CHAPTER 1

CYBER LAWS

1.1 Introduction to Cyber Law

1.2 IT Act 20O00

1.3 Crimes and Penalties under the IT Act

1.4 IT Act 2000Amendments

1.5 Post 2008 - Rules and Notifications underthe IT Act

1.6 Evolving IT Act Landscape

1.7 Data Protection and Privacy Laws
1.8 Principles of Data Protection

1.9 Privacy Laws and Regulations

1.10 Multiple Choice Questions
1.11 Very Short Answer -Questions
1.12 ShortAnswer -Questions

1.1 Introduction toCyber Law

Before the rise of the Internet, legal systems depended
n existing laws such as intellectual property, privacy and
Ontract law to handle issues related to communication and

computer technology. As Internet became more popular, the

need for
legal frameworks to govern online activities became
 8 Cyber Laws and
Security

important. Cyber law is thelegal framework that

governs the
use theInternet and
of digital devices. As the
technology is
moving fast, the scope of cyber laws are also
getting wide.
The general scope of cyber laws is provided in Table 1.1

Table 1.1 Scope of Cyber Laws

SI. Scope Description
No.
1 Cyber crime PreventionCyberlawsestablish legal frame
and Regulation works to deal crimes committed
online or through digital
devices. Few of these crimes are
explained below
Hacking Unauthorized access to
computer systems or networks.
Cyberstalking and Use online platforms to threaten
Harassment or harass individuals.
Identity Theft Stealing personal information
for fraudulent activities.

Phishing Fraudulent methods to acquire

sensitive information.

Malware Creation, distribution,or use of

viruses, worms or other malicious
software.

2 Data Protection and With increase of personal data

Privacy sharing and storing online,
below laws govern how this
data is handled.

Data Protection Laws This regulate how personal

is collected,
information
processed, stored and shared.
individuals'
Right to Privacy This protects
rights in the digital
privacy
domain like unauthorized
data breachesand
surveillance,
information.
misuse of personal
 Las
Cuher

digital inte
Intellectual Property Cyber laws protect
3 Few examples
Rights in Cyberspace llectual property.
are provided below
Protect Creator's digital
Copyrights
like music, videos,
Contents
software etc. from unauthorized
copying and distribution.

TradeMarks Protect brand names, logos and

symbols used online.
Patents Protect technological processes
and new inventions including
software innovations.

Domain NameDisputes Regulate domain name regi

stration and resolve conflicts
between trade mark holders
and domain name oWners.
4 Electronic Commerce Cyber laws provide a frame
work for conducting business
online. Few examples are
provided below.

Electronic Contracts Legal recognition of contracts

executed using digital signatures.

Consumer Protection Laws ensuring that consumers'

rights are upheld in online
transactions like return
policies, warranty laws etc.
Taxation Regulation of taxation foronline
services.
5
Cyber security Cyber laws mandate practices
and protocols to ensure the
security of digital infrastructure
Critical Infrastructure Laws for protection of key sectors
Protection like finance, healthcare etc.
fromcyber threats.
10
Cyber Laws
and Security

Obligations for Companies Requiring

COmpanies to
implement security
report measures,
breaches, and
with industry comply
specifiC cyber
security standards.
6 Regulation of social media The scope of cyber laws
extends
and content platforms to platforms that
host user
generated content
Content moderation Rules requiring platforms to
moderate illegal or harmful
content, such ashate speech, fake
news, defamatory posts etc.
Intermediary (Platform) Laws determining when plat
Liability forms can be held liable for the
content posted by users
7 Digital payment and These laws govern the use of
banking systems electronic payment systems,
crypto currencies and digital
banking

Digital payment systems Regulations ensuring the

security and legal recognition of
electronic transactions.

Crypto currency regulation Laws controlling the use of

bitcoin,
digital currencies like
ensuring legal compliance and
preventing their use in
illegal

activities.

The global nature of the

Internet
Cross border jurisdiction
and enforcement for juris
creates challenges
diction and enforcement
cyber
Cross border cyber crime This address issues when
countries.
crimes span multiple

International co-operation Frameworks like the Budapest

crrime
convention on cyber
colla
facilitate international
cybel
boration in combating
offenses.
 Laws
Cuber
11

Cyberspace is the virtual

environment created by the
and digital
Internet networks. This
requires a unique set of
concepts to regulate
legal activities,safeguard rights, and
address emerging challenges. Below arethe key
legal concepts
incyberspace.

.Jurisdiction in cyberspace

Jurisdiction refers to
the authority of a legal body
to make
lanal actions. As Internet is borderless, cyber
crime in one
0untry may afiect users in another
country. Jurisdiction
issues become complex when cyber crimes occur
across
multiple countries. The parties
involved may be located in
different countries. Each of these countries have its own
legalframework. Moreover, a country may claim
jurisdiction
Over cvber crimes that
affect its citizens or interests, even if
those activities occurred outside its
physical borders.

Cyber crime

Cyber crime include illegal activities donevia the Internet

or digital networks. Cyber laws address these specific offenses,
which often require new legal frameworks or adaptations of
existing laws.

Intermediary Liability

Intermediary are online platforms like social media,

Internet The contents
service providers etc. of these are
tated and shared by users. In this case, it is crucial to
determine whether intermediary is liable for illegal cont

ake hate speech. copyright infringement ete done by users.

any countries provideitermediary protection from liability,
 12
Cyber Laws and
Security
if they comply with rules like removing illegal content
upon
notification by affected parties. This is known as safe
harbor
protection.

Data Protection and Privacy

Data protection laws govern the collection,

storage, and
processing of personal data in cyberspace,
safeguarding
individuals' privacy rights. Any information that can identiy
an individual, such as names, email addresses, financial
records, etc. are considered as personnel data. Many data

protection laws require companies to obtain user consent

before collecting and using personal data. Right to be forgotten

is a legal right that allows individuals to request the deletion

of personal data, especially if it's no longer necessary for its

original purpose. Data breach notification is the legal

requirement that companies must inform users and

authorities if personal data is compromised in a cyber attack.

Encryption

Encryption is the process of converting information into

Code to prevent unauthorized access. Legal frameworks

governing encryption involve are

This is a method where only

End-to-End encryption:
like
the communicating users can read the messages
inmessaging app WhatsApp.
on encryption: Some countries
O Export controls
impose restrictions on the
the export of strong encryption

technologies due to national security concerns.

 Las 13
Cuber

Digital Signatures

A digital signature is an electronic form of a signature

toauthenticate the identity of the signer of a document.

used

Many
countries have passed cyber laws recognizing the legal
aliity of digital signatures, equating them to handwritten

Signatures.

Intellectual Property Rights

Laws related to Intellectual Property (IP) rights will protect

creations of the mind, such as music, software, images, and

brands, from unauthorized use or infringement in cyberspace.
Common IP concepts include copyright, trademarks and
patents. Copyright protects original digital content (e.g.,

videos, music, software) from being copied, distributed, or

used without permission. Trademarks protect brand names,
logos, and other identifying symbols online. Domain name
disputes (e.g., cybersquatting) may also involve trademark
infringement. Patents protect digital inventions and
technological processes, including software and algorithms.

E-Commerce and Online Contracts

This provides legal frameworks to recognize and regulate

online transactions and contracts. The legal concepts related
to this are electroniccontracts, digital signatures andconsumer

protection laws. Electronic contracts are legally binding

Contracts formed online, often through agreeing to terms of
Ervice by clicking, Digital signatures provide authentication
electronic contracts. Consumer protection laws ensure that
online
businesses adhere to fair practices, such as proper
disclosure of terms, return policies, and privacy policies.
 14
Cyber Lawsand
Security
Cyber Security and Critical
Infrastructure
Protection
These laws provide measures to
protect digital
and networks from cyber attacks, data systems
breaches, and
disruptions, especially in critical sectors such as fna
healthcare, and energy.

Block chain and Crypto currencies

Block chain technology and cryptocurrencies

like bitcoin

brings new legal challenges in cyberspace. Block chain

technology allows for the execution of smart contracts which

are self-executing contracts with terms coded into software

These contracts are legally enforceable in some jurisdictions.

Governments are working to regulate the use of crypto

currencies to prevent fraud, money laundering,and other

criminal activities. Presently some countries recognize crypto

currencies as legal tender or assets, while others ban or

restrict their use.

Content moderation and Censorship

need
Laws regulating online content moderation
to

of
balance freedom of expression with the prevention
1llega

the
which giives
or harmful content. Freedom of expression
ot
rightto free speech must be balanced
with restrictions

to violence.
hate speech, defamation, and provocation
what content
Governments may impose laws that regulate to
leads
often
can be published or accessed online. This

tension between free speech advocatess and government

authorities.
 Va Vteb Sanelas
Lile) 15
Laws
Cyber

1.2 IT
Act 200o
Internet
On August 15, 1995, VSNL launched dial-up
to public in India. Department of Telecomnunications
service
liberalized the Internet sector in'year 1998 by allowing
DoT)

Internet Service Providers (ISPs) to offer services. This

private
in Internet availability. In the
to a significant increase
led

the Internet's crimes

stages of growth in India, cyber
early

and often involved online fraud, basic

were relatively simple

hacking, and email-related offenses. Foundation of cyber laws

in India was laid with Information Technology (IT) Act in year

2000. It recognized the legal validity of electronic contracts,

signatures, and electronic records, and it also provided

digital

a framework to deal with cyber crimes. The key features of IT

Act 2000were as belOw:

The IT Act granted legal validity to electronic

documents and records, equating them with physical
documents under the law.

• It recognized the use of digital signatures for

authentication and legal validation of electronic
contracts.

Itprescribed penalties for cyber crimes like hacking.

data theft,cyber fraud, and unauthorized access to

computer systems.
The Act provided for.the establishment of cyber
appellate tribunals to handle disputes related tocyber
crimes and breaches of the law.

CA- quan
bght
 16
Cyber Laws
and
Securik
1.3 Crimes and Penalties under the IT Act

TheIT Act, 2000 provided the legal framework

to
and control activities in cyberspace as well regulate
as
penalties for various cyber crimes. preScribes
Summary the of

and penalties under the IT Act is provided in table 1 crimes

Table 1.2 Crimes, Section and Penalty in IT Act

Crime Section
Penalty
Penalty for damage to 43
Compensation to the
computer systems affected party, which
Unauthorized access, could be in crores
of
download, or damage to a rupees depending on the
computer system, includ loss incurred.

ing virus introduction.

Corporate body fails to

43A Compensation to the
protect sensitive personal affected person as
data or information, lead determined by the court.
ing to a wrongful loss or gain.
Penalties for failure to 44 Fine of up to 1 lakh for

maintain electronicrecords. each failure.

Failure to furnish docu 44

A penalty of 5,000 for

ments or records when each day of default.

required.

Failure to maintain 44 A penalty of 10,000 for

required books of account each day during which
or records. the failure continues.

65 3
Knowingly or intentionally Imprisonment of up to
up to2
concealing, destroying, or years or a fine of
altering source code used lakh,or both.
in computer.

Hacking, destroying, alter 66 of up to3

Imprisonment
up to ?5
years ora fine
ing,or deleting information of

in acomputer
without the lakh, or both.
owner's permission.
 17
Lavs
Cter
66B Imprisonment of up to 3
fraud1 - Dishonestly
Cyber
gstolen computer yearsor a fine of
up to1
receiving Or cOmimuni- lakh, or both.
resources
devices.
cation
fraudulently
theft
66C Imprisonment of up to
3
years and a fine of up
ldentity someone else's to
using password.
digital signature, 1 lakh.
or any other unique
feature.
identification

Cheating by personation 66D Imprisonment of up to 3

or years and a fine of up
to
using a computer
communication
device Z1 lakh.
Cvber terrorism -using a 66F Imprisonment for life.

to
computer reSOurce
threaten the sovereignty,

integrity, security, or
unity of India or to disrupt
essential services.

Publishing or transmitt 67 First conviction: Imprison

ing obscene or sexually ment 3
of up to years and

explicit content in
electronic a fine of up to 5 lakh.
form.
Subsequent conviction:
Imprisonment of up to 5
years and a fine of up to
7 10lakh.

Child Porn ography 67B First conviction: Imprison

Publishing or transmitt 5
ment of up to years and
ing material containing a fine of up to 10 lakh.
children in sex acts. Subsequent conviction:
Imprisonment of up to 7
years and a fine of up to
10 lakh.
Breach of confidentiality
72 Imprisonment of up to 2
and privacy - Unauthorized yearsor a fine of up to 1
access to
electronicrecords, lakh,or both.
disclosing information
without
consent.
Phishing and cyber stalkVaries Varies, but typically
ing-Impersonating some-(Sections includes imprisonment
one to obtain sensitive 66A, 509 and fines depending on
ntorrnation or stalking an IPC,etc.) the severity.
indivídual
online.
 18
Cyber Laws and
Security
These offenses are designed to provide
security
and
protection against misuse of
technology, ensuring safe
cyber
space practices and holding violators accountable.

1.4 IT Act 2000 Amendments

IT Act, 2000 was not covering all types of
emergingcyber
crimes, such as cyberstalking and privacy related offensee

To take care of the shortcomings and to tackle

emerging
cybercrimes, IT Amendment Act, 2008 was introduced. Tha

key features of IT Amendment Act, 2008 are as below.

The amendment introduced provisions to deal with

cyber terrorism, making it a punishable offense.

Itstrengthened data protection measures, including

punishment for data theft and unauthorized use of

personal information.

The amendment added sections to deal with cyberstalking

online harassment, and voyeurism, addressing the

growing concerns of misuse of digital platforms.

The law provided guidelines for intermediary

platforms (e.g., social media companies, ISPs).

requiring them to remove illegal content upon

receiving notice, while also offering them limited

protection from liability under certain conditions.

It criminalized the act of identity theft, includins

impersonation for fraudulent purposes.

with the
The IT Act 2000 has been amended to keep up

evolving technology landscape. Below are the major chang

introduced in the IT (Amendment) Act, 2008.

 19
Laas
Cher

and penalties
Cybercrime
a.
to
Data Theft: Section 43 of the act was expanded

cover data theft, making unauthorized downloading,

extraction, or copying of data from a system a

punishable offense.

. Hacking: Section 66 was broadened to address

hacking offenses and punish those who alter, delete,

or disrupt any data in a computer system.

Phishing: Section 66C and 66D introduced

punishments for identity theft and cheating by

impersonation, thus covering phishing activities.

Child Pornography (Section 67B): This was added

to penalize offenses involving child pornography,with
increased fines and imprisonment.

b. New cyber crimes introduced

Cyber Terrorism (Section 66F): This section deals

with acts that threaten the sovereignty and integrity

of India through cyber activities, with severe penalties,

including life imprisonment.

C. Digital Signatures

Replaced digital signatures with electronic signatures

to broaden the scope of how digital contracts and

records can be authenticated. This allows a variety
of digital signatures, including biometric and other
forms of authentication.
 20 Cyber Laws and
Security

d. Intermediary Liability

The concept of intermediary liability was

introduced
stating that Internet service providers, web
platforms,
and hosting services are not liable for third-party
data
unless they were aware of the illicit content or
failed

to act on it. However, intermediaries must follow due

diligence to be protected under this exemption.

e. Data Privacy

Section 43A introduced provisions on data protection

and compensation for failure to protect sensitive

personal data.

f. Corporate Liability

Introduced provisions to hold corporates accountable,

if security standards are not followed, leading to data

breaches or cyber crines.

1.5 Post 2008 - Rules and Notifications under the

IT Act

Intermediary Guidelines Rules, 2011:Introduced

detailed guidelines on the responsibilities of inter

mediaries (e.g., social media platforms, web hosting

providers), including the need to remove unlawrut

once notified.
content within a specified time frame

Emergency Respons
CERT-IN: The Indian Computer

Team (CERT-IN) was established as the nodal agency

and
for incident response and handling cyber attacks

data breaches in the country.

 21
Latos
Cuber

IT (Intermediary Guidelines and Digital Media

Ethics Code) Rules, 2021:This amendment has a
major impact on social media platforms, Over-The-Top
(OTT)streaming platforms, and digital news media.

Social Media Guidelines

Grievance Redressal Mechanism: Social media

platforms mustappoint a grievance officer to address
complaints from users. Complaints must be acknowledged
within 24 hours and resolved within 15 days.

Traceability:Large social media platforms are

required toenable traceability of the origin of unlawful
messages. This has raised concerns about user
privacy and encryption.
Content Moderation: Social media intermediaries
must remove illegal content, including that which
threatens public order or decency, within 36 hours
after a government or legal order.

b. Digital Media Regulation

OTT platforms and digital news media must adhere

toa self-regulatory mechanism with oversight by the
government.They are required to classify content by
age-appropriateness and provide a mechanism for
solving user complaints.

1.6 Evolving IT Act Landscape

The evolving landscape of the IT Act, 2000 reflects the

Tapid technologcal advancements and the increasing
igitalization of almost every aspect of life, including
 22
Cyber Laws
and Security
COmmerce, communication, gOvernance, and
interaction. SOcial
As technology evolves, so too do the
challenges
and opportunities related to cyber security,
lated to
privacy, dat:
protection, and the regulation of digital platforms. TheIT Act
has undergone several transformations to address new issues
brought about by these developments. Let's explore the ke

dimensions of the IT Act's evolving landscape:

1. Electronic commerce to comprehensive cyber

security legislation

the IT Act 2000 was enacted to give legal

Initially,

recognition to electronic commerce and digital signatures.

This enabled to use electronic records in legal
proceedings
and business transactions. The growth of cyber crimes.
necessitated to widen its scope. As a result, amendments in

2008 transformed the IT Act into a more comprehensive

legislation covering cyber crimes (hacking, identity theft, and
data theft), data privacy and protection.

2. Intermediary liability expansion

With the growth of social media, online platforms, and

content-sharing services,the role of intermediaries (platforms
like Facebook, Twitter, YouTube, etc.) became critical
Intermediaries were initially given safe harbor protectiot

meaning they were not held liable for third party content on

their platforms as long as they keep vigilant and remove

unlawful content upon notification. As online hate speech
unlawful content etc increased, new amendments like
intermediary guidelines in 2021 given to implement
traceability mechanisms to identify originators of unlawful
to
messages, and respond quickly to government orrders
remove problematic contents.
 23
Laus
Cuher

pata protection and privacy

3.
IT
has become a core issue globally. India's
Data privacy
Section 43A, introduced a basic framework for
Act,through to
individuals affected by a company's failure
compensating
data. This was an interim measure,
sensitive personal
protect
data protection bill is under consideration
and personal
onsuring greater privacy rights for citizens.

4. Cyber security and cyber terrorism

Cyber security landscape has become more complex due

toan increase in threats organized cyber crimes, and cyber

terrorism. The IT Act has evolved to cover:

Cyber terrorisn (Section 66F introduced in 2008):

This section criminalizes acts of cyber terrorism that

threaten the sovereignty, integrity, or security of

India. It recognizes that cyber attacks equivalent to

physical attacks on country.

Critical Infrastructure Protection: Presently critical

sectors such as finance, energy, telecommunications

etc are increasingly dependent on digital systems.
IT Act provitioned cyber security by forming Indian
Computer Emergency Response Team (CERT-IN) to
safeguard national critical infrastructure.

D. Digital Platforms and OTT Regulation

The rise of OTT streaming services like Netflix,Amazon

Pime, and Hotstar, as well as digital news platforms, brought

eW regulatory challenges. With the Intermediary Guidelines
id Digital Media Ethics Code Rules, 2021, digital media and
24
Cyber Laws and
Securit
OTT came under new regulatory
platforms
frameworks
requiring themto categorize content by age
appropriateness
adhere to a self-regulatory mechanism, and respond to
User
complaints. This marked a shift in the IT Act's
Scope to cover
not just cyber security, but also media ethics
and publ,
morality in the digital space.

6. Emerging Technologies and Law

The IT Act is likely to face further amendments with

growth of emerging technologies such as ArtificialIntelligence

(AI),block chain, quantum computing,and the Internet of

Things (IoT). Thesetechnologies present new legal and ethical

challenges, such as:

Data privacy concerns: IoT devices collect enormous

amounts of personal data, often without consent.

AI and automated decision-making: AI systems that

make autonomous decisions (e.g., in finance or

healthcare) may require new legal frameworksaround
liability,accountability, and transparency.
Block chain and smart contracts: Block chain

technology, with its decentralized structure and smart

contracts, challenges traditional legal frameworks.
Future amendments to the IT Act might address these

issueS.

7. Balancing regulation and freedom of speech

One of the most challenging aspects of regulating cybe

spaceis balancing freedom of speech and the need to control

unlawful content. To meet this, IT Act has evolved by adains

below elements.
 25
Cyber LaUs

Content Control: To maintain law and order,

government has introduced several provisions (such
as Sections 69and 79) that give authorities the power
to intercept, monitor, and decrypt any information
generated, transmitted, or stored on digitalplatforms.

This censorship have raised concerns about citizens

privacy.

Debates on Encryption and Traceability: With

government demand to platforms like WhatsApp to
allow traceability of messages (under the 2021 rules),

concerns have been raised regarding the impact on

end-to-end encryption and user privacy. The evolving

regulatory landscape will need to address these

conflicting interests.

8. Global Influence and International Cooperation

As digital issues cross national borders, the IT Act's

evolution will be influenced by international developments
such as

Global standards on data protection General Data

Protection Regulation (GDPR) in Europe.
International cooperation on cyber security and cyber
crime, where Indian laws must align with global
treaties such as the Budapest convention on cyber
crime.

Cross border data flows and jurisdiction issues,

especially with cloud computing and globalplatforms

handling data across countries.
 26 Cyber Laws and Security

1.7Data Protection and Privacy Laws

These laws vary across countries but share common

principles, such as data minimization, transparency, and
Consent.

Data protection and privacy laws in India focus on

safeguarding individuals' personal information and ensuring
its responsible use, particularly as digital services expand.
The Information Technology (IT) Act, 2000 is one of the key
legal frameworks that governs data protection, particularly

through the IT (Reasonable Security Practices and Procedures

and Sensitive Personal Data or Information) Rules, 2011.
These rules outline how companies must handle sensitive

personal information, such as financial data, health records,

and passwords.

A major step forward is the Digital Personal Data

Protection Act (DPDP), 2023. The primary purpose of this act
is to regulate the processing of digital personal data and
respect individuals' rightto protect their data while recognizing

the necessity of processing and using such data for lawful

purposes. The DPDP introduced penalties for data breaches

and non-compliance, reflecting the growing importance of data

security in India's digital economy. The act also provides

individuals with rights such as accessing their data,
rectification, and the right to be forgotten. However,
government access to data remains a debated issue, as the
act allows certain exceptions for state agencies, raising
concerns about surveillance.
Cyber Laws 27

In addition to this, sector-specific regulations exist in

India. RBIguidelines for banking data and telecom regulations

under the TRAI are examples of this.

1.8Principles of Data Protection

Data protection is a set of strategies and measures
designed to safeguard data from unauthorized access,
correction, or loss while ensuring its privacy and integrity.

The key principles of data protection are provided below.

1. Lawfulness, Fairness, and Transparency

Data must be processed lawfully, a fairly, and in

should be
transparent manner. This means that individuals
informed about how their data will be used and must give
a legal reason for data collection.
consent unless there's

2. Purpose Limitation

Data should be collected for specific, explicit, and

legitimate purposes. It should not
be further processed in a
is incompatible with those purposes unless the
manner that
individual gives additional consent
or the law allows.

3. Data Minimization

for the intended purpose

Only data that is necessary
be collected. This minimizes the risk of misuse or
Should

accidental exposure.

4. Accuracy

Personal data must be accurate and keep up to date.

to correct or delete
Organizations should take reasonable steps
inaccurate data.
 28 Cyber Laws and
Security

5. Storage Limitation

Data can be kept till it fulfill the purposes for which it

was collected. After this period, it should be securely deleted

6. Integrity and Confidentiality

Data should be processed with appropriate security. This

includes protection against unauthorized access, accidental

loss, destruction, or damage. Technical measures like

encryption, access control and organizational measures like

policies, training etc has to be used for this.

7. Accountability

Organizations must be able to demonstrate compliance

with data protection laws. This includes maintaining records
of data processing activities, conducting impact assessments,
and appointing data protection officers when necessary.

8. Data Rights

Individuals have below rights over their data

Right to Access: Individuals can request access to

their personal data.

Right to Rectification: Individuals can ask for their

data to be corrected.

Right to Erasure: Individuals can request the

deletion of their data. This is also known as the "right
to be forgotten,"

Right to restrict processing: Individuals can

Tequest organizations only to store their personal

data. They cannot further process or share it.

 29
Laos
Cyber

Right to Data Portability: The right to data

portability is a right that lets individuals

to move their

personal data from one organization to another, or to

access it in a format that is easier to use.

o Right to Object: Individuals can object to data

processing, particularly for marketing purposes.

9. Security ofProcessing
appropriate
Organizations are responsible for implementing
measures to ensure, data
technical and organizational

security.

10. International Transfers

restrict the transfer of

Data protection regulations often
outside a specific
personal data to countries or organizations

region unless the destination

offers an adequate level of protection.

11. Breach Notification

In the event of a data breach, organizations are required

In certain cases, the affected
to notify regulatory authorities.
individuals also need to be notified.

Data Protection Bill in 2019

12. Personal

Data Protection Bill in

India introduced the Personal

2019. This aims comprehensive data protection

to provide
Presently the bill, is in
and privacy laws for Indian citizens.
The key features
Variousstages of discussions and revisions.
of this bill are

Data Protection Authority:Itproposes the creation

of a Data Protection Authority to oversee the imple

mentation of data protection regulations.

 legncelenle
30
dl eko GeB)Secw yber Laws and Sequrjity

Consent for Data Processing: The mandates

bill that
companies must seek consent from individuals before
collecting or processing personal data.

Data Localization: It introduces rules requiring

certain types of sensitive personal data to be stored
within India.

Right to be Forgotten: The bill includes provisions

for individuals to request for the deletion of personal
data from the Internet.

1.9 Privacy Laws and Regulations

laws and regulations are designed to protect
Privacy
individual's personal data. It ensures responsible use of
personnel data by organizations. These laws require
organizations to collect data lawfully, inform about data usage,
and secure personal information from breaches. These laws
varyfrom country to country but generally focus on consent,
transparency, data security, and individual rights.
Organizationsmust comply with privacy laws in all regions
where they operate, making cross border compliance a
challenge. Table 1.3 provides details of privacy laws available
in some countries.
Table 1.3Privacy Laws
Country Privacy
Law Expansion Description
/Region

European GDPR General Data One of the most compre

Union Protection hensive law granting indivi
Regulation duals rights such as data
access, rectification, and
erasure, and imposing strict
penalties for violations.

United HIPAA Health Insurance Law that protects the

States of and of
privacy and security
Portability
Arnerica Accountability health information.
Act.
 Latws 31
Cyher

nite d COPPA Children's On- Law toenforce regulations

States
of line Priva cy concerning children's
America Protection Act. online privacy.

Canada
PIPEDA Personal Infor- Law sets the ground rules
mation Pro
for how private-sector
tectionand
Electronic organizations collect, use,
Documents and disclose personal
Act. information across Canada.

LGPD Lei Geral de This data protection law

Brazil
Proteção de sets guidelines for the
Dados
collection, use, processing,

and storage of personal

data.

laws are primarily governed by the

In India, privacy

Information Technology Act, 2000 and the Information

Technology (Reasonable Security Practices and Procedures
2011.
and Sensitive Personal Data or Information) Rules,
These regulations outline how personal data should be

handled by organizations, focusing on consent, transparency,

and data security. They mandate that companies must obtain
such
consent before collecting sensitive personal information,
to
as financial or health data, and take necessary mneasures
access. India's Personal
protect this data from unauthorized

Data Protection Bill (PDPB), which is proposed but not yet

regulations.
enacted, is expected to bring more comprehensive
and
The bill emphasizes user consent, data localization,
It provides individuals with
accountability for data breaches.
T1ghts such as access, correction,
and deletion of their
for non
personal data and imposes stricter penalties
data flows and
Compliance. It aims to regulate cross-border

that certain categories of data be stored within

mandates
are proposed for children's data
India. Special protections
and sensitive categories such as biometric information.
 CHAPTER 2
CYBER CRIMES

2.1 Cyber rimes

2.1.1 Cyber Fraud
2.1.2 Hacking
2.1.3 Identity theft
2.2 Types of Cyber Crimes
2.2.1 Cyber Bullying and Harassment
2.2.2 Legal Perspective on Cyber Bullying
2.2.3 Reporting yber Bullying
2.2.4 Preventing Cyber Bullying
2.3 HarasSment Laws and Social Media
2.4 Multiple Choice Questions
2.5 Very Short Answer -Questions
2.6 Short Answer -Questions

2.1 Cyber Crimes

Cyber crimes are illegal activities carried out using

Computers, networks, or digital devices. Cyber criminals
exploit vulnerabilities in software or networks to steal data,

money, or disrupt services. The anonymity of the Internet

nakes it easier for perpetrators to avoid detection, leading to
a global rise in cyber threats.
 38 Cyber Laws and Security

2.1.1 Cyber Fraud

It is :type
a of cyber crime that involves using technology

to cheat people, organizations, and governments for financial

gain or to cause disruption. These crimes range from personal
data breaches to large-scale attacks like ransomware. Cyber

frauds are committed by hacking, identity theft, etc.

2.1.2 Hacking

This refers to the unauthorized access and manipulation

of mobile devices, computer systems, networks, or websites,
The goal of hacking is often to steal sensitive data or cause

damage to the.system. Hackers use a variety of techniques,

including phishing emails, malware, and social engineering,

to gain access to a system.

2.1.3 Identity theft

This is a term that applies when someone steals another

person's personal or financial information and uses it without

permission.

2.2 Types of Cyber Crimes

Cyber criminals target individuals, businesses, and even
governments, causing significant financial, reputational, and
emotional damage.Some of the popular types of cyber crimes

are provided below.

Malware Attacks: Infecting computer systems with

malicious software to steal data, disrupt operations.

Ransomware:Encrypting data and asking to meet

their demands for releasing data.

Denial ofService (DoS)Attacks: Pumping system or

network with high data trafficto make it inaccessible

or slow.
 Crimes
39
Cyler

Data Breach:Unauthorized access to sensitive data.

This resultsin financial loss or,reputational damage.

Intellectual Property Theft: Stealing copyrighted

material,such as music, movies, or software.
Online Fraud: Taking money or goods through
onlinetransactions,including creation of fake online
stores, investment scams, romance scams etc.

Cyber Extortion: Threatening to harm or expose

information unless their demands are not met.
Cyber Terrorism: Use technology to harm or create
calamity in society.

Child SexualAbuse Material: Creating,distributing,

or possessing content depicting child sexual abuse.

Online Extremnism: Promoting hateful or violent

ideologies online.

Phishing: Stealing personal, banking, password

information through fraudulent emails, websites, or
messages, disguised as sending by persons or
organizations known to victim.

Identity Theft: Stealing someone's personal

information to assume as that person to commit
fraud.
2.2.1 Cyber Bullying and Harassment

Bullying someone online through messages, posts, or

other means is called cyber bullying. Cyber bullying can take

many forms, but they all involve the use of technology to

harass,threaten, or embarrass someone. Some common types

of cyber bullying are listed in Table 2.1.

 40 Cyber Laws and Securit

Table 2.11 Types of Cyberbullying

Type Description

Flaming Sending hostile or insulting messages.

Denigration Posting negative or false information about
someone online.

Impersonation Pretending to be someone else to harm their

reputation.
Outing Revealing private information aboutsomeone
without their consent.
Exclusion Intentionally excluding someone from online
groups or activities.
Masking Creating fake profiles to harass or threaten
Someone.

Cat Fishing Creating a false online identity to deceive

Someone.

Sexting Sending sexually suggestive messages or

images.
Cyber Stalking Harassing or threatening someone online.

These are just a few examples, and the methods used can
vary widely. Cyber bullying can have serious consequences
like mental health issues, increased stress and anxiety,

depression, acting out violently, low self-esteem, suicide

attempts etc.

2.2.2 Legal Perspective on Cyber Bullying

Cyber bullying, while often seen as a social issue, has

significant legal implications. Laws governing cyber bullying

that have legal grounds are explained below.
Civil / Criminal Laws

harassment or stallking laws that prohibit conduct

Civil
that causes emotional distress or fear can be used to address

cyber bullying. Criminal law can be applied, if cyber bullying

involves threats or physical harm.
 41
Crimes
Cyher

Defamation Laws

incident involves the publication of

If a cyber bullying
lee and harmful information, defamation laws may apply.
false
defamatory
Indian law, writing or speaking untrue
As per

statement is a criminal law.

Privacy / Data Protection Laws

Certain cyber bullying behaviors, such as revealing

nrivate information without consent, may violate privacy laws.

personal information
Data protection laws may be relevant if

is collected or misused in the context of cyber bullying.

Intelle ctual Property Laws

If cyber bullying involves the unauthorized use of

copyrighted or trade marked material, intellectual property

laws may be applicable.

Institutional Policies

Many institutions have specific policies prohibiting

bullying, including cyber bullying and violations of these

policies can lead to disciplinary action.

Social Media Platformn Terms of Service

Social media platforms often have terms of service that

prohibit harassment,bullying, and other harmful behavior

and violations can result in account suspension or termination.

2.2.3Reporting Cyber Bullying

Reporting cyber bullying involves strategies and actions

to handle and mitigate the negative effects of cyber bullying.
A normal breakdown of this process is provided in Figure 2.1
 42 Cyber Laws
and Security
5
4 Seek

Notify Support
3 Talk to a
Authorities
Report to If the cyber trusted

2 Platforms friend,
bullying
Gather Use the reporting involves thrcats family

1 Evidence features on social of violence or member, or

Save and media platforms, counselor to
ldentify the other illegal
get
Issue document all messaging apps,
activities, report
instances of or websites where it to local emotional
Recognize what law
the bullying is support and
constitutes cyber cyber bullying, enforcement.
occurring. Most advice on
bullying, including
of further
including
screenshots platforms have
mechanisms to steps.
repeated messages,
harassment, emails, or social handle abuse.
threats, or media posts.

defamatory

messages online.

Figure 2.1 Cyber Bullying Reporting Process

2.2.4 Preventing Cyber Bullying

Education: Educate individuals, about what cyber

bullying is and how it can affect people. Promote empathy
and respectful online behavior.

Privacy Settings: Encourage the use of strong privacy

settings on social media accounts and online platforms
to control
who can see and interact with posts.
Promote Open Communication: Create an
environmen
where individuals feel comfortable to report cybe
bullying without
fear.

Implement Anti Bullying Policies: Educational

institutions and organizations
should have anti-bu
policies and procedures to
address andI prevent cyber bullying

Encourage Positive Online

Behavior: Promote positive

interactions online,
andencourage others to do the same.
 Crimes
Cuber 43

Monitor Online Activity: Guardians, shall monitor

children's online activity respecting their privacy.This
will help tocatch potential issues early.

By combining reporting mechanisms with proactive

prevention
strategies,individuals and communities can work
together toaddress and reduce the impact of cyber bullying.
2.3 Harassment Laws and Social Media
Cyber harassment, includes online behaviors such as
threats of violence, surveillance (cyber stalking), sexual

harassment (e.g., sending unsolicited explicit content), trolling,

bullying, and doxxing (publishing private information), hate

speech and defamation based on race, gender, sexXuality, or

other protected characteristics. Social media companies have
developed below mechanisms to control harassment.

Reporting and Blocking Too ls: Users can report

abusive content and block harassers.

Algorithms andAI Moderation: Many platforms use

specialized algorithms or AI to detect and remove

harmful content automatically.

Transparency Reports: Many platforms publish

related
reports about the number of harassment
they took.
Complaints they processed and the actions

Victims of online harassment can take different legal steps

depending on their location such as

Filing Complaints with Social Media Platforms:

Victims may report the issue to the platform.
44 Cyber Lawsand Security

Lawsuits: Victims can file civil claims such

Civil as

defamation, invasion of privacy, or emotional

distress

Criminal Charges: In more serious cases, cyber

police may be involved to investigate criminal

harassment, stalking, or threats of violence.

The legal challenges in social media harassment are

Anonymity: Harassers can hide their identity or use

fake accounts, complicating efforts to identify and

prosecute them.

Evidence Collection: Gathering and preserving

digital evidence can be challenging but is crucial for

legal proceedings.

InternationalIssues: Harassment can cross inter

national borders, complicating enforcement of laws.

Jurisdictional Issues: If harassment crosses

borders, legal authorities may find difficulty to

determine jurisdiction.

Content Moderation: Platforms like Facebook,

Twitter, and Instagram have their own policies for

dealing with harassment including reporting

mechanisms and user blocking features, but their
actions (banning accounts, removing posts) may not

always align with local laws

Laws around harassment vary by country but can include

civil and criminal penalties depending on the severity of the

harassment. Below are examples of different legal provisions

 Crimes
Cyler 45
Under US federal law, harassment via electronic
communications fall under interstate communications
laws. Title VIl of the Civil
Rights Act (1964) prohibits
workplace harassment, including online
harassment
based on protected characteristics (race, sex,
religion).

In European Union, General Data Protection

Regulation (GDPR) provides some protections for
individuals by limiting how their personal data can
be shared and used online. European Convention on
Human Rights (Article 8& 10) balances the right to
privacy with freedom of expression, offering remedies
against harassment that violates personal dignity.

In UK Malicious Communications Act (1988) and the

Protection from Harassment Act (1997) criminalize
sending threatening or abusive messages electronically.

In India, Section 66A of the IT Act was struck down,

other provisions like Section 354D (stalking) and

Section 499 (defamation) of the Indian Penal Code

are used to deal with online harassment. Initially,

the Protection of Women from Sexual Harassment

(POSH)act was workplace specific, which is extended

to cases of online sexual harassment.

Oneof the biggest debates about social media harassment

laws is the balance between protecting free speech and

of
preventing abuse. In many democratic countries, freedom
laws aim to
expression is a fundamental right.Harassment
but there is often tension
Curb speech that causes harm,
free
between suppressing harmful speech and preserving
speech rights.