India needs a dedicated cyber security law

Pavan Duggal

Cyber Law Expert

The year 2021 promises to usher in a new era of cyber legal developments and growth as far as India is concerned. This year is expected to witness a plethora of activities which will contribute to evolving cyber legal frameworks and related ecosystems in India.

One of the keenly awaited developments in Indian cyber law jurisprudence is the National Cyber Security Strategy. This strategy not only aims to build on the National Cyber Security Policy 2013 but also be a comprehensive guiding gospel for individuals, policymakers as well as other stakeholders. The strategy is likely to throw more light on the appropriate response mechanisms concerning the enhancement of cyber security in government and other sectors.

The Union Government has been working on the National Cyber Security Strategy for quite some time and the entire world is looking up with bated breath to see how the strategy will evolve. The strategy should inform the relevant authorities of everything they need to take into consideration while dealing with cyber security ramifications concerning their operations.

This assumes more significance as India is consistently on the radar as a potential target by cybercriminals and cyber security breaches. Given the fact that India does not have a law on cyber security, the strategy should be seen as an interregnum step, before India graduates to having a full-fledged cyber security law.

While all attention will be on the new strategy, we need to be mindful of its legal ramifications. The strategy document will be the manifestation of the government’s thought processes and will not have the statutory penal force behind the same, unlike a law passed by Parliament. Hence, the strategy would be only a directory and not mandatory.

Very quickly, India will have to start working extensively on coming up with a dedicated national cyber security law. The need for having such a law is immense because that will be an important tool to protect India, its cyber security and cyber sovereign interests. At a time when a lot of other countries have already started coming up with dedicated laws on cyber security, India is slightly behind the curve. There is a need for appropriate action in this regard.

Cybercrime, including phishing, identity theft and fraud, has massively increased in the past one year. However, its coverage under the existing laws is neither adequate nor comprehensive. We are further likely to see consolidation in cybercrime penetration. This would underline the need for coming up with more effective and deterrent legal frameworks and more stringent provisions to fight cybercrime.

Hopefully, 2021 would see the government focusing on more effective ways of trying to combat cybercrime.

Another major cyber law trend in India for 2021 will be the passing and implementation of the Personal Data Protection Bill, 2019. Historically, India has not had a dedicated data protection law. The government had tabled the Personal Data Protection Bill, 2019 before Parliament in December 2019. The year 2020 saw the said Bill under the active consideration of a Joint Parliamentary Committee.

It is expected that the parliamentary committee would come up with its report this year and on the basis of the same, the government is likely to make appropriate changes in the Personal Data Protection Bill, 2019 and have it passed in Parliament. This Bill is likely to change the rules of the game in terms of providing stringent obligations for all data-handling entities. Implementing the personal data protection law will strengthen the Indian information technology ecosystem, apart from strengthening appropriate protection for personal data. Hence, all stakeholders need to be prepared for a new set of compliances concerning data protection in 2021.

This year is also likely to see the government coming up with new approaches to deal with the protection of non-personal data. This is important as the Personal Data Protection Bill, 2019, has a limited mandate of protecting personal data and non-personal data is outside its ambit. It will be imperative for the government to work extensively on the protection of non-personal data as well.

It is expected that there will be movement towards appropriate amendments to the Information Technology (IT) Act, 2000. This Act is India’s mother legislation to deal with all activities in the electronic ecosystem. This law was passed more than two decades back and only got amended in 2008 and has been crying for appropriate amendments to make it more topical and relevant with the passage of time.

It is also hoped that 2021 could potentially see more appropriate changes in the Indian cyber law to incorporate enabling legal provisions to deal with the challenges thrown up by newly emerging technologies.

Given the developments in Indian cyberspace and the increasing digitisation, these emerging cyber law trends should help further develop and refine legal approaches towards cyberspace issues.

Join Whatsapp Channel of The Tribune for latest updates.