Tag: cybercrimes

Liabilities of WhatsApp group admins: A critical legal analysis from Indian legal perspectives by Dr.Debarati Halder

picture courtesy : Internet

Over the years we have witnessed gradual development of internet and digital communication technology and rapid over flow of users of the same who may or may not know the digital socio-legal culture. This internet and digital communication technology that I have mentioned here, primary includes WhatsApp. When this platform started becoming popular in India since 2014-15 onwards, it also became popular platform to form opinions, disseminate news including fake news, harassing remarks for group members and other individuals who may not be group members but may be known to one or other group members. Soon Indian users could get connected with users from other jurisdictions through WhatsApp and the groups formed on the basis of WhatsApp became better connected than networks of people connected on Offline. Consider groups like law teachers’ groups, or groups formed on the basis of common interest like terrace gardeners, animal lovers, theological groups, chartered public vehicle commuters’ groups, health service providers groups etc.: members did not necessarily stay in the same locality, did not work in the same organization or may not speak the same vernacular language. But what bonded them was their common interest. This was some thing more popular than Facebook which was ruling internet during 2012-18 era. Slowly WhatsApp became more popular with specific service people like the IPS or IAS association (non official groups) and judicial officers’ groups. The popularity grew because individuals could actually control who would view their opinion and images that may have been ‘consensually’ shared by the members. It must not be however forgotten that WhatsApp has also notoriously become a platform for several online crimes including crimes against State, against individuals, cybercrimes against women[1] and children,[2] economic crimes,[3] cyber terrorism[4] etc.

Understanding stronger confidentiality setup of WhatsApp, soon workplaces and schools also started their own WhatsApp groups. Presently almost all organizations, schools and educational institutes have their respective division /unit/team-based WhatsApp groups. Some of these groups are moderated and monitored by senior members of the organization or the HR department member or the creator of the group or teachers (in case they are the creators/members of the said groups). The bright side of the story is, people can get the necessary information in their hand phones (which may include WhatsApp services) and they may not necessarily look into their mails unless it is for immediate verification necessity.  Mails now have become more official and WhatsApp groups are more personal. The negative aspect is quick circulation of offensive, harassing and unwanted contents.

Here comes the question of liabilities of three groups especially regarding creation, publication and circulation of offensive and unwanted contents. These liabilities may vary according to the age of the creators/publishers/circulators and position of the creators/publishers/circulators. ‘Position’ here necessarily means the website who is hosting the communication, the admin who is moderating or who may have created the group and general members who may be the creators/publishers/circulators of the content.  This three groups are as follows:

Let me first start with the website. WhatsApp as the web platform of the communications or Facebook as the parent company facilitating WhatsApp, may seek their excuse from any legal tangle in case of creation, circulation, publication of any offensive contents by virtue of Due Diligence clause which they exercise in almost cases of creation/circulation/publication of contents which are offensive. For this purpose, we need to understand the Indian version of Due Diligence law which can be found in S.79 of the Information Technology Act, 2000(amended in2008); the first two subclauses address the points which may be used by the websites. To summaries:

Websites or intermediaries who provide services including web hosting services, search engines etc (as per S.(w) of the Information technology Act, 2000(amended in 2008), may not be liable for any third-party activities carried out on their web platforms if such activity (which includes creation/publication/circulation etc. of any offensive, harassing etc. contents) is not initiated by the website, the website dies not select the receiver of the transmission and the website does not select or modify the information contained in the transmission. The website or the intermediary will also be excused from the third party liability in case the same has practiced due diligence as per the laws, rules and guidance as has been mandated by the Indian government. These Rules are mentioned in Information Technology (Intermediaries guidelines) Rules, 2011, which have further been suggested for amendment. [5] As such, these Rules include the following responsibilities of the intermediary or the web platform:

  • Publishing of Rules, regulations, privacy policies and user agreements which will clearly make the user understand that posting/transmission of/uploading/modification  etc of contents which may be grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;  harm minors in any way;  infringes any patent, trademark, copyright or other proprietary rights;  violates any law for the time being in force;  deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature; impersonates another person;  contains software viruses or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer resource; threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order, or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation. threatens public health or safety; promotion of cigarettes or any other tobacco products or consumption of intoxicant including alcohol and Electronic Nicotine Delivery System (ENDS) & like products that enable nicotine delivery except for the purpose & in the manner and to the extent, as may be approved under the Drugs and Cosmetics Act, 1940 and Rules made thereunder; (k) threatens critical information infrastructure.
  • Provide all support to the criminal justice machinery to disclose incidences of cyber security, the identity and all other relevant details of the harasser/originator of the offensive content.
  • Not to host/transmit/publish etc any information which the website management known to be illegal and offensive.
  • Provide periodic update on the policy of the web company related to users liabilities, rights and duties etc.
  • Take down reported content within considerable time of maximum 24 hours (as the draft Intermediary Guidelines (Amendment) Rules, 2018 indicates). [6]

In short, the web companies, intermediaries may not be directly liable for WhatsApp mess-ups that may be done by the individual users.

The second party which may attract the liability for publication/creation/circulation of any offensive content on the platform is the group admin. Now, let us first understand who are called as ‘group admins’:  WhatsApp provides certain features especially for group chats and this includes monitoring of the group by designated persons who are known as admins. Admins may not necessarily be the creators of the group. However, the latter may always remain as admin in spite of creation of multiple admins by him/her. Admins may have the power and authority to include and exclude members, block members, restrict the publication of comments[7] and create group policies which may be used to restrict a particular member/s in case of violation of the same.  Indian courts have in numbers of occasion, held that group admins may not be held liable for the activities of the members of the group in case the said admin had shown due diligence to restrict publication/circulation/creation of offensive comments.[8] This due diligence is however derived from the understanding of criminal law sanctions mixed with tortuous liabilities. For example, consider the followings:

  • If the group admin has not been made group admin consensually and he does not know the subject of discussion of the group, he may have a very narrow defence of being misled  by other admins/creator who forced him to join them in criminal activities like creation/publication/circulation of offensive contents which violate the existing laws of the Land.
  • If the group admin himself had not created/circulated any offensive content and had warned any user for not sharing/posting etc any content which is offensive, he may not be made liable for creating/sharing contents which may be offensive under any law if any member had even for some time (when the admin was not expected to watch/monitor the group) had posted/circulated some offensive content. But in such case, if the content falls in the category of child sexual abuse material which may be categorised under S.67B of the Information Technology Act, 2000(amended in 2008) or POCSO Act, the admin may not avail any excuse.
  • In case the group admin is a child, the question becomes tricky. If the group is specifically made by minors, the police, the prosecution and the court have to see who may have provided the basic assistance in accessing the web platform and the contents (including the offensive contents). Necessarily in such cases, courts may have to use the principles of vicarious liability because a child may not be eligible to own a SIM card unless an adult provides him the same. Here, the basic understandings of contract laws and age of maturity may be applied.[9] Now, let us see the case of the WhatsApp group of students of an elite school in Mumbai where minor students were discussing about child sexual abuse of their own female classmates:[10] parents may be made vicariously liable in such case, which actually did not take place, may be because here the parents of the accused children themselves alerted the school and restricted further violation of rights of those children who were targeted for the sexual fantasy of the adolescent boys. But here one needs to check whether personal information including images of the ‘victim children’ were disseminated unauthorizedly or not, or whether it was restricted only to the use of names. In both cases POCSO Act may be applied (in the latter case , Ss.11 (sexual harassment), 13(use of children for pornographic purposes) and S.14 (punishment for using children for pornographic purposes) of the POCSO Act may be narrowly applied.

However, if the group admin/s knowingly allow creation/circulation /publication of posts which may be offensive in nature, they may not get any excuse from the clutches law specifically made to punish the commitment of such acts like creation/circulation/dissemination of obscene images (S.67), sexually explicit contents (S.67A), voyeurism and sharing non-consensual images (S.66E of the Information Technology Act, 2000(amended in 2008) and S.354C of the Indian Penal Code, defamation (S.499, 500 Indian Penal Code), sharing information which has been restricted as seditious material under S.124A IPC or any other law which may restrict freedom of speech in the line of Article 19(2) of the Constitution of India, all of which may be read together with Ss.107 and 108 of the Indian Penal Code and S.84B of the Information Technology Act, 2000(amended din 2008)( laws related to abetment of offence ).

            Coming to the liability of the third group of users of WhatsApp, it may be seen that if a user/user create/publish/circulate any content which is offensive in nature, they may be liable as per the respective legal sanctions. However, the act of forwarding any content has also been considered as within the scope of defamation laws (under S.499/500 IPC ) or in case of online harassment of women and children, within the meaning of different kinds of offences recognised by law including voyeurism, stalking, non-consensual image sharing, indecent representation of women, child sexual abuse, grooming etc.

But the question larks on the issue of machine and artificial intelligence, which may make the admins responsible in case they may not be aware about the usage. For example, if the admin is a new user or not accustomed with the privacy and security features of WhatsApp, he may not be able to restrict certain ‘posts’ which may be published because of the machine intelligence: this may include certain words which the phone may suggest presuming the first few alphabets. He may neither be able to restrict a member which may have been suggested by the computer system of the platform and the device. Further, he might also not be able to remove certain posts which may have surfaced in the group due to resharing or forwarding by other members. Here, the group admin’s liability must be seen exclusively. Websites or intermediaries however would not be liable by virtue of the proviso clause of Rule 3 of the  Intermediary Guidelines Rules, 2011 (and also Amended draft version of 2018), which says  “……………….the following actions by an intermediary shall not amount to hosting, publishing, editing or storing of any such information as specified in subrule(2): (a) temporary or transient or intermediate storage of information automatically within the computer resource as an intrinsic feature of such computer resource, involving no exercise of any human editorial control, for onward transmission or communication to another computer resource; (b) removal of access to any information, data or communication link by an intermediary after such information, data or communication link comes to the actual knowledge of a person authorised by the intermediary pursuant to any order or direction as per the provisions of the Act.”           

As may be understood from the above, WhatsApp group admins therefore may not always claim to be immuned especially when they were aware of the group activities, they had not practiced due diligence from their side and they had published or forwarded offensive contents themselves for the wider circulation of the same.    


*Prof(Dr)Debarati Halder, LL.B.,  M.L., Ph.D(Law)(NLSIU) is the Managing Director (Hon) of Centre for Cyber Victim Counselling (www.cybervictims.org) .  She can be reached @debaratihalder@gmail.com

[1] See Halder D., & Jaishankar, K (2016.) Cyber crimes against women in India.

New Delhi: SAGE Publications. ISBN: 9789385985775 for understanding types of cyber crimes against women and laws.

[2] See Halder, D. (2018). Child Sexual Abuse and Protection Laws in India. New

Delhi: SAGE Publications. ISBN: 9789352806843, Halder D., & Jaishankar K. (2014). Patterns of Sexual Victimization of Children and Women in the Multipurpose Social Networking Sites. In C. Marcum and G. Higgins (Eds.), Social Networking as a Criminal Enterprise (pp. 129-143). Boca Raton, FL, USA: CRC Press, Taylor and Francis Group. ISBN 978-1-466-589797 for more understanding on types of cyber crimes against children.

[3] See for example, Kurowski, S., (2014). Using a whatsapp vulnerability for profiling individuals. In: Hühnlein, D. & Roßnagel, H. (Hrsg.), Open Identity Summit 2014. Bonn: Gesellschaft für Informatik e.V.. (S. 140-146). Available @ https://dl.gi.de/handle/20.500.12116/2633 Accesed on 21.01.2020

[4] See for example, Broadhurst, Roderic and Woodford-Smith, Hannah and Maxim, Donald and Sabol, Bianca and Orlando, Stephanie and Chapman-Schmidt, Ben and Alazab, Mamoun, Cyber Terrorism: Research Review: Research Report of the Australian National University Cybercrime Observatory for the Korean Institute of Criminology (June 30, 2017). Available at SSRN: https://ssrn.com/abstract=2984101 or http://dx.doi.org/10.2139/ssrn.2984101 Accessed on 20.01.2020

[5] By way of Intermediary Guidelines (Amendment) Rules, 2018

[6] The Intermediary Guidelines (Amendment) Rules, 2018 also mentions that if the intermediary has more than 50 fifty lakh users in India or is in the list of intermediaries specifically notified by the government of India, it shall:

(i) be a company incorporated under the Companies Act, 1956 or the Companies Act,2013;

(ii) have a permanent registered office in India with physical address; and

(iii) Appoint in India, a nodal person of contact and alternate senior designated

functionary, for 24×7 coordination with law enforcement agencies and officers to

ensure compliance to their orders/requisitions made in accordance with provisions

[7] For more understanding, see https://faq.whatsapp.com/en/android/26000118/?category=5245251 Accessed on 12.01.2020

[8] For example, see Ashish Bhalla vs Suresh Chawdhary & others, 2016. Accessed from http://delhihighcourt.nic.in/dhcqrydisp_o.asp?pn=242183&yr=2016 on 21.01.2020

[9] For understanding this, we need to see S.11 of the Indian Contract Act, which says minors, persons of unsound mind and persons disqualified by law may not be able to enter into any agreement.

[10] See India Today Webdesk. Schoolboys at posh Mumbai school talk about raping classmates, ‘gang bang’ in horrific WhatsApp chats. Available @https://www.indiatoday.in/india/story/mumbai-ib-school-students-whatsapp-chat-horror-1629343-2019-12-18 . Accessed on 21.01.2020