Dr.

Manoj Kumar Sharma

Rajiv Gandhi National University of Law
 Three cornerstones of an agreement
 Offer – Invitation to Offer
 Website Shopping Cart, Basket
 Acceptance
 Email
 Website Forms
 Online agreements
 Consideration
 Shrink Wrap Agreements
 Usage of the Product means acceptance
 ProCD v. Zeidenberg, 1996 US
 Check Wrap Agreements
 ‘I agree’, ‘Ok’, ‘Submit’
 Browse Wrap Agreements
 Continued use of the website means you accept
 Receipt at the mail-box rule
 S. 13 – Despatch of electronic record occurs
where it enters computer resource outside
the control of originator
 an electronic record is deemed to be
dispatched at the place where the originator
has his place of business, and is deemed to
be received at the place where the
addressee has his place of business.
 Where cause of action arises?
 Where acceptance is communicated?
 Information Technology Act, 2000, S-4
 Section 4 – Legal Recognition of Electronic Records
 Where any law provides that information or any other
matter shall be in writing or in the typewritten or
printed form, then, notwithstanding anything contained
in such law, such requirement shall be deemed to have
been satisfied if such information or matter is--
 rendered or made available in an electronic form; and
 accessible so as to be usable for a subsequent reference.
 "electronic record" means data, record or data
generated, image or sound stored, received or sent in
an electronic form or micro film or computer
generated micro fiche;
 Section 3, Indian Evidence Act, Documentary
evidence includes electronic records
 Electronic Signature
 2(ta) - "electronic signature" means
authentication of any electronic record by a
subscriber by means of the electronic technique
and includes digital signature
 Digital Signature
 2(p) - "digital signature" means authentication of
any electronic record by a subscriber by means
of an electronic method or procedure in
accordance with the provisions of section 3;
 Section 5, IT Act, 2000
 Proof of Electronic Signatures – opinion of
certifying authority – s. 47A, 67A, 85A – 85 C,
Indian Evidence Act, 1872
 Computer Output of Electronic records – deemed
to be documents and admissible without
production of original if
 Such output produced from the computer during the
period when it was used by person having lawful control
 such information was regularly fed into the computer
 Computer was working properly
 Information was fed into the computer in ordinary
course of business
 Such information may be in one computer or through
LAN, combination of computer or different computers in
succession

9
 Certificate signed by a person occupying
responsible official position stated to the
best of his knowledge and belief
 Certificate must relate to
 Identification of record, the manner in which it
was produced
 Particulars of device
 Navjot Kaur Sandhu v. NCT of Delhi, (2005) 11 SCC
600 Overruled in
 Anvar P.V. v. P.K. Basheer (2014) 10 SCC 473

10
 The applicability of procedural requirement under Section
65B(4) of the Evidence Act of furnishing certificate is to be
applied only when such electronic evidence is produced by
a person who is in a position to produce such certificate
being in control of the said device and not of the opposite
party. In a case where electronic evidence is produced by a
party who was not in possession of a device, applicability
of Sections 63 and 65 of the Evidence Act could not be held
to be excluded. In such case, procedure under the said
Sections can certainly be invoked.

11
 If this was not so permitted, it will be denial of
justice to the person who was in possession of
authentic evidence/witness but on account of
manner of proving, such document is kept out of
consideration by the court in absence of certificate
under Section 65B(4) of the Evidence Act, which
party producing could not possibly secure. Thus,
requirement of certificate Under Section 65B(4) is
not always mandatory. Such party could not be
required to produce certificate under Section 65B(4)
of the Evidence Act. The applicability of
requirement of certificate being procedural could
be relaxed by the Court wherever interest of justice
so justifies

12
 Corporate Responsibility For Data Protection
-43A
 If corporate is possessing, dealing or handling any
sensitive personal data or information in a
computer resource which it owns, controls or
operates
 If negligent in implementing and maintaining
reasonable security procedures
 Wrongful loss or wrongful gain
 Liability to pay compensation
 Ifany person or intermediary had access to
material containing personal information
 Disclosure of data
 For wrongful gain or loss
 Without consent
 Imprisonment upto 3 years or fine upto 5 lacs
or both
 Sensitive Personal Data
 Password
 financial information such as Bank account or
credit card or debit card or other payment
instrument details
 physical, physiological and mental health
condition
 sexual orientation
 medical records and history
 Biometric information
 To disclose privacy policy
 Not to be published
 Consent to be obtained
 Not to be used for purpose other than for which
obtained
 To keep the information secure
 Justice Srikrishna Committee – Personal Data
Protection Bill 2018
 GDPR, Europe
 Right to Privacy and Data Protection after the
Historic 9 Judge Bench Decision in K. Putaswamy
v Union of India, 2017
 Aadhar Act – Supreme Court Verdict of 2018
 In 2014 and 2015, the Facebook platform
allowed an app … that ended up harvesting
87m profiles of users around the world that
was then used by Cambridge Analytica in the
2016 presidential campaign and in the
referendum
 Fined GBP 500000
 Section2(w) - "intermediary", with respect to
any particular electronic records, means any
person who on behalf of another person
receives, stores or transmits that record or
provides any service with respect to that
record and includes telecom service
providers, network service providers,
internet service providers, web-hosting
service providers, search engines, online
payment sites, online-auction sites, online-
market places and cyber cafes.
 Exemption from liability – no liability for any
third party information, data,
communication link made available or hosted
 Due diligence
 Liability of Intermediary
 if aided the act or conspired
 Upon receiving actual knowledge that data is
used to commit unlawful act, fails to take
immediate action
 Duty of Due Diligence
 The intermediary shall publish the rules and
regulations, privacy policy and user agreement
for access-or usage of the intermediary's
computer resource by any person
 The intermediary, on whose computer system
the information is stored or hosted or published,
upon obtaining knowledge by itself or been
brought to actual knowledge hall act within
thirty six hours
 The intermediary shall not knowingly host or
publish any information
 He shall inform the users of computer resource not to
host, display, upload, modify, publish, transmit,
update or share any information that —
 is grossly harmful, harassing, blasphemous defamatory,
obscene, pornographic, paedophilic, libellous, invasive
of another's privacy, hateful, or racially, ethnically
objectionable, disparaging, relating or encouraging
money laundering or gambling, or otherwise unlawful in
any manner whatever;
 harm minors in any way;
 infringes any patent, trademark, copyright or other
proprietary rights;
 violates any law for the time being in force;
 deceives or misleads the addressee about the origin of
such messages or communicates any information which is
grossly offensive or menacing in nature;
 impersonate another person;
 Pre-Censorship
 Episode of 2011 Google, Facebook, Yahoo and
Microsoft
 The Journalist Episode, 2011
 Liabilityto Proactively identifying and
removing or disabling public access to
unlawful information or content
 Fake News - Liability of intermediaries to
ensure traceability of the originator of
content shared on their platform
 Monitoring and Tracking
 RFID, CCTV, Facial Recognition, Tracking cookies,
market behaviour etc
 Dissemination and Publication
 Air Hostess of Kingfisher Orkut case, 2007
 Manoj Kumar Pandey v. State of U.P. 2011
 Aggregation and Analysis
 Section 79 is valid subject to Section
79(3)(b) being read down to mean that an
intermediary upon receiving actual
knowledge from a court order or on being
notified by the appropriate government or
its agency that unlawful acts relatable
to Article 19(2) are going to be committed
then fails to expeditiously remove or
disable access to such material.
 Christian Louboutin - manufacturer of luxury
shoes
 Defendants operate a website by the name
www.darveys.com
 Defendants claimed that they are not selling
the goods but they merely enable booking of
orders through their online platform
 E-commerce platforms and their liability as
intermediaries......???
 Section79 of the IT Act is to protect genuine
intermediaries, it cannot be abused by
extending such protection to those persons
who are not intermediaries and are active
participants in the unlawful act. Moreover, if
the sellers themselves are located on foreign
shores and the trade mark owner cannot
exercise any remedy against the said seller
who is selling counterfeits on the e-
commerce platform, then the trade mark
owner cannot be left remediless.
 Spoofing
 Phishing
 Hacking
 VirusDissemination
 Cyber Forgery
 Credit Card Frauds
 Cyber Vendalism
 Cyber Terrorism
 Cyber Defamation
 Cyber Pornography
 Sale of Illegal products
 Financial crimes
 Online Gambling
 Cyber Stalking
 IPR Crimes
Tampering with computer Imprisonment upto 3 years or
source documents – fine upto 2 lacs or both
Concealing, destroying,
altering computer
programmes, system or
network - S. 65
• Illegal Access to Computers • Compensation
•Downloading, copying data • Imprisonment upto 3 years or
•Virus Attack fine upto 2 lacs or both
•Computer Vandalism • Poona Auto Ancillaries Pvt.
•Denial of Access to computer Ltd. v. PNB, 2013 – Fine of 45
•Providing help in getting Lakhs to PNB
illegal access
•Stealing, concealing
information
 Sending information that is grossly offensive
or had menacing character
 Sending false information for causing
hatred, annoyance, danger, injury, insult etc
 Emails for deceiving or misleading
 Imprisonment upto 3 years and fine
 Section Declared Unconstitutional in
Shreya Singhal v. Union of India, AIR 2015
SC 1523
Dishonestly receiving stolen
computer resource or
Communication Device
Identity Theft – using electronic
signatures, password etc
Impersonation
Privacy Violation – Capturing,
publishing, transmitting image of
private area of a person without his
or her consent
Cyber Terrorism
Transmitting Sexually explicit Act
Avnish Bajaj, 2005 (Bazee.com)
Imprisonment upto 3 years or fine
upto 1 lacs or both
Imprisonment upto 3 years AND fine
upto 1 lacs or both
Imprisonment upto 3 years AND fine
upto 1 lacs or both
Imprisonment upto 3 years or fine
upto 2 lacs or both
Upto Life Imprisonment
Imprisonment upto 5 years AND fine
upto 10 lacs or both
Publishing or transmitting Imprisonment upto 5 years
material depicting children AND fine upto 10 lacs or
in sexually explicit act both
Facilitate abuse of children
Browses, downloads,
promotes, advertises such
material
Induces children to online
relationships
 Browser History Sniffing
 Browser Fingerprinting
 Used to collect information about browser type
and version, Language, operating system, active
plug-ins, timezone, screen resolution etc
 To track online behaviour
 As soon as machine is connected to internet
Thank
You