Archive for the ‘Cyber law’ Category.

DATA PROTECTION LAW IN INDIA

The era of digitization gave birth to entirely new markets which deal with the collection, organization, and processing of personal information, whether directly or as critical component of business. The outburst of Covid-19 and the lock-down has led to several challenges in various sectors regarding data privacy and protection; hence protection of data and privacy plays a much important role now, as there are several loopholes in which data can be breached and its security is at major risk.

Section 2 (o) of Information Technology Act,2000 defines “data” which means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Data protection is the process of safeguarding important information from corruption, compromise or loss. Through the landmark judgment of Justice K.S Puttaswamy vs Union of India (AIR 2017 SC 4161), the Hon’ble Supreme Court held right to privacy is declared as a fundamental right under Article 21 of Indian Constitution. This judgment made general public realize that their data is intrinsic, important and therefore worthy of protection.

At present India does not have specific legislation in regard to data protections and privacy, although a Personal Data Protection Bill, 2019 was introduced in Lok sabha. There are many ambiguities as to the implementation of this bill, but there are some important enactments which focuses and governs privacy protection and personal data
• Information Technology Act, 2000.
• The Right to Information Act,2005
• Information Technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021

Section 43A of the IT Act 2000 provides that whenever a corporate body possesses or deals with any sensitive personal data or information, and is negligent in maintaining a reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, then such body corporate shall be liable to pay damages to the persons so affected.

Section 72A of the IT Act 2000 provides that any person (including an intermediary) who, while providing services under the terms of a lawful contract, has secured access to any material containing personal information about another person, with the intent of causing or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person, shall be punished with imprisonment for a term which may extend to three years, or with fine which may extend to five lakh rupees, or with both.

Section 8 (1)(j) of Right to Information Act – This section provides that the authorities are under no obligation to provide information to citizens regarding inter alia information which relates to personal information, the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information.

The Information technology (Guidelines for intermediaries and digital media ethics code) Rules, 2021 have been passed under sections 69A(2), 79(2)(c) and 87 of the Information Technology Act, 2000. Rule 4(2) provides that a significant social media intermediary providing services primarily in the nature of messaging shall enable the identification of the first originator of the information on its computer resource as may be required by a judicial order passed by a court of competent jurisdiction or an order passed under section 69 by the Competent Authority as per the Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009. This rule is clearly a major threat to the privacy of the users and this was challenged by Whatsapp in Delhi High Court to quash a new government rule which is against right to privacy.

CONCLUSION:
India has gone more digital in this covid-19 pandemic era, than ever before. In this digital era, data is a valuable resource that needs to be protected and regulated. Right to privacy cannot be exercised effectively unless data is protected through a legal regime; therefore implementation of personal data protection bill becomes very important.

Authored by

RAMYA C N
Associate

Supreme Court Guidelines on Arrest u/s 66A of Information Technology Act, 2000.

The internet is an oft praised platform with plenty of opportunities for people to explore options, and more importantly, voice their opinions. It is the platform where anybody who wants to express an opinion about anything may do so- your age, sex, nationality, country of residence, etc, are irrelevant. All you really need is a social networking website, a registered ID, a workable internet connection, and obviously, a mode to carry out the task (be it the old fashioned net cafe desktops, or even just cell phones given technologies recent ascent).

While much of these opinions are awe-inspiring, exhilarating even, certain others may find these opinions offensive- maybe even frightening. Take for instance, the arrest of the two users in Maharashtra who questioned the Bandh following the death of Bal Thackeray, former leader of the Shiv Sena. The state home minister R.R. Patil, at that point, announced a high level probe into the matter. He said the police targeted the girls because of the ambiguity in the Information Technology (IT) Act, 2000.

Of recent events is the highlight of Jaya Vindhyala, a PUCL activist who allegedly posted derogatory comments on her Facebook ‘timeline’ on Chirala legislator, Amanchi Krishna Mohan and the Tamil Nadu Governor, K Rosaiah. Subsequently, Amanchi Mohan filed a complaint and the police invoked provisions of Section 66A of the IT Act, and Section 120 B of the IPC (Criminal Conspiracy). Jaya Vindhyala was arrested on the 12th of May, 2013.

Section 66A of the Information Technology Act deals with punishment for sending offensive messages through communication service, which cause annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will. For the purpose of this section, “electronic mail message” and “electronic mail” cover messages or information transmitted or received on a computer, computer resource, and communication device and include attachments whether in text, images, audio, video or any other electronic records which may be transmitted via messages. The real question, however, is what constituted electronic messages to be offensive or menacing? Going by the English language, it would depend from person to person; a subjectively skewed outlook with its own threats of ambiguity overriding liberty.

What’s worrisome about the case of Vindhyalaya is that she had been opposing the local legislator on several issues and brought out a fact- finding committees report accusing the legislator of malpractices.

India is a Democratic country which holds dear its constitutionally prescribed Fundamental Rights of which Article 19(1) (a) epitomizes the freedom of speech and expression. Are people no longer permitted to voice their opinions, be it via paper medium, or even the internet? The internet has a far greater reach than most paper medium would- what with users constantly overusing the infamous search engines of Google and Bing and posting whatever thoughts flow through the innards of their brains on public forums, like Facebook and Twitter, sparking off heated debates. Yet, several times, as has been observed, the ambit of this right is required to be contained.

The phraseology of Section 66A of the IT Act is wide and vague; incapable of being judged on objective standards, thus far susceptible to reckless abuse. Earlier in the year, as per the Centre’s January 9th Advisory, “State governments are advised that as regard to arrest of any person in complaint registered under section 66A of the Information Technology Act, the concerned police officer of a police station may not arrest any person until she/he has obtained prior approval of such arrest from an officer, not below the rank of Inspector General of Police (IGP) in metropolitan cities or of an officer not below the rank of Deputy Commissioner of Police (DCP) or Superintendent of Police (SP) at district level, as the case may be.”

Justices B.S. Chauhan and Dipak Misra, comprising the Apex Court vacation bench, on the 16th of May 2013 refused to pass an order for a blanket ban on arresting persons for posting objectionable comments on website. In lieu with the Centre’s January 9 advisory, the Supreme Court reiterated that no person should be arrested for posting “objectionable comments” on social networking platforms without taking prior permission from senior police officials. The order was passed based on an interim application which sought the release of Smt. Jaya Vindhyala. This application was filed by Shreya Singhal (CRL.MP nos. 11600 & 11601/2013) in a writ petition [Article 32] in Shreya Singhal v. Union of India [WP (Crl) 167/2012]..

Authored By-
Janhavi R I
II Year
BBA/LLB
Symbiosis Law School, Pune

IS ONLINE CRICKET BETTING LEGAL?

The Public Gambling Act, 1867 prohibits offline gambling. Betting as such is illegal business conducted in India. Hence online betting is also not legal.
Definition of Gambling
According to List II Entry 34 of the Constitution of India-
“‘gambling’ includes any activity or undertaking whose determination is controlled or influenced by chance or accident and any activity or undertaking which is entered into or undertaken with consciousness of the risk of winning or losing (eg, prize competitions, a wagering contract) … where there is no actual transfer of goods but only payment or receipt of the difference according to the market price, which varies from the contract price.”
In short Gambling is an activity where chance decides the result more than the skill. Hence cricket betting is also a gambling and hence illegal. No bank will support such a financial activity Horse racing is the only legalized gambling sport in India.
Though there are no specific laws which prohibit internet cricket betting/predictions, a wider interpretation of the existing provisions of the IT Act, 2000 will certainly prohibit the same.
Section 67 of the Information Technology Act 2000 is extracted below
Section 67: Publishing of information which is obscene in electronic form:

Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

Quoted below is the rule 3 of the Information Technology (Intermediaries guidelines) Rules, 2011.

Due diligence to he observed by intermediary — The intermediary shall observe following due diligence while discharging his duties, namely: —
(1) The intermediary shall publish the rules and regulations, privacy policy and user agreement for access-or usage of the intermediary’s computer resource by any person.
(2) Such rules and regulations, terms and conditions or user agreement shall inform the users of computer resource not to host, display, upload, modify, publish, transmit, update or share any information that —
(a) belongs to another person and to which the user does not have any right to;
(b) is grossly harmful, harassing, blasphemous defamatory, obscene, pornographic, paedophilic, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever;
(c) harm minors in any way;
(d) infringes any patent, trademark, copyright or other proprietary rights;
(e) violates any law for the time being in force;
(f) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;
(g) impersonate another person;

Hence an Internet Service Provider can definitely block a gambling site based on the above guidelines. A broad interpretation of the above provision will certainly make online cricket betting an offence and hence illegal.

Cyber Offences

Information Technology Act 2000 enlists various cyber offences and their punishments. The Acts gives serious punishment for tampering with computer source documents. Whoever intentionally conceals, destroys or alters any computer source code is liable for punishment with imprisonment up to 3 years or with fine which may extend up to Rs.2 lakh or with both. 

The Act views hacking with utmost seriousness. Whoever with intension to cause a wrongful damage to the public or any person destroys, deletes or alters any information residing in a computer resource commit hacking. Whoever commits hacking shall be punished with imprisonment up to 3 years or with fine which may extend upto Rs.2 lakh or with both.

  Whoever publishes information which is obscene in electronic form shall be punished with imprisonment which may extend to 5 years and with fine which may extend to Rs.1 lakh.  In the event of a second conviction for a similar offence, then imprisonment may extend to 10 years and with fine which may extend to Rs.2 lakhs.

  A certifying authority or any employee of such authority who fails to comply with an order of the controller may be punished with   imprisonment for a term not exceeding 3 years and also with fine not exceeding Rs.2 lakhs or both.

 If the subscriber or any person in-charge of any computer resource fails to assist any agency of the government when ordered to intercept any information transmitted through any computer resource, he may be punished with imprisonment for a term which may extend to 7 years. Similarly any person who secures access or attends to secure access, to a protected system will be punished with imprisonment for a term which may extend to 10 years and also be liable to fine.

Whoever makes any misrepresentation to or suppresses any material fact from the controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, may be punished with imprisonment which may extend to 2 years or with fine which may extend to 1 lakh or with both.

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to 2 years or with fine which may extend to 1 lakh or with both. The Information Technology Act also applies to an offence or contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.

 Any computer, computer system, floppies, compact discs, tape drives or any other accessories related thereto, in respect of which any provision of the Information Technology Act, rules, orders or regulations made there under has been or is been contravened, shall be liable to confiscation.