Jurisdiction in Cyberspace

and Extraterritorial
Jurisdiction in India
 KEY QUESTIONS
• What are the key issues and challenges in
determining the jurisdiction in cyber space?
• How does the Long Arm Statute and Minimum
Contact rule impact the determination of personal
jurisdiction in cyber space?
• What is the significance of the Convention on
Cybercrime, and why have some major countries not
ratified it?
• What are the suggestions proposed to address the
challenges of jurisdiction in cyber space, and how
can they be implemented effectively?
 Jurisdiction in Cyberspace and Extraterritorial Jurisdiction in India

• Cyberspace has become an integral part of our daily

lives, transcending geographical boundaries and
presenting unique challenges to traditional legal
frameworks.
• The issue of jurisdiction in cyberspace refers to the
authority of a state to apply its laws to activities,
transactions, or entities that occur online.
• With the borderless nature of the internet,
determining jurisdiction becomes complex, especially
when offenses involve multiple jurisdictions or cross-
border elements.
 Laws and Legal Frameworks
• Information Technology Act, 2000
• General Data Protection Regulation (GDPR)
• United States' Jurisdictional Framework
Information Technology Act, 2000
(India)
– The IT Act is India's primary legislation governing
cyberspace. It provides legal recognition to electronic
documents, digital signatures, and other cyber
activities.
– Section 1(2) of the Act explicitly provides for its
extraterritorial application, allowing Indian courts to
assert jurisdiction over offenses committed outside
India if they involve a computer system located in
India.
•
 General Data Protection Regulation
(GDPR)

• Enforced by the European Union (EU), the GDPR

regulates the processing of personal data of
individuals within the EU, irrespective of the
location of the data controller or processor.
• GDPR's extraterritorial reach extends to
businesses outside the EU that offer goods or
services to EU residents or monitor their behavior
 United States' Jurisdictional
Framework
• The U.S. asserts jurisdiction based on the
effects doctrine, which allows it to regulate
conduct occurring outside its territory if it has
a substantial effect on its interests.
• Several laws, including the Computer Fraud
and Abuse Act (CFAA) and the Electronic
Communications Privacy Act (ECPA), provide
for extraterritorial jurisdiction over
cybercrimes with a nexus to the U.S.
 International Standpoint
• Harmonization Efforts : Various international
organizations, including the United Nations, the
Council of Europe, and the International
Telecommunication Union, are engaged in efforts to
harmonize laws related to cybersecurity and
jurisdiction in cyberspace
• Budapest Convention on Cybercrime: Also known as
the Council of Europe Convention on Cybercrime, it is
the first international treaty addressing internet and
computer crime. It promotes international cooperation
in investigating and prosecuting cybercrimes while
respecting sovereignty and jurisdictional issues.
 Jurisdiction under the Information
Technology Act, 2000
• Key Provisions Regarding Jurisdiction
• Section 1(2):
• Section 1(2) of the IT Act explicitly provides for
its extraterritorial application. It states that
the Act applies to any offense or
contravention committed outside India by any
person if the act or conduct constituting the
offense involves a computer, computer
system, or computer network located in India
 Explanation to Section 75
• Section 75 of the IT Act deals with the power of
the Central Government to notify offenses under
the Act.
• The Explanation to Section 75 clarifies that an
offense or contravention committed outside India
by a person who is not an Indian citizen but
affects a computer, computer system, or
computer network located in India, shall be
deemed to have been committed within the
territorial jurisdiction of India.
 Section 79

• Section 79 of the IT Act provides for the

exemption of intermediaries from liability for
third-party content. However, it also requires
intermediaries to comply with certain due
diligence requirements.
• While Section 79 primarily deals with the liability
of intermediaries, it indirectly impacts
jurisdiction by establishing obligations for
entities operating in the cyberspace governed by
Indian law.
 Section 2(1)(zb)

• section 2(1)(zb) of the IT Act defines the term

"computer" as any electronic, magnetic, optical, or
other high-speed data processing device or system,
which performs logical, arithmetic, and memory
functions by manipulations of electronic, magnetic, or
optical impulses and includes all input, output,
processing, storage, computer software, or
communication facilities that are connected or related
to the computer in a computer system or computer
network.
• This broad definition of "computer" ensures that
various devices and systems fall under the purview of
the Act, regardless of their physical location
 Cases and Legal Developments
• Yahoo! Inc. v. Akash Arora & Anr. (1999)
• This case is one of the earliest instances of
jurisdictional issues arising in cyberspace in India.
Yahoo! was sued in India for hosting auctions of
Nazi memorabilia, which was considered
offensive under Indian laws.
• The Delhi High Court held that Yahoo! could be
sued in India because its services were accessible
and had effects within the country, despite being
based outside India.
• Avnish Bajaj v. State (2005)
• Avnish Bajaj, the CEO of Baazee.com (now
eBay India), was arrested in India for hosting a
sale of an obscene video clip on the website's
platform. The case raised questions about the
liability of intermediaries under Indian law
and highlighted jurisdictional challenges in
regulating online content hosted on platforms
operated by foreign entities
• Shreya Singhal v. Union of India (2015)
• In this landmark case, the Supreme Court of India
struck down Section 66A of the Information
Technology Act, 2000, which allowed for the
arrest of individuals for posting allegedly
offensive content online.
• The judgment emphasized the importance of
protecting free speech in cyberspace and curbing
overbroad and vague laws that could infringe on
fundamental rights.
 Cases and Legal Developments
• Microsoft Corp. v. United States (2018):
• In this landmark case, the U.S. Supreme Court
ruled that the government cannot compel
Microsoft to disclose emails stored on servers
located outside the U.S., emphasizing the
importance of territorial sovereignty in
cyberspace.
• Google Spain SL, Google Inc. v. Agencia
Española de Protección de Datos, Mario
Costeja González (2014)
• The Court of Justice of the European Union
(CJEU) held that Google is subject to EU data
protection laws and must remove links to
personal information upon request, even if
the information is lawful and accurate
• Shreya Singhal v. Union of India (2015):
• The Supreme Court of India declared Section
66A of the IT Act unconstitutional, affirming
the importance of free speech online and
limiting the government's power to restrict
internet content.
• Bennett Coleman & Co. Ltd. v. Union of India
(2008)
• This case dealt with the applicability of Indian
laws to online gambling websites hosted on
servers located outside India.
• The Delhi High Court held that if a website is
accessible in India and has an impact on Indian
citizens, Indian courts have jurisdiction to
adjudicate disputes arising from such websites,
even if the servers are located abroad