CYBER LAW - I

By: Veena Kumari

Faculty of Law
University of Lucknow
Lucknow

Disclaimer: This content is solely for the purpose of e-learning by students and any
commercial use is not permitted. The author dose not claim originality of the content and it
is based on the following reference.
 LLB.(Hons) (Fifth Year) IX Semester
(Optional Paper) : Paper-VII-E
&
L.L.B.(Three years course)(Third Years) Vth Semester
(Optional Paper) : Paper VII. F

Cyber Law – I
Unit I : Cyber Space
➢ Fundamentals of Cyber Space
➢ Understanding Cyber Space
➢ Interface of Technology and Law Defining Cyber Laws
Unit II. Jurisdiction in Cyber Space
➢ Jurisdiction in Cyber Space
➢ Concept of Jurisdiction
➢ Internet Jurisdiction
➢ Indian Context of Jurisdiction
➢ International position of Internet Jurisdiction Cases in Cyber Jurisdiction
Unit III. E-commerce- Legal issues
➢ E-commerce- Legal issues
➢ Legal Issues in Cyber Contracts
➢ Cyber Contract and IT Act 2000
➢ The UNCITRAL Model law on Electronic Commerce

Unit IV. I.P.R. & Cyber Space

➢ Intellectual Property Issues and Cyberspace – The Indian Perspective
➢ Overview of Intellectual Property related Legislation in India
➢ Copyright law & Cyberspace
➢ Trademark law & Cyberspace
➢ Law relating to Semiconductor Layout & Design
 Unit III

I. E-Commerce- Legal Issues

In simple words, e-commerce is the commercial transaction of services in the electronic
format. By definition, e-commerce is:
“Any transaction conducted over the Internet or through Internet access, comprising
the sale, lease, license, offer or delivery of property, goods, services or information,
whether or not for consideration, and includes the provision of Internet access”.

Further, in order to measure e-commerce, the US Census Bureau looks at the value of
the services and/or goods sold online. They look at transaction over open networks like the
internet and also proprietary networks running Electronic Data Interchange systems.
Electronic commerce or e-commerce legal issues industry in India has come a long way since
its early days and has been growing rapidly across the world. The industry has matured and
has seen the entry of many new players in the market. India is considered as a profitable
market for these e-commerce businesses.
E-commerce refers to a wide range of online business activities related to a variety of
products and services. It is where in the business transactions, the parties interact
electronically and not by physical exchanges or direct physical contact, which are more
traditional methods of business.
A more detailed definition of e-commerce is, “The use of electronic communications and
digital information processing technology in business transactions to create, transform,
and redefine relationships for value creation between or among organizations, and
between organizations and individuals.”
When any e-commerce platforms are created, the enterprise should use either proprietary
technology or validly licensed technology.
The Consumer Protection E-Commerce Rules, 2020
To protect the consumers from unfair trade practices and to address their concerns, the
Ministry of Consumer Affairs, Food and Public Distribution on July 23, 2020 notified the
Consumer Protection (E-Commerce) Rules, 2020. The E-commerce Rules have primarily
been formulated with the objective to regulate the E-commerce sector in India and protect
consumers from unfair trade practices on such platforms.
The Consumer Protection (Ecommerce) Rules 2020 attempts to combine the teeth of the
consumer Protection Act 2019, Indian exchange control laws (IEC Regulations) and the
Information Technology Act 2000, to ensure fair play in technology and data-driven
ecommerce environment.
There are six types of e-commerce as per the type of transactions:

• Business to business (B2B)

• Business to consumer (B2C)
• Consumer to Business (C2B)
• Consumer to consumer (C2C)
• Consumer to Administration (C2A)
• Business to Administration (B2A)
What provision does the Indian Information Technology Act have for e-commerce?

The Indian Information Technology (IT) Act provides legal recognition to the e-records and
e-signature, which are the foremost steps to facilitate e-commerce.
Under this Act, the Ministry of Electronics & Information Technology (MEIT) has proper
rules laid down for reasonable security practices and procedures as well as for sensitive
personal data and information.

II. Legal Issues in Cyber Contracts

(i) E-Contract or online contract

According to the Indian Contract Act, 1872, a contract needs a proposal and an acceptance
of the proposal which transforms into a promise. Further, a consideration supports the
promise and becomes an agreement. Also, an agreement enforceable by law is a contract. In
the online environment, a series of contractual obligations form online contract.
The Indian Contract Act and the IT Act must be read in conjunction to understand the legal
validity of e-contracts. Thus, e-contracts are governed by the basic principles of a valid
contract that mandates that the contract must be entered in with free consent and a lawful
consideration between two competent parties. Also, Section 10A of the Information
Technology Act, 2000 provides the validity of the e-contracts.
Further, section 3 of the Evidence Act provides that the evidence may be in electronic form.
The Supreme Court in Trimex International FZE Ltd. Dubai v. Vedanta Aluminium Ltd. has
held that e-mails exchanges between parties regarding mutual obligations constitute a
contract.
In an online environment, the possibility of minors entering into contracts increases, more
so with the increasing usage of online medium among teenagers (read minors here) and
their preference to shop online or purchase online goods/services. It becomes crucial for an
online business portal to keep such possibility in consideration and qualify its website or
form stating that the individual with whom it is trading or entering into the contract is a
major.
Stamping of contracts is yet another issue- An instrument that is not appropriately
stamped may not be admissible as evidence unless the necessary stamp duty along with the
penalty has been paid. But payment of stamp duty is applicable in case of physical
documents and is not feasible in cases of e-contracts. However, as the payment of stamp
duty has gone online and e-stamp papers are available, it can become a possibility later that
stamp duty might be asked on e-contracts as well.
The other crucial issue is the consent and the way offers are accepted in an online
environment. In a click wrap and shrink wrap contract, the customers do not have any
opportunity to negotiate the terms and conditions and they simply have to accept the
contract before commencing to purchase. Section 16(3) of the ICA provides that where a
person who is in a position to dominate the will of another, enters into a contract with him,
and the transaction appears, on the face of it or on evidence adduced, to be
unconscionable, the burden of proving that such contract was not induced by undue
influence shall lie upon the person in a position to dominate the will of the other. So, in
cases of dispute over e-contracts the entity carrying out the e-commerce will have the onus
to establish that there was no undue influence. Further, section 23 of the ICA provides that
the consideration or object of any agreement is unlawful when it is forbidden by law, or is of
such a nature that if permitted, it would defeat the provisions of any law; or is fraudulent, or
involves or implies injury to the person or property of another, or the Court regards it as
immoral or opposed to public policy
(ii) Data Protection
Security of the information provided during an online transaction is a major concern.
The Information Technology (Reasonable security practices and procedures and sensitive
personal data or information) Rules, 2011 and the Section 43A of the IT Act together
provide a structure and guidelines for the protection of data in India.
Section 43A of the IT Act the "Reasonable practices and procedures and sensitive personal
data or information Rules, 2011" provides a framework for the protection of data in India.
Data can be personal, which has been defined as "any information that relates to a natural
person, which, either directly or indirectly, in combination with other information
available or likely to be available with a body corporate, is capable of identifying such
person." The date can also be sensitive and a sensitive personal data consists of password,
financial information, physical, physiological and mental health condition, sexual
orientation, medical records and history and biometric information. The entity collecting
data should have a privacy policy in place, should always obtain consent from the provider
of sensitive information and maintain reasonable security practices and procedures.
Unauthorized access to personal information and any misuse of such personal information
should be checked by the online goods/service providers.
It is required of the Company to take all reasonable precautions to prevent any corruption,
damage, loss or destruction of the private information and/ or data, even upon the
termination of the contract between the parties. The contracts often have specific clauses
to deal with such privacy concerns and they bind all employees, agents, and subcontractors.

(iii) Intellectual Property Rights

Intellectual Property Rights ("IPR")- E-commerce websites are designed and sometimes
operated by other parties specializing in the field. Often the content is also managed by a
third party. There are enormous possibilities of trade mark, copyright or patent
infringements in online medium. E-commerce websites are designed and made by other
parties and often the content is also created by third parties. Unless the agreements
between the parties specifically provide the IP rights, there can be serious ownership issues
of IPR. Any usage of third party IPR should have valid approvals in place. In interactive
websites, the disclaimer and IPR policy should clearly spell out these issues and
goods/service providers should also keep a watchful eye on the usage of their websites
regularly. Domain names have trade mark protection and deceptively similar domain names
can give rise to disputes. In Satyam Infoway Ltd v. Sifynet Solutions Pvt Ltd., the Supreme
Court had held that "a domain name may pertain to the provision of services within the
meaning of section 2(z) of the Trade Marks Act."

(iv) Competition
E-commerce has already generated a lot of competition with ever increasing players and
acquisition of several old players in the market and has enabled development of new
services, new distribution channels, and greater efficiency in business activities. Creation e-
hubs where significant market share lies can lead to certain competition issues if they
appear to have developed sustainable market power resulting from network effects and/or
engaging in strategic acts to preserve or maintain their market power. Potential issues for e-
commerce players would be price fixing or tacit collusion or anti-competitive discrimination
or refusal of access to third parties. E-commerce players should refrain from collusion and
excessive pricing. Options for parties to use same web platform for different kinds of
products/services can give rise to different intermediaries and that can lead to collusive
behaviour. Market transparency should be encouraged.

The frequent improvement in the laws and rules and regulations shall make the e-
commerce legal issues marketplace a pleasant experience for the consumers. Though the
laws are being made more stringent for the e-commerce players yet it shall ensure its
growth and increased investments.

(v) Efficient delivery system and an effective supply chain and

service management
It is important to always keep consumer protection issues in consideration in e-commerce.
The Consumer Protection Act, 1986 ("CPA") governs the relationship between consumers
and goods & service providers and there are no specific provisions related to online
transactions. Liability for a goods/service provider arises when there is "deficiency in
service" or "defect in goods" or occurrence of "unfair trade practice". The CPA specifically
excludes from within scope any service rendered free of cost. So, if only the actual sale is
taking place in the online medium, the users will be considered as consumers under the
CPA. The goods/service providers may be asked to remove defects/deficiencies, replace the
goods, return the price already paid, compensate and discontinue the unfair trade practice
or the restrictive trade practice and not repeat them.
Under the Information Technology (Intermediaries Guidelines) Rules, 2011,
the intermediaries have the obligation to publish the rules and regulations, privacy policy
and user agreement for access or usage of the intermediary's computer resource by any
person. Such rules and regulations must inform the users of computer resource not to host,
display, upload, modify, publish, transmit, update or share certain prescribed categories of
prohibited information. Also, the intermediary must not knowingly host or publish any
prohibited information and if done should remove them within 36 hours of its knowledge.
In Consim Info Pvt. Ltd v. Google India Pvt. Ltd, the Delhi Court recognized that no
injunctive relief could be granted to Consim since it did not pass the triple test of
(i) prima facie case
(ii) balance of convenience and
(iii) irreparable hardship
but here the decision of the court was greatly influenced by the fact that the trademarks in
dispute were generic in nature. The court also observed that though the intermediary,
Google, cannot be made liable for infringement arising out of a third party's actions since it
is not possible to always check every advertisement posted online; however, this
observation was subject to section 3(4) of the aforesaid Intermediaries Guidelines and
Google had to act upon it within 36 hours of receipt, failing which it may be held liable.

(vi) Advertising:
Advertising is an important and legitimate means for a seller to awaken interest in his
products. For long, advertisements were regulated by the courts, government, tribunals, or
police that depended upon the nature of each case. Additionally, absence of a single
comprehensive legislation created a lot of confusion in terms of a proper code to follow by
the industry and the authority to regulate or guide the pattern of advertising. In 1985, the
Advertising Standards Council of India ("ASCI"), a non statutory tribunal, was established
that created a self regulatory mechanism of ensuring ethical advertising practices. ASCI
entertained and disposed off complaints based on its Code of Advertising Practice ("ASCI
Code").
The advertisements should make truthful and honest representations and avoid false and
misleading claims, should not be offensive to public decency or morality, not promote
products which are hazardous or harmful to society or to individuals, particularly minors,
observe fairness in competition keeping in mind consumer's interests and avoid obscene or
harmful publication and indecent representation of women.

Some other issues relating to e–commerce.

1. Domain name
The chosen name must not be similar or like to the name of registered trademarks,
especially of well-known trademarks. Registering a domain that is close or similar to the
name brand is considered an offense known as "cybersquatting". In the Internet there are
different databases, where domains can be checked for a similarity with registered
trademarks. On the website of the World Intellectual Property Organization can be found a
public database facilitating searching into registered trademarks here
2. Website
The well optimized and functional website with friendly user interface plays a key role for
the success of the e–commerce. The contract for its creation should cover a wide range of
legal issues. Firstly, the contract or the enclosed Terms of reference should set out clearly,
Other important issues in the contract are clauses for tests and warranty period for
debugging, assigning rights and responsibility for the actions of subcontractors (if any)
provisions for disclosure of confidential information made known to the contractor in
connection with the creation of the website, clauses for warranties and liability for failure,
and others depending on the specifics of the contract.
3. Terms and conditions, required information
E-commerce site must contain certain information that is expressly referred to the Law on
Consumer Protection. These duties include providing information to the user regarding the
name and the address of the provider, the general characteristics of the
commodities/services, the price of the commodities/services, including all taxes and fees,
the cost of postal or transport charges, which are not included in the price of the
commodities/services, related to their delivery, the cost of using a mean of communication
from distance, when it is calculated in a way, different from the one indicated in the general
tariff, the way of payment, delivery and implementation of the contract, the right of the
customer to withdraw from the contract and the conditions in which the commodity may be
returned, the period for which the particular offer or price shall be valid, the minimal
duration of the contract for contracts of constant or periodical delivery of
commodities/services. Those who not perform the legal obligation for providing
commodities/services. Those who not perform the legal obligation for providing required
user information can be fined in amount 300 to 3000 BGN.
4. Return policy
The Law on the consumer protection which regulate the sales in e-commerce contains an
unambiguous provision for the right of every costumer to return the purchased goods
within seven days term after the delivery. The law does not require the presence of defects
or inconsistency in the good quality; neither any reason for return has to be mentioned. The
conditions upon which the right of return of goods purchased over the Internet cannot be
exercised by the user are explicitly listed in the law. In any other case the entrepreneur
should respect the legal right of the costumer and should accept back the purchased goods
upon existence of the conditions for returning.

III. Cyber Contract and IT Act 2000

The legal framework for e-commerce is increasingly becoming complex even in one single
jurisdiction. Things become more and more complicated when you are faced simultaneously
with hundreds of potentially applicable legislation because you are entering agreements
with customers located anywhere in the world.
Information Technology Act, 2000
United Nations, an international organization created in the aftermath of the Second
World War works for cooperation among the countries.
In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted
the model law on electronic commerce (e-commerce) to bring uniformity in the law in
different countries.
Further, the General Assembly of the United Nations recommended that all countries must
consider this model law before making changes to their own laws. India became the 12th
country to enable cyber law after it passed the Information Technology Act, 2000.

The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17,
2000. It is the law that deals with cybercrime and electronic commerce in India. In this
article, we will look at the objectives and features of the Information Technology Act, 2000.
In the IT Act, 2000, there are special provisions under Chapter III to grant legal recognition
to electronic records, signature.
Objectives of the Act

• The Information Technology Act, 2000 provides legal recognition to the transaction
done via electronic exchange of data and other electronic means of
communication or electronic commerce transactions.
• This also involves the use of alternatives to a paper-based method
of communication and information storage to facilitate the electronic filing of
documents with the Government agencies.
• Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872,
the Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934. The
objectives of the Act are as follows:
 • Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.
• Give legal recognition to digital signatures for the authentication of any information
or matters requiring legal authentication
• Facilitate the electronic filing of documents with Government agencies and also
departments
• Facilitate the electronic storage of data
• Give legal sanction and also facilitate the electronic transfer of funds
between banks and financial institutions
• Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934, for keeping the books of accounts in electronic form.
Features of the Information Technology Act, 2000
✓ All electronic contracts made through secure electronic channels are legally valid.
✓ Legal recognition for digital signatures.
✓ Security measures for electronic records and also digital signatures are in place.
✓ A procedure for the appointment of adjudicating officers for holding inquiries under
the Act is finalized
✓ Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act.
Further, this tribunal will handle all appeals made against the order of the Controller
or Adjudicating Officer.
✓ An appeal against the order of the Cyber Appellant Tribunal is possible only in the
High Court
✓ Digital Signatures will use an asymmetric cryptosystem and also a hash function
✓ Provision for the appointment of the Controller of Certifying Authorities (CCA) to
license and regulate the working of Certifying Authorities. The Controller to act as a
repository of all digital signatures.
✓ The Act applies to offences or contraventions committed outside India
✓ Senior police officers and other officers can enter any public place and search and
arrest without warrant
✓ Provisions for the constitution of a Cyber Regulations Advisory Committee to advise
the Central Government and Controller.

Amendment Act 2008: Being the first legislation in the nation on technology,
computers and e-commerce and e-communication, the Act was the subject of
extensive debates, elaborate reviews and detailed criticisms, with one arm of the
industry criticizing some sections of the Act to be draconian and other stating it is
too diluted and lenient. There were some conspicuous omissions too resulting in the
investigators relying more and more on the time-tested (one and half century-old)
Indian Penal Code even in technology based cases with the I.T. Act also being
referred in the process and the reliance more on IPC rather on the ITA.
 Thus the need for an amendment – a detailed one – was felt for the I.T. Act almost
from the year 2003-04 itself. Major industry bodies were consulted and advisory
groups were formed to go into the perceived lacunae in the I.T. Act and comparing it
with similar legislations in other nations and to suggest recommendations. Such
recommendations were analysed and subsequently taken up as a comprehensive
Amendment Act and after considerable administrative procedures, the consolidated
amendment called the Information Technology Amendment Act 2008 was placed in
the Parliament and passed without much debate, towards the end of 2008 (by which
time the Mumbai terrorist attack of 26 November 2008 had taken place). This
Amendment Act got the President assent on 5 Feb 2009 and was made effective
from 27 October 2009.

Applicability and Non-Applicability of the Act

Applicability
According to Section 1 (2), the Act extends to the entire country, which also includes Jammu
and Kashmir. In order to include Jammu and Kashmir, the Act uses Article 253 of the
constitution. Further, it does not take citizenship into account and provides extra-territorial
jurisdiction.
Section 1 (2) along with Section 75, specifies that the Act is applicable to any offence or
contravention committed outside India as well. If the conduct of person constituting the
offence involves a computer or a computerized system or network located in India, then
irrespective of his/her nationality, the person is punishable under the Act.
Lack of international cooperation is the only limitation of this provision.
Non-Applicability
According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable
to the following documents:

• Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except

cheques.
• Execution of a Power of Attorney under the Powers of Attorney Act, 1882.
• Creation of Trust under the Indian Trust Act, 1882.
• Execution of a Will under the Indian Succession Act, 1925 including any other
testamentary disposition by whatever name called.
• Entering into a contract for the sale of conveyance of immovable property or any
interest in such property.
• Any such class of documents or transactions as may be notified by the Central
Government in the Gazette.
These are the provisions under the IT Act, 2000 in the context of e-governance.:

1 Legal Recognition of Electronic Records (Section 4)

Let’s say that a certain law requires a matter written, typewritten, or printed. Even in the
case of such a law, the requirement is satisfied if the information is rendered or made
available in an electronic form and also accessible for subsequent reference.

2. Legal recognition of digital signatures (Section 5)

Let’s say that the law requires a person’s signature to authenticate some information or a
document. Notwithstanding anything contained in such law, if the person authenticates it
with a digital signature in a manner that the Central Government prescribes, then he
satisfies the requirement of the law.
For the purpose of understanding this, signature means a person affixing his handwritten
signature or a similar mark on the document.
3. Use of electronic records and digital signatures in Government and its agencies (Section
6)
(1) If any law provides for –the filing of a form, application, or any document with any
Government-owned or controlled office, agency, body, or authority the grant or issue of any
license, sanction, permit or approval in a particular manner also, the receipt or payment of
money in a certain way Then, notwithstanding anything contained in any other law in
force such as filing, grant, issue, payment, or receipt is satisfied even if the person does it in
an electronic form. The person needs to ensure that he follows the Government-approved
format.
(2) With respect to the sub-section (1), may prescribe:
the format and manner of filing, creating or issuing such electronic records also, the manner
and method of payment of any fees or charges for filing, creating or issuing any such records
4. Retention of electronic records (Section 7)
(1) Let’s say that the law requires the retention of certain records, documents or
information for a specific period. In such cases, the requirement is also satisfied if the
retention is in an electronic form, provided:
the information contained therein is accessible and also usable for a subsequent reference.
the format of the electronic record is the same as the one originally created, received or
sent. Even if the format is changed, then it must accurately represent the original
information. the electronic record contains details to facilitate the identification of the
origin, destination, and also the date and time of the dispatch or receipt of the record.
This is provided that the clause does not apply to any information which is automatically
generated primarily for the purpose of enabling an electronic record for dispatch or receipt.

(2) Nothing in this section applies to any law which expressly provides for the retention of
records, documents or information electronically.
5. Publication of rules, regulations, etc., in Electronic Gazette (Section 8)
Let’s say that law requires the publishing of official regulation, rule, by-law, notification or
any other matter in the Official Gazette. In such cases, the requirement is also satisfied
if such rule, regulation, order, bye-law, notification or any other matter is published in the
Official Gazette or Electronic Gazette.
However, the date of publication of the rule, regulation, by-law, notification or any other
matter is the date of the Gazette first published in any form – Official or Electronic.

6. Section 6,7 and 8 do not confer a right to insist document should be accepted in
Electronic form (Section 9)
It is important to note that, nothing contained in Sections 6, 7, and 8 confer a right upon any
person to insist either the acceptance, issuance, creation or also retention of any document
or a monetary transaction in the electronic form from:
1.Ministry or Department of the Central/State Government
2.any authority or body established under any law by the State/Central Government
7. Power to make rules by Central Government in respect of digital signature (Section 10)
The IT Act, 2000 empowers the Central Government to prescribe:

• Type of digital signature

• The manner and format of affixing the digital signature
• Procedures which facilitate the identification of the person affixing the digital
signature
• Control processes and procedures to ensure the integrity, security, and
confidentiality of electronic payments or records
• any other matter which is legally important for digital signatures
Regulation of Certifying Authorities
The Information Technology Act, 2000 has established a Certifying Authority to regulate the
electronic transactions.
The following sections pertain to the regulation of certifying authorities:

• Appointment of the Controller and other officers (Section 17)

• Functions of Controller (Section 18)
• Recognition of Foreign Certifying Authority (Section 19)C
• Controller to act as a repository (Section 20)
• License to issue Digital Signature Certificates (Section 21)
• Power to investigate contraventions (Section 28)

Detailed Analysis of provisions dealing with the appointment of certifying Authorities

1. Section 17 – Appointment of the Controller and other officers
The Central Government may appoint a Controller of Certifying Authorities after notifying
the Official Gazette. They may also appoint Deputy Controllers and Assistant Controllers as it
deems fit.

The Controller discharges his responsibilities subject to the general control and
also directions of the Central Government
The Deputy Controllers and Assistant Controllers shall perform the functions assigned to
them by the Controller under the general superintendence and also control of the
Controller.
The qualifications, experience and terms and conditions of service of Controller, Deputy
Controllers, and Assistant Controllers shall be such as may be prescribed by the Central
Government.
The Head Office and Branch Office of the office of the Controller shall be at such places as
the Central Government may specify, and these may be established at such places as the
Central Government may think fit.
There shall be a seal of the Office of the Controller.
2.Functions of controller (section 18)

A Controller performs some or all of the following functions:

• Supervise the activities of the Certifying Authorities and also certify their public keys
• Lay down the standards that the Certifying Authorities follow

Specify the following:

• qualifications and also experience requirements of the employees of all Certifying

Authorities
• conditions that the Certifying Authorities must follow for conducting business
• The content of the printed, written, and also
visual materials and advertisements in respect of the digital signature and the public
key
• The form and content of a digital signature certificate and the key the form and
manner in which the Certifying Authorities maintain accounts
• Terms and conditions for the appointment of auditors and their remuneration
• Facilitate the Certifying Authority to establish an electronic system, either solely or
jointly with other Certifying Authorities and its regulation
• Specify the manner in which the Certifying Authorities deal with the subscribers
• Resolve any conflict of interests between the Certifying Authorities and the
subscribers
• Lay down the duties of the Certifying Authorities
• Maintain a database containing the disclosure record of every Certifying Authority
with all the details as per regulations. Further, this database is accessible to
the public.
3. Recognition of Foreign Certifying Authority (Section 19)
A Controller has the right to recognize any foreign certifying authority as a certifying
authority for the purpose of the IT Act, 2000. While this is subject to the conditions and
restrictions which the regulations specify, the Controller can recognize it with the previous
approval of the Central Government and notify in the Official Gazette.
If a controller recognizes a Certifying Authority under sub-section (i), then its digital
signature certificate is also valid for the purpose of the Act.

If the controller feels that any certifying authority has contravened any conditions or
restrictions of recognition under sub-section (i), then he can revoke the recognition.
However, he needs to record the reason in writing and notify in the Official Gazette.
4. Controller to act as a repository (Section 20)

The Controller will act as a repository of all digital signature certificates under this Act.
The Controller will –

• Make use of secure hardware, software, and also procedures.

• Observe the standards that the Central Government prescribes to ensure the secrecy
and also the security of the digital signatures.
• The Controller will maintain a computerized database of all public keys. Further, he
must ensure that the public keys and the database are available to any member of
the public.
5. License to issue Digital Signature Certificates (Section 21)
(1) Subject to the provisions of sub-section (2), any person can apply to the Controller for a
license to issue digital signature certificates.
(2) A Controller can issue a license under sub-section (1) only if the applicant fulfills all the
requirements. The Central Government specifies requirements with respect to qualification,
expertise, manpower, financial resources, and also infrastructure facilities for the issuance
of digital signature certificates.

(3) A license granted under this section is –

(a) Valid for the period that the Central Government specifies
(b) Not transferable or inheritable
(c) Subject to the terms and conditions that the regulations specify

6. Power to investigate contraventions (Section 28)

The Controller or any other Officer that he authorizes will investigate any contravention of
the provisions, rules or regulations of the Act.
The Controller or any other Officer that he authorizes will also exercise the powers
conferred on Income-tax authorities under Chapter XIII of the Income Tax Act, 1961. Also,
the exercise of powers will be limited according to the Act.

Data Protection- Section 43A of the Information Technology Act, 2000:

Let’s say that a body corporate which possesses, deals or handles any sensitive personal
data or information in a computer resource which it owns, controls or operates, is certainly
negligent in implementing and maintaining reasonable security practices and procedures
leading to a wrongful loss or gain to a person.
In such cases, the body corporate is liable to pay damages by way of compensation. Further,
these damages cannot exceed five crore rupees.
Further, the Government of India notified the Information Technology (Reasonable security
practices and procedures and sensitive personal data or information) Rules, 2011, under
section 43A of the IT Act, 2000. These rules specifically pertain to sensitive personal
information

Cyber Appellate Tribunal

The Information Technology Act, 2000 also provides for the establishment of the Cyber
Appellate Tribunal.
The composition of Cyber Appellant Tribunal (Section 49)

The Central Government appoints only one person in a Tribunal – the Presiding Officer of
the cyber appellate tribunal.
The qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal
(Section 50)

A person is considered qualified for the appointment as the Presiding Officer of a Tribunal if

• He has the qualification of the Judge of a High Court

• He is or was the member of the Indian Legal Service and holds or has held a post in
Grade I of that service for at least three years.
The Term of Office (Section 51)
The Term of Office of the Presiding Officer of a Cyber Appellate Tribunal is five years from
the date of entering the office or until he attains the age of 65 years, whichever is earlier.
Filling up of vacancies (Section 53)
If for any reason other than temporary absence, there is a vacancy in the Tribunal, then the
Central Government hires another person in accordance with the Act to fill the vacancy.
Further, the proceedings continue before the Tribunal from the stage at which the vacancy
is filled.
Resignation and removal (Section 54)
The Presiding Officer can resign from his office after submitting a notice in writing to the
Central Government, provided:
He holds office until the expiry of three months from the date the Central Government
receives such notice (unless the Government permits him to relinquish his office sooner),
OR
He holds office till the appointment of a successor, OR
Until the expiry of his office; whichever is earlier.

In case of proven misbehaviour or incapacity, the Central Government can pass an order to
remove the Presiding Officer of the Cyber Appellate Tribunal. However, this is only after the
Judge of the Supreme Court conducts an inquiry where the Presiding Officer is aware of
the charges against him and has a reasonable opportunity to defend himself.

The Central Government can regulate the procedure for the investigation of misbehaviour
or incapacity of the Presiding Officer.
Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings
(Section 55)
According to this section, no order of the Central Government appointing any person as the
Presiding Officer of the Tribunal can be questioned in any manner. Further, no one can
question any proceeding before a Cyber Appellate Tribunal in any manner merely on the
grounds of any defect in the Constitution of the Tribunal.
Appeal to Cyber Appellate Tribunal (Section 57)

Subject to the provisions of sub-section (2), a person not satisfied with the Controller or
Adjudicating Officer’s order can appeal to the Cyber Appellate Tribunal having jurisdiction in
the matter.
No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating
officer with the consent of the parties.
The person filing the appeal must do so within 25 days from the date of receipt of the order
from the Controller or Adjudicating Officer. Further, he must accompany the appeal with
the prescribed fees. However, if the Tribunal is satisfied with the reasons behind the delay
of filing the appeal, then it may entertain it even after the expiry of 25 days.
On receiving an appeal under sub-section (1), the Tribunal gives an opportunity to all the
parties to the appeal to state their points, before passing the order.
The Cyber Appellate Tribunal sends a copy of every order made to all the parties to the
appeal and the concerned Controller or adjudicating officer.

The Tribunal tries to expeditiously deal with the appeals received under sub-section (1). It
also tries to dispose of the appeal finally within six months of receiving it.
Procedure and powers of the Cyber Appellate Tribunal (Section 58)
The Code of Civil Procedure, 1908 does not bind the Cyber Appellate Tribunal. However, the
principles of natural justice guide it and it is subject to other provisions of the Act. The
Tribunal has powers to regulate its own procedure.

In order to discharge its functions efficiently, the Tribunal has the same powers as vested in
a Civil Court under the Code of Civil Procedure, 1908, while trying a suit in the following
matters:

• Summoning and enforcing the attendance of any person and examining him under
oath
• Ensuring the availability of the required documents or electronic records
• Receiving evidence on affidavits
• Issuing commissions for examining witnesses or documents
• Reviewing its decisions
• Dismissing an application for default or deciding it ex-parte, etc.
Every proceeding before the Cyber Appellate Tribunal is like a judicial proceeding within the
meaning of sections 193 and 228 and for the purposes of section 196 of the Indian Penal
Code. Further, the Tribunal is like a Civil Court for the purposes of section 195 and Chapter
XXVI of the Code of Criminal Procedure, 1973.
Right to legal representation (59)
The appellant can either appear in person or authorize one or more legal practitioners to
present his case before the tribunal.
Limitation (Section 60)
The provisions of the Limitation Act, 1963, apply to the appeals made to the Tribunal.
Civil Court not to have jurisdiction (Section 61)

If the IT Act, 2000 empowers the adjudicating officer or the Cyber Appellate Tribunal for
certain matters, then no Civil Court can entertain any suit or proceedings for the same.
Further, no court can grant an injunction on any action that a person takes in pursuance of
any power that the Act confers upon him.
Appeal to High Court (Section 62)
Let’s say that a person is not satisfied with the decision or order of the Tribunal. In such
cases, he can file an appeal with the High Court. He must do so within 60 days of receiving
the communication of the order/decision from the Tribunal.

The appeal can be on any fact or law arising out of such an order. The High Court can extend
the period by another 60 days if it feels that the appellant had sufficient cause and reasons
for the delay.
Compounding of contraventions (Section 63)
The Controller or any other officer that he or the adjudicating authorizes may compound
any contravention. Compounding is possible either before or after the institution of
adjudication proceedings. This is subject to the conditions that the controller or such other
officer or the adjudicating officer specifies. Provided, the sum does not exceed the
maximum amount of penalty that the Act allows for the compounded contravention.

Nothing in sub-section (1) applies to a person who commits the same or similar
contravention within a period of three years from the date on which his first contravention
was compounded. Therefore, if the person commits a second contravention after the expiry
period of three years from the date on which his first contravention was compounded, then
this becomes his first contravention.

Once a contravention is compounded under sub-section (1), then no proceeding is possible

against the person guilty of the compounded contravention.
Recovery of Penalty (Section 64)
If a penalty imposed under this Act is not paid, then the same is recovered as arrears of land
revenue. Further, the license or digital signature certificate is suspended until the penalty is
paid.

IV. The UNCITRAL Model Laws for E-commerce

United Nations, an international organization created in the aftermath of the second world
war works for cooperation among the countries . thus, a separate wing in the form of
United Nations Commission on International Trade Law (UNCITRAL) was created in 1966.
The primary purpose was the promotion of international trade and the unification in the law
governing the same.
In December 1996, the General Assembly of the United Nations approved the model Law
on a report by UNCITRAL.
The object of the Model Law was clear. It was to remove the unnecessary obstacles in
international trade. The Model Law was adopted as on 30th January 1997.A
recommendation was being made by the assembly to “ All (the) states (to) give favourable
consideration to the UNCITRAL Model Law On Electronic Commerce when they enact or
revise their laws , in view of the need for uniformity of the law applicable to paper based
forms of communication and storage of information.”
A Model Law doesn’t have the liberty to legislate their own domestic laws in pursuance of
the Model Law. More than 132 states have until now adopted the model law.

Key Provisions
The Model Law has been divided into two parts. The Part I relates to the General provisions
relating to e-commerce, it legislates the three principles of non-discrimination, technological
neutrality, and functional equivalence. Besides establishing uniformity in the laws regarding
e-commerce and legal relevance for data communicated through electronic mode, MLEC
also establishes rules for formation and validity of e-contracts, for data message attribution,
for receipt acknowledgement and for determining
General Provisions

According the Article 1 the sphere of application is for the information in the form of data
message. The context for the same are commercial activities. There are six definitions
provided in Article 2 , out of which the most important one is that of the data message. The
model law defines it as- “ means information generated, sent, received or stored by
electronic, optical or similar means including , but not limited to electronic data
interchange(EDI), electronic mail, telegram, telex or telecopy”
The striking importance of this definition is the requirement of offer and acceptance in
contracts. This definition has been attributed after taking into consideration the future
technological developments as well, which is the reason for inclusion of the term similar
means. This wide definition includes the notion of a record and even revocation and
amendment. The sphere of application that Article 1 talks about, is for the information in
the form of data messages, in the context of commercial activities.
The interpretational tool calls for a standard of international tool calls for a standard of
international origin and a need for uniformity in the application of application of general
principles of law (Article 3).
The communication of data massages can be varied through by the agreement of the parties
also (Article 4).
Application of legal requirement to data messages
The principle of non-discrimination has been enforced by the means of Article 5 which
specifies that the information communicated via electronic mode, i.e., in the form of data
messages cannot be denied legal validity and effect. Information by the way of reference
has also been given legal validity(Article 5 bis) and thus, the application of this law has been
considerably widened. This is of utmost importance in the context of international law.
The nations required the documents to be in writing and validation was only given to the
hand written signature as a form of authentication. By the means of provisions in Articles 6
& 7, the Model has done away with both of the above obstacles. Accessibility of data
messages does not require the document to be in writing, and recognition of digital
signature marks the approval of the full structure of the contract. This provision is termed
relevant for every circumstance including a relevant agreement.
The notion of originality is defined in Article 8 which provides that data messages can fulfil
the legal requirement of presentation and retention of information in its original form
subject to the assurance of integrity and presentability of data messages. Presentability
meaning the ability to display the information where required. Article 9 specifies that the
data messages cannot be denied admissibility in the court of law solely on the basis that the
information is in the form of a data message. Thus, evidentiary value has been granted to
data messages. The requirement of retention of information is also met by retention of
information in the form of data messages subject to the accessibility, accuracy and
originality of format and identity of origin(Article 10).
Communication of data messages

Offer and acceptance of offer, when communicated in the form of data messages, cannot be
denied legal validity and enforceability solely on the grounds that they are in the form of
data messages. Thus, the formation of a valid contract was made possible through the
means of data messages.(Article 11)

Acknowledgement in the form of receipt of data messages has also been granted legal
validity.(Article 12)
The data message is attributed to the originator if it is sent by him or by a person authorised
by him(Article 13).
Article 14 provides that the receipt of the data message and its acknowledgement can also
be agreed upon by the parties beforehand.
The transaction ensues when the information goes out of control of the sender. The place of
dispatch is the place of business and the time is when the acceptance enters the system of
the addressee(Article 15).
Specific provisions
With a intentions to promote international trade this law provides in article 16 that The
carriage of goods can be transacted upon through data messages.
The requirement of paper is done away with and data messages are sufficient for carrying
on the actions in the previous article.
this part has been complemented by other legislative texts such as the Rotterdam Rules and
it may be the object of additional work of UNCITRAL in the future.
Implementation & Judicial Interpretations across the globe
The Model Law of Electronic Commerce was adopted to facilitate the international trade
through electronic modes of communication. It aimed at encouraging national legislators to
adopt a set of internationally acceptable rules regulating e-commerce. Thus, Model Law is
accompanied with a guide which provides background and explanatory information to assist
the states in preparing the necessary legislative provisions.

Different states enacted laws based on the principles of this Model Law. Thus, the courts
have interpreted the provisions of their domestic laws according to the Model Law.
Khoury v. Tomlinson is a landmark case decided by the Texas Court of Appeal. The facts of
this case are such that an agreement was entered via e-mail which was not signed but only
the name of the originator appeared in the ‘from’ section. Referring to the principles in
Article 7 of the Model Law, the court found sufficient evidence that the name in the ‘from’
section establishes the identity of the sender.

Chwee Kin Keong and others is a case dealt with by the Singapore High Court. There was the
issue of unilateral mistake in this case as the wrong price was quoted on the seller’s website
for a product. The server of the seller automatically sent a confirmation mail when the
buyers placed an order. All the elements of the contract were established but with a
mistake which eliminated consensus ad idem. Referring to the Singapore Electronic
Transactions Act based on Model Laws, the court found that human errors, system errors,
and transmission errors could vitiate a contract.
Martha Helena Pilonieta v Gabriel Humberto Pulido Casas is a case dealt with by the
Supreme Court of Justice of Columbia. The court found that the electronic message by a
spouse was not relevant on the ground of evidential thresholds.
Thus, the Model Laws became the basis for a number of legislative texts enacted by various
governments across the globe and it gave a uniformity to the laws concerning the
information communicated by the electronic mode of communication.

This Model Law has immensely facilitated the transition of the trade from traditional paper
based contracts to e-commerce. The need and acceptance of such legislative text has clearly
reflected the importance of laws based on homogenous principles
Conclusion
Citing the ambiguity and heterogeneity in law regarding the contracts formed via electronic
modes of communication and the threats it posed to the international trade, the United
Nations Commission on International Trade Law took the initiative to draft a set of
internationally acceptable rules regarding legal validity and enforceability of the information
communicated via e-modes. This Model Law has been globally accepted and has been
successful in enforcing the principles of non-discrimination, technological neutrality, and
functional equivalence regarding the data messages. This has helped in furtherance of
international trade and helped homogenising various legal perspectives regarding this
subject. MLEC has achieved the following:

• Validation and recognition of contracts formed through electronic means,

• Validating originality and retention of documents in electronic form,
• Provided acceptability to electronic signatures for legal and commercial purposes,
• Support to the admission of computer evidence in courts and arbitration
proceedings;