(a) Cyber Security Policy 2013
The Cyber Security Policy, 2013 aims at protection of information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and minimize damage from cyber incidents through a combination of institutional structures, people, process, technology and cooperation. The objective of this policy in broad terms is to create a secure cyberspace ecosystem and strengthen the regulatory framework.
Some of the strategies adopted by the Policy include
Draft Information Technology (Intermediaries Guidelines) Amendment Rules, 2018 Recently, MeitY has announced IT (Intermediaries Guidelines) Rules 2018, which are meant to replace the rules notified in 2011. In the draft of The Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018, Rule 3(9) requires “intermediaries”, or online platforms, to “deploy technology based automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying or removing or disabling access to unlawful information or content”. The rules also state that privacy policy of the intermediary shall be well publicised for the user of the computer resource to check and mandates that no such platform would “host, display, upload, modify, publish, transmit, information, that is grossly harmful, harassing, blasphemous, definitely obscene, pornographic, disparaging,” etc. The draft amendments state that online platforms will keep a record of “unlawful activity” for a period of “180 days”, double the 90 days in the older version. |
(b) Information Technology Act, 2000
The Information Technology Act, 2000 aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability.