• Int’l report finds that SL oft. treats social media regulation as a nat’l security issue 

Social media regulation in Sri Lanka is often treated as a security issue, and security is often cited as a reason to implement actions to regulate users’ behaviour on social media. Taking ‘regulatory’ actions concerning social media and online behaviour on grounds of ‘national security’ or the larger public interest without justification or evidence is prevalent, even more so during times of unrest.

This observation was presented by an international report, which said that the rule of law, as examined through various indicators, reflects that there can be more concerted efforts in bringing about greater supremacy, transparency, and certainty in the law. It noted that self-regulation efforts in Sri Lanka are still at an early stage, and that it is hard to judge the impact. Titled ‘Social Media Regulation and the Rule of Law: Key Trends in Sri Lanka, India, and Bangladesh’, the report had been authored by the Centre for Communication Governance at the National Law University Delhi, LIRNEasia, and the BRAC University with guidance from Konrad-Adenauer-Stiftung.

“The scale, speed and reach of social media content are unprecedented and has placed current regulatory regimes at a crossroads. It is a good opportunity for South Asian States to gear their focus towards how upcoming regulations could enhance platform accountability and facilitate systemic changes in platform design and operation. An effective and democratic platform governance model should place the rights of citizens at the centre,” the report noted, adding that there is however a growing tendency of the States across the three countries in question to exert control over the online information ecosystem through various legislative developments.

Sri Lanka’s situation

The report explained that legal reforms concerning the online space were in progress in Sri Lanka at the time of developing the report.

With regard to the key mechanisms through which the dissemination of online information in Sri Lanka is governed, the report added that such actions demonstrate a trend of Government efforts directed at governing individual behaviour, through arrests or blocking access to social media content facilitated by the Internet Service Providers (ISPs), and not the platforms themselves.

“Social media regulation is often treated as a security issue, and security is often cited as a reason to implement actions to regulate users’ behaviour on social media. We observe from the text of the laws that they were not intended to regulate social media and/or cyber security. For example, the Computer Crime Act, which is a law concerning crimes using/affecting computers/computer systems, has been used in practice for social media regulation.”

Several laws – including the Computer Crime Act, the Mutual Assistance in Criminal Matters Act, the Electronic Transactions Act, the International Covenant on Civil and Political Rights (ICCPR) Act, Prevention of Terrorism (Temporary Provisions) Act (PTA), the Penal Code, the Police Ordinance, the Public Security Ordinance, the Personal Data Protection Act, and the Sri Lanka Telecommunications Act – have been used to govern online activities, including the use of social media. The report extensively discussed how these laws were used to govern the social media information ecosystem in various contexts such as the Easter Sunday attacks, the Covid-19 pandemic, and protests against the economic crisis in 2022.

In conclusion, the report added: “In practice, social media regulation often has a security component to it. This was especially visible in the actions taken to regulate social media in the aftermath of the Easter Sunday attacks, and the use of laws such as the PTA and the Emergency Regulations. These point towards a lack of legal certainty as to the laws, wherein the application of the laws for the regulation of social media remains wide-ranging from the Penal Code to the ICCPR Act. It is also worth noting that the application of the laws discussed above has come in for criticism. For instance, critics argue that the ICCPR Act has been applied selectively and arbitrarily, while others have warned of the adverse effects that arrests could have on the freedom of speech.”

Situation in SL, India, & B’desh

The report underscored that regulating the online information ecosystem is an important component of social media governance across all three jurisdictions. While Internet shutdowns, the criminalisation of online speech and law enforcement access to citizen information are being employed across the three countries, it said that Bangladesh and India have additionally developed mechanisms to block access to targeted content on social media through blocking orders to social media intermediaries. However, these mechanisms are absent in Sri Lanka at the time of developing the report.

“The mechanisms to control the flow of online information manifest as regulations directed to users and social media platforms and other Internet intermediaries. These consist of information and communications technology (ICT) regulation (including cyber security, data protection, and telecommunication regulation), intermediary liability frameworks, and key speech laws (mostly penal) which are used to regulate the flow of information in the three jurisdictions.”

Although all three countries regulate users through existing Penal provisions and online content based offences, when it comes to regulating social media platforms, while India and Bangladesh provide conditional exemptions from liability for third party content hosted by intermediaries, Sri Lanka lacks such an exemption framework. Noting this, the report said that Sri Lanka relies on licensing agreements with ISPs to block social media platforms in emergency cases.

It added: “It is also worth noting that in both India and Bangladesh, the safe harbour protections afforded to intermediaries is witnessing a trend of dilution over time. Although India imposes more extensive due diligence obligations at the moment, Sri Lanka and Bangladesh are also likely to follow a similar trend. Overall, an important trend witnessed in the regulation across the three jurisdictions is the centralisation of power with the Executive. The regulatory frameworks lack the necessary judicial and Parliamentary oversight mechanisms while issuing content takedown orders, Internet suspensions, and user data-related requests. Overbroad and vague language is used to codify speech-related offences and grounds for security exceptions. These factors contribute to a lack of transparency and accountability for Government actions.”

The report noted that social media platforms play a critical role across several national security and geopolitical fronts. It raised concerns that the indiscriminate use of security exceptions can however lead to overstepping critical human rights, including free speech and privacy. This subordination of individual rights to security can manifest in States exerting control on the flow of information through coercive regulation or informal cooperation with platforms while neglecting meaningful platform accountability, according to the report.

“Security exceptions can be misused by States to curb the legitimate expression of dissent through censorship and surveillance. Thus, it becomes imperative to institute procedural and substantive safeguards when balancing the security imperative against the fundamental rights of citizens.”

Recommendations

As per the report, some of the key rule of law related concerns highlighted, include wide and ambiguous Penal provisions, overbroad and vague security exceptions, the lack of adequate procedural safeguards such as the right to a hearing, reasoning, and notice, the lack of judicial and Parliamentary oversight, excessive Executive discretion and the centralisation of power, and the over-criminalisation of online speech and expression. It presented a number of recommendations to respond to these concerns.

With regard to limiting the scope of national security exceptions, it was explained that the States’ pursuit of national security objectives and citizens’ civil liberties have historically been at odds with one another, and that this juxtaposition of national security and human rights has also translated to social media regulation, where States often use national security imperatives to control the flow of information.

The report added: “From a rule of law perspective, in a democracy, an independent Judiciary performs the balancing of competing interests of national security and individual rights. Here, the onus lies on the Executive to establish the necessity of an exceptional action based on national security considerations. The three-part test has been used across jurisdictions to evaluate when the freedom of expression can be legitimately restricted – the restriction is provided by law, the grounds for the restriction are specific (respect for the rights or reputations of others, and for the protection of national security or of public order or of public health or morals), and the restriction is necessary to a democratic society and proportionate.”

It said that States can also take a cue from international developments to determine what can be considered legitimate, necessary and proportional national security exceptions. It pointed out the Johannesburg Principles on National Security, the Freedom of Expression, and Access to Information, which enumerates the categories of peaceful expression that cannot be restricted based on national security.

Regarding checks and balances for social media regulation, the report provided recommendations to strengthen the rule of law and engender greater accountability in legislation.

Discussing the criminalisation of online speech, the report said that criminalisation is not the best step to tackle speech related harms like disinformation/misinformation. It explained that the impact of employing often overly broad and vague criminal laws to counter harmful content can result in the overcriminalisation of speech, and that such laws impose disproportionate restrictions on users through misuse and arbitrary enforcement. In this context, the report said that overreliance on criminalisation measures does not address the systemic issues associated with harmful content, and that therefore, it is essential that an attempt is made to understand the context of the online information sharing ecosystem in future frameworks. 

When it comes to Internet shutdowns, the report noted that It is hard to justify the use of Internet shutdowns in democracies, given the blanket unencumbered power it provides to the State. “Nonetheless, if such shutdowns are being deployed by States, they must only be operationalised under the most exceptional circumstances, where the States can provide evidence that no other less restrictive option can suffice. This must ideally be subject to ex-ante, or at least ex-post, scrutiny by an independent Judiciary or any other adjudicatory authority. All such orders by the State must be publicly available, and the citizens must be free to challenge such orders in a court of law.”

Other recommendations included a multi-stakeholder approach to policy-making, regarding which it was proposed that legislation should be drafted following the due processes of democratic deliberation and transparent public consultation processes.