggrieved party may take recourse to the provisions of the Copyright Act.

The IT Act specifies that an Intermediary may not be liable if it has not itself uploaded the objectionable content or such content is uploaded without its knowledge. However, Section 81 reduces the scope of exemption from liability for the Intermediary and stipulates that the provisions of the Copyright Act may be applicable in case of copyright violations. Therefore, Section 81 clearly overrides Section 79 of the IT Act. The music and film producers may contend that once an audio or video file is on the internet it may go viral leading to the violation of their copyright. However, acceptance of this contention may also lead to higher degree of obligations for Intermediaries, which the Intermediaries may not be able to accept. Therefore, the interplay of Section 79 and 81 with regard to violation of copyright is of relevance. This interplay was discussed in detail in the matter of Super Cassette Industries v. MySpace Inc, 2011(48)PTC49(Del) (“MySpace Judgment”)

In the Matter of Super Cassette Industries v. MySpace Inc.

In the MySpace Judgment, the Delhi High Court discussed the provisions of the IT Act and the Copyright Act to determine the liability of MySpace an Intermediary, on the issue of copyright infringement. The MySpace Judgment lays down that Intermediaries:

  1. are required to screen the content at the time when it is uploaded. Further, pursuant to such screening the copyrighted content should not be allowed to be uploaded; and
  2. should not facilitate access to the copyrighted content by making the uploaded materials attractive;

This judgment is controversial because under the IT Act, an Intermediary is not liable merely because an objectionable (e.g. copyrighted content) is uploaded. The Intermediary is liable when it fails to remove the content once it is aware of its presence. However, with respect to copyrighted content, the Delhi High Court has given more stress on the screening of content and not allowing the copyrighted material to be uploaded. The MySpace Judgment therefore stipulated a greater degree of compliance if a copyrighted material is uploaded on the website. The MySpace judgment is perhaps the first judgment on this issue and therefore it is important to review the facts and ratio of this case.

The MySpace case was brought by Super Cassette Industries, a well-known company engaged in the business of film production and music distribution, which sought removal of infringing material from MySpace, a social networking site. MySpace allows users to share files (including audio and video files), and listen or view the music or video so shared. Super Cassette Industries informed MySpace that certain titles owned by it were uploaded on MySpace. The parties entered into an agreement in this regard. However, the Super Cassettes Industries alleged that the infringing materials were never removed from the MySpace website.

Delhi High Court based its judgment on Section 51 (a) (ii) of the Copyright Act. Section 51 (a)(ii) stipulates that Copyright in a work may be deemed to be infringed when any person, without a license granted by the owner of the Copyright or the Registrar of Copyrights under this Act or in contravention of the conditions of a license “permits for profit any place to be used for the Performance of the work in public where such performance constitutes an infringement of the copyright in the work unless he was not aware and had no reasonable ground for believing that such performance would be an infringement of copyright.” The Delhi High Court held that the internet is included within the meaning of “any place” in Section 51 (a) (ii) of the Copyright Act.

The Delhi High Court further discussed the proviso of Section 81. Section 81 of the IT Act stipulates that in the event of conflict with the provisions of any other law in force and the IT Act, provisions of the IT Act will override such law. However, a proviso to Section 81 limits this overriding effect of Section 81. It stipulates that the provisions of the IT Act will not restrict any person from exercising his right under the Copyright Act, 1957 and the Patents Act, 1970. Therefore, the portion of the proviso to Section 81 that deals with the Copyright Act, 1970 may limit or restrict the defenses available to an Intermediary under Section 79 of the Act in the event of copyright violations. Rule 3 of the Information Technology (Intermediary Guidelines) Rules, 2011 require Intermediaries to remove content within 36 hours of them becoming aware of the infringing material on their server. Since, Section 79 of the IT Act may not be available to the Intermediaries in case of copyright infringement; post infringement removal may not absolve the Intermediary from its liability under the Copyright Act.

Further, the court has delved on the subject of due diligence. It held that the Intermediary is required to deploy ample measures to ensure that the infringing materials are not hosted on its website. Industry has reacted strongly to this part of the judgment since high traffic makes compliance by Intermediaries a challenge. Though the websites deploy filters, it may be difficult to block all materials infringing copyright at the time of upload. However, until the time this judgment is revised, the Intermediaries are required to abide by this stipulation.

The MySpace judgment also indicates that there is a higher probability of the Intermediary being made liable if it amends or modifies user content, or places advertisement to make the uploaded content more accessible. Since, the websites earn from the advertisements and number of the hits an Intermediary may not be absolved of its liability if it amends or modifies the infringing material placed on its website. Advertisements, if any, on the website may not be aimed to promote number of hits on links to the infringing materials.

An Ashok Kumar Order

In recent times, film producers of movies like Singham, Bodyguard, Speedy Singhs, “3,” and Gangs of Wasseypur have successfully obtained an Ashok Kumar order to protect their copyright in their films. As discussed above, an Ashok Kumar order is an ex parte injunction issued against unknown persons restraining them from doing certain act/s. Producers file such cases a few days prior to the release of their films, naming unknown individuals (named as Ashok Kumar) and internet service providers (“ISPs”) as parties. Despite the fact that ISPs do not host content, and their role is limited only to providing access to the internet, issuance of an Ashok Kumar order requires these ISPs to block video and file sharing websites.

In most of instances, the file or video sharing website is completely blocked, resulting in the infringing as well as non – infringing materials not being available to “netizens.”

The Madras High Court has recently clarified that only specific links may be blocked pursuant to an Ashok Kumar or John Doe order. While an Ashok Kumar or John Doe order is a welcome development to film producers, the ambit of such orders may be limited to specific link or content and not to websites. ISPs however continue to block websites, since it may be a challenge to track material made available by users. Although it is an easy way to block infringing material finding its way through the ISP, the ISPs may be acting too cautiously while abiding an Ashok Kumar or John Doe order. Should the ISP exercise a little more effort it would be able to track and block infringing material from passing through its service, while allowing “netizens” otherwise free access to the Internet and websites hosted thereon, thus not diminishing the value proposition of the Internet.

Summing Up

The Delhi High Court judgment in Super Cassette Industries v. MySpace Inc. has demonstrated that vulnerability of Intermediaries has increased substantially, with respect to copyright violations over Internet. Further, the recent trend of Ashok Kumar or John Doe orders may also have a negative impact on intermediaries’ operations. Intermediaries are treading on a difficult path once they have to deal with content that may be subject to copyright.

Prashant is an Associate in the Bangalore office of J. Sagar Associates. Apart from general corporate commercial advice and transactions, he also advises clients Information Technology Laws. He may be reached at



By Prashant Kumar



Dual Use Technology Under India’s Foreign Trade Policy


The Foreign Trade Policy of India, issued by the Ministry of Commerce and Industry, Government of India, contains provisions for the development and regulation of foreign trade by facilitating imports into, and exports from, India. In furtherance of this objective, the Foreign Trade Policy grants incentives in the form of special focus initiatives and sectoral initiatives. The Foreign Trade Policy also imposes restrictions on the import and export of certain categories of goods, services, and technologies. Export of dual use items is one such area where restrictions are imposed to protect India’s national security and foreign policy goals and objectives, objectives of global non-proliferation, and India’s obligations under treaties to which it is a State party.

In 2010, the Foreign Trade (Development & Regulation) Act, 1992 was amended to include a new chapter dealing with controls on export of specified goods and services. According to the new provisions, no goods, services or technology notified under the legislation shall be exported except in accordance with the Weapons of Mass Destruction and their Delivery Systems (Prohibition of Unlawful Activities) Act, 2005. The relevant section of this legislation states that no person shall export any material, equipment or technology knowing that such material, equipment or technology is intended to be used in the design or manufacture of a biological weapon, chemical weapon, nuclear weapon or other nuclear explosive device, or in their missile delivery systems.


Pursuant to the above, under the Foreign Trade Policy of India, dual use items have been given the nomenclature of SCOMET i.e. Special Chemicals, Organisms, Materials, Equipment and Technologies. Appendix 3 of Schedule 2 of the Export Policy has put in place a regulatory framework embodying an exhaustive list of goods, services and technology, export of which is subject to fulfilment of conditions contained therein.

The SCOMET list in Appendix 3 has been divided into 8 categories of items. Category 0 in Appendix 3 deals with nuclear material, nuclear-related other materials, equipment and technology. Category 1 deals with toxic chemical agents and other chemicals. Category 2 deals with micro-organisms and toxins. Category 3 deals with material, materials processing equipment and related technologies. Category 4 deals with nuclear related other equipment, assemblies and components, test and production equipment and related technology, not controlled under Category 0. Category 5 deals with aerospace systems, equipment including production and test equipment, related technology and specially designed components and accessories thereof. Category 6 is currently reserved, and Category 7 deals with electronics, computers, and information technology including information security. Each of these categories is further broken down into various sub-categories.

Any person in India desirous of exporting any item mentioned under the SCOMET list has to obtain the requisite license for export from the Director General of Foreign Trade (“DGFT”) unless export is prohibited or is permitted without licence subject to fulfilment of conditions, if any, as indicated for any specific category or item. The licensing authority for items in Category 0 under the SCOMET list is the Department of Atomic Energy and the applicable guidelines are notified by the Department under the Atomic Energy Act, 1962.

Apart from the license required for export of specified goods, services and technology, the SCOMET guidelines also make it mandatory for all companies and their subsidiaries registered in India, and all other business entities operating in India and involved in the manufacture, processing and use of SCOMET items, to obtain permission of the Central Government before entering into any arrangement or understanding that involves an obligation to facilitate or undertake site visits, on-site verification or access to records or documentation, by foreign governments or foreign third parties, either acting directly or through an Indian party.


Application for licence to export items covered under the SCOMET guidelines are considered on a case-to-case basis. Some of the factors considered by the DGFT before granting an export license are the end use of the SCOMET items being exported, credentials of the end user, credibility of the declarations of end use and integrity of chain of transmission of the items from supplier to end user. Further, the DGFT also assesses the export control measures instituted by the recipient state, the capabilities and objectives of programmes of the recipient state relating to weapons and their delivery, applicability to an export licence application of relevant bilateral or multilateral agreements to which India is a party and assessed risk that the exported items will fall into hands of terrorists, terrorist groups, and non-State actors.

There are some exceptions to the requirement of end use certifications. Licences for export of items under the SCOMET guidelines, other than those under Category 0, 1 and 2, solely for purpose of display or exhibition does not require any end use or end user certifications. The guidelines also state that export licence shall not be granted for display or exhibition of technology for items under Categories 0, 1 and 2. Licences for export of items under the guidelines for display or exhibition abroad are subject to a condition of re-import within a period not exceeding 6 months. Exporters can apply for an export licence for such items exhibited abroad, if the exhibitor intends to offer that item for sale during the exhibition abroad, as such sale is not permitted without a valid licence.

The DGFT also has the power to impose additional end-use conditions as may be stipulated in licences for export of items that bear possibility of diversion to, or use in development or manufacture of, or use as, systems capable of delivery of weapons of mass destruction.


One of the items under the SCOMET list on which there has been a lot of debate and discussion is Technology. Appendix 3 defines “Technology” as, follows:

Except as otherwise provided for against any item in the SCOMET List, information (including information embodied in “software”) other than information in the ‘public domain’, that is capable of being used in:

  1. the development, production or use of any goods or software;
  2. the development of, or the carrying out of, an industrial or commercial activity or the provision of a service of any kind.

Explanation: When technology is described wholly or partly by reference to the uses to which it (or the goods to which it relates) may be put, it shall include services which are provided or used, or which are capable of being used, in the development, production or use of such technology or goods.”

Technology under the SCOMET guidelines is not covered in a stand-alone category. While Category 7 does deal with information technology including information security, a review of the sub-categories of Category 7 cover only items like data processing security equipment, authentication and key loader equipment etc. There are references to technology under the other categories of the SCOMET guidelines. For example, under Category 0, technology refers to technology and software for the development, production or use of prescribed substances or prescribed equipment specified in sub-category OA and OB. Under Category 3 dealing with material, materials processing equipment, and related technologies, technology refers to technology for the development, production or use of items in 3A (dealing with stealth materials) and 3B (dealing with materials processing and production equipment, related technology and specially designed components and accessories therefor). Category 5 dealing with aerospace systems, equipment including production and test equipment, related technology and specially designed components and accessories thereof refers to technology related to the development, production, testing and use of items listed in some of the other sub-categories of Category 5.

From a perusal of the above provisions, it can be seen that the SCOMET provisions contain reference to technology is always in relation to development, production or use of a product listed therein. Thus, as mentioned, technology per se is not covered under a separate category but has to be read with a specified product category listed under SCOMET. Therefore, on a plain reading of the SCOMET provisions, it seems that if a product does not fall within the ambit of the SCOMET provisions, technology for the development, production or use of such product is not likely to fall within the purview of the SCOMET provisions.

However, any technology can have many uses. It is possible that an exporter, if a layman, is not likely to forsee all possible uses of the technology. In such a case, if the exporter does not obtain an export license for a certain technology that he is exporting, and one of the uses of that technology is for development of an item falling under the scope of the SCOMET guidelines, the DGFT has the power to impose strict penalties for export of items in contravention of the provisions of the Foreign Trade Policy, which may include confiscation of the items by the adjudicating authority and fines upto five times the value of the items.

The lack of clarity in the SCOMET guidelines on whether technology per se is covered, and how export of technology is to be dealt with, has lead to a lot of confusion amongst exporters. Although the Foreign Trade Policy provides a mechanism for making clarification applications for obtaining clarity on the provisions of SCOMET, clarification applications to the DGFT inevitably get held up for months without any progress or response. While the DGFT has stipulated a time line of 2 months for processing of export license applications, they have not prescribed any timeline for clarification applications. The lack of any obligation on the DGFT to revert within a stipulated time frame provides no relief to an exporter suffering due to the ambiguous nature of the provisions.

Considering the SCOMET guidelines have been included in the Foreign Trade Policy with the intention of protecting India’s national security, we can only hope that all ambiguity on what is included in the SCOMET list is cleared at the earliest.

Seema Sukumar is a Senior Associate, and Garima Jhunjhunwala is an Associate

With J. Sagar Associates, based out of Bangalore. Seema can be contacted at and Garima can be contacted at

By Seema Sukumar and Garima Jhunjhunwala




Social Media And Censorship In India


Lord Salmon L.J., an eminent English jurist, in one of his judgements had stated the following –

The right to fair criticism is part of the birth right of all subjects of Her Majesty. Though it has boundaries, that right covers a wide expanse, and its curtailment must be zealously guarded against. It applies to the judgements of the courts as to all other topics of public importance.

News media and television journalism have been instrumental in propagating the volume of news and views in the world including India for most of the twentieth century. However, in recent years, social media platforms such as Facebook, YouTube, Twitter and blogs have grown in importance not only as an alternative news source but as an effective medium for individuals to post their own views and opinions. While Courts in India have always supported the cause of freedom of speech and expression, they have also emphasized the need for reasonable restrictions on this right to prevent misuse of such social media.



Article 19(1)(a) of the Constitution of India, 1950 (“Constitution”) provides that all citizens have the right to freedom of speech and expression. However, these fundamental rights are not absolute in nature and Article 19(2) of the Constitution imposes reasonable restrictions in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality or in relation to contempt of court, defamation or incitement to an offence.

Over the years, the judiciary in India has usually scuttled all attempts to hinder this invaluable right of freedom of speech and expression. However, they have simultaneously emphasized that the Constitution does not confer an absolute right to speak or publish, without responsibility. It is not an unrestricted or unbridled license that gives immunity for every possible use of language and provides punishments for those who abuse this freedom.


The act of censorship involves the suppression of speech or other public communication which may be considered objectionable, harmful, sensitive, or inconvenient as determined by a government, media outlet, or other controlling body. While censorship of online content is imperative to prevent obscene, indecent, defamatory and disparaging information being made available on the internet, imposition of unreasonable restrictions will be violative of the fundamental right to freedom of speech and expression.

In December 2011, India’s Union Communications and Information Technology minister Kapil Sibal had instructed internet service providers and social media giants including Google, Facebook, Microsoft and Yahoo amongst others to pre-censor online content uploaded by their users.

This move by the Government of India led to widespread dissent and condemnation in the country. The Government later issued a clarification stating that it was committed to freedom of speech and expression and would not take any steps in violation of this fundamental right.


While pre-censorship of mass media has been held to be constitutionally valid by the Supreme Court in the past, the apex court has also observed, in L.I.C. of India vs. Prof. Manubhai D. Shah, (1992) 3 SCC 637, that to stifle, suffocate or gag the fundamental right of free speech and expression would sound a death-knell to democracy and would help usher in autocracy or dictatorship.

The judiciary in the recent case of R. Karthikeyan v. Union of India, W.P. No. 20344 of 2009, a decision rendered by the Madras High Court on April 01, 2010 and in the case of Janhit Manch and Others v. Union of India, PIL No. 155 of 2009, rendered by the Mumbai High Court on March 03, 2010 ruled against the blocking of websites. They refused to direct the Government to take proactive steps to curb access to and police online content, stating that this would place an excessive burden on the right to freedom of speech and expression enshrined under Article 19(1)(a) of the Constitution.

In Secretary, Ministry of Information and Broadcasting, Govt. of India and others v. Cricket Association of Bengal and others, (1995) 2 SCC 161, the Supreme Court of India held –

For ensuring the free speech right of the citizens of this country, it is necessary that the citizens have the benefit of plurality of views and a range of opinions on all public issues. A successful democracy posits an ‘aware’ citizenry. Diversity of opinions, views, ideas and ideologies is essential to enable the citizens to arrive at informed judgment on all issues touching them. This cannot be provided by a medium controlled by a monopoly – whether the monopoly is of the State or any other individual, group or organisation.

The Supreme Court has held that the words ‘freedom of speech and expression’ must therefore be broadly construed to include the freedom to circulate one’s views by words of mouth or in writing or through audio-visual instrumentalities. It includes the right to propagate one’s views through the print media or through any other communication channel, L.I.C. of India vs. Prof. Manubhai D. Shah (1992) 3 SCC 637.


In April 2011, the Government of India notified the Information Technology (Intermediaries Guidelines) Rules 2011 (“Intermediaries Rules”) that prescribe, amongst other things, guidelines for administration of takedowns by intermediaries. An intermediary has been defined under Section 2(w) of the Information Technology Act, 2000 (“IT Act”) as any person who on behalf of another person receives, stores or transmits an electronic record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.

Social networking platforms like Facebook, Twitter, search engines like Google and Yahoo, all of which have revolutionised the online space are included within this definition.

The Intermediaries Rules provide for the standard of due diligence to be exercised by intermediaries, in order to be eligible for an exemption from liability for content hosted on such intermediaries’ websites, in terms of Section 79 of the IT Act, which provides:

“For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.

Explanation – For the purposes of this section –

“network service provider” means an intermediary.

“third party information” means any information dealt with by a network service provider in his capacity as an intermediary.

However, the IT Act also limits the liability of these intermediaries under Section 79 of the IT Act, which states that an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him if the intermediary exercises due diligence while discharging his duties under the IT Act and also observes such other guidelines as the Central Government may prescribe.

As per the Intermediaries Rules, the intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature, about any objectionable information as mentioned above, shall act within thirty-six hours and where applicable, work with the user or owner of such information to disable such information that is in contravention.

Therefore, the Intermediaries Rules casts the onus of the intermediary to censor all material and information to be hosted and made available by them.

The Central Government can also block content under Section 69A of the IT Act. The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 lays down the procedures, guidelines for blocking of the website or information generated, transmitted via internet for the general public.


The right to privacy has been interpreted as an unarticulated fundamental right under the Constitution. Privacy rights are protected under Article 21 of the Constitution. Article 21 states that no one shall be deprived of his life or personal liberty except by procedure established by law and this procedure must be reasonable, fair and just and not arbitrary, whimsical or fanciful.

Indian Courts upheld the right to privacy under Article 21 in the landmark case of Kharak Singh v. State of Uttar Pradesh, AIR 1963 SC 1295, where the Supreme Court held that the right of privacy falls within the scope of Article 21 and observed that the expression “right to life” was not limited to bodily restraint or confinement to prison only but something more than mere animal existence. In this case, the Petitioner was charged in a case of dacoity but was subsequently released as there was no evidence found against him. Thereafter, he was subjected to surveillance under U.P. Police regulations, wherein the police constables used to enter his house during night hours and thereby disturb him. The Supreme Court held that the U.P. Police regulations which authorizes domiciliary visits is void and unconstitutional and upheld the right to privacy of the Petitioner.

Since the concept of privacy is closely connected to data protection, in 2011, the Government of India also notified the “Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011” (“Privacy Rules”) under Section 43-A of the IT Act. The Privacy Rules establish the standard of security practices and procedures to be observed by data collectors, and provides for the protection of the privacy of users disclosing data.

The Privacy Rules state that prior permission of the provider of information has to be obtained by the body corporate before disclosure is made to a third party and any third party receiving such information is not entitled to disclose it further.

However, they shall be obliged to share such information without obtaining prior consent from the provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences.

While some may argue that because of the above mentioned exception, the Privacy Rules exempt the Government from its obligations, it must be pointed out that the legislation simultaneously also provides safeguards for this right. During the exercise of this exception, the Government agency is required to send a request in writing to the body corporate possessing such sensitive personal data or information stating clearly the purpose of seeking such information. The Government agency is also under an obligation to state that the information so obtained will not be published or shared with any other person.

Social media has been facing a lot of criticism by the governmental authorities in India lately. While some of the actions of the government may be politically motivated, others are because there are a plethora of laws in India that cover a vast variety of issues. Many of these are so ambiguous in nature that any content put up by the social media will get affected by these laws. Some of the laws that may be of concern are as follows –

The Indecent Representation of Women (Prohibition) Act, 1986

This legislation prohibits the “indecent representation of women” through advertisements, or in publications, writings, paintings, figures, or in any other manner. It defines “indecent representation of women” as depiction in any manner of the figure of a woman; her form or body or any part thereof in such way as to have the effect of being indecent, or derogatory to, or denigrating women, or is likely to deprave, corrupt or injure the public morality or morals.

Warnings by the government to social media sites like Facebook and YouTube, court notice to Bollywood actors and cricketers for indecent dancing at the cricket IPL in April 2012, Indian MPs proposing a ban on indecent representation of women on television at a discussion in the Indian Parliament are some incidents in the social media where indecent portrayal of women has been condemned.

The Indian Penal Code, 1860

The Indian Penal Code contains provisions dealing with sedition, obscenity, blasphemy, and defamation, which may be used to sanction those who generate and circulate objectionable content.

The Emblems and Names (Prevention of Improper Use) Act, 1950

This legislation prevents the improper use of certain emblems and names for professional and commercial purposes. It states that no person can use, or continue to use, for the purpose of any trade, business, calling or profession, or in the title of any patent, or in any trade mark or design, any name or emblem or any colourable imitation thereof without the previous permission of the Central Government.

The Prevention of Insults to National Honour Act, 1971

The legislation states that whoever in any public place or in any other place within public view burns, mutilates, defaces, defiles, disfigures, destroys, tramples upon or otherwise shows disrespect to or brings into contempt (whether by words, either spoken or written, or by acts) the Indian National Flag or the Constitution of India or any part thereof shall be liable to imprisonment.


Recent debates on internet censorship in India have focused on the allegedly free for all nature of the internet. There is no doubt that the above mentioned Indian laws prevail on the internet space as well and grants us our constitutional right to free speech and expression but with reasonable restrictions. While some may argue that the current mechanism of internet censorship in India is draconian and unconstitutional, they should also keep in mind that the internet should not be misused for their own private interests, which may be detrimental to the interests of others or the country as a whole. This dichotomy between rights of the people and the statutes in force has to be resolved by way of a harmonious interpretation of the provisions of these statutes. The government and the judiciary should take steps to provide clarifications to remove ambiguity in the above mentioned legislations, to prevent conflicting interpretations by different sections to suit their selfish motives.

Probir Roy Chowdhury is a Senior Associate and Garima Jhunjhunwala is an Associate with J. Sagar Associates, Bangalore. Their practice areas include work in the technology and education sector in India. They may be contacted at and



By Probir Roy Chowdury and Garima Jhunjhunwala