Information Technology Act, 2000

Introduction
One day, you wake up in the morning and check your phone. You are shocked to see that every
piece of data of yours stored in different applications like your phone’s gallery, Face book,
Instagram and Whatsapp has been hacked. You then check your laptop and observe that it has
been hacked. What will you do? Will you sue these social media for not protecting your data or
search the hacker? This is where the information Technology Act comes into the picture. The
Act defines various offences related to breach of data and privacy of an individual and provides
punishment or penalties for them. It also talks about intermediaries and regulates the power of
social media. With the advancement of technology and e-commerce, there has been a
tremendous increase in cyber crimes and offences related to data and authentic information. Even
the data related to the security and integrity of the country was not safe, and so the government
decided to regulate the activities of social media and data stored therein. The article gives the
objectives and features of the Act and provides various offences and their punishments as given
in the Act.

Background of Information Technology Act, 2000

The United Nations Commission on International Trade Law in 1996 adopted a model law on e-
commerce and digital intricacies. It also made it compulsory for every country to have its own
laws on e-commerce and cybercrimes. In order to protect the data of citizens and the
government, the Act was passed in 2000, making India the 12th country in the world to pass
legislation for cyber crimes. It is also called the IT Act and provides the legal framework to
protect data related to e-commerce and digital signatures. It was further amended in 2008 and
2018 to meet the needs of society. The Act also defines the powers of intermediaries and their
limitations.

Schedule of Information Technology Act, 2000

The Act is divided into 13 Chapters, 90 sections and 2 schedules. The following are the chapters
under the Act:

 Chapter1 deals with the applicability of the Act and definitions of various terminologies
used in the Act.
 Chapter 2 talks about digital and electronic signatures.
 Electronicgovernance and electronic records are given under Chapters 3 and 4
respectively.
 Chapter 5 is related to the security of these records and Chapter 6 deals with regulations
of certifying authorities.
  Chapter 7 further gives the certificates needed to issue an electronic signature.
 Chapter 8 gives the duties of subscribers and Chapter 9 describes various penalties.
 Chapter 10 provides sections related to the Appellate Tribunal.
 Chapter 11 describes various offences related to breach of data and their punishments.
 Chapter 12 provides the circumstances where the intermediaries are not liable for any
offence or breach of data privacy.
 The final chapter, i.e., Chapter 13 is the miscellaneous chapter.
The 2 schedules given in the Act are:

 Schedule 1 gives the documents and data where the Act is not applicable.
 Schedule 2 deals with electronic signatures or methods of authentication.

Applicability of Information Technology Act, 2000

According to Section 1, the Act applies to the whole country, including the state of Jammu and
Kashmir. The application of this Act also extends to extra-territorial jurisdiction, which means it
applies to a person committing such an offence outside the country as well. If the source of the
offence, i.e., a computer or any such device, lies in India, then the person will be punished
according to the Act irrespective of his/her nationality.

The Act, however, does not apply to documents given under Schedule 1. These are:

 Any negotiable instrument other than a cheque as given under Section 13 of

the negotiable instruments Act 1981
 Any power of attorney according to section 1 A of the power of attorney Act 1882
 Any sort of trust according to section 3 of the Indian Trusts Act 1882
 Any will including testamentary disposition given under the Indian Succession Act 1925.
 Any contract or sale deed of any immovable property.

Objectives of Information Technology Act, 2000

The Act was passed to deal with e-commerce and all the intricacies involved with digital signatures and fulfill the
following objectives:

The Act seeks to protect all transactions done through electronic means.

E-commerce has reduced paperwork used for communication purposes. It also gives legal
protection to communication and the exchange of information through electronic means.

It protects the digital signatures that are used for any sort of legal authentication.

It regulates the activities of intermediaries by keeping a check on their powers.

It defines various offences related to data privacy of citizens and hence protects their data.

It also regulates and protects the sensitive data stored by social media and other electronic
intermediaries.

It provides recognition to books of accounts kept in electronic form regulated by the Reserve
Bank of India Act 1934

Features of Information Technology Act, 2000

Following are the features of the Act:

 The Act is based on the Model Law on e-commerce adopted by UNCITRAL.

 It has extra-territorial jurisdiction.
 It defines various terminologies used in the Act like cyber cafes, computer systems,
digital signatures, electronic records, data, asymmetric cryptosystems, etc
under section 2 (1)
 It protects all the transactions and contracts made through electronic means and says that
all such contracts are valid. (section 10 A)
 It also gives recognition to digital signatures and provides methods of authentication.
 It contains provisions related to the appointment of the Controller and its powers.
 It recognises foreign certifying authorities (section 19).
 It also provides various penalties in case a computer system is damaged by anyone other
than the owner of the system.
 The Act also provides provisions for an Appellate Tribunal to be established under the
Act. All the appeals from the decisions of the Controller or other Adjudicating officers
lie to the Appellate tribunal.
 Further, an appeal from the tribunal lies with the High Court.
 The Act describes various offences related to data and defines their punishment.
 It provides circumstances where the intermediaries are not held liable even if the privacy
of data is breached.
A cyber regulation advisory committee is set up under the Act to advise the Central
Government on all matters related to e-commerce or digital signatures.

Penalty for damaging a computer system

If a person other than the owner uses the computer system and damages it, he shall have to pay
all such damages by way of compensation (section 43). Other reasons for penalties and
compensation are:

 If he downloads or copies any information stored in the system.

  Introduces any virus to the computer system.
 Disrupts the system.
 Denies access to the owner or person authorised to use the computer.
 Tampers or manipulates the computer system.
 Destroys, deletes or makes any alteration to the information stored in the system.
 Steals the information stored therein.

Compensation in the case of failure to protect data

According to section 43 A, if any corporation or company has stored the data of its employees
or other citizens or any sensitive data in its computer system but fails to protect it from hackers
and other such activities, it shall be liable to pay compensation.

Failure to furnish the required information

If any person who is asked to furnish any information or a particular document or maintain books
of accounts fails to do so, he shall be liable to pay the penalty. In the case of reports and
documents, the penalty ranges from Rupees one lakh to Rupees fifty thousand. For books of
accounts or records, the penalty is Rs. 5000. (section 44)

Residuary Penalty
If any person contravenes any provision of this Act and no penalty or compensation is specified,
he shall be liable to pay compensation or a penalty of Rs. 25000.

Appellate tribunal
According to section 48 of the Act, the Telecom dispute settlement and appellate tribunal
under section 14 of the telegram regulatory authority of Indian Act 1997 shall act as the
appellate tribunal under the Information Technology Act, 2000. This amendment was made after
the commencement of the financial Act 2017.

All the appeals from the orders of the controller or adjudicating officer will lie to the tribunal, but
if the order is decided with the consent of the parties, then there will be no appeal. The tribunal
will dispose of the appeal as soon as possible but in not more than 6 months from the date of
such appeal. (section 57)

According to section 62 of the Act, any person if not satisfied with the order or decision of the
tribunal may appeal to the High Court within 60 days of such order.
Powers
According to section 58 of the Act, the tribunal is not bound to follow any provisions of
the Code of civil Procedure 1908 and must give decisions on the basis of natural justice.
However, it has the same powers as given to a civil court under the Code. These are:

 Summon any person and procure his attendance.

 Examine any person on oath.
 Ask to discover or produce documents.
 Receive evidence on affidavits.
 Examination of witnesses.
 Review decisions.
 Dismissal of any application.

Amendments to Information Technology Act, 2000

With the advancement of time and technology, it was necessary to bring some changes to the Act
to meet the needs of society, and so it was amended.

Amendment of 2008
The amendment in 2008 brought changes to section 68 A of the Act. This was the most
controversial section as it provided the punishment for sending any offensive messages through
electronic mode. Any message or information that created hatred or hampered the integrity and
security of the country was prohibited. However, it had not defined the word ‘offensive’ and
what constitutes such messages, because of which many people were arrested on this ground.
This section was further struck down by the Supreme Court in the case of shreya Singhal vs
Union of India

Another amendment was made in section 69 A of the Act, which empowered the government to
block internet sites for national security and integrity. The authorities or intermediaries could
monitor or decrypt the personal information stored with them.

The 2015 Amendment Bill

The bill was initiated to make amendments to the Act for the protection of fundamental rights
guaranteed by the constitution of the country to its citizens. The bill made an attempt to make
changes to Section 66A, which provides the punishment for sending offensive messages through
electronic means. The section did not define what amounts to offensive messages and what acts
would constitute the offence. It was further struck down by the Supreme Court in the case of
Shreya Singhal declaring it as violative of Article 19.
Information Technology Intermediaries Guidelines (Amendment) Rules, 2018

The government in 2018 issued some guidelines for the intermediaries in order to make them
accountable and regulate their activities. Some of these are:

 The intermediaries were required to publish and amend their privacy policies so that
citizens could be protected from unethical activities like pornography, objectionable
messages and images, messages spreading hatred, etc.
 They must provide the information to the government as and when it is sought within 72
hours for national security.
 It is mandatory for every intermediary to appoint a ‘nodal person of contact’ for 24×7
service.
 They must have technologies that could help in reducing unlawful activities done online.
 The rules also break end-to-end encryption if needed to determine the origin of harmful
messages.

Information Technology (Intermediaries Guidelines and Digital Media

Ethics Code) Rules 2021
The government of India in 2021 drafted certain rules to be followed by the intermediaries. The
rules made it mandatory for intermediaries to work with due diligence and appoint a grievance
officer. They were also required to form a Grievance Appellate Tribunal. All complaints from
users must be acknowledged within 24 hours and resolved within 15 days. It also provides a
“Code of Ethics” for the people publishing news and current affairs, which makes it
controversial. Many believe that the rules curtail freedom of speech and expression and freedom
of the press.

The intermediaries were also required to share the information and details of a suspicious user
with the government if there was any threat to the security and integrity of the country. As a
result of this, writ petitions were filed in various high courts against the rules. Recently, the
Bombay High Court stayed in the case of Agij promotion of Nineteenonea Media Pvt. Ltd vs
Union of India (2021) and Nikhil Wagle vs union of India (2021) the two provisions of the rules
related to the Code of Ethics for digital media and publishers.

CONCLUSION
In conclusion, the Information Technology Act, 2000, has been instrumental in shaping India’s
digital landscape. Its provisions and judicial interpretations have had a profound impact on the
legal framework governing cyberspace. While it has facilitated the growth of the digital
economy, it also requires periodic updates to keep pace with the ever-evolving technological
landscape and emerging challenges.
As the digital world continues to evolve, ITA 2000 will remain a crucial piece of legislation,
guiding India through the complexities of the digital age while balancing the need for innovation,
security, and individual rights.

Bibliography

 Information And Technology Act 2000

 An analysis of loopholes of cyber act
 https://t.me/lawyerscommunity