Proactive compliance with the parameters of Indian Cyberlaw is indeed the urgent necessity of today. Compliance, Compliance & Compliance is the only way to nirvana for all stakeholders in the digital ecosystem
Pavan Duggal, Advocate, Supreme Court of India; Head, Pavan Duggal Associates
Earlier, the scope and ambit of the Information Technology Act, 2000 was limited to use of computers, computer systems and computer networks. However with the advent of the mobile revolution, it was felt that the applicability of the said law needs to be extended to all kinds of mobility related devices. As such the Information Technology (Amendment) Act, 2008 amended the Information Technology Act, 2000. These amendments came into effect from 27th October, 2009. Consequently, the Indian Cyberlaw is applicable to all mobile devices and communication devices whether it is cell phones, mobile phones, smart phones, personal digital assistants or combination of both or any other device which is used to communicate audio,
video, image or text.
By virtue of Section 4 of the Information Technology Act, 2000, electronic format has been granted legal validity. Prior to the coming into effect of the Indian Cyberlaw, there was no legislation that granted legal sanction and validity for the electronic format. However, Section 4 of the Information Technology Act, 2000 has provided the framework for giving legal sanction to electronic format. Section 4 stipulates that where any law provides that any information or any other matter shall be in writing or in the typewritten or printed format, then notwithstanding anything contained in such law, such requirement shall be deemed to be satisfied if the information or matter is rendered or made available in the electronic form and is further accessible so as to be usable for the subsequent reference. The net effect of this is that all the output of computers, computer systems, computer networks, computer resources and communication devices is granted legal sanction and validity under the Indian Cyberlaw.
Concept of Intermediaries
The Indian Cyberlaw has also come up with a unique concept known as “intermediaries”. Intermediary is defined under Section 2(1)(w) of the amended Information Technology Act, 2000 in the widest possible terms. Any person who on behalf of another person receives, stores or transmits any particular electronic record or provides any service with respect to that record becomes an intermediary in India. A perusal of the said definition would clearly show that the definition is indeed very wide and includes within its ambit vast number of legal entities doing business or activities in the electronic ecosystem. These would include Telecom Service Providers, Network Service Providers, Internet Service Providers, Web Hosting Service Providers, Search Engines, Online Payment Sites, Online Auction Sites, Online Marketplaces and Cybercafés. Further the law has also stipulated the liability of intermediaries for any third-party data, information or communication link made available by them. Chapter XII of the Information Technology Act, 2000 details such liability.
This liability is applicable for all service providers who are providing services pertaining to providing micro-payments in rural areas as also all m-banking and m-commerce service providers and all online banking activities amongst other things. Any entity who is an intermediary in the context of electronic governance ecosystem would have to ensure that it complies with the parameters of the Information Technology Act, 2000.
Section 79 of the Information Technology Act, 2000 states that as a principle, intermediary shall not be liable for any third party information, data or communication link made available or hosted by him, provided certain conditions are fulfilled. These conditions include that an intermediary has to observe due diligence while discharging its obligations under the Information Technology Act, 2000 and also observe such other guidelines as the Central Government may prescribe in this behalf. Intermediary is mandated not to initiate the transmission, select the receiver of the transmission and select or modify the information contained in the transmission. Further intermediaries are required that on receiving actual knowledge or being notified by the Government that any information, data or communication link residing in or connected to a computer resource control by the intermediary is being used to commit an unlawful act, then intermediary must expeditiously remove or disable access to that material on that resource. This needs to be done without vitiating the evidence in any manner whatsoever.
A watershed moment in cyberlegal jurisprudence
Section 79 represents a watershed in the history of cyber-legal jurisprudence in India. All service providers will have to ensure compliance with the parameters of Information Technology Act, 2000 including Section 79, so long as they deal with the electronic format as also use of computer systems, computer networks and computers resources.
Most of the service providers in the electronic governance ecosystem have no clue about the requirements of law. Most of the said service providers and electronic projects are operating without ensuring compliance of the parameters of the amended Information Technology Act, 2000 and rules and regulations made there under.
With advent of the mobile revolution, it was felt that the applicability of Information Technology Act, 2000, needs to be extended to all kinds of mobility related devices
This presents a huge challenge as far as Indian nation is concerned. Non-compliance with the parameters of the Information Technology Act, 2000 presents two major legal exposures for all service providers who are providing any services in the electronic governance ecosystem or electronic or mobile commerce or banking activities. Such service providers need to appreciate that in case if they do not comply with the parameters of the Indian Cyberlaw, they could potentially face both civil and criminal legal consequences. The civil consequences could consist of being sued for damages by way of compensation upto 5 Crores INR per contravention under the Information Technology Act, 2000 and beyond 5 Crores INR in a court of competent jurisdiction. These are the summary proceedings and can be initiated provided the parameters of Section 43 of the Information Technology Act, 2000 are fulfilled. Section 43 prescribed various grounds of damages can be sought including on the ground of unauthorized access, downloading, copying and extracting data, introducing a computer contaminant, damaging of computer system or diminishing value or utility of information residing therein or affecting the same injuriously by any means as also other grounds.
Further the top management of such intermediary company could also be exposed to criminal consequences which could consists of imprisonment for the top management ranging from three years upto life imprisonment. Clearly, the Information Technology Act, 2000 has a huge impact on compliances.
All relevant stakeholders who are providing any services of any kind whatsoever in the electronic governance ecosystem have to wake up to the new reality that they have to ensure compliance with the parameters of Information Technology Act, 2000. If they do not do so, not only could their business be impacted, but more significantly their exposure to unwanted consequences could have a detrimental impact upon their standing, reputation, goodwill and repute. The providers of m-banking and m-commerce as also other intermediaries have to specifically ensure that they not only comply with the parameters of the Information Technology Act, 2000 but also comply with the parameters of the Information Technology Rules, 2011. It is pertinent to point out that on 11th April, 2011, the Government of India notified four distinct set of rules which are collectively known as Information Technology Rules, 2011. These include the Information Technology (Electronic Service Delivery) Rules, 2011, the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Or Information) Rules, 2011, the Information Technology (Intermediaries Guidelines) Rules, 2011 & the Information Technology (Guidelines for Cyber Cafe) Rules, 2011. These Rules provide various parameters of compliance by the relevant stakeholders.