Information Technology Act, 2000

The Information Technology Act, 2000 was enacted by the Indian Parliament in 2000. It is the primary law in India for matters related to cybercrime and e-commerce. The act was enacted to give legal sanction to electronic commerce and electronic transactions, to enable e-governance, and also to prevent cybercrime. Under this law, for any crime involving a computer or a network located in India, foreign nationals can also be charged. The law prescribes penalties for various cybercrimes and fraud through digital/electronic format. It also gives legal recognition to digital signatures.


The flaws of IT Act 2000 are:

  • Lack of Transparency:
    • Section 69A grants to the government the power to issue directions to intermediaries for blocking access to any information that it considers prejudicial to, among other things, the sovereignty and integrity of India, national security, or public order.
    • Section 69A (3) envisages a jail sentence for up to seven years for intermediaries who fail to comply.
    • In 2009, the government also issued “Blocking Rules”, which set up the procedure for blocking (including regular review by government committees), and also stated that all requests and complaints would remain strictly confidential.
  • Privacy issues:
    • The IT Act also doesn’t address privacy issues – privacy is now a fundamental right and the law needs to specifically address privacy concerns, but that’s not the case.
  • Poor protection of cybersecurity:
    • The Indian IT Act is not a cybersecurity law and therefore does not deal with the nuances of cybersecurity.
    • Indian citizens have been victims to numerous instances of data breach and privacy violations – take for instance the Cambridge Analytica incident, or the Aadhaar account breach of 1.1 billion citizens, or for that matter the 2018 personal data leak incident of 5 lakh Google+ users.
  • Lack of expertise:
    • regular police personnel, specifically any officer holding the rank of inspector, are responsible for investigating nefarious online activities. The difficulty that arises here is that cybercrimes are a nuanced form of criminal activity that require years of specialised training and a deep understanding of technology to probe adequately.


Struck down of Section 66A of the IT Act

  • In Shreya Singhal vs. Union of India (2015), the Supreme court struck down Section 66A of the IT Act.
  • The section had criminalised the sending of any message through a computer resource that was grossly offensive, menacing, or caused annoyance, inconvenience, danger, insult, injury and intimidation.
  • The Court found the offence was defined so widely that both innocent and offensive messaging could be brought under its ambit.

It led to the constitutional protection for free speech and expression.


Way forward: