Non-Consensual Intimate Images (NCII) refer to sexual content distributed without the consent of the individuals depicted. NCII is a subset of Image-Based Sexual Abuse (IBSA), which also includes deep fakes, sextortion, and other abusive behaviours involving photos, images, videos, or created content.
NCII occurs when someone disseminates an intimate photo or video without consent. This is particularly harmful to victims, as they lose control over how and when these images are shared. Such content may have been captured without consent and can also be used to manipulate, blackmail, or threaten individuals, causing significant harm such as distress, humiliation, job loss, financial hardship etc.
Sharing unsolicited pictures or images of someone else without their permission is abusive and wrong. These images can be disseminated by strangers, friends, or acquaintances. In some cases, images may have been initially obtained with the survivor’s consent but later shared online without their permission.
If someone under the age of 18 years sends or receives an intimate image, it can be considered child pornography, leading to legal consequences. Images are sometimes shared publicly or privately with certain people, and sharing them without permission is a way to control someone and violate their right to privacy.
Proactive monitoring and curtailing the spread of NCII content are crucial to protect individuals from these harmful behaviours and ensure their privacy and dignity is maintained.
Non-Consensual Intimate Images (NCII) and Legal Framework
Non-Consensual Intimate Images (NCII) fall under the category of Cyber Harassment. Although NCII is not explicitly defined under the Information Technology Act, 2000 (IT Act) or its Rules, Rule 3(2)(b) of the IT Rules, 2021 (IT Rules) addresses NCII content. Additionally, Section 66E of the IT Act provides for punishment for violation of privacy.
In the landmark case of K.S. Puttaswamy v. Union of India (2017), the Hon’ble Supreme Court held that the right to privacy includes the right to informational privacy and the right to control personal data.
Furthermore, the Hon’ble Delhi High Court, in the case of Mrs. X vs. Union of India, issued extensive directions to enhance internet safety for users.
These directions have been issued to ensure that victims of Non-Consensual Intimate Images (NCII) are not repeatedly harassed and do not have to constantly approach authorities for the removal of their explicit images or content. The Court, in its conclusion provided the following directives and recommendations to the respective stakeholders:
a) Affidavit in a Sealed Cover: The petitioner must file an affidavit in a sealed cover along with the petition, identifying the specific audio, visual images, and keywords being complained about, in addition to the allegedly offending URLs. This is for the ex-facie determination of their illegality when approaching the Court for a takedown order in matters involving NCII content.
b) Immediate Registration of Formal Complaint by Police: Upon receiving information about NCII content, the Police must immediately register a formal complaint to initiate an investigation and bring the perpetrators to justice as soon as possible, preventing the repeated upload of unlawful content.
c) Sensitization of the Grievance Officer: The Grievance Officer, appointed by the intermediary to receive complaints from users or victims, must be appropriately sensitized.
d) Liberal Interpretation of NCII Definition: Intermediaries must interpret the definition of NCII abuse liberally to include sexual content obtained without consent and in violation of an individual’s privacy, as well as sexual content obtained and intended for private and confidential relationships.
e) Online Cybercrime Reporting Portal: The “Online Cybercrime Reporting Portal” available at “cybercrime.gov.in” must have a status tracker for the complainant, starting from the filing of a formal complaint to the removal of the offending content.
f) Display of Redressal Mechanisms on the Portal: The portal must specifically display the various redressal mechanisms that can be accessed.
g) The cybercrime.gov.in website should prominently display the contact details and addresses of each District Cyber Police Station. Each District Cyber Police Station must have an assigned officer to liaise with intermediaries against whom grievances have been raised by victims who have approached the Police. Efforts should be made to ensure that grievances are resolved within the timeframes stipulated under the IT Rules.
h) Each District Cyber Police Station must have an assigned officer to liaise with intermediaries against whom grievances have been raised by victims who have approached the Police. Efforts should be made to ensure that grievances are resolved within the timeframes stipulated under the IT Rules.
i) Intermediaries are directed to cooperate unconditionally and respond expeditiously to the Police, adhering to the timeframes outlined in the IT Rules.
j) A fully-functioning, round-the-clock helpline should be established for reporting NCII content. Operators and individuals manning this helpline must be sensitized to the nature of NCII content and must, under no circumstances, engage in victim-blaming or shaming.
k) Considering the impact of NCII content on victims’ mental health, these operators should also maintain a database of organizations with registered counselors, psychologists, and psychiatrists available for referral to victims.
l) To provide legal aid to victims if needed.
m) Search engines are required to use existing hash-matching technology.
n) Intermediaries must prominently display information about the reporting mechanism outlined in Rule 3(2)(c) of the IT Rules on their websites. It is crucial for users to be informed about this reporting process, and it is the intermediaries’ responsibility to ensure this awareness.
o) The deadlines specified in Rule 3 of the IT Rules must be adhered to strictly, with no exceptions.
p) Search engines cannot require victims to provide specific URLs to remove content that has already been ordered to be taken down. Victims should not have to endure humiliation or harassment by having to approach authorities or courts for the same relief.
q) As a long-term solution, a trusted third-party encrypted platform in collaboration with various search engines should be developed. This platform could allow users or victims to register offending NCII content or communication links securely. It would then be assigned cryptographic hashes or identifiers to this NCII, enabling automatic identification and removal through a secure process. It is crucial that the privacy of users or victims is maintained, ensuring that data collected for hash-matching purposes is not stored or misused. Given the sensitivity of the data, the platform must adhere to the highest standards of transparency and accountability.
The lack of privacy protections in digital technology can contribute to ongoing violence. One of the Delhi High Court’s main considerations was ensuring that victims do not have to continuously search the internet for their NCII content. Once reported by the victim or removed by court order or an appropriate government authority, the reappearance of such content should be prevented.