{"id":6457,"date":"2025-07-18T06:39:52","date_gmt":"2025-07-18T06:39:52","guid":{"rendered":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/?p=6457"},"modified":"2025-07-18T06:45:21","modified_gmt":"2025-07-18T06:45:21","slug":"cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india","status":"publish","type":"post","link":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/","title":{"rendered":"Cyber Law 2.0: Power, Privacy &amp; Protection in a Hyperconnected India"},"content":{"rendered":"<h2><span class=\"ez-toc-section\" id=\"Introduction\"><\/span>Introduction<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>India is on the verge of a digital era that is both exciting and dangerous. With more than 800 million people using the internet, the nation is seeing a significant shift in the way social interactions, education, business, and governance are organised. The government has demonstrated its commitment to a technology-driven future through flagship projects like Digital India, Aadhaar-enabled Public Delivery Systems, Unified Payments Interface (UPI), and the expanding application of artificial intelligence in judicial and law enforcement frameworks.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #0c0c0c;color:#0c0c0c\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #0c0c0c;color:#0c0c0c\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Introduction\" >Introduction<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Power_in_the_Digital_Realm\" >Power in the Digital Realm<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Surveillance_and_State_Power\" >Surveillance and State Power<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Intermediary_Power_and_Free_Speech\" >Intermediary Power and Free Speech<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Privacy_Constitutional_Foundations\" >Privacy: Constitutional Foundations<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#The_Privacy_Paradigm\" >The Privacy Paradigm<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Data_Protection_and_Consent\" >Data Protection and Consent<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Artificial_Intelligence_and_Bias\" >Artificial Intelligence and Bias<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Internet_of_Things_IoT_Vulnerabilities\" >Internet of Things (IoT) Vulnerabilities<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Institutional_and_Academic_Contributions\" >Institutional and Academic Contributions<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Recommendations\" >Recommendations<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#The_Authors_Suggestions\" >The Author\u2019s Suggestions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Legal_and_Institutional_Recommendations\" >Legal and Institutional Recommendations<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.legalserviceindia.com\/Legal-Articles\/cyber-law-2-0-power-privacy-protection-in-a-hyperconnected-india\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>However, several ethical, legal, and policy issues have arisen as a result of this widespread digitisation. Critical issues have surfaced as digital technologies increasingly mediate daily life, including the threat of widespread surveillance, opaque algorithmic governance, private companies profiting from data, and escalating weaknesses in national cybersecurity infrastructure. The complicated and dynamic nature of these threats is difficult for the law to handle in its current form, particularly when it comes to the way they affect constitutionally protected rights like due process, freedom of speech, and privacy.<\/p>\n<p>India needs to develop a new generation of legal and regulatory responses to adjust to its hyperconnected world, which is known as <strong>Cyber Law 2.0<\/strong>. It represents a structural and normative change in the way the digital ecosystem is to be governed, not just a statutory upgrade. It must be consistent with constitutional principles, especially those stated by the Supreme Court in seminal rulings such as <em>Shreya Singhal<\/em> and <em>Justice K.S. Puttaswamy (Privacy)<\/em>. The foundation for a body of law that acknowledges the digital expressions of fundamental rights has been established by these rulings.<\/p>\n<p>Three interconnected and constitutionally based pillars must support this new cyber-legal framework:<\/p>\n<ol>\n<li><strong>Power:<\/strong> the necessity of defining and restricting the ability of state and corporate actors to exert coercion in cyberspace while maintaining accountability, transparency, and due process;<\/li>\n<li><strong>Privacy:<\/strong> Article 21 of the Constitution requires that both public and private data regimes uphold individual liberty, information control, and dignity;<\/li>\n<li><strong>Protection:<\/strong> To protect digital citizens from harm, it is essential to set up strong grievance redressal procedures, enforceable data rights, and efficient cybersecurity measures.<\/li>\n<\/ol>\n<p>These pillars are practical requirements in a rapidly changing digital society rather than theoretical abstractions. They interact with administrative regulations and statutory developments, including the <em>Digital Personal Data Protection Act of 2023<\/em> and the <em>Information Technology Act of 2000<\/em>.<\/p>\n<p>In light of this, the purpose of this article is to present a methodical and critical examination of India\u2019s changing cyber law environment. It starts by looking at the legal structures that control corporate and governmental authority in the digital sphere. The constitutionalization of privacy, particularly after <em>Puttaswamy<\/em>, and the effects of new technologies on informational autonomy are then covered in detail. Finally, it looks at the safeguards required to make sure that civil liberties and legal certainty are not sacrificed in India\u2019s digital transformation.<\/p>\n<p>By doing this, the article hopes to advance the conversation about a rights-based, responsible, and progressive cyber legal framework\u2014what could be appropriately referred to as <strong>Cyber Law 2.0<\/strong>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Power_in_the_Digital_Realm\"><\/span>Power in the Digital Realm<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol type=\"i\">\n<li>\n<h3><span class=\"ez-toc-section\" id=\"Surveillance_and_State_Power\"><\/span>Surveillance and State Power<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The recognition of the right to privacy as a fundamental right is among the most important recent developments in Indian constitutional law. The Supreme Court categorically ruled in <em>Justice K.S. Puttaswamy v. Union of India<\/em> that the right to privacy is inextricably linked to the right to life and personal freedom under Article 21 of the Constitution.<\/p>\n<p>In this case, the nine-judge bench established a three-pronged test for any state action that violates a person\u2019s right to privacy: <strong>legality<\/strong>, <strong>necessity<\/strong>, and <strong>proportionality<\/strong>. Since then, this test has evolved into the norm for determining whether government monitoring programs are constitutional.<\/p>\n<p>The permissive nature of Section 69 of the Information Technology Act, 2000\u2014which permits the federal and state governments to intercept, monitor, or decrypt any information in the interest of public order, sovereignty, or goodwill with other nations\u2014has been criticized in light of this decision. The proportionality test established in <em>Puttaswamy<\/em> is not met by the provision, since it does not currently require independent authorization or prior judicial oversight.<\/p>\n<p>The Delhi High Court raised concerns in <em>Internet Freedom Foundation v. Union of India<\/em> about the broad and ambiguous scope of digital surveillance powers granted under Section 69, emphasizing the lack of independent accountability procedures and procedural protections. The case is a crucial reminder that any framework that permits electronic surveillance needs to be carefully examined from the perspective of constitutional validity\u2014particularly when it comes to fundamental rights.<\/li>\n<li>\n<h3><span class=\"ez-toc-section\" id=\"Intermediary_Power_and_Free_Speech\"><\/span>Intermediary Power and Free Speech<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>In the digital age, online middlemen like social media platforms, messaging apps, and content-hosting websites have become increasingly important. Although these platforms are essential for facilitating access to information and the exercise of free speech, they are also becoming more and more regulated by the government.<\/p>\n<p>The Supreme Court rendered a historic decision in <em>Shreya Singhal v. Union of India<\/em>, invalidating Section 66A of the IT Act that made sending \u201coffensive\u201d messages via communication services illegal. The Court determined that the clause was imprecise, excessively expansive, and incompatible with Article 19(1)(a)\u2019s guarantee of free speech.<\/p>\n<p>Crucially, the Court also maintained Section 79\u2019s constitutionality, which protects intermediaries from liability for user-generated content as long as they don\u2019t intentionally exercise active control or initiate the transmission.<\/p>\n<p>The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, however, brought about a change in the regulatory landscape. Intermediaries are subject to increased due diligence requirements under these regulations, which include:<\/p>\n<ul>\n<li>Mandatory grievance redressal procedures<\/li>\n<li>Traceability of encrypted messages<\/li>\n<li>Content removal within stringent timeframes<\/li>\n<\/ul>\n<p>Critics contend that these regulations stifle free speech and violate the safe harbor principle established in <em>Shreya Singhal<\/em>. The Delhi High Court is currently considering whether the 2021 Rules are constitutional in the case of <em>LiveLaw Media Pvt. Ltd. v. Union of India<\/em>. According to the petitioners, the Rules violate the fundamental rights of free speech, privacy, and due process, and are beyond the scope of the parent legislation.<\/p>\n<p>The state&#8217;s authority to regulate the internet must be reevaluated in light of this changing legal environment. Any future changes to cyber governance must be supported by a constitutional framework that strikes a balance between the rights of individuals and the interests of the government.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"Privacy_Constitutional_Foundations\"><\/span>Privacy: Constitutional Foundations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol type=\"i\">\n<li>\n<h3><span class=\"ez-toc-section\" id=\"The_Privacy_Paradigm\"><\/span>The Privacy Paradigm<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>With the historic decision in <em>Justice K.S. Puttaswamy v. Union of India<\/em>, the jurisprudential trajectory of the right to privacy in India experienced a radical change. The Supreme Court acknowledged privacy as a fundamental right guaranteed by Article 21 of the Constitution, overturning previous rulings in cases like <em>M.P. Sharma v. Satish Chandra<\/em> and <em>Kharak Singh v. State of U.P.<\/em><\/p>\n<p>According to this 2017 nine-judge bench decision, privacy is a multifaceted right that includes decision-making autonomy, bodily integrity, and informational self-determination. In addition to reaffirming privacy in theory, the ruling established a strict three-part test to assess its limitations:<\/p>\n<ul>\n<li><strong>Proportionality<\/strong> \u2013 rational relationship with the goal,<\/li>\n<li><strong>Necessity<\/strong> \u2013 in a democratic society,<\/li>\n<li><strong>Legality<\/strong> \u2013 existence of the law.<\/li>\n<\/ul>\n<p>Since then, this framework has evolved into the standard for evaluating the legality of legislative and executive actions that affect the privacy of information. In <em>K.S. Puttaswamy (Aadhaar-5J.) v. Union of India<\/em>, the Court maintained the constitutionality of the Aadhaar Act while severely limiting its operational reach, further developing the doctrine.<\/p>\n<p>It declared that Aadhaar could only be utilized for legally sanctioned welfare programs and invalidated the requirement that private organizations like banks and telecom providers use it. The Court also mandated <strong>purpose limitation<\/strong> and <strong>data minimization<\/strong> as key principles of data processing and placed stringent restrictions on data storage.<\/p>\n<p>Collectively, these rulings made it clear that the core of the right to privacy is individual control over personal information. They demand that the State\u2014in addition to acting legitimately\u2014should exercise restraint when interfering with digital identity and data.<\/li>\n<li>\n<h4><span class=\"ez-toc-section\" id=\"Data_Protection_and_Consent\"><\/span>Data Protection and Consent<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>Legislative enactments have found it difficult to keep up with technological advancements, even as the judicial recognition of privacy rights has changed. India didn\u2019t have a separate law protecting personal data until recently. An important step toward codifying rights pertaining to informational privacy and data processing has been taken with the passage of the <strong>Digital Personal Data Protection (DPDP) Act, 2023<\/strong>.<\/p>\n<p>Core principles like <strong>purpose limitation<\/strong>, <strong>informed consent<\/strong>, and <strong>data minimization<\/strong> are established by the DPDP Act. In order to monitor compliance, it also presents the idea of a <strong>Data Protection Board<\/strong>.<\/p>\n<p>However, the extensive exemptions provided to the State under Sections 16 and 17 have drawn grave criticism. These provisions weaken the safeguards intended by the government by enabling it to circumvent consent requirements and place few limitations on its data processing operations by <em>Puttaswamy<\/em>.<\/p>\n<p>Such broad exemptions, according to legal experts and privacy advocates, go against the <strong>necessity<\/strong> and <strong>proportionality<\/strong> standards established by the Supreme Court. The State could process personal data without judicial oversight on nebulous grounds like public order or national security if there were no effective checks and balances in place.<\/p>\n<p>In addition to weakening constitutional protections, this gap damages India\u2019s reputation in the international digital economy, where data security regulations are becoming more uniform. Therefore, the DPDP Act needs to be reformed to limit executive discretion and harmonized with constitutional jurisprudence in order to fulfill its intended purpose.<\/p>\n<p><span style=\"color: #161616; font-size: 1.5em; font-weight: bold;\">Emerging Digital Challenges<\/span><\/li>\n<\/ol>\n<ol type=\"i\">\n<li>\n<h3><span class=\"ez-toc-section\" id=\"Artificial_Intelligence_and_Bias\"><\/span>Artificial Intelligence and Bias<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>There are now serious ethical and legal concerns raised by the rapid adoption of artificial intelligence (AI) technologies in Indian public administration. Predictive policing, AI-based surveillance, and facial recognition software are increasingly being integrated into governance frameworks without enough regulatory scrutiny. These developments raise questions about justice, transparency, and fundamental rights even though they are intended to improve security and efficiency.<\/p>\n<p>In <em>Anivar Aravind v. Union of India<\/em>, the Kerala High Court looked into the validity of facial recognition software used in public spaces. The Court recognized the tension between technological advancements and the constitutionally guaranteed right to privacy.<\/p>\n<p>The swift integration of AI technologies in India\u2019s public administration has sparked urgent ethical and legal questions. Facial recognition software, AI-based surveillance, and predictive policing are being incorporated into governance frameworks more frequently without sufficient regulatory review.<\/p>\n<p>Even though these advancements are meant to increase security and efficiency, they also raise concerns about fairness, transparency, and fundamental rights. The Kerala High Court investigated the legitimacy of facial recognition technology used in public areas in <em>Anivar Aravind v. Union of India<\/em>. The Court acknowledged the conflict between the right to privacy guaranteed by Article 21 of the Constitution and technological advancements.<sup>1<\/sup> The case brought to light the possibility of mass profiling and the absence of legal protections governing biometric surveillance.<\/p>\n<p>The necessity of an AI-specific regulatory framework has been emphasized time and time again by legal scholars and research organizations like NALSAR\u2019s Centre for Research in Information Security and Privacy. These include requirements for algorithmic audits, decision-making systems\u2019 explainability, and accountability for discriminatory results.<\/p>\n<p>Automated decision-making systems could violate due process rights, reinforce preexisting biases, and undermine accountability in public administration in the absence of such checks.<sup>2<\/sup> To guarantee that the application of AI is consistent with constitutional principles\u2014especially those pertaining to equality, nondiscrimination, and dignity\u2014a rights-based governance model for AI must be created.<\/li>\n<li>\n<h3><span class=\"ez-toc-section\" id=\"Internet_of_Things_IoT_Vulnerabilities\"><\/span>Internet of Things (IoT) Vulnerabilities<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The proliferation of Internet of Things (IoT) devices, from home automation tools to smart surveillance systems, has made India\u2019s cybersecurity environment more vulnerable. These gadgets frequently gather private information without proper consent procedures, have firmware updates that are out of date, and function with very little encryption.<\/p>\n<p>Reports of security vulnerabilities in government-installed smart meters and biometric authentication systems connected to Aadhaar are especially worrisome because they leave large volumes of citizen data vulnerable to possible breaches. Many of these devices do not follow uniform security standards, exposing users to hacking, data theft, and unauthorized surveillance even though they handle sensitive and important data.<\/p>\n<p>A sector-specific approach to IoT regulation in India has been advocated by legal scholars. This entails requiring device certification, holding manufacturers accountable for flawed security architecture, and establishing minimal cybersecurity standards.<sup>3<\/sup> In order to guarantee that devices are constructed with data protection principles ingrained in their architecture, privacy-by-design should also be formalized as a fundamental regulatory requirement.<\/p>\n<p>The lack of a specific legal framework for IoT security continues to be a noticeable gap as India transitions to a smart infrastructure future. To protect users and stop systemic digital vulnerabilities, legislative action is required.<\/li>\n<\/ol>\n<h3><span class=\"ez-toc-section\" id=\"Institutional_and_Academic_Contributions\"><\/span><span style=\"font-size: 1.5em;\">Institutional and Academic Contributions<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<section>A strong cyber legal framework requires ongoing institutional and scholarly cooperation in addition to legislative and judicial efforts. Leading Indian academic institutions have taken the initiative in recent years to close the knowledge gap between legal theory and technology in the areas of digital governance and cyber law.<\/p>\n<p>The collaboration between <strong>NALSAR University of Law<\/strong> and the <strong>Telangana Cyber Security Bureau (TGCSB)<\/strong> is one noteworthy step in this direction. The two organizations signed a Memorandum of Understanding (MoU) in 2025 with the goal of incorporating forensic and legal knowledge into cybercrime investigations. This MoU serves several functions, including strengthening institutional capability, advancing digital forensic techniques, and assisting in the development of evidence-based policy.<\/p>\n<p>This partnership is a reflection of the increasing awareness that good cyber governance necessitates not only technical expertise but also a thorough comprehension of procedural justice, evidentiary procedures, and constitutional protections.<\/p>\n<p>This collaboration exposes law students to the technological foundations of cybercrime detection and prosecution while providing investigative staff with access to professional legal training. Additionally, NALSAR University has taken several independent actions to advance interdisciplinary training and cyber law education. One of the most extensive legal programs in the nation, its <strong>Advanced Postgraduate Diploma in Cyber Law<\/strong>, focuses on digital forensics, intermediary liability, data privacy, and regulatory compliance. By training judges, attorneys, and law enforcement officials, the program has helped build a cyber-literate legal ecosystem.<\/p>\n<p>Additionally, <strong>NALSAR\u2019s CTRL-Z Cyber Forensics Lab<\/strong> offers practical instruction in digital evidence retrieval, preservation, and analysis. Simulations, mock trials, and compliance audits are all part of the lab\u2019s work to equip participants with useful tools for handling cyber investigations.<\/p>\n<p>The development of a new generation of cyber-aware jurists, legislators, and law enforcement officials depends heavily on these scholarly contributions. Such initiatives show how important legal education is in creating a cyber legal regime that respects rights and is technologically sound by fusing academic research with institutional needs.<br \/>\n<\/section>\n<section>\n<h2><span class=\"ez-toc-section\" id=\"Recommendations\"><\/span>Recommendations<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A series of focused reforms is necessary to bring India\u2019s cyber law framework into compliance with democratic norms and international best practices, given the changing digital landscape and constitutional jurisprudence on privacy, surveillance, and cyber regulation. The author\u2019s analysis of existing institutional, legal, and technological gaps leads to the following recommendations:<\/p>\n<ol type=\"i\">\n<li>\n<h3><span class=\"ez-toc-section\" id=\"The_Authors_Suggestions\"><\/span>The Author\u2019s Suggestions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li><strong>Modify the IT Act\u2019s Section 69:<\/strong> All state surveillance authorizations granted under Section 69 must be subject to judicial oversight. To meet the legality and proportionality standards established in <em>Puttaswamy<\/em>, a system similar to the US FISA court should be established, complete with required ex-ante and ex-post reviews.<\/li>\n<li><strong>Strengthen the DPDP Act, 2023:<\/strong> Government agencies\u2019 exemptions under Sections 16 and 17 of the Act should be carefully crafted and subject to impartial review. Constitutional privacy standards would be better reflected by stricter sanctions for violations and a more precise standard of consent.<\/li>\n<li><strong>Update the IT Rules, 2021:<\/strong> The safe harbor principles defended in <em>Shreya Singhal<\/em> are incompatible with the content moderation and traceability requirements imposed by the current rules. To handle user complaints about takedown orders and content filtering, an impartial appeals body must be established.<\/li>\n<li><strong>Require Security-by-Design:<\/strong> Compulsory encryption, frequent third-party security audits, and timely breach reporting are required for all digital platforms and Internet of Things (IoT) devices. The \u201cprivacy-by-design\u201d principle that <em>Puttaswamy<\/em> emphasized would be operationalized in this way.<\/li>\n<li><strong>Encourage AI Accountability:<\/strong> To ensure the ethical application of AI, specific laws should be passed. Especially for use cases in the public sector, this needs to include algorithmic impact assessments, data protection-by-design, and independent bias audits.<\/li>\n<\/ol>\n<\/li>\n<li>\n<h3><span class=\"ez-toc-section\" id=\"Legal_and_Institutional_Recommendations\"><\/span>Legal and Institutional Recommendations<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ol>\n<li><strong>Constitutional Compliance in Surveillance:<\/strong> To codify the protections found in <em>Puttaswamy<\/em>, such as proportionality, judicial approval, and redressal procedures, Parliament should enact a specific law governing surveillance. Additionally, this would increase public confidence in digital governance.<\/li>\n<li><strong>Operationalize the Data Protection Board:<\/strong> In accordance with the DPDP Act, the central government is required to guarantee the independence, adequate funding, and transparency of the Data Protection Board. Judicial review should be applied to its decisions to increase accountability.<\/li>\n<li><strong>Create a Unified Cyber Regulatory Framework:<\/strong> To harmonize cybersecurity, privacy, and digital governance policies, a centralized, cross-sectoral cyber regulator ought to be established. By doing this, overlap would be removed and uniform standards would be guaranteed.<\/li>\n<li><strong>Institutional Capacity Building:<\/strong> Law enforcement and judicial officers should be trained in digital evidence, cybercrime, and data governance through ongoing partnerships with academic institutions such as NALSAR.<\/li>\n<li><strong>International Harmonization:<\/strong> To increase investor confidence and international cooperation, India should harmonize its cyber laws with international frameworks like the <em>General Data Protection Regulation (GDPR)<\/em> of the EU, particularly when it comes to cross-border data transfers.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>In the era of algorithmic governance and data capitalism, these suggestions are essential for both future-proofing India\u2019s digital infrastructure and upholding its constitutional values.<\/p>\n<\/section>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>India\u2019s transition to the digital era has been characterized by revolutionary advancements in legal theory, technology, and governance. As the nation rapidly digitizes every aspect of public and private life\u2014from biometric identification and artificial intelligence to encrypted messaging and Internet of Things devices\u2014it is crucial to ensure that constitutional rights are not compromised in the name of technological convenience.<\/p>\n<p>Cyber Law 2.0 is not merely an update to the Information Technology Act or the passage of the DPDP Act, 2023; it represents a fundamental rethinking of how India wields digital power. The rights to free speech and privacy, as established in <i>Shreya Singhal v. Union of India<\/i> and <i>Justice K.S. Puttaswamy v. Union of India<\/i>, serve as the constitutional pillars of this new framework.<\/p>\n<p>However, judicial rulings alone are not enough to safeguard these rights. Institutional reform and legislative action are equally essential. This article identifies several key areas for reform:<\/p>\n<ul>\n<li>Unrestricted state surveillance must be brought within the boundaries of necessity, legality, and proportionality.<\/li>\n<li>Although a positive step, the Digital Personal Data Protection Act requires strict oversight and the removal of unnecessary government exemptions.<\/li>\n<li>Intermediary guidelines must be updated to protect free expression and promote procedural justice.<\/li>\n<li>Technological safeguards such as encryption, breach notification, and security-by-design should be made mandatory, not optional.<\/li>\n<\/ul>\n<p>Additionally, to address new challenges in AI and IoT, India must implement targeted regulatory frameworks that ensure accountability, transparency, and rights-respecting digital innovation. Academic institutions like NALSAR can play a vital role in bridging the gap between policy and practice through expert collaboration, research, and training.<\/p>\n<p>Cyber Law 2.0 is not only a legal necessity but a constitutional mandate. It calls for coordinated efforts among legislators, judges, regulators, educators, and technologists. Only by adopting a comprehensive, rights-centric approach can India leverage the power of technology while preserving the democratic values enshrined in its Constitution.<\/p>\n<p>As India shapes its digital legal system, the principles of individual liberty, institutional restraint, and enforceable remedies must remain at its core.<\/p>\n<p><b>End Notes:<\/b><\/p>\n<ol>\n<li>Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.<\/li>\n<li>Section 69, Information Technology Act, 2000<\/li>\n<li>Internet Freedom Foundation v. Union of India, 2021 SCC OnLine Del 1683.<\/li>\n<li>Shreya Singhal v. Union of India, AIR 2015 SC 1523.<\/li>\n<li>Section 79, Information Technology Act, 2000.<\/li>\n<li>Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.<\/li>\n<li>LiveLaw Media Pvt. Ltd. V. Union of India, WP\u00a9 No. 1354\/2021 (Del HC).<\/li>\n<li>M.P. Sharma v. Satish Chandra, AIR 1954 SC 300.<\/li>\n<li>Kharak Singh v. State of U.P., AIR 1963 SC 1295.<\/li>\n<li>K.S. Puttaswamy (Aadhaar-5J.) v. Union of India, (2019) 1 SCC 1.<\/li>\n<li>Digital Personal Data Protection Act, 2023.<\/li>\n<li>Anivar Aravind v. Union of India, 2021 SCC OnLine Ker 568<\/li>\n<li>Arjun Rao, \u201cAlgorithmic Accountability in Public Decision-Making: An Indian Perspective\u201d, (2024) 11(2) NALSAR Tech Law Review 122.<\/li>\n<li>Rohit Menon, \u201cLegal Framework for IoT Security in India\u201d, (2023) 65(1) JILI 97.<\/li>\n<li>Memorandum of Understanding between TGCSB and NALSAR University of Law, signed March 2025 (available on Telangana Cyber Security Bureau official website).<\/li>\n<li>NALSAR University of Law, \u201cAdvanced PG Diploma in Cyber Law\u201d and CTRL-Z Cyber Forensics Lab Initiatives, www.nalsar.ac.in (last accessed July 2025)<\/li>\n<\/ol>\n<p><strong><br \/>\nReferences:<\/strong><\/p>\n<ol>\n<li>Union of India v. Anivar Aravind, 2021 SCC OnLine Ker 568.<\/li>\n<li>Arjun Rao, \u201cAn Indian Perspective on Algorithmic Accountability in Public Decision-Making,\u201d 11(2) NALSAR Tech Law Review 122 (2024).<\/li>\n<li>Rohit Menon, \u201cLegal Framework for IoT Security in India,\u201d 2023, 65(1) JILI 97.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Introduction India is on the verge of a digital era that is both exciting and dangerous. With more than 800 million people using the internet, the nation is seeing a significant shift in the way social interactions, education, business, and governance are organised. The government has demonstrated its commitment to a technology-driven future through flagship<\/p>\n","protected":false},"author":240,"featured_media":6456,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"two_page_speed":[],"_jetpack_memberships_contains_paid_content":false,"_joinchat":[],"footnotes":""},"categories":[66],"tags":[28],"class_list":{"0":"post-6457","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-law","8":"tag-top-news"},"jetpack_featured_media_url":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-content\/uploads\/2025\/07\/1-21.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/posts\/6457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/users\/240"}],"replies":[{"embeddable":true,"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/comments?post=6457"}],"version-history":[{"count":0,"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/posts\/6457\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/media\/6456"}],"wp:attachment":[{"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/media?parent=6457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/categories?post=6457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.legalserviceindia.com\/Legal-Articles\/wp-json\/wp\/v2\/tags?post=6457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}