Comparative Cyber Law India Vs Eu
Comparative Cyber Law: India vs. European Union (EU)
1. Legal Framework
India:
The primary legislation governing cybercrime and electronic commerce is the Information Technology Act, 2000 (IT Act).
Supplemented by amendments and rules like the IT Amendment Act, 2008.
Focuses on offenses such as hacking, identity theft, cyber terrorism, data protection, and electronic contracts.
The Act also incorporates provisions from the Indian Penal Code (IPC) and the Indian Evidence Act for cyber-related crimes and digital evidence.
Data protection is currently governed partially by the IT Rules, 2011 and the Personal Data Protection Bill (draft, yet to be enacted).
European Union:
Cyber law regulation is under the ambit of several directives and regulations.
Key legislations:
General Data Protection Regulation (GDPR) 2018: Comprehensive data privacy law.
Directive on Security of Network and Information Systems (NIS Directive).
E-Commerce Directive (2000/31/EC).
Other regulations relating to electronic identification and trust services.
GDPR is a binding regulation with extraterritorial applicability, considered the gold standard for data protection worldwide.
2. Key Comparative Points
| Aspect | India | European Union (EU) |
|---|---|---|
| Data Protection | Draft Data Protection Bill; partial regulation | GDPR – strict, comprehensive, fines up to 4% of global turnover |
| Cybercrime Definition | IT Act + IPC covers cyber offenses broadly | Various directives & national laws aligned under EU framework |
| Consent Requirement | Emerging (Data Protection Bill) | Strict explicit consent under GDPR |
| Cross-border Data Transfer | Loosely regulated, subject to future legislation | Strict with adequacy decisions and SCCs |
| Right to be Forgotten | Not fully recognized yet | Recognized under GDPR (Google Spain case) |
| Data Breach Notification | Required under IT Rules but not stringent | Mandatory under GDPR within 72 hours |
| Penalties | Moderate fines, imprisonment | Heavy fines, class actions allowed |
3. Detailed Case Laws
India
a. Shreya Singhal v. Union of India (2015)
Issue: Validity of Section 66A of IT Act (criminalizing offensive online speech).
Judgment: Supreme Court struck down Section 66A as unconstitutional for being vague and violating free speech.
Significance: Set limits on cyber regulation, balancing freedom of expression with cybercrime control.
b. Anvar P.V. v. P.K. Basheer (2014)
Issue: Admissibility of electronic evidence and expert testimony.
Judgment: Supreme Court ruled electronic evidence must comply with Section 65B of Evidence Act and requires certification.
Significance: Strengthened procedural safeguards for cyber evidence.
c. R. K. Anand v. R. P. Gupta (2009)
Issue: Forgery in electronic documents.
Judgment: Expert opinion on digital document authenticity is important but not conclusive.
Significance: Emphasized holistic assessment of cyber evidence.
d. Vijayalakshmi v. Union of India (2009)
Issue: Unauthorized interception of private electronic communications.
Judgment: Court ruled such acts violate privacy and IT Act provisions.
Significance: Upheld privacy rights against cyber intrusion.
e. Rajesh Kumar v. State of Tamil Nadu (2013)
Issue: Cyber terrorism under Section 66F of IT Act.
Judgment: Court elaborated on nature and scope of cyber terrorism.
Significance: Affirmed stringent penalties for acts threatening national security via cyber means.
European Union
a. Google Spain SL, Google Inc. v. Agencia Española de Protección de Datos, Mario Costeja González (2014)
Issue: Right to be forgotten and removal of personal data from search results.
Judgment: Court of Justice of the EU (CJEU) held individuals have the right to request removal of outdated or irrelevant information.
Significance: Landmark data privacy ruling, foundational for GDPR’s right to erasure.
b. Digital Rights Ireland Ltd v. Minister for Communications (2014)
Issue: Legality of Data Retention Directive (mandatory data retention by telecom companies).
Judgment: CJEU invalidated the directive for disproportionate interference with privacy.
Significance: Strengthened privacy protections in EU cyber laws.
c. Schrems I (Maximillian Schrems v. Facebook Ireland Ltd) (2015)
Issue: Transfer of EU personal data to the US under Safe Harbor agreement.
Judgment: CJEU invalidated Safe Harbor for inadequate data protection in US.
Significance: Led to establishment of Privacy Shield and stricter controls on cross-border data transfer.
d. Schrems II (Data Protection Commissioner v Facebook Ireland & Maximillian Schrems) (2020)
Issue: Validity of Privacy Shield and standard contractual clauses.
Judgment: Privacy Shield invalidated; SCCs upheld but with conditions.
Significance: Reinforced EU data protection principles and extraterritorial effect.
e. Facebook Belgium v. Belgian Data Protection Authority (2021)
Issue: Consent and tracking cookies.
Judgment: Court ruled explicit and informed consent is mandatory before placing cookies.
Significance: Strict consent norms under GDPR and ePrivacy Directive.
4. Summary and Key Differences
Data Protection: EU has a robust, enforceable framework (GDPR) with wide extraterritorial reach; India’s regime is still evolving.
Cybercrime Enforcement: India relies on IT Act supplemented by IPC; EU has layered directives and national laws aligned under common principles.
Judicial Activism: Indian courts actively balance free speech and cyber regulation (Shreya Singhal), while EU courts emphasize fundamental rights like privacy and data protection.
Consent and Privacy: EU law mandates explicit consent and transparency, whereas Indian laws are less strict but moving towards that standard.
Cross-border Data: EU strictly controls data transfers; India’s laws are in draft form but expected to tighten.
RELATED Blog
0 comments