“SECURING DIGITAL INDIA: CYBERSECURITY MEASURES AND HUMAN

RIGHTS IMPLICATIONS”

AUTHOR; CO-AUTHOR;
Shalini Jha Rohan R Patil
3rd Year BBA LLB 3rd Year BBA LLB
ISBR Law College, Bengaluru ISBR Law College, Bengaluru
[email protected] [email protected]
8859066688 6361717628
ABSTRACT

In today’s era cyber security plays a very major role in the development of the society. Where
data has become a sensitive information which can be easily access by anyone in the public
domain. With the exponential increase in internet user has led to major issue of “right to
privacy”. Whereas India faces significant cyberattacks including ransomware, hacking,
phishing . India is still in the stage of processing IT laws and Data Privacy Laws. India’s
engagement with global cyber security frameworks and adherence to international law has
become crucial. On the other hand after the Declaration of the Landmark judgement of the
case in the Supreme Court of India which led to the major concern of ‘Right to Privacy’ in
India. Thereafter Government of India has introduced several law enforcement agencies,
public awareness campaigns, aimed at enhancing the cyber security policy and the
establishment of the Indian Computer Emergency Response Team. And it becomes very
important when it comes to the access of knowledge in rural areas and underdeveloped areas
where literacy rate is low. Cyber Security and Human Rights in India both Go hand in hand
which require a delicate balance between the fields of protecting rights and individual
freedoms. To ensure that their data is save and will not be retain for any other purpose other
specified purpose. Where Government Can take actions in case of infringement right to
privacy. The Personal Data protection laws which led to further development in the field of
cyber security.

KEYWORDS
Cyber Attacks, Phising, hacking, ransomware/ Public awareness campaigns.

INTRODUCTION

When the National Cyber Security Policy came into force in 2013, IT became one of the most
critical sectors, significantly influencing people's lives and simplifying many aspects.
However, crimes like cyberbullying have increased. The sector has transformed lives,
especially in India, where world-class IT services have grown rapidly, driven by government
support. Cybersecurity involves safeguarding networks, computers, programs, and data from
unauthorized access, often compromised by operator negligence. The increasing reliance on
computer systems and the Internet of Things (IoT) presents new security challenges.
Human rights, intrinsic to all, including the right to freedom of speech, must be upheld in
cybersecurity approaches, aligning with global human rights regulations. The evolution of
cyberspace impacts almost every aspect of human life. Big Data and the Internet of Things
present security challenges, highlighted by cyberattacks like those on Estonia’s Financial
system and the Stuxnet malware sabotage of Iran’s nuclear facilities. National security
dominates the electronic security conversation, but it often overlooks the human rights of
almost 2.7 billion data users, restricting access to information and self-expression.

For example unauthorized data access, widespread governmental monitoring, and deliberate
assaults on human rights advocates and reporters violate privacy rights. Most people will
experience some form of cybersecurity threat, such as government surveillance or data
breaches, which can have severe consequences based on their societal position. A notable
incident was the 2017 Equifax data leak, where 148 million US citizens' personal details were
hacked, including Social Security and driver's license details, along with 209,000 credit card
numbers.

Cyberattacks against information infrastructures are seen as confidential consumer details

with the government without a warrant. Cryptography is a preventive measure to safeguard
personal information during communication, and prohibiting encrypted messages violates
privacy and online anonymity. Encryption, a neutral technology, is essential for protecting
information. The cyber arms race has reduced internet freedom within states, highlighting the
requirement for a balanced approach to cybersecurity that respects human rights.

RESEARCH METHODOLOGY

This research paper is Descriptive in nature and based upon the facts and the circumstances
and deep analysis of Cyber Security and Human rights in India. Key Source of Information in
this research are Indian Journals, Newspapers, websites.
 1. ADOPTING CYBER SECURITY STRATEGIES WHICH INTERRUPT
HUMAN RIGHTS

Cyber Security approaches which impacts human rights typically involves upon the
measures that can violate the Right to Privacy, freedom of expression which includes
mass surveillance which includes monitoring of internet activity, phone calls and other
modes of communication without specific suspicion. Blocking or filtering of content
sometimes can lead to the limited information access which restricts freedom of
expression. Data Retention policy of the Companies can also lead to a bad
consequences which can directly or indirectly impact the life of a consumer ,
subscriber and internet users. This poses risk to privacy and can be misused for
surveillance. Tracking the users internet activity and analyzing them can lead to the
violation of right to privacy and freedom of expression. Governments may shut down
internet access during protest or civil war can impact the right to information and
freedom of assembly.

1.1 APPLYING A HUMAN RIGHT APPROACH TO CYBER SECURITY

The First and foremost aspect is Ensure the protection and promotion of human rights
within the digital environment. It must uphold the right of an individual. This includes
securing data against unauthorized access and ensuring that surveillance practices are
lawful. And it must ensure that every individual have the equal access to all the
information irrespective of Gender, caste, race. Both states and cybersecurity must be
accountable for in case of any breach of data. And redress in case of violations of
rights. Laws and regulations must incorporate human rights protection such as the
(GDPR) General Data Protection Regulations in the European Union and UDHR rules
whereby everybody has the equal right to access the data.

Companies should adopt best practices for data protection, transparency and
accountability, ensuring their cybersecurity measures respect user rights. Promoting
digital literacy and awareness about human rights in cyberspace.
1.2 DISTRIBUTED- GOVERNANCE APPROACH TO CYBER SECURITY
Cybersecurity involves decentralizing decision- making and management responsibilities
across multiple shareholders, including governments, civil and distribute the authority to
multiple teams or organization, allowing quicker and more localized responses to
cybersecurity. Implement continuous monitoring systems and feedback mechanisms to
adapt and improve the cybersecurity measures based on realtime data. Another important
thing is that collaborative frameworks among various stakeholders, including
government agencies, private companies. And non-profits to share intelligence and best
practices.

And Another way to solve this is through by developing common standards and
protocols to ensure coordinating response to cyber security. And Ensure that all the
stakeholder have the necessary knowledge and skills through regular training and
awareness programs.

1.3 ROLES OF STAKEHOLDERS IN CYBER SECURITY

Ideally, governments, the private sector, civil society and the technical community
plays an major role in creating and implementing cybersecurity policies and decision
to ensure compliance and protect national security interests. Civil Society has a
different role in being able to advocate for cyber security policies from a human
rightsbased approach. It facilitates in sharing threat intelligence and best practices
among public and private sector entities. Private companies can contribute in the form
security measures such as firewalls, encryption, and intrusion detection systems, to
protect their networks and data. Ensuring that they were complied by the rules as
mentioned in GDPR, HIPAA or industry – specific security frameworks. And through
providing education and training programs for individual to enhance their cyber
security skills. Developing International standards and frameworks for cybersecurity
to promote cooperation among countries. It helps the individual users being aware of
common cyber threats practicing good cyber hygiene. Using strong passwords,
keeping software up to date, and reporting suspicious activities. individual to enhance
 their cyber security skills. Developing International standards and frameworks for
cybersecurity to promote cooperation among countries. Using strong passwords,
keeping software up to date, and reporting suspicious activities training through
academic programs and certifications. In this way it plays an very major role in the
development of Cyber security policies.

1.3.1 SECURITY FOR WHOM? SECURITY FROM WHAT? SECURITY BY

WHAT MEANS?

The State always try to protect to protect itself from political instability, imposes
excessive measures for self-preservation, and becomes a source of insecurity itself.

In Vietnam, a cybersecurity law enacted last year empowers the government to

require tech companies to provide access to large quantities of data, including
personal information, and to censor user posts.. The Act came into force in 2018
where it has been clearly mentioned about the Data Localization which means
restore the data of Vietnam’s users locally within Vietnam’s territory. It allows the
government agencies to monitor and collect the data, including personal information
for the purpose of cybersecurity. It requires the users to provide their real identities
when using online services and social media apps. Where it has been clearly stated
that it will impose fines and other penalties for the violation of law, including failure
to comply with the laws data and localization requirements or providing users data to
entities without government approval. Despite criticism, the Vietnamese
government has defended the law as necessary for national security and maintaining
social order in the digital age. It also requires the user to provide their real identities
when using online services and social media platforms.

Few more examples of the countries who has enacted the same procedure The
previous year in China, a cyber security law was implemented that requires company
to prohibit the information which was a complete restriction on Chinese people.
And it mandates the storage of Chinese users data within the country. In Israel, the
Cyber Security and National Cyber Directorate Bill came into effect in 2018. This
Law aims to enhance Israel’s cybersecurity capabilities by establishing a legal
 framework for addressing cyber threats, protecting critical and promoting
Information sharing and collaboration between public and private entities.

Cyber Defense Directorate which defends Israel’s military networks and

infrastructure from cyber threats.

1.4 WHY CYBER SECURITY IS A HUMAN RIGHTS ISSUE?

According to FOC definition of Cyber Security (OFCOM) The federal office for
communication in Switzerland defines cybersecurity as “ It refers to the measures and
control that ensures the confidentiality, integrity and availability of information and
information system against unauthorized access, attack use or damage”. For instance,
the law infringes on various rights by excessively limiting access to information and
curtailing freedom of expression. This restriction extends to the right to assemble and
impacts a range of economic, social, and cultural rights. In 2028, 196 internet
shutdowns were recorded in 68 countries. Numerous instances exist where the
confidentiality of information has been compromised, whether through data breaches,
financial motives, extensive government surveillance, or targeted attacks on human
rights defenders or journalists, violating the “right to privacy” among other rights.
These breaches of data confidentiality and communication are tied to severe human
rights abuses, such as detention, torture, and extrajudicial killings. A notable example
is the surveillance of Saudi dissident Omar Abdulaziz, whose phone was allegedly
infected with Pegasus spyware developed by the Israeli company NSO Group. This
spyware allows for extensive surveillance, including access to message, emails calls
and even the camera and microphone of the device. The surveillance of Abdulaziz’s
phone revealed certain data which led to significant breach of data. And raised the
concerns about the extent of Saudi Arabia’s reach in targeting dissidents abroad.

1.5.1 JAMAL KHASHOGGI CONNECTION

Abdul Aziz was in close connection with the Saudi Journalist Jamal Khashoggi, who
was murdered in the Saudi Consulate in Istanbul in October 2018. Their
communication led to the violation of human rights and communication movement
 against the Saudi government, were likely to monitored through the spyware. These
legal actions have brought international attention to the use of sophisticated spyware
against activist and the broader implications for privacy and human rights. Abdulaziz
continues to face threats and intimidation tactics from the Saudi Government, aimed
at silencing his activism and deterring others from speaking out. While most of the
people are likely to experience some form cyber insecurity in their lifetime. Human
rights defenders, journalist and people in position are more likely to be targeted by the
government or lateral surveillance. The conditions are becoming worse day by day As
more people and devices are connected, the risk that come with cyber insecurity will
only increase. Unfortunately, Government are either not Centring Cyber security
discussions on human rights they are using it as an excuse to exercise more control
over the internet.1

1.5.2 SUGGESTIONS AND SOLUTION TO OVERCOME FROM THIS

PROBLEM

• Challenge Prevailing Views on Human Rights and Security;

It's essential to challenge the notion that human rights impede security,
particularly the assertion that encryption stands in the way of security.
Encryption is crucial for protecting privacy and freedom of expression.

*Human Rights-Based Approaches to Cybersecurity*

Cybersecurity laws, policies, and practices should be grounded in human
rights principles. The Freedom Online Coalition’s Internet Free and Secure
Working Group has established norms to ensure that cybersecurity policies
are consistent with human rights laws.

• Corporate Responsibility and Accountability;

Companies must adhere by the rule of human rights, with governments
holding them accountable. The UN Guiding Principles based on Business
and Human Rights provide a framework, but increased scrutiny and

1 Ronald Deibert, “Why NSA spying scares the world,” 12 June 2013,
CNN, http://www.cnn.com/2013/06/12/opinion/deibert-nsa-surveil-lance
 oversight of tech companies are needed. Conduct human rights impact
assessments and cybersecurity due diligence to secure information and
protect human rights.
• Inclusive and Multidisciplinary Cybersecurity Processes;

Cybersecurity should be inclusive and multidisciplinary, integrating human

rights and technical expertise. Self- reliant oversight of national security
threats and greater transparency and public debate are necessary. Digital
technologies pose new challenges, Additional documentation, research, and
analysis are needed to consider human rights and security as
complementary..

1.6 DEFENSE ADVANCE RESEARCH PROJECTS AGENCY ( DARPA)

The Defense Advance Research Projects Agency, is one of the most significant
Development to DARPA. It is an virtual internet that will enable the military to test
its cyber defense capabilities before deploying them. DARPA’s sole objective is to
make pivotal mission and investments in breakthrough technologies for national
security. DARPA is heavily involved in developing advanced cybersecurity
technologies to protect the United States’ Digital Infrastructure from Evolving
threats. DARPA has invested in projects aimed at creating automated systems that
can detect mitigate cyber-threats. It helps to enhance the technologies and improve
cybersecurity defense. It helps to develop cybersecurity defenses to learn from and
adapt to new threats.

1.7 EQUIFAX DATA BREACH CASE STUDY

Equifax, a leading credit reporting company in the United States, announced on

September 8, 2017, that it had fallen victim to a cyberattack resulting in a significant
data breach. The breach occurred between mid-May and July 2017 but was only made
public in September. The personal information of approximately 147 million
individuals was exposed, including Social Security numbers, birth dates, and, in some
 cases, other sensitive data. it led to the breach of data which includes credit card
numbers. Sometimes Lending institution record these data for the purpose of lending
the money. This breach resulted in significant financial loss including expenses related
to settlements and compensation for the effected family. This also compromised the
information which increased the risk of identity theft and fraud.2

2 Adam shell, “Equifax data breach: Still haven't frozen your credit since the huge hack? Here's how”,
usatoday.com, 6th sept 2018, /
1.8 GOVERNMENT RESPONSE TO THE INCIDENT

The response ranged from negotiation to suing for damages to enacting stricter credit
reporting agency and privacy laws, as well as strict penalties against Equifax. In
October. addition to this they were imposed certain restriction on Equifax.3

1.9 WHAT’S UP WITH WHATSAPP? A TRANSATLANTIC PERSPECTIVE ON

PRIVACY AND MERGER ENFORCEMENT IN DIGITAL MARKETS

WhatsApp, owned by Meta Platforms Inc has undergone certain changes to its data
privacy policy, when the acquisition was happened in 2014. The updated privacy
policy, especially that one introduced in 2021, allows for extensive data sharing with
the Meta. First, as businesses a mass more detailed and revealing profiles of their
customers, a single data breach can lead to the broader trover of information falling
into the hands of hackers. Second, as richer data sets are subjected to predictive
analytic tools, from the customers by stealing their data. In competitive investigation
of data the European Data Protection Supervisor (EDPS) an EU Privacy regulator, has
emphasized the competitiveness of data. The European Data Protection Supervisory
Authority has clearly stated in the policy that merger enforcement in digital markets
should be based on a broader definition of the consumer harm that goes beyond
looking solely at competitive effects and accounts for risks to consumer privacy. In
2007, after investigating Google’s acquisition of DoubleClick , The FTC for the First
time publicly drew the intersection of privacy and antitrust. In both the United States
and Europe ,Google was the leading source of search advertisements, and both firm
were major players in displaying the add – Advertisment such as corporate logo to
 establish brand identity. Websites Basically use “ad intermediaries” to monetize their
less lucrative real estate. Google was a major online advertisement intermediary for its
AdSense product, and DoubleClick was a leading online ad server. The Electronic
Privacy Information Centre (EPIC), the Centre for Digital Democracy (CDD), and the
United States Public Interest Research Group (USPIRG) filed a suit with the federal
trade commission (FTC). The Google and Double click werte not near real future

)
competitors. The EC also assessed the agreement completely based on the basis of its
competitive consequences, that its decision did not affect the parties different
obligations under European Data Protection Regulations.

1.10.1 FACEBOOK DATA BREACH CASE

The Facebook data breach incident took place in 2018 where a British political
consulting firm that combined data mining brokerage and analysis. With the strategic
communication for electoral processes. In 2014 ,Dr. Aleksandr Kogan a researcher at
Cambridge University. Developed a Facebook app called’ ’This is your Virtual Life”.
The App offered certain question where it has collected certain data including
personal details were collected. Which led to the data – collection from approximately
87 million users. This breach resulted in widespread criticism of Facebook’s Data
privacy practices and raised questions about the ethics of the data collection. And
which led to the violation of the rule of (Federal Trade Commission).4

2. ROLE OF NATIONAL CYBER SECURITY POLICY, 2013

The cybersecurity policy is an evolving initiative aimed at addressing the needs of
ICT users by providing tailored solutions. It supports the government, IT sector, users,
and enterprises of all sizes, ensuring secure data handling and creating a safe
computing environment. This includes the development of secure electronic
transaction software, services, and device networks. The policy helps protect data
from exploitation and malicious activities. Disruptions, such as data breaches, can
lead to various issues like cyber threats to individuals and businesses, phishing,
 identity theft, cyber terrorism, and complex threats targeting mobile devices and
smartphones.
1.VISION
• IT AIMS AT TO SECURE THE NATION’S CYBERSPACE AND TO
PROTECT THE RIGHTS OF AN INDIVIDUAL.

2. MISSION

/
• The sole of Cyber Security Policy 2013 in India is to prevent Cyber threats , reduce
vulnerabilities and minimize damage from various cyber incidents which took place in
the recent years. And this mission was proved helpful in reducing the cases of cyber
crimes in india.

OBJECTIVES - To create a secure cyber ecosystem in the country which will

ultimately help to generate encrypted access to data and enhance adoption of IT in all
sectors of the economy.

- To establish a secure cyber ecosystem in the country, ultimately enabling

encrypted data access and promoting IT adoption across all economic sectors.
- To develop an assurance framework and protocols for designing security
policies and to promote and facilitate the implementation of global security standards.
- To strengthen the protection and resilience of the nation's critical information
infrastructure by providing 24/7 services and strategic information about threats to
ICT infrastructure at both national and sectoral levels.
- To offer fiscal incentives to businesses for adopting standard practices and
processes. - To foster an environment that encourages effective communication and
promotion strategies.
- To enhance global cooperation by promoting a shared understanding and
building strong relationships to advance security initiatives and improve the cyber
ecosystem.

4. STRATEGIES.

A. *Creating a Secure Cyber Ecosystem:*

- The main strategy is to design a national nodal agency model to coordinate all
matters related to cybersecurity in the country, defining specific roles and
responsibilities.
- To encourage all organizations, both private and public, to appoint a senior
management member as the Chief Information Security Officer (CISO), responsible
for cybersecurity efforts and initiatives.
- To offer fiscal schemes and incentives to motivate entities to enhance and upgrade
their information infrastructure in line with cybersecurity standards.
- To establish a mechanism-driven approach for adopting guidelines and protocols.
.

B. CREATING AN ASSURANCE FRAMEWORK.

The basic idea behind this is to promote a Global best practices and which will help
further in the improvement in the field of Cyber Security. To create infrastructure for
conformity assessment and certificate of compliance to cyber security practices IS
system audits, Penetration testing application security testing, web security testing. To
enable implementation of global security best practice in formal risk assessment and
risk management processes. To encourage secure application /Software development
for best practices.
 C.HUMAN RESOURCE DEVELOPMENT.
To Foster education and training programs for both in formal and informal sectors to
support the Nation’s cyber security. To establish cyber security training infrastructure
among the people by way of public agreements. To establish cyber security training
awareness lab for private partnership arrangements. To establish institutional
mechanisms for the people to create awareness among the people.

C. DEVELOPING EFFECTIVE PUBLIC PRIVATE PARTNERSHIPS. To

establish collaboration and cooperation among stakeholders entities including
private sector. To establish for collaborations and engagement of all the
important stakeholders. To create a “THINK TANK FOR CYBER
SECURITY” policy inputs and discussions which will help to implement it in
the further development.

D. COMMON METHODOLOGIES

• NIST RISK MANAGEMENT FRAMEWORK (RMF)

• Formulated by the National Institute of Standards and Technologies.
• Provides a structured process integrating security and risk management
activities into the system development life cycle.

OCTAVE (Operationally Critical Threat, Asset , and Vulnerability Evaluation)

• Self -Directed Information security evaluation methodology.
• Focuses on organizational risks and involves stakeholders from across the
organization.
F ISO / IEC (International Organization For Standardization)
• It gives assessment guidelines for information security risk management.
• Complements ISO/IEC 27001 and covers the identification, assessment and
treatment of risks.
F FAIR (FACTOR ANALYSIS OF INFORMATION RISK)
• It provides Quantitative model for understanding, analyzing, and measuring
information risk.
• Emphasizes the Financial Impact of risk.

1. ROLE OF GDPR (GENERAL DATA PROTECTION REGULATION) IN

DATA PRIVACY.

• In today’s era where the data has become the major concern The European
Union has introduced General Data Protection which came into force in 2018.
Since then most of the other countries and states have enacted.

THE PRINICIPLES BEHIND THE GDPR.

• LAWFUL ,FAIRNESS AND TRANSPARENCY - Processing of personal data

must be abided by the law, fair and transparent to data subject.
• PURPOSE LIMITATION- Organizations must retain the data for legitimate
purposes that have been specifically agreed to by the data subject when the
data was collected.

• DATA MINIMIZATION – Organizations should only retain the data process as

much as data as absolutely necessary for agreed purposes.

• ACCURACY – Organization must keep personal data secure and up to date.

• INTEGRITY AND CONFIDENTIALITY – Data processing should be done in

such a way as to ensure appropriate security, integrity, and confidentiality ( e.g
by using encryption)

• ACCOUNTABILITY- The organization is accountable for being able to

comply all these principles under GDPR Compliance.
 THE RIGHTS OF CITIZENS AND CONSUMERS AND DATA RETENTION
POLICY UNDER GDPR.

• The Individual have their own choice whether they should the give consent or
not.
• Citizens have the right to erase this data if desired.
• The individuals has right to object to the use of personal data for profiling
individuals.

CYBER SECURITY IN INDIAN LAW AND ROLE OF INFORMATION

TECHNOLOGY ACT ,2000 (IT ACT).
The first legislation which came into picture is IT Act which is governing cyber
activities in india. It gives a legal recognition to electronic transactions and addresses
cyber crime data protection and cyber security.

DATA PROTECTION AND PRIVACY.

The IT Act specifically specifies the section for Data Protection under section 43A and
Section 72A.After the tremendous increases in the rate of Cyber crimes that is where
the Digital Personal Data Protection Bill,2023 which aims to regulate the processing
of personal data and safeguard individuals privacy.
HUMAN RIGHTS IN INDIAN LAW
• CONSTITUTION OF INDIA. The constitution guarantees fundamental rights such as
the right to equality under Article 14 and freedom of speech and expression under
Article 19 and protection of life and personal liberty 21.
INTERNATIONAL HUMAN RIGHTS OBLIGATIONS

• India has signed a several signatory to various international human rights, which
includes the Universal Declaration of Human Rights and the international convenant
on Civil and Political Rights.
STATUTORY BODIES.

• The National Human Rights Commission monitors and promotes human rights
protection in India.

INTERSECTION OF CYBER SECURITY AND HUMAN RIGHTS.

• PRIVACY- It ensures that cyber security measures do not violate the right to privacy.
The Personal Data Protection bill measures the concern over surveillance and data
misuse.

• FREEDOM OF EXPRESSION:-It ensures the freedom of speech which has been

guaranteed under constitution of india which prevents from hate speech or misinformation.

4. RECENT JUDGEMENTS IN INFORMATION TECHNOLOGY ACT,2000

6.1 SECTION 43 – PENALTY AND COMPENSATION FOR DAMAGE TO

COMPUTER SYSTEM

• K. RAMAJAYAM V/S THE INSPECTOR OF POLICE:

This case has given the landmark judgement in IT laws where it has been said that the DVR is
an electronic record within the meaning of section 2(t) of the IT Act 2000, as it stores data
and capable of output.

FACTS;
In 2013, one of the biggest compensation awarded in legal adjudication of a cyber crime
dispute , Maharashtra’s IT secretary Rajesh Aggarwal had ordered PNB to pay Rs 45 Lakh to
the complainant Manmohan Singh Matharu , MD of Pune based firm Poona Auto Ancillaries.
A fraudster had sent Rs 80 Lakh from Matharu’s account in PNB, Pune after Matharu
responded to a phishing email. Complainant was Obliged to share the liability since he
responded to the Phishing mail but the bank was found negligent due to lack of proper
security checks against fraud accounts opened to defraud the complainant.

In conclusion the counsel for petitioners placed strong reliance on the Supreme Court
judgement in PV Anvar v. PV Basheer In this it has given a landmark judgement that
electronic evidence can be taken into consideration only if they are accompanied by the
certificate required under 65B(4).
 6.2 SECTION 67- PUNISHMENT FOR POSTING OBSCENE MATERIAL IN
ELECTRONIC FORM

• AVNISH BAJAJ VS STATE BAZEE.COM CASE:

CEO OF E- COMMERCE PORTAL AVNISH BAJAJ IN THIS CASE THEY CLEARLY

DEFINED THE LIABILITY OF A ONLINE CONTENT PLATFORM AND THAT OF IT’S
USER WAS ARRESTED AND GIVEN BAIL AFTER UNDER SECTION 67 OF THE IT
ACT ON ACCOUNT OF AN OBSCENCE VIDEO UPLOADED ON BAZEE.COM FOR
SALE. HE PROVED DUE DILIGENCE BUT IN 2005 INFORMATION
TECHNOLOGY ACT DID NOT HAVE ANY PROVISIONS RELATED TO
‘INTERMEDIARY’.

CONCLUSION AND SUGGESTIONS

The Government should come up with a plan where they can ensure that all the policies are
enforced consistently. This includes regular audits and review of security policies. To ensure
that they remain effective and Government should Enhance their policy of IDS where they
can monitor and control incoming and outgoing network traffic. And ensure that people
should use the VLANs and subnetting to isolate sensitive systems and data. There must be an
Data Encryption both at rest to protect it from unauthorized access. There must be an Backup
and recovery procedures to ensure backups are secure and tested regularly in case of
ransomware and attacks. And There must be an training and awareness programs for all
employees to recognize phishing attacks. “AFTER ALL DATA IS AN ASSET FOR ALL OF
US.”