Am I an intermediary? Is my liability unlimited? What are my liabilities.
With rising market share of e-commerce platforms these questions are ringing bell in the corridors of Industry and Indian Legal System. These questions are being asked, debated and answered in various forums, at industry level and in Courts. The stakeholders to this technological revolution are thinking loud more about “regulation” and less about “facilitation”.
Let’s examine basic legal principles regulating the e-commerce, especially the marketplace model. To start with there are two kinds of marketplace in India, one is marketplace model of e-commerce and other is inventory based model of e-commerce.
Reserve Bank of India in its Master Direction dated 4-Jan-2018 issued notifications under Sections 10(4) and 11(1) of the Foreign Exchange Management Act, 1999 defining e-commerce. E-commerce is buying and selling of goods and services including digital products over digital & electronic network and E-commerce entity are the entities conducting the e-commerce business such as 1) a company incorporated under the Companies Act, 1956 or the Companies Act, 2013 or 2) a foreign company covered under section 2 (42) of the Companies Act, 2013 or 3) an office, branch or agency in India owned or controlled by a person resident outside India. Inventory based model of e-commerce’ means an e-commerce activity where inventory of goods and services is owned by e-commerce entity and is sold to the consumers directly. Market place model of e-commerce means providing of an information technology platform by an e-commerce entity on a digital & electronic network to act as a facilitator between buyer and seller.
In furtherance of directions issued by Reserve Bank of India, Department of Industrial Policy and Promotion Ministry of Commerce and Industry Government of India issued Consolidated FDI Policy (Effective from August 28, 2017) which adopted the definitions postulated by RBI in its Master Directions dated 4-Jan-2018.
Most of the e-commerce platforms follow the pattern of marketplace model and act as an intermediary as defined under Information Technology Act, 2000 (IT Act 2000). As per Section 2 (w) of IT Act, Intermediary is defined as - “with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes.” The definition of intermediary in itself included online-marketplace and the responsibilities of Intermediaries are also defined under the IT Act.
As per section 67C of IT Act, Intermediary is required to preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe and any intermediary who intentionally or knowingly contravenes this provisions shall be punished with an imprisonment for a term which may extend to three years and also be liable to fine. As per 69 (3) of the IT Act the intermediary when called upon by any agency, is required to extend all facilities and technical assistance to provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information or intercept, monitor, or decrypt the information, as the case may be; or provide information stored in computer resource and the failure to assist the agency rshall be punished with imprisonment for a term which may extend to seven years and shall also be liable to fine. As per Section 69A the IT Act Central Government may issue directions for blocking for public access of any information through any computer resource and the intermediary who fails to comply with the direction shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.
The IT Act 2000 also provides for safe harbour to the intermediaries. The intermediaries are exemption from liability in certain cases. The exemption from liability has been incorporated in Section 79 of the IT Act. The Section 79 is a non-obstante clause, meaning thereby it shall have overriding effect to certain provisions over some contrary provisions that may be found either in the same enactment or some other enactment. As per Section 79 the intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him. The exemption is available only if– (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or (b) the intermediary does not– (i) initiate the transmission, (ii) select the receiver of the transmission, and (iii) select or modify the information contained in the transmission and (c) the intermediary observes due diligence while discharging his duties under this Act and also observes such other guidelines as the Central Government may prescribe in this behalf.
In furtherance of the mandate under Section 79 (2) of the Information Technology Act, 2000 the Central Government notified Information Technology (Intermediaries guidelines) Rules, 2011 (IT Rules 2011). Rule 3 of IT Rules 2011 provides for Due Diligence to be adopted by the Intermediaries. The due diligence includes that:
(2) Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that — a) belongs to another person and to which the user does not have any right to; b) is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another's privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever; c) harm minors in any way; d) infringes any patent, trademark, copyright or other proprietary rights; (e) violates any law for the time being in force; e) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature; f) impersonate another person; h) contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource; i) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation
(3) The intermediary shall not knowingly host or publish any information or shall not initiate the transmission, select the receiver of transmission, and select or modify the information contained in the transmission as specified in sub-rule (2): provided that the following actions by an intermediary shall not amount to hosing, publishing, editing or storing of any such information as specified in sub-rule: (2) — (a) temporary or transient or intermediate storage of information automatically within the computer resource as an intrinsic feature of such computer resource, involving no exercise of any human editorial control, for onward transmission or communication to another computer resource; (b) removal of access to any information, data or communication link by an intermediary after such information, data or communication link comes to the actual knowledge of a person authorised by the intermediary pursuant to any order or direction as per the provisions of the Act;
(4) The intermediary, on whose computer system the information is stored or hosted or published, upon obtaining knowledge by itself or been brought to actual knowledge by an affected person in writing or through email signed with electronic signature about any such information as mentioned in sub-rule (2) above, shall act within thirty six hours and where applicable, work with user or owner of such information to disable such information that is in contravention of sub-rule (2). Further the intermediary shall preserve such information and associated records for at least ninety days for investigation purposes,
(6) The intermediary shall strictly follow the provisions of the Act or any other laws for the time being in force.
(7) When required by lawful order, the intermediary shall provide information or any such assistance to Government Agencies who are lawfully authorised for investigative, protective, cyber security activity. The information or any such assistance shall be provided for the purpose of verification of identity, or for prevention, detection, investigation, prosecution, cyber security incidents and punishment of offences under any law for the time being in force, on a request in writing staling clearly the purpose of seeking such information or any such assistance.
(8) The intermediary shall take all reasonable measures to secure its computer resource and information contained therein following the reasonable security practices and procedures as prescribed in the Information Technology (Reasonable security practices and procedures and sensitive personal Information) Rules, 2011.
(9) The intermediary shall report cyber security incidents and also share cyber security incidents related information with the Indian Computer Emergency Response Team.
(10) The intermediary shall not knowingly deploy or install or modify the technical configuration of computer resource or become party to any such act which may change or has the potential to change the normal course of operation of the computer resource than what it is supposed to "perform thereby circumventing any law for the time being in force: provided that the intermediary may develop, produce, distribute or employ technological means for the sole purpose of performing the acts of securing the computer resource and information contained therein.
(11) The intermediary shall publish on its website the name of the Grievance Officer and his contact details as well as mechanism by which users or any victim who suffers as a result of access or usage of computer resource by any person in violation of rule 3 can notify their complaints against such access or usage of computer resource of the intermediary or other matters pertaining to the computer resources made available by it. The Grievance Officer shall redress the complaints within one month from the date of receipt of complaint.
Section 79 of IT Act also provides that the exemption shall not be available to intermediaries if the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
E-commerce being new age business model and with growing access of internet, the business transaction through e-commerce marketplaces has increased in many fold. There has been many instances where the intermediaries has been sues for alleged violation of various laws of the land. The most frequent legal battle is hovering around allegations for violation of the Intellectual Property Rights. As we know that counterfeiting is a global menace and India is not untouched as its one of fastest growing consumer market. The cases of IPR violation include cases of alleged counterfeit and parallel import. For IPR related issues the intermediaries are facing double prosecution; one by the brand owners as they treat online marketplace as a shopkeeper selling counterfeit goods and they sue for violation of their IPR and on other hand the customers think allege that the online marketplace has sold spurious goods and file criminal complaint before Police Authorities and Criminal Courts.
With increase in legal cases related to alleged sale of infringing goods, Courts have passed orders on the basis the facts of individual case and we see light at end of the tunnel, so far as intermediary liability is concerned.
Let’s review few of the most relevant Court Judgments, outlining basic concept of intermediary liability and exemption available to them under IT Act.
In the matter is Shreya Singha vs Union of India (Writ Petition (Criminal) No.167 of 2012, dated 24 March, 2015, Hon’ble Supreme Court tested various provisions of IT Act 2000 and IT Rules vis-à-vis Article 19 (1) (g) of Constitution of India. The Apex Court uphold the immunity granted to Intermediaries under Section 79 of the IT Act. The Supreme Court observed that:
“117. Section 79(3)(b) has to be read down to mean that the intermediary upon receiving actual knowledge that a court order has been passed asking it to expeditiously remove or disable access to certain material must then fail to expeditiously remove or disable access to that material. This is for the reason that otherwise it would be very difficult for intermediaries like Google, Facebook etc. to act when millions of requests are made and the intermediary is then to judge as to which of such requests are legitimate and which are not. We have been informed that in other countries worldwide this view has gained acceptance, Argentina being in the forefront. Also, the Court order and/or the notification by the appropriate Government or its agency must strictly conform to the subject matters laid down in Article 19(2). Unlawful acts beyond what is laid down in Article 19(2) obviously cannot form any part of Section 79. With these two caveats, we refrain from striking down Section 79(3)(b).”
Finally the Apex Court concluded that “Section 79 is valid subject to Section 79(3)(b) being read down to mean that an intermediary upon receiving actual knowledge from a court order or on being notified by the appropriate government or its agency that unlawful acts relatable to Article 19(2) are going to be committed then fails to expeditiously remove or disable access to such material. Similarly, the Information Technology "Intermediary Guidelines" Rules, 2011 are valid subject to Rule 3 sub-rule (4) being read down in the same manner as indicated in the judgment.”
This observation of Apex Court still holds as law and is followed by the Courts of India. In case of Myspace INC. vs Super Cassettes Industries Ltd, FAO(OS) 540/2011 on 23 December, 2016, Division Bench of Hon’ble Delhi High Court set aside the injunction granted by Ld. Sigle Judge and opined on various aspects of online marketplace.
In its Judgment the Apex Court discussed and answered three broad questions: first - whether MySpace could be said to have knowledge of infringement as to attract Section 51(a)(ii) and consequent liability; Second - does proviso to Section 81 override the "safe harbor" granted to intermediaries under Section 79 of the IT Act; third - possibility of harmonious reading of Sections 79and 81 of the IT Act and Section 51 of the Copyright Act.
One most important contention discussed in the Judgment was “knowledge” threshold for the intermediaries. The Court observed that it becomes even more important for a brand owner to provide a specific titles, because while an intermediary may remove the content fearing liability and damages, an authorized individual’s license and right to fair use will suffer or stand negated. In other words, an indiscriminate and blind acceptance of requests to run a general filter and "take down" all content would result in grave damage and result in likely multifarious disputes with up-loaders, many of whom are original creators in their own right and might have used a miniscule quantum of the copyrighted content in "adaptation" which is defined as "(iv) in relation to a musical work, any arrangement or transcription of the work" in the Copyright Act. The court further held that “in the context of the prima facie conclusion that there was no direct infringement by MySpace, the finding by the single judge of constructive knowledge and "secondary" infringement, is incongruous and not tenable. For the foregoing reasons, this court concludes that prima facie there was no knowledge on the part of MySpace, with respect to allegations of infringement of the plaintiff-SCIL’s works.” The Court also discussed the international laws and regulations related to “safe harbour” provisions available to intermediaries.
On the aspect of interpretation of Section 79 of IT Act vis-à-vis Section 51 of Copyright Act, the Court opined that Section 79 grants a measured privilege to an intermediary. However, that would not mean that the rights guaranteed under the Copyright Act are in any manner curtailed. All Section 79 does is regulates the liability in respect of intermediaries while the Copyright Act grants and controls rights of a copyright owner. Under the circumstances, it is difficult to conceive how one would pose a barrier in the applicability of the other. The true intent of Section 79 is to ensure that in terms of globally accepted standards of intermediary liabilities and to further digital trade and economy, an intermediary is granted certain protections. Section 79 is neither an enforcement provision nor does it list out any penal consequences for non-compliance. It sets up a scheme where intermediaries have to follow certain minimum standards to avoid liability; it provides for an affirmative defence and not a blanket immunity from liability.
Upholding the principles of “Actual knowledge” the Court observed that given the supplementary nature of the provisions- one where infringement is defined and traditional copyrights are guaranteed and the other where digital economy and newer technologies have been kept in mind, the only logical and harmonious manner to interpret the law would be to read them together. Not doing so would lead to an undesirable situation where intermediaries would be held liable irrespective of their due diligence. By acting as mere facilitators and despite complying with legal norms, intermediaries can attract great liability, for no fault of theirs which in the long run would not only discourage investment, research and development in the Internet sector but also in turn harm the digital economy- an economy which is currently growing at a tremendous pace and without which life could potentially come to a standstill. Surely, such a consequence was not intended by Parliament, which mindful of techno- legal developments around the world created for safe harbor provisions. Another aspect is the manner how Internet is accessed. If a strict regime is implemented with respect to intermediary liability, such intermediaries could conveniently migrate to a location where data protection laws are not as rigorous and the content would still be accessible. Under such circumstances while the economic loss is one aspect, it would become near impossible to trace intermediaries to take down content. The court further noted that to attribute knowledge to the intermediary industry would mostly likely lead to its shutdown, especially where content is of this magnitude and size. Closure of website and business would inevitably follow, for instance, if messenger services like Whatsapp or social media portals like Facebook or Twitter, (given the number of users registered with these service providers as well as the volume of information being broadcasted/ "forwarded"), were held liable for each infringement. The greater evil is where a private organization without authorization would by requirement be allowed to view and police content and remove that content which in its opinion would invite liability, resulting in a gross violation of the fundamental right to privacy.
Following the postulates of law laid down by Apex Court in the judgment of Shreya Singhal, Delhi High Court ruled that in the case of copyright laws it is sufficient that the intermediary receives specific knowledge of the infringing works in the format provided for in its website from the content owner without the necessity of a court order, and take down those infringing content.
The directions passed in the Judgment of Myspace are summarised as - (a) Sections 79 and 81 of the IT Act and Section 51(a)(ii) of the Copyright Act have to be read harmoniously. Accordingly, it is held that proviso to Section 81 does not preclude the affirmative defence of safe harbor for an intermediary in case of copyright actions, (b) Section 51(a)(ii), in the case of internet intermediaries contemplates actual knowledge and not general awareness. Additionally, to impose liability on an intermediary, conditions under Section 79 of the IT Act have to be fulfilled and (c) In case of Internet intermediaries, interim relief has to be specific and must point to the actual content, which is being infringed.
In one of the most recent judgments, Hon’ble Delhi High Court has limited liabilities of Intermediaries. In the matter of Kent Ro Systems Ltd & Anr Versus Amit Kotak & Ors [CS(COMM) 1655/2016], on 18th January, 2017, the Court ruled that “30. To hold that an intermediary, before posting any information on its computer resources is required to satisfy itself that the same does not infringe the intellectual property rights of any person, would amount to converting the intermediary into a body to determine whether there is any infringement of intellectual property rights or not. All persons claiming any intellectual property rights will then, intimate the intermediaries of their claims and the intermediaries then, before hosting any material on their computer resources would be required to test the material vis-a-vis all such claims lodged with them, else would be liable for infringement”. The Court went on observing that “35. Just like the counsel for the plaintiffs states that the plaintiffs cannot be vigilant at all time, similarly the defendant no.2 intermediary cannot be expected to exercise such vigilance. Moreover the question, whether a intellectual property right has been infringed or not is more often than not a technical question with which the Courts steeped in law also struggle and nothing in the IT Act and the IT Rules requires an intermediary, after having been once notified of the Intellectual Property Rights, not allow anyone else to host on its portal infringing goods/matter. The intermediaries are not possessed of the prowess in this respect.” And also that “40. I am further of the view that had the intention of the Legislature been to require the intermediaries as the defendant no.2 eBay herein to be vigilant as the plaintiff reads the IT Act and the Rules to require it to be, the Legislature would have merely observed that the intermediary will not permit to be hosted on its website any information infringing intellectual property rights of any other person if such person had informed the intermediary of the same. However the Legislature has not done so and has required the intermediaries as the defendant no.2 to only declare to all its users its policy in this regard and advise them not to host any infringing information on the website of the intermediary and to on receipt of complaint remove the same within 36 hours.”
The Court took analogy of intermediary of intermediary with a immovable property in which a newspaper publishes the infringing content. The Court observed that “41. During the hearing I had also enquired from the counsel for the plaintiffs whether not the position of an intermediary is the same as the position of an owner of immoveable property or of publisher of a newspaper or magazine in physical form and that whether an owner of immoveable property can be required to keep vigilance that the person allowed by him to use the property does not while so using infringes the intellectual property rights of any other person or to while allowing advertisements to be published in its newspaper and magazine keep vigilance that the contents of the advertisement do not infringe the intellectual property rights of any person. No provision of law requiring owners of immoveable property or publishers of newspapers and magazines to maintain such vigilance was shown. 42. I am of the view that to require an intermediary to do such screening would be an unreasonable interference with the rights of the intermediary to carry on its business.”
Intermediary is liable:
In the matter of Christian Louboutin SAS Vs Nakul Bajaj & ORS, CS (COMM) 344/2018, on 2-Nov- 2018, Single Bench of Hon’ble Delhi High Court held that, www.darveys.com cannot be termed as an intermediary that is entitled to protection under Section 79 of the IT Act. The Court observed that for illustration purpose, any online market place or e-commerce website, which allows storing of counterfeit goods, would be falsifying the mark. Any service provider, who uses the mark in an invoice thereby giving the impression that the counterfeit product is a genuine product, is also falsifying the mark. Displaying advertisements of the mark on the website so as to promote counterfeit products would constitute falsification. Enclosing a counterfeit product with its own packaging and selling the same or offering for sale would also amount to falsification. All these acts would aid the infringement or falsification and would therefore bring the e-commerce platform or online market place outside the exemption provided under Section 79 of the IT Act. In the world of e-commerce, IP owners face challenging times. This is because sellers of counterfeit or infringing products seek shelter behind the platform's legitimacy, like in the case of Darveys.com. Darveys.com is involved in the promotion and sale of luxury products. The seller is located on a foreign shore. It is not even clear as to whether the seller is in fact selling a genuine product. As stated above, Darveys.com promotes the products to its members who sign up on Darveys.com. Without becoming a member, one cannot effect a purchase on Darveys.com. In such cases giving exemptions of Section 79 would in fact amount to legalizing the infringing activity. The seller is not known, the person from whom the seller purchases the goods is not known. It is also not known if the product is genuine, though Darveys.com represents to be same to be genuine. The judgment has not yet been challenged in the appellate court.
Recently Hon’ble Delhi High Court uphold the principles laid down in the Judgments of Shreya Singhal and Myspace and modified/clarified the orders passed in various legal proceedings. On such instance was the orders passed in the matter of Clues Network wherein on 4-April-2019, Division Bench of Delhi High Court set aside the direction issued by Ld. Single Judge requiring the online marketplace to obtain certificate and guarantee of genuineness from sellers before allowing them to sale on the platform and to obtain a certificate from the sellers that the goods are genuine, etc. However, the Division Bench directed that the online marketplace would not, on the website, guarantee or state that all products are 100% genuine. It shall also remove and not display/sell any products which are termed as ‘replica’. The judgment passed in the matter ofChristian Louboutin SAS was relied upon by the Ld. Single Judge in the matter of Clues Network.
In recent cases, the Courts have passed various interim orders requiring the intermediary to take down the infringing content(s) hosted on the online marketplace, only on specific knowledge received from the brand owner and that seems to be a way forward to balance the legitimate right of trade of intermediaries and the proprietary rights of the brand owners. Only time will tell how the Courts are going to interpret the liabilities of intermediaries which will ultimately require adjudication that the intermediary has conspired or abetted or aided or induced in commission of the lawful act.