Information Technology Act, 2000

Flashcards about the Information Technology Act, 2000 and related concepts.

Objective of the Information Technology Act, 2000

To provide legal recognition to electronic transactions, digital records, and punish cybercrimes.

Key Features of IT Act 2000

Legal recognition of digital signatures & e-documents, Facilitation of e-governance and e-commerce, Definition and punishment of cybercrimes, Certifying Authorities (CAs) and digital certificates, Jurisdiction beyond Indian territory if Indian IT systems are affected

New definitions added by the Information Technology (Amendment) Act, 2008

Cyber café, communication device, intermediary.

New cyber offenses included in the Information Technology (Amendment) Act, 2008

Identity theft (Section 66C), Phishing and cheating by impersonation (Section 66D), Privacy violation (Section 66E), Cyber terrorism (Section 66F)

Intermediary Liability (Section 79)

Protects platforms (like Facebook, YouTube) if they act on illegal content after being notified.

Section 69A

Website blocking powers to the Government.

Mandates of CERT-In Notification (April 2022 Guidelines)

Reporting cyber incidents within 6 hours, VPN providers to store user data for 5 years

Applicability of Intermediary Guidelines and Digital Media Ethics Code, 2021

Social media platforms, OTT platforms (e.g., Netflix), Digital news publishers

Highlights of Intermediary Guidelines and Digital Media Ethics Code, 2021

Mandatory grievance officer for platforms, Content takedown within 36 hours of court/official order

Digital Personal Data Protection Act, 2023

Focuses on data privacy rights of citizens, Introduces consent-based data usage, penalties for data breaches

Impact of IT Act on E-Commerce

Boosted online businesses.

Impact of IT Act on E-Governance

Enabled digital public services.

Impact of IT Act on Cybercrime Control

Defined punishable cyber offenses.

Impact of IT Act on Social Media Regulation

Clear liability of platforms.

Impact of IT Act on Digital Rights

Data privacy framework evolved.

Punishment for Identity Theft (Section 66C)

3 yrs + ₹1 lakh

Punishment for Cheating via impersonation (Section 66D)

3 yrs + ₹1 lakh

Punishment for Privacy Violation (Section 66E)

3 yrs + ₹2 lakh

Punishment for Cyber Terrorism (Section 66F)

Life Imprisonment

Punishment for Website Blocking (69A)

7 yrs + fine

Punishment for Breach of Lawful Contract (72A)

3 yrs + ₹5 lakh

Total Chapters in IT Act, 2000

13

Total Sections in IT Act, 2000

94 (including amendments)

Total Schedules in IT Act, 2000

2

Extent and Application of the Information Technology Act, 2000

It extends to the whole of India and also applies to offences committed outside India if it involves a computer or system located in India.

Cyber Cafe Definition

Facility offering internet access to the public.

Intermediary Definition

Any service provider like ISP, hosting, social media platform.

Offence under Section 43A – Failure to Protect Data

Companies mishandling sensitive personal data.

Offence under Section 43 – Damage to Computer Systems

Unauthorized access, downloading, introducing viruses, damaging data, disrupting services.

Offence under Section 66C – Identity Theft

Fraudulent use of someone else’s digital signature, password, etc.

Offence under Section 66F – Cyber Terrorism

Using computers to threaten national security, integrity or sovereignty.

Offence under Section 67 – Publishing Obscene Material

Online publication or transmission of obscene material.

The government can declare any computer resource as a (e.g. power grid, banking systems).

Protected System

Authority responsible for Critical Information Infrastructure

National Critical Information Infrastructure Protection Centre (NCIIPC)

Indian Computer Emergency Response Team (CERT-In)

Nodal agency for cyber incident response.

Breach of Confidentiality and Privacy

Discloses it without consent.

Bailability Offences

≤ 3 years imprisonment

Exemption for Intermediaries (Section 79)

Social media platforms or ISPs are not liable for third-party content if they act upon notice of illegality.

Power of Police to Enter and Search (Section 80)

Police can enter, search, and arrest without warrant for cyber offences under specific conditions.

Chairman and Members to be Public Servants

Central Government

Abetment of Offences

Anyone who abets (encourages or helps) the commission of a cyber offence will be punished just like the actual offender.

Offences by Companies

Every person in charge (e.g., directors, managers) at the time of the offence is liable, unless they prove no knowledge or due diligence.

Power to Make Rules

The Controller of Certifying Authorities (CCA)

GDPR (General Data Protection Regulation)

A data protection law enforced in the European Union (EU)

Right to be Forgotten

People can request deletion of their personal data if it is no longer needed.

Data Breach Notification

Companies must notify authorities and users within 72 hours of a data breach.

Article 33 – Data Breach Notification

Organizations must report data breaches within 72 hours.

A mobile app allows users to opt-in for location sharing instead of activating it by default.

Article 25 – Data Protection by Design and by Default