YLTB!

/

Tumblr

/

Linkedin

Post 1: “Understanding the existing Legal framework of Cyberspace in India.”

Greetings, Dear Readers! “Your Legal-Tech Brew!” (by Annanya Deshpande) is a blog as cliché as any other blog….  It is an honest attempt dedicated towards compiling recent developments in the cyber-legal domain and providing readers with a comprehensive understanding of fundamental terminologies in cyberspace.    (The content of the blog is original work of the author,…

Greetings,

Dear Readers!

“Your Legal-Tech Brew!” (by Annanya Deshpande) is a blog as cliché as any other blog….  It is an honest attempt dedicated towards compiling recent developments in the cyber-legal domain and providing readers with a comprehensive understanding of fundamental terminologies in cyberspace.  

 (The content of the blog is original work of the author, due credits have been given for the content referred from different sources. The blog is for information purpose only.) 


🖧 Post
1/2024: “Understanding the existing Legal framework of Cyberspace in India.”

With the
emergence of technology and cyberspace (Cyberspace is a
complex environment consisting of interactions between people, software and
services, supported by worldwide distribution of information and communication
technology (ICT) devices and networks[1]), the computer has been used as a ‘target’ and a ‘weapon’, both. With
these advancements, each one of us encounters with terms such as ‘cybercrimes’,
‘online frauds’, ‘deepfakes’, ‘cybersecurity’ and many of such terms relating
to ‘cyber’ realm.

Before
understanding these basic terminologies, let us first understand what is the
legal framework in India for the cyberspace, so that the terminologies could be
studied later through this lens. A study of the legal framework will help in
overviewing the dimensions of cyber security and cyber crimes Indian laws have
governed over. 

A. Legislations dealing
in Cyberspace-

  • The primary legislation is the
    Information Technology Act, 2000 with major amendments in 2008 and 2011. 
Works in penalizing cybercrimes, legal recognition to electronic records and digital signatures and establishes institutional mechanisms. The 2011 amendment expanded the scope of cyber crimes and penalized child pornography, voyeurism, identity theft and breach of privacy. 

  • The most recent legislation is
    the Personal Data Protection Act, 2023.
The act provides for the processing of digital personal data in a manner that
recognizes both the right of individuals to protect their personal data and the
need to process such personal data for lawful purposes and for matters
connected therewith or incidental thereto. 
  • The Information Technology
    (Reasonable Security Practices and Procedures and Sensitive Personal Data
    or Information) Rules, 2011.
It defines the ‘Sensitive personal data or information’ and its collection and disclosure across. 

  • The Information
    Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules,
    2021.
Works with the aim to have an ‘Open, Safe & Trusted and Accountable Internet’ and makes the intermediaries (eg: social media) accountable by regulating and mandatorily practicing of due diligence.

  • Reserve
    Bank of India (Amendment) Act, 2018.

The act strives to establish a standard to securitize frameworks of banks and payment operators while using technological advancements and digitalization, provides for mandatory cyber crisis management plans in case of cyberattacks. 

B. Plans and Policies-

  • National
    Cyber Security Policy, 2013.

A unified and integrated vision securing a set of sustained
and coordinated strategies for implementation for dynamic nature of cyberspace
and the malicious activities occurring across it.

  • National
    Cyber Security Strategy, 2020.

Envisioned as a five year plan, lays down options to deal
with the technology transformations.

  • Bharat
    National Cyber Security Exercise, 2023.

A flagship event serving a platform for diverse spectrum of
government agencies, public organizations, and the private sector, all
resolutely committed to the safeguarding of critical information
infrastructure.[2]

C. Regulatory Bodies/National Organizations

  • Computer
    Emergency Response Team (CERT-In).

The Indian Computer Emergency Response Team (CERT-In) is a
Government organisation under Ministry of Electronics and Information
Technology, Government of India. CERT-In has been designated under Section 70B
of the Information Technology Act, 2000 to serve as the national agency to
perform.[3]

  • Cyber
    Swachhta Kendra.

 It is a Botnet cleaning and Malware Analysis Centre as
a part of Government of India’s ‘Digital India Initiative’. 

  • National
    Critical Information Infrastructure Protection Centre.

National Critical Information Infrastructure Protection
Centre (NCIIPC), a unit of NTRO, is an organisation of the Government of India
created under Sec 70A of the Information Technology Act, 2000 (amended 2008),
through a gazette notification on 16th Jan 2014 based in New Delhi, India. It
is designated as the National Nodal Agency in respect of Critical Information
Infrastructure Protection.[4]

  • Cyber
    Regulations Appellate Tribunal (CRAT).

Whereas Section 48 sub-section (1) or the Information
Technology Act, 2000 provides for establishment of one or more appellate
tribunal to be known as Cyber Regulations Appellate Tribunal.[5]

  • Digital
    India Corporation.
Works majorly in the area of ‘information sharing’, the popular ‘DigiLocker’ application is one of the initiative of the same. 

D. Authorities and Ministries

  • Ministry
    of Electronics and Information Technology (MeitY).
The mission of MeitY ” To promote e-governance, inclusive and sustainable growth of electronics and IT and ITeS industries, Internet governance, efficiency through digital services, ensuring a secure cyber space. 

  • Telecom
    Regulatory Authority of India (TRAI).
Regulates and encourages Data Protection in telecommunications- Personal Data and its ownership & controlling. 
  • Department
    of Telecommunications (DoT).
Works hand-in-hand with TRAI. 

  • Insurance
    Regulatory and Development Authority (IRDAI).
Maintenance of data security, integrity and confidentiality (of the insurer’s data).  

  • Security
    and Exchange Board of India (SEBI).

 Works to provide securities and safeguard of the data of customers, transactions and to ensure that market intermediaries are following the prescribed safeguards. 


[1] Preamble of National Cyber Security
Policy -2013.

[2] Portal of National Security Council
Secretariat, https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1970225

[3] Portal of CERT-In, https://www.cert-in.org.in/

[4] Portal for National Critical
Information Infrastructure Protection Centre, https://nciipc.gov.in/

[5] Department of Information Technology, Notification dated 26th June,
2007.

Leave a comment

This is a blog aiming to provide its readers with basic legal-tech knowledge that is necessary in the current times.

The author (www.linkedin.com/in/adv-annanya-deshpande) is a cyber law enthusiast and a keen researcher on the theme of Cyber Law and Artificial Intelligence. She aims to share the basic knowledge of the legal-tech world to the commoners and also the professionals.

The Blog post provides with short/brief reads, regarding the ongoing trends, Statutory viewpoints, the tussle between practicality and the letter of law, while also explaining the basic terms used in the field of AI and technology.

The author is always open to constructive criticism and feedback. Collaborations are welcomed! Any insight can be communicated via the feedback form/ LinkedIn.

Related posts