Comments on Draft Cyber Cafe Rules

Comments on the Information Technology (Guidelines for Cyber Cafe) Rules, 2011

1. Licensing vis-à-vis Registration

1.1. The Information Technology (Guidelines for Cyber Cafe) Rules, 2011 (hereinafter Draft Cyber Cafe Rules, 2011) which are sought to be formed contemplate for the mandatory registration of Cyber Cafes when they provide for in Rule 2(h) a “licensing authority” which, “means an agency designated by the appropriate government to issue licenses to cyber cafes for their operation”. Rule 3 further provides that, “appropriate government will notify an agency to issue licenses to cyber cafes”. This provision of mandatory licensing is strongly recommended for deletion since it will hamper the ongoing efforts to improve internet penetration in the country. Cyber Cafes constitute an important facility in non-metro cities and rural clusters where computer facilities are not routinely available. By making a mandatory licensing regime, the costs as well as the compliance issues will increase threatening the penetration of internet in rural and semi-rural areas.

1.2. Also under the existing powers of State Governments to make rules to govern Cyber cafes, out of the 4 states which have such rules, viz. Karnataka, Andhra Pradesh, Gujarat and Maharashtra; only Gujarat and Maharashtra require for the prior licensing of cyber cafes. Hence licensing should be seen as an exception rather than the rule with most states not even having rules regulating Cyber Cafes. In this respect most state governments already have local laws which are variations of the Shops and Establishments Act in compliance with which Cyber Cafes are allowed to function. By making compulsory licensing under the Draft Rules, there will be an added layer of regulation increasing the difficulty of opening a Cyber Cafe.

1.3. It is also highlighted that the rules at present do not provide for the conditions of such licensing and in the absence of such conditions onerous conditions may be imposed. It is suggested instead of licensing a compulsory registration procedure may be established for the operation of cyber cafe. The registration may be with regard to the proprietor of the establishment as well as the details of the establishment itself. This will impose a lower compliance cost on cyber cafes as well as ensure the operation of the Cyber Café Rules, 2011. In this regard an online registration may be followed up by a physical visit by a registration officer with each cyber café having its unique registration number.

2. Identification of Users

2.1. The provisions with regard to the identification of users are recommended to maintained in their present form however it is recommended that the provisions governing the access of children to cyber cafes, as provided under Rule 4(3) be omitted. The reason for this is children may not be carrying photo identity cards as well as being accompanied by a guardian may be onerous. It is also pointed out that Rule 4(3) mentions, “children” and not “minors” with the age being left undefined.

3. Log Register

3.1. The provisions with regard to maintenance of log registers are unduly onerous and it also poses substantial risks as to the privacy of cyber café users. When the visitor logs maintained as per Rule 5(1) are matched against the surfing history which is maintained under Rule 5(3), then it will provide substantial and sensitive personal information of cyber café visitors. Cyber Café visitors are occasional as well as regulars. In case of regular Cyber Café visitors such information which is gathered over a period of 6 months as contemplated under Rule 5(3), when aggregated will reveal a detailed surfing history of the visitor.

3.2. Further Rule 5(2) which contemplates the Cyber Café to prepare a monthly report of the log register and submit it to the licensing agency when coupled with Rule 7(1) which authorizes a police officer to inspect a cyber café and its records, renders a real likelihood of privacy invasion. To safeguard against this privacy harm there are no safeguards which are incorporated in the present rules beyond unwarranted disclosure to third parties. However, this is in complete violation of the right to privacy, interference with which is only allowed under a definite set of circumstances as laid down by Supreme Court dicta and the regulations formed under the IT Act as highlighted in Paras 4.3 to 4.5 on pages 6 and 7.

4. Physical Layout of the Cyber Cafe

4.1. Rule 6 which provides for the physical layout of the Cyber Cafe is contrary to liberal notions of privacy in shared spaces and is recommended for deletion. Rule 6(1) whereas requires the length of partitions of computer cubicles not to exceed four and a half feet, would render the online activity of any cyber cafe user open to unobstructed view of a person standing near the cubicle. In some settings it may even allow a person sitting on the next terminal to view the activity in the adjoining one.

4.2. This would certainly decrease the business of cyber cafes as India is a highly inquisitive society and there would be a constant fear of eavesdropping and leakage of information. Even routine emails or chats contain information of an incredibly personal nature and mandating the length of the partitions is similar to calling for an abolition of phone booths. Moreover, if the provisions on user logs are properly implemented there is no purpose which is served from moderating the expression of a cyber café user through the peering eyes and the quick judgment of strangers.

4.3. Rule 6(5) is also reccomdend for deletion as filtering software has not yet achieved precision and it causes the omission of legal content which may contain terms related to pornography, obscenity and/or terrorism. For instance, filtering software is liable to prevent results of academic research and literature when searching on topics which contain related terms to pornography, obscenity and/or terrorism. Moreover, the Hon’ble Bombay High Court in its Order dated 13.2.2002 in Writ Petition №1611 of 2001 has stated that site blocking without objective guidelines is not feasible or constitutionally maintainable.

The Information Technology (Guidelines for Cyber Cafe) Rules, 2011

[ipaper id=49453683]

Comments in PDF

[ipaper id=49727763 page=14]

Draft rules on Intermediary Liability released by the Ministry of IT (iltb.net)
India Plans to Tighten Rules for Cyber-cafes (pcworld.com)
CIS Para-wise Comments on Cyber Café Rules, 2011 (Center for Internet and Society)
How India’s Draft Cybercafe Rules Could Strangle Public Internet Access (Medianama)

Blog

Netflix Summoned by the MIB Over Controversial IC-814 Series

DOT releases Draft Rules under Telecommunications Act, 2023

MEITY to release draft DPDP rules for public consultation after Budget session

Impact of Broadcasting Bill, 2024 on Digital Communications and Media

A licence raj for digital content creators

News

Netflix Summoned by the MIB Over Controversial IC-814 Series

DOT releases Draft Rules under Telecommunications Act, 2023

MEITY to release draft DPDP rules for public consultation after Budget session

ET : Final Draft of the DPDP, Rules to be ready in two weeks

Nigeria FCCPC fines Meta $220 million for violating data laws