UNIT 2 IPR.pdf

Transcript

CYBER LAW
FUNDAMENTALS
Introduction of cyber law
The inception of cyber law in India can be traced back to the late 1990s
when the necessity for internet regulation became apparent.
 The information Technology Act is an outcome of the resolution dated 30th
January 1997 of the General Assembly of the United Nations, which adopted the
Model Law on Electronic Commerce on International Trade Law.

In mid-July 1998, the Department of Electronics took the initial step by drafting
the Bill.

However, it wasn’t introduced in the House until December 16, 1999, following the
establishment of a new IT Ministry.
 The draft underwent significant revisions to incorporate suggestions from the
Commerce Ministry, particularly concerning e-commerce and adherence to World Trade
Organisation (WTO) guidelines.

Subsequently, the Ministry of Law and Company Affairs vetted the joint draft, leading to
its approval by the Union Cabinet on May 13, 2000.

The Information Technology Bill swiftly passed through both Houses of the Indian
Parliament and received the President’s assent on June 9, 2000.

Officially enacted on October 17, 2000, the Bill became known as the Information
Technology Act, 2000 (IT Act).
Cyber law encompasses laws relating to –

Cybercrimes

Electronic and digital signatures

Intellectual property

Data protection and privacy
Types of Cyber Laws

Cybercrimes laws

Cybersecurity laws

Data Privacy and Protection
The IT Act 2000: Objectives and Provisions
The IT Act 2000 was designed to provide
a legal framework for electronic governance

 recognition to electronic records

and digital signatures.

It aimed to facilitate e-commerce and address cyber crimes by defining various
offences and prescribing penalties for them.
The Act encouraged the use of digital transactions and ensuring security practices
within the cyber space.
The IT Amendment Act, 2008
The Information Technology (Amendment) Act, 2008 was introduced and became
effective from October 17, 2009.
This amendment introduced several key changes, including:
Enhanced Security Measures: Introduction of provisions related to identity theft, child
pornography and cyber terrorism.
Data Protection: Definitions and obligations pertaining to data protection were
strengthened to ensure user privacy.
Liability of Intermediaries: Specific guidelines were set for intermediaries, which
played a crucial role in determining their accountability for data hosted on their
platforms.
Recent Developments: IT Rules 2021
The Indian Parliament introduced the Information Technology (Intermediary Guidelines
and Digital Media Ethics Code) Rules, 2021. These rules further refine the framework for
digital media, emphasising:
Regulation of Social Media and Intermediaries: The rules require social media
intermediaries to establish grievance redressal mechanisms and take down content that
violates specified guidelines.
Digital Media Oversight: Provisions for the regulation of digital news media and OTT
platforms to ensure adherence to ethical standards.
Enhanced Cybersecurity Measures: Emphasis on increased cybersecurity measures to
protect data and penalise breaches.
Remedies in India

Everyone today must be aware about some very basic provisions of the two Acts
which are hereby used as a tool by the Courts for providing remedy to the victims
of Cyber Crime. They are as follows:
Information and Technology Act, 2000
Section 65: Tampering with the Computer Source Documents-
The accused be punished with an imprisonment which may extend up to three
years or fine up to Rs. 20,000/-.
 Section 66: Hacking the Computer System-
offender is to be punished with an imprisonment which may extend up to three years or
fine up to Rs. 50,000/-.

Section 66-A: Sending of Offensive Messages-
The accused is punishable with an imprisonment which may extend up to three years or
fine.

Section 66-B: Receiving stolen computer or electronic device-
The accused be punished with an imprisonment which may extend up to three years or
fine up to Rs. 100000/-.
 Section 66-C: Fraudulently using password of any another person
The accused be punishable with an imprisonment which may extend up to three years
or fine up to Rs. 1 Lack.

Section 66-E: Publishing private images of other persons without consent-
The accused be punishable with an imprisonment which may extend up to three years
or a fine of Rs. 2 Lacks.

Section 66-F: Cyber Terrorism- If any individual who is denied to access any particular
website of any Ministry or Government Department does so in an un-authorized way
which may threaten or can cause detriment to the sovereignty or integrity of India, is
punishable with imprisonment which may extend up to life.
 Section 67: Publishing information which is obscene via electronic form-
a crime punishable with an imprisonment which may extend up to five years or fine up
to Rs. 1 Lack.
Section 67-A: Publishing images or sexual content-The accused be punished with an
imprisonment which may extend up to seven years or fine up to Rs. 1 Lack.
In such cases even the person accessing or forwarding such content may also be held
liable or can be made a party to the crime, as he is also expressly participating in the
offence by doing so.
Section 71: Mis-representation- If any individual makes any mis-representation before
the Certifying Authority or conceals any material fact from them for obtaining any
license, Digital Signature Certificate shall be punishable with an imprisonment which
may extend up to two years or fine up to Rs. 10,000/-.
Jurisdiction

If a crime is committed on a computer or computer network in India by a person
resident outside India, then can the offence be tried by the Courts in India?
Section 1(2) of Information Technology Act, 2000, the Act extends to the whole of
India and also applies to any offence or contravention committed outside India by
any person.
Section 75 of the I.T. Act, 2000 also mentions about the applicability of the Act for
any offence or contravention committed outside India.
Laws for Cyber Crime in India

Information and Technology Act, 2000
Indian Penal Code, 1860
it must be noted that a person cannot be punished twice for the same offence, as
it will violates his
Fundamental Right ensured under Article 20 (2) of the Indian Constitution i.e.
Double Jeopardy
Double Jeopardy
The double jeopardy clause, included in the Fifth Amendment of the Constitution,
provides protection against being prosecuted again for the same offense after being
acquitted, convicted, and/or punished for the same offense.
Once acquitted, a defendant cannot be retried for the same offense on the basis of new
evidence, no matter how damning that evidence may be.
Double jeopardy applies only in criminal court cases and does not prevent defendants
from being sued in civil court over the same offense.
Data protection and data privacy laws
Meaning:

There are two aspects:

(1) data privacy: Data privacy means when, how, and to exactly what extent the
personal data of a consumer can be shared and communicated to
others.
(2)data protection: is the legal safeguarding of data against any loss, damage or
corruption. As data is now collected at an unprecedented rate,
there is a serious issue of protecting the data collected from
unauthorised sources.
 Evolution of data protection laws
Universal Declaration of Human Rights (UDHR) by virtue of Article 12(4).
Organisation for Economic Cooperation and Development (OECD) guidelines on
protection of privacy and transborder flow of personal data in 1980.
Countries started framing their data privacy laws as early as Germany in the year
1970.
The landmark General Data Protection Regulation (GDPR) came into effect on
May 25, 2018, revolutionizing the data privacy and protection laws.
 In the Indian context, privacy has been a matter of debate in the judicial courts, with some
addressing privacy as a fundamental right and others not admitting it as a right under Article
21 of our Constitution.

Finally, in 2017, in K.S. Puttaswamy v. Union of India (2018) pronounced the right to privacy a
fundamental right safeguarded under Article 21.

Section 43A of IT Act states that if a body corporate that is possessing, dealing or handling
sensitive personal data or information of an individual is negligent in ensuring reasonable
security in the process, which results in wrongful loss or damage, then such body corporate is
liable to pay damages.

Section 72A of the IT Act provides punishment of a fine extending to Rs. 5,00,000 or
imprisonment for a term extending to three years in case of disclosure of information,
knowingly and intentionally, without the consent of the person concerned, violating the terms
of a lawful contract.
Overview of the Digital Personal Data
Protection Act, 2023

The DPDP Act established a comprehensive framework for the processing of personal
data and has replaced the limited provisions of the IT Act. some important aspects of
the DPDP Act:
Bodies formed under the DPDP Act: The Act uses various terms, which can look
confusing on the outset. It is important to understand the difference between the
terms used like: Data processors, Data Fiduciaries, data principles, data controllers, etc.
The person whose personal data is collected is called the data principal. The data
fiduciary is body that determines the purpose and means behind processing of personal
data. Their position is equivalent to that of a data controller.
 Exceptions allowed under the DPDP Act: Exceptions in the interest of sovereignty
and integrity of India, security of state, friendly relations with foreign states,
maintenance of public order and preventing incitement to commit offences are
allowed under the DPDP Act.
Applicability of the DPDP Act: The Act has extra-territorial application and has no
restriction on international data transfers
Grounds for lawful processing of personal data: Consent is the primary source for
lawful processing of personal data. Also, Data Fiduciaries can identify a legitimate
claim for lawful processing of data.
Data subject rights and obligations: There are rights for the data principles, like the
right to access, right to erasure, and the right to object and then there are also
obligations, non compliance of which leads to fines and punishment.
Applicability of data protection and data
privacy laws in India
The DPDP Act will apply to those organisations that meet the following
conditions:
The organisation processes digital personal data that is capable of identifying the
data principal to whom the collected data belongs.
The data being processed is collected by the organisation in digital form
The organisation is processing personal data within the Indian territory, or if
processing of personal data is done outside India but processing is in connection
with an activity offering the goods or services to individuals in India.
Data protection authorities under the DPDP
Act
There are various terms used under the Act, which can be confusing. So, let’s
understand the meaning of these terms:
Data fiduciary: Defined under Section 2(i) as any person who, alone or in
conjunction with other persons, determines the purpose and means of processing
personal data.
Data Principal: Defined under Section 2(j) as individual to whom the personal
data relates and where such individual is-
A child, includes parents or lawful guardians of such a child
A person with a disability includes their lawful guardian acting on their behalf
 Data Processor: Defined under Section 2(k) as any person who processes
personal data on behalf of a data fiduciary

Data Protection Officer: Defined under Section 2(l) as an individual appointed by
the Significant Data Fiduciary under Section 10(2)(a).

Consent Manager: Defined under Section 2(g) as one who enables Data Principals
to give, manage and withdraw consent through an accessible, transparent and
interoperable platform.

Significant Data Fiduciary: Defined under Section 2(z) as data fiduciary or class of
Data Fiduciary who are notified by the Central Government under Section 10 of
the Act.
Case Laws
M.P. Sharma v. Satish Chandra (1954):
It is one of the first cases in India that dealt with the right to privacy in India.
An eight judge bench of the highest court of the land sat down to decide upon the
constitutionality of the search and seizure provisions of the Code of Criminal
Procedure.
The Court here doesn’t recognize any right to privacy and held that the search and
seizures weren’t, in fact, violative of the right to privacy.
As there is no provision in the Indian Constitution that deals with the right to privacy,
it can’t be violated as well.
 R. Rajagopal v. State of Tamil Nadu (1994)

where the Apex Court recognised the right to privacy of prisoners as well.
Popular than the ‘Auto Shankar case’, it allowed the prisoner the right to publish his
autobiography without any restrictions.

In declaring the same, the court emphasized on the right to be left alone and, more
particularly, to be in jail.
This also includes an individual’s right to control the dissemination of information
regarding their private life and the power to control any unwarranted intrusion into
their rights.
District Registrar and Collector, Hyderabad
v. Canara Bank (2004)
The Hon’ble Court rules on the significance of financial privacy of an individual.
It stated that the right to privacy also extends to maintaining the confidentiality of
bank account details and related information as well.
This decision basically widened the scope of the right to privacy and also covered
the financial aspects of the right.
Unique Identification Authority of India v.
Central Bureau of Investigation (2014)
The court in this fascinating case decided on the issue of whether collection of
biometrics by the UIDAI without the consent of the person violated the right to
privacy.
The court upheld the constitutionality of the Aadhar but also imposed certain
restrictions on the data collection to allow people to safeguard their privacy.
The decision assumes even more significance as it tries to maintain a delicate
balance between the aim of the government with that of an individual’s privacy
rights.
Establishment of a Data Protection Board
of India (DPBI)
It will function as an impartial adjudicatory body responsible for resolving
privacy-related grievances and disputes between relevant parties.

As an independent regulator, it will possess the authority to ascertain instances
of non-compliance with the Act’s provisions and impose penalties accordingly.

The appointment of the chief executive and board members of the Data
Protection Board will be carried out by the central government.
 An appeal against any order of the DPBI shall lie with the High Court. The High
Court could take up any breach Suo moto.

No civil court shall have the jurisdiction to entertain any suit or take any action in
respect of any matter under the provisions of this Act and no injunction shall be
granted by any court or other authority in respect of any action taken under the
provisions of this Act.
Penalty for infringement:

The Act does not impose criminal penalties for non-compliance.
The financial penalty could range from as high as Rs. 250 crores to a data
fiduciary or data processor to as low as Rs.10000 to a data principal (the owner
of data).
Conflict with existing laws:
The provisions of the DPDP Act will be in addition to and not supersede any
other law currently in effect.
However, in case of any conflict between a provision of this Act and a provision of
any other law currently in effect, the provision of this Act shall take precedence
to the extent of such conflict.
Digital Signatures
Meaning
Digital signatures are like electronic “fingerprints.”
They are a specific type of electronic signature (e-signature).
In the form of a coded message, the digital signature securely associates a
signer with a document in a recorded transaction.
Digital signatures use a standard, accepted format, called Public Key
Infrastructure (PKI), to provide the highest levels of security and universal
acceptance.
PKI involves using a digital certificate for identity verification.
Difference between Digital Signature and Electronic Signature
The Ins and Outs of Digital Signatures
The various components involved in creating and securing digital signatures.
Hash Function — The hash represents the set of numbers and letters generated from an
algorithm used by electronic signature software that is unique to a document. Hash functions
are useful because they’re built to be one-way, meaning they can’t be reversed to find other
files using the same values.
Pubic key cryptology — Represents the cryptographic method used for generating the set of
public and private keys associated with a document.
Public key infrastructure (PKI) — PKI represents the standards, policies, people, and
systems that offer support for distributing public keys and validating the identities of
individuals or entities using a certificate authority and digital certificates.
Certificate Authority (CA) — A trusted third-party charged with validating a signee’s
identity. They also create the public/private key pair for someone or tie an existing public
key from an individual back to themselves. After validating an identity, a CA provides them
with a signed digital certificate. That information can then be used to verify the identity of a
person tied to a public key.
Types of Digital Signature
Advanced and Qualified
Advanced and Qualified signatures carry the same legal validity as signing a paper document
with a pen.
They’re created using PKI and asymmetric cryptography technology.
They track details like when a document was signed, where the person was, and the device
that was used to create the electronic signature. It also traces any changes made to a
document after receiving a signature.
Advanced and Qualified signatures verify a user’s identity.
They rely on various methods of two-factor authentication before allowing a recipient to
apply an electronic signature to a document, including:
Asking recipients to enter a code sent to a mobile device
Using biometric scanning on a mobile device
Entering a one-time password sent through SMS
What is a Digital Certificate?
Digital certificates function similarly to drivers licenses in that they verify the
identity of the person presenting the information.
Digital Signature Certificate Classes
Class 1 — Covers certificates issued to individuals and private subscribers. They
confirm the details of a user name or email address. It’s the most basic digital
signature certificate available.
Class 2 — Covers certificates issued for use by business personal and private
individuals. They confirm that the information provided in an application from a
subscriber contains no conflicts with the information contained in a provider’s
database.
Class 3 — Covers high-assurance certificates issued to individuals and
organizations primarily for e-commerce applications. They’re issued when a person
presents themselves physically in front of a Certifying Authority.
How to get Digital Signature Certificate
Legal aspects of electronic contracts
under Indian law
Legal aspects of electronic contracts
under Indian law
E-Contracts or electronic contracts are basically
the digitized form of traditional contracts.
E-contract is any kind of contract formed by the
interaction of two or more people through an
electronic medium.
Ex- E-mail sent as a job proposal and agreed by the
job seeker through E-mail.
Electronic contracts are recognized by many
names such as “E-contracts”, “cyber contracts”,
“digital contracts” and “online contracts”. E-
Contracts are similar to contracts mentioned in the
Indian Contract Act, 1872, the only difference being
the medium.
 There are two parties to an E-Contract,
Originator and Addressee as mentioned in and respectively of the
Information Technology Act, 2000.
section 2(1)(za): The Originator is the one who sends, generates, stores or
transmits the data to the addressee without the intermediary being included.
section 2(1)(b): The addressee is the one who is intended to receive the
record set by the Originator without an intermediary being included.
The E-contract has reduced the paper workload, travelling costs for
contacting and whatnot. But everything has some disadvantages and so
here also which will be discussed later.
Forms of e-contracts

There are generally 3 forms of E-contracts. These are-

Click wrap agreements

Browse wrap agreements

Shrink wrap agreements
Essential elements of e-contracts
To validate an E-Contract under Indian Contract Act, of 1872 there are some
essential elements. These are-
Lawful offer
Lawful acceptance
Lawful object
Competent parties to contract
Certainty of terms
Issues relating to e-contracts
If E-contract saves time and labour, save from the workload and many
things everyone witnesses in day-to-day life then it has some limitations and
drawbacks also. Here we go with them one by one-
Capacity to contract-

It is one of the most essential elements to consider to enforce an agreement to
become a contract. It is mentioned in sections 10, 11, and 12 of the Indian Contract
Act, 1872 which includes soundness, major and not disqualified by law to be
competent to contract. E-contracts also holds with these basic requirements.
The issue in E-contract is that both parties are unaware of each other. The party
providing the service or goods has no idea about the other party if he/she is legally
competent to contract or not. Ex- if a minor of 16 years orders something through
any shopping site