Categories
Blog

Right to be forgotten in India

Unlike the EU, India does not have any existing legal framework which recognises the right to be forgotten. However, the Indian courts have taken varying views in respect to whether such right exists in India as yet. In Dharamraj Bhanushankar Dave v. State of Gujarat & Ors., the Gujarat High Court denied the existence of such right. However, the Karnataka High Court in Sri Vasunathan v. The Registrar General & Ors. recognised it. Recently, in 2020, the Orissa High Court in Subhranshu Rout @ Gugul v. State of Odisha, emphasized the importance of ‘right to be forgotten’.

Learn more about Data Protection laws in India with Enhelion’s Certificate course on Information Security and Data Protection.

Though the existence of such right is unclear right now, however, the PDP Bill, 2019 has a dedicated provision on the ‘Right to be forgotten’. According to Clause 20 of the Bill, the data principal enjoys the ‘right to restrict or prevent the continuing disclosure of his personal data’ by a data fiduciary if– 

  1. The purpose for which the data was collected is fulfilled;
  2. The data principal has withdrawn his consent; 
  3. The disclosure was made contrary to the provisions of the bill or any other law in force.

The provision further provides that such right can only be enforced by virtue of an order by the Adjudicating Officer, after the data principal has made an application on the grounds mentioned above. The burden of proving that this right overrides the freedom of speech and expression and the right to information of any other citizen, is on the data principal

Learn more about Data Protection laws in India with Enhelion’s Certificate course on Information Security and Data Protection

The provision further provides for the factors which the Adjudicating Officer should take into account, while making the order. Such order can be reviewed by the Adjudicating Officer himself, and any order made by the Adjudicating Officer can also be appealed to the Appellate Tribunal. 

Therefore, on analysis of the provision of right to be forgotten under the PDP Bill, 2019, it is apparent that its scope is very limited compared to the scope it enjoys under the GDPR. The Bill merely provides for restricting or preventing continued disclosure of information, as opposed to GDPR which provides for complete erasure.

Learn more about Data Protection laws in India with Enhelion’s Certificate course on Information Security and Data Protection

Categories
Blog

Development of Cybercrime Law in the United Kingdom

Development of cybercrime law in the United Kingdom

The enactment of computer crime specific legislation or cybercrime law in the United Kingdom can be attributed to a number of cases which highlighted the issue of absence of such legislation and the subsequent acquittal of individuals.

R v. Thompson

Firstly, in R v. Thompson,[1] the appellant in Kuwait, had fraudulently caused a bank to credit certain bank balances in England. The access was authorized, however, such access was used for an unlawful purpose. The Theft Act of 1968 was sought to be applied[2]. The primary issue was that of jurisdiction (Kuwait or England) as well as identifying the victim. The court held that for applying the Theft Act, the identification of a human victim is a prerequisite. However, in the present case, the computer system was deceived, rather than a human mind. This highlighted the inadequacy of the existing legal framework to deal with cases where computer was a victim of a crime, rather than a mere facilitator.

R v. Gold and Schifreen

Secondly, in R v. Gold and Schifreen,[3] certain individuals got access to the files contained in British Telecom Prestel Network by seeing the username and password entered by the authorized person, over his shoulders. The accused were charged under the Forgery and Counterfeiting Act of 1981. However, the court held that the accused cannot be prosecuted under the said Act as the use of recorded electronic information did not fall under the definition of ‘false instrument’[4]. Therefore, the act committed by the accused does not come under the ambit of the Forgery and Counterfeiting Act. The outcome of this case highlighted that new age crimes (cybercrimes) cannot be prosecuted under the traditional criminal laws.

Learn more about Cyber Laws with Enhelion’s Online Law firm certified Diploma Course on Cyber Law.

It is pertinent to note that there were a series of case laws wherein the court adopted a more liberal approach to include the new age crimes within the ambit of traditional laws. In Cox v. Riley,[5] the court held that ‘damage’ implies any injury impairing the value and usefulness. Such injury need not be apparent to the naked eyes. Therefore, deleting program from a computer-controlled machine, which renders it unusable, constitutes ‘damage’ under the Criminal Damages Act, 1971. A similar approach was adopted in R v. Whiteley[6].

The increasing instance of computer crimes, the failure of court to effectively prosecute individuals who committed computer crimes, and the significance of ensuring effective prosecution by broadening the scope of existing laws, had a combined effect which led to the enactment of the Computer Abuse Act of 1990[7] in the United Kingdom.

Originally, the 1990 Act brought within its ambit, three categories of offences-

  1. Unauthorized access to programs or data[8];
  2. Unauthorized access with further criminal intent[9] and
  3. Unauthorized modification of data[10].

In Ellis v. DPP,[11] section 1 of the Act was interpreted, and the court held that unauthorized access, even though in absence of damage, comes under the ambit of the 1990 Act.

Learn more about Cyber Laws with Enhelion’s Online Law firm certified Diploma Course on Cyber Law.

The 1990 Act addressed the issue of jurisdictional challenge in cases of computer crime by making it an offence to use a computer in the home country to commit a crime in another country and to commit a crime in the country from a computer in another country[12].

It is pertinent to note that the 1990 Act was not well equipped to deal with computer crimes per se in a comprehensive manner. The issue with respect to section 2 of the Act was highlighted in R v. Bedworth[13], wherein while proving intent, addiction was recognized as a defense. As a result, the Jury acquitted the accused.

Learn more about Cyber Laws with Enhelion’s Online Law firm certified Diploma Course on Cyber Law.

[1] R v. Thompson, (1984) 79 Cr App R 191.

[2] Theft Act, 1968, § 15.

[3] R v. Gold and Schifreen, CACD [1987] QB 1116.

[4] Forgery and Counterfeiting Act, 1981, s. 8(1)(d).

[5] Cox v. Riley, [1986] QBD.

[6] R v Whiteley, [1991] 93 CAR 25.

[7] Computer Abuse Act, 1990.

[8] Id., § 1.

[9] Supra note 18, § 3.

[10] Supra note 18, § 2.

[11] Ellis v. DPP, [2001] EWHC 362.

[12] Supra note 18, § 4.

[13] R v. Bedworth, 1991.

Categories
Blog

Development of Telecommunication Law in British India

The communications system forms the basis of the economic development of a country and plays a key role in every aspect of an individual’s life. The communications system in India has come a long way from the use of telegrams in the 1850s to the extensive use of the Internet in the present times. It is pertinent to note that the foundation of telecommunications in India was laid by the British East India Company (referred to as ‘EIC’ hereafter), and was later developed by the British Government, under the British Crown.

  • Development of Telegraph services under the British regime

Research in the field of telegraph started in India way back in 1833 when a 24-year-old assistant surgeon with the East India Company (EIC), Mr. William O’Shaughnessy, started experimenting with electricity.[1] In 1839, he set up a 13.5-mile-long demonstration telegraph system near Calcutta.[2] During the same time, Samuel F.B. Morse was developing his own demonstration system back in the United States.[3] However, O’Shaughnessy was completely unaware of this development, and therefore, used a different code which was indigenously developed. On successful experimentation, he published a pamphlet about his work, but he was unable to catch the attention of the EIC.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

The state of affairs changed in 1847 when Lord Dalhousie was appointed as the Governor-General of India.[4] He showed real interest in developing public works like roads, canals, railways, and postal services in India. He also envisioned the potential of the telegraph invented by O’Shaughnessy and authorized him to build a 30 miles long line near Calcutta. This was the first experimental electric telegraph line in India which started between Calcutta and Diamond Harbour in 1851[5]. The success of this electric telegraph line incentivized Lord Dalhousie to authorize O’Shaughnessy to build telegraph lines across India.[6]

O’Shaughnessy completed the work assigned to him by 1854, and as a result, Calcutta was linked to Agra, Bombay and Madras by the telegraph network.[7] From 1851 till 1854, the telegraph was strictly limited to use by the EIC. In April 1854, first telegram was sent from Mumbai to Pune and electronic telegraph facilities were made open to use by the public[8]. Taking these developments and the subsequent need for legislation to regulate the establishment and management of electronic telegraphs in India into consideration, the Electronic Telegraphs Act of 1854[9] was enacted. The 1854 Act provided exclusive right to establishing telegraph lines in India to the EIC, however, the Governor-General of India in Council was given the power to grant the license to any person or company to establish a line[10]. The Act further established a separate Electric Telegraph Department[11]. The Act penalized the laying down of telegraph lines in contravention of the provisions of the Act.[12] It also penalized the persons who willfully caused interruption to the transmission of signals[13].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

The development of the telegraph system continued and by 1856, 4000 miles of Indian telegraph system was established connecting Calcutta, Agra, Bombay, Peshawar, and Madras.[14] It is believed that the Indian telegraph service played an instrumental role in suppressing the 1857 sepoy mutiny.[15] It proved to be a critical military tool by rapidly providing a reliable system of information which was used by the EIC to mobilize its troops. Owing to the significance of the telegraph network in suppressing the 1857 revolt, a number of Indians tried to destroy the same as an act of vengeance.[16]

The 1857 sepoy mutiny led to a significant change in power in the Indian colony. The Electric Telegraph Act of 1854 was repealed, and the Telegraph Act of 1860[17] was enacted to reflect the shift of power from British EIC to the British Crown. The 1860 Act brought two significant changes to its predecessor. Firstly, it gave the exclusive power previously enjoyed by the EIC to the Governor-General of India in Council[18]. The Governor-General also retained its power to grant licenses to private individuals and companies for establishing the telegraph lines. Secondly, considering the attempts of Indians to destroy the telegraph network post-1857 revolt, the Act of 1860 increased the number of penalties for intruding into the signal room[19] and cutting the line[20].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

The developments in the telegraph system in India were accelerated once submarine cables were completed between India and Britain in 1870.

The next significant step in the evolution of communications services in India was the enactment of the Indian Telegraph Act of 1876[21], which repealed the 1854 Act[22]. The 1876 Act was applicable to the whole of British India as well as British subjects in the Princely States[23]. The Act is considered as the first comprehensive legislation regulating telegraph services in India. It defined the terms like ‘telegraph’, ‘telegraph officer’ and ‘message’[24]. ‘Telegraph’ was defined as an electric or magnetic telegraph[25]. Just like the 1854 Act, the Governor-General retained his power of exclusive privilege and the right to grant a license under the 1876 Act.[26] The Act further increased the penalties for causing destruction to the telegraph network. The most peculiar feature of the 1876 Act was the provision for the deployment of additional police in places where mischief to telegraphs was repeatedly committed[27]. In such a scenario, the inhabitants of such a place were required to bear the cost of such deployment[28].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

After the 1876 Act came into force, in 1880, two private telephone companies namely Oriental Telephone Company Ltd. and The Anglo-Indian Telephone Company Ltd. approached the Governor-General of India to propose establishing telephone exchanges in India.[29] They were denied permission on the ground that the introduction of telephones was a Government monopoly and hence the Government itself would commence the work.[30] However, in 1881, the decision was reversed and Oriental Telephone Company Ltd. was granted a license for opening telephone exchanges at Kolkata, Mumbai, Chennai and Ahmedabad. The telephone came to India a little later in 1882.[31]

In 1883, the telegraph services were combined with postal services.[32] In the meanwhile, a Bill proposing the repeal of the 1876 Act was tabled to the Council. The Bill suggested modification of the definition of ‘telegraph’ to be in consonance with the developments in Britain. It also suggested the creation of a new category of penalties. This led to the enactment of the Telegraph Act of 1885[33]. The Act broadened the definition of ‘telegraph’ to include “appliances and apparatus for transmitting or making telegraphic, telephonic or other communications by means of electricity, galvanism or magnetism”[34]. The Act also created a Telegraph Authority, which meant the Director-General of Telegraphs and included any officer empowered by him[35]. Just like its 1860 and 1876 predecessors, the Governor-General enjoyed the exclusive privilege and the right to grant a license under the 1885 Act as well. The Act further granted the power to Government to take possession of licensed telegraphs to intercept messages[36].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

In 1888, overseas communications were merged with the Director-General of the Indian Telegraph Department.[37]

The next significant development took place in 1902 when cable telegraphs were changed to wireless telegraphs.[38] Therefore, in 1902, the Indian telegraph services went wireless. Furthermore, in 1914, a big administrative change happened. The Postal Department and the Telegraph Department were amalgamated under a single Director-General by amending the definition of ‘telegraph authority under the 1885 Act[39].

The 1885 Act underwent a number of changes in the years 1914, 1930 and 1937. As per the amendment of section 4 in 1914, the Government was given the power to establish and maintain wireless telegraphs on ships within Indian territorial waters and telegraphs other than wireless telegraphs[40]. This provision was further amended in 1930 to include the use of wireless telegraphy on aircraft[41].

  • Development of Radio broadcasting services under the British regime

Respect to radio broadcasting, broadcasting was introduced as a private venture through radio clubs in Calcutta, Madras, Bombay and Lahore in 1923 and 1924.[42] In June 1923, the Radio Club of Bombay made the first-ever broadcast in India. In 1927, Calcutta Radio Club was established. During this time period, there was a daily broadcast of 2-3 hours of music and talks. However, most of these stations faced liquidation within three years of their establishment due to insufficient finances.[43]

The year 1927 also witnessed an agreement between the Government and a private company named Indian Broadcasting Company Ltd. (IBC).[44] This agreement led to the setting up of the Broadcasting Service which began broadcasting in 1927 on an experimental basis in Bombay and later in Calcutta. However, IBC faced liquidation within 3 years of its establishment.[45] The government acquired its assets and established the Indian Broadcasting Service under the Department of Labour and Industries.[46] Since then, broadcasting has remained under the control of the Government in India.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Following the establishment of the Indian Broadcasting Service, in 1935, Lionel Fielden was appointed the first Controller of Broadcasting.[47] In the same year, a private radio station, Akashvani Mysore, was set up.[48] In 1936, a radio station was commissioned in Delhi.

The next significant step in the development of radio broadcasting services in India was the renaming of the Indian State Broadcasting Service as ‘All India Radio’, or AIR in June 1936.[49] A new signature tune was added to AIR. The Delhi radio station, established in the same year, became the nucleus of broadcasting at the national level. In 1937, AIR was brought under the Department of Communications and in 1941, under the Department of Information and Broadcasting. The Department of Information and Broadcasting was again changed to the Department of Information and Broadcasting (I&B) on 10th September 1946.[50]

Radio broadcasting underwent considerable developments during World War II. By 1939, the entire country was covered by short-wave service. Taking into account the outbreak of World War, the programme structure of radio underwent a change to meet wartime contingencies. News and political commentaries were introduced and special broadcasts were made for the people on the strategic north-eastern and north-western borders.

  • Regulation of Wireless Telegraphy in the British regime

Wireless telegraphy in India developed in line with the development of radio services. One of the major sources of revenue for the Indian State Broadcasting Service was revenue from the licence fee for working of wireless apparatus under the Indian Telegraph Act, 1885. Owing to the lack of legislation dealing with the unlicensed use of wireless apparatus, the Indian State Broadcasting Service faced substantial revenue losses. To deal with the unlawful possession of wireless telegraphy apparatus, the Indian Wireless Telegraphy Act of 1933[51] was enacted.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

The 1933 Act defined terms like ‘wireless communication’ and ‘wireless telegraphy apparatus.[52] The Act prohibited the possession of wireless telegraphy apparatus without a license under section 4. The telegraph authority under the Indian Telegraph Act of 1885 was given the power to issue licenses to possess wireless telegraphy apparatus under the Act[53]. The act of possession of wireless telegraphy apparatus without a license was made a punishable offence[54].

  • The relevance of Communication Laws enacted in the British regime after the coming into force of the Constitution of India in 1950

When India became independent, there were over 7000 telegraph offices and about 300 state-owned telephone services, across the country. Furthermore, there were 6 AIR stations at Delhi, Bombay, Calcutta, Madras, Lucknow and Tiruchirapalli, with 18 transmitters, among which six were on the medium wave and the remaining were on short wave.

The legal regime governing the telecommunications sector in India developed to a considerable extent after independence owing to technological changes, however, it is pertinent to note that the government decided to adopt certain key legislation relating to the telecommunications sector which was in force during the British regime. The most significant adoption was the exclusive privilege over the telegraph service and right to grant a license, enjoyed by the Government over the telecommunications sector in the British regime. This status was adopted in the Constitution of India by virtue of Entry 31 of List I in Schedule 7 which puts ‘posts and telegraphs, telephones, wireless, broadcasting, and other like forms of communications’ in the exclusive domain of the Union List[55]. The then Prime Minister of India, Jawaharlal Nehru, was also of the opinion that the telecommunication sector should be retained by the Central Government owing to its criticality to the development of India.

The Telegraph Act of 1885 was amended in the year 1948 to substitute the word ‘Provinces’ with ‘India’[56]. Although the definition of ‘telegraph’ has been amended in the subsequent years to ensure that technological development does not leave out certain services from being regulated by the state, however, the basic premise of the 1885 Act has remained intact over the years.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

The Wireless Telegraphy Act, 1933 too is still in existence and retains most of the provisions of the original Act.

With respect to radio broadcasting services, All India Radio is in existence even today, under the control of the Ministry of Information and Broadcasting.

Therefore, the British regime did not only help India in laying the infrastructural foundations of communications, it also helped to develop a legal regime governing the same. This legal regime is still operational, with certain amendments aimed at adopting the dynamic nature of technology.

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

[1] John H. Lienhard, Indian Telegraph, https://www.uh.edu/engines/epi1380.htm (last visited Apr. 20 2021).

[2] Id.

[3] Indian telegraph Service, INDIAN PHILATELY, http://www.indianphilately.net/indiantelegraph.html (last visited Apr. 20 2021).

[4] Lienhard, Supra note 1.

[5] Development of posts and telegraph during the British rule, https://madhyapradesh.pscnotes.com/modern-history/development-of-posts-and-telegraph-during-the-british-rule/ (last visited Apr. 20 2021).

[6] Lienhard, Supra note 1.

[7] Supra note 3.

[8] Maninder Dabas, Today in 1854, first telegrpoh was sent in India, INDIA TIMES (Apr, 27, 2017, 4:15 PM), https://www.indiatimes.com/news/today-in-1854-first-telegram-was-sent-in-india-between-mumbai-and-pune-here-is-all-about-the-telegraph-service-that-ende.

[9] Electronic Telegraphs Act, 1854, available at https://www.wipo.int/edocs/lexdocs/laws/en/in/in116en.pdf.

[10] Id, § 1.

[11] Supra note 9, § 7.

[12] Supra note 9, § 2.

[13] Supra note 9, § 9.

[14] Lienhard, Supra note 1.

[15] Michael Mann, The deep digital divide: The telephone in British India, 35(1) HISTORICAL SOCIAL RESEARCH 188, 200 (2010).

[16] Id.

[17] Telegraph Act, 1860, available at https://www.wipo.int/edocs/lexdocs/laws/en/in/in117en.pdf.

[18] Id, § 2.

[19] Supra note 17, § 9.

[20] Supra note 17, § 10.

[21] Indian Telegraph Act, 1876, available at https://www.wipo.int/edocs/lexdocs/laws/en/in/in118en.pdf.

[22] Id, § 2.

[23] Supra note 21, § 1.

[24] Supra note 21, § 3.

[25] Id.

[26] Supra note 21, § 4.

[27] Supra note 21, § 16.

[28] Id.

[29] Gopika G G, Growth and development of telecom sector in India- An overview, 16(9) IOSR-JBM 25, 26 (2014).

[30] Id.

[31] Id.

[32] Id.

[33] Telegraph Act, 1885, available at https://www.wipo.int/edocs/lexdocs/laws/en/in/in119en.pdf.

[34] Id, § 3(1).

[35] Supra note 33, § 3(6).

[36] Supra note 33, § 5.

[37] Id.

[38] Gopika G G, Growth and development of telecom sector in India- An overview, 16(9) IOSR-JBM 25, 33 (2014).

[39] Supra note 33, § 3(6).

[40] Act 7 of 1914.

[41] Act 27 of 1930.

[42] Growth and development, PRASAR BHARTI, https://prasarbharati.gov.in/growth-development-air/ (last visited 20 Apr. 2021).

[43] Id.

[44] Alasdair Pinkerton, Radio and the Raj: Broadcasting in British India (1920-1940), 18(2) JOURNAL OF THE ROYAL ASIATIC SOCIETY 167, (2008).

[45] Id. at 175.

[46] Id.

[47] Id.

[48] Supra note 42.

[49] K.C. Archana, 80 years of AIR: Remembering the golden days of All India Radio, INDIA TODAY (June 8, 2016, 3:51 PM), https://www.indiatoday.in/fyi/story/80-years-of-air-remembering-the-golden-days-of-all-india-radio-12987-2016-06-08.

[50] Id.

[51] Indian Wireless Telegraphy Act, 1933, available at https://www.wipo.int/edocs/lexdocs/laws/en/in/in037en.pdf.

[52] Id. § 2.

[53] Supra note 51, § 5.

[54] Supra note 51, § 6.

[55] Constitution of India, 1950, Schedule VII, List I, Entry 31.

[56] Act 45 of 1948.

Categories
Blog

Development of Cybercrime Law in the European Union

At the European Union level, although the possibility of having a comprehensive legal framework dealing with cyber crimes was not a far stretched idea owing to the cooperation at the Union level, however, this idea was not considered until the late 1990s.

Taking into account the growing incidents of cyber crimes, their peculiar nature, and the essential element of international cooperation in this regard, a series of initiatives were taken at the EU level in the form of recommendations and Council conclusions. This was followed by the first legislative proposal by the Commission in early 1998 to deal with certain aspects of computer crimes, i.e. credit card frauds and forgery of non-cash means of payment. However, it was only in May 2001 that the Framework Decision on Combating Fraud and Counterfeiting of Non-Cash Means of Payment was adopted.[1]

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

During the same time, the Council of Europe was taking a number of steps and engaging in negotiations, in collaboration with the G8 countries, USA, Canada, Japan, United Kingdom, Germany, France, Italy, and Russia, with respect to judicial cooperation in this field.  As a result, an agreement was reached in 1997 pertaining to an action plan to combat high-tech and computer-related crimes. One of the action plan’s initiatives is the 24/7 network of law enforcement contact points to combat cybercrime, which is now a part of the current legal framework at the EU level. This network furthers the objective of international cooperation, specifically with respect to the investigation of cybercrimes.

In October 1999, the G8 met again as a follow-up measure of the action plan. This follow-up concluded that the biggest roadblock in combating computer crimes is the identification and tracking of criminals in cyberspace. To overcome this roadblock, many principles were adopted to ensure transnational access to data, simplified mutual assistance, and general permission to access publicly available material in another state without express permission. These principles now form the basis of the current legal regime at the EU level[2].

Meanwhile, the European Committee on Crime Problems[3] (CDPC) decided to set up a committee of experts to deal with cyber-crime in November 1996. Subsequently, the Report submitted by Professor H.W.K. Kaspersen concluded that “it should be looked to another legal instrument with more engagement than a Recommendation, such as a Convention. Such a Convention should not only deal with criminal substantive law matters but also with criminal procedural questions as well as with international criminal law procedures and agreements”.[4]

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Taking into account the Report submitted to the CDPC, the Council of Europe was successful in formulating the Convention on Cybercrime[5], with an aim to bring minimum harmonization in the acts termed as ‘cybercrime’ in the Member States of the EU.

The Explanatory Report of the Cybercrime Convention highlights the changing nature of crimes and the subsequent need to develop a legal framework to prosecute such crimes exclusively. It states that-

The technological developments have given rise to unprecedented economic and social changes, but they also have a dark side: the emergence of new types of crime as well as the commission of traditional crimes by means of new technologies.[6] Criminals are increasingly located in places other than where their acts produce their effects. However, domestic laws are generally confined to a specific territory. Thus, solutions to the problems posed must be addressed by international law, necessitating the adoption of adequate international legal instruments”.[7]

The Convention on Cybercrime adopts a holistic approach in dealing with both substantive and procedural aspects[8] of cybercrimes at the EU level. Section 1 of Chapter II covers both criminalization provisions and other connected provisions in the area of computer or computer-related crime by defining nine offences (illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, offences related to child pornography and offences related to copyright and neighbouring rights) grouped into four different categories (offences against the confidentiality, integrity and availability of computer data and systems, computer-related offences, content-related offences and offences related to copyright and neighbouring rights)[9]. It further deals with ancillary liability and sanctions[10].

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

Furthermore, the Convention also contains provisions for traditional as well as computer crime-related mutual assistance and extradition.[11] It also provides for transborder access to stored computer data without mutual assistance, either with consent or without consent, in the case of publicly available data. It also provides for the setting up of a 24/7 network to ensure speedy assistance among the Parties.

Lastly, at the Union level, to address the issue of cooperation at, the Union level, the European Network and Information Security Agency (ENISA) was established in 2004. ENISA was given the responsibility to develop expertise to enhance cooperation between public and private sectors and provide assistance to the Commission and Member States of the EU in their dialogue with industry for the purpose of addressing security-related problems in hardware and software products. It was also required to promote risk assessment activities as well as interoperable risk management routines.[12]

Learn more about Technology Law with Enhelion’s Online Law firm certified Master Course! 

[1] EUR-Lex, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32001F0413 (last visited May 3, 2021).

[2] These principles can now also be found in the Cybercrime Convention.

[3] Decision CDPC/103/211196.

[4] Salaheddin J. Juneidi, Council of Europe Convention on Cyber Crime, IPICS (2002).

[5] The Cybercrime Convention.

[6] Explanatory Report to the Cybercrime Convention, part I(5).

[7] Explanatory Report to the Cybercrime Convention, part I(6).

[8] Supra note 29, chapter II, § 2.

[9] Supra note 29, chapter II, § 1.

[10] Supra note 29, chapter II, §1, title 5.

[11] Supra note 29, art. 25.

[12] ENISA, https://www.enisa.europa.eu/ (last visited May 6, 2021).

Categories
Blog

Rule Of Law in Globalising World

The concept of rule of law finds its origin in the rulings of Chief Justice Sir Edward Coke[1] wherein he emphasised the significance of the King being under the law. However, it was only later that A. V. Dicey in his book: Introduction to the study of the Law of the Constitution, 1885[2], tried developing the concept further. He identified three components of the rule of law[3]

  1. The supremacy of law
  2. Equality before law
  • Constitution as a result of ordinary law of the land (signifying the relevance of judge-made laws in England)

These components ensured that the rule of law acted as a constraint on the arbitrary exercise of power by the sovereign over its subjects. Therefore, his primary focus was on the way in which the law was made, applied, and enforced (process-focused approach), rather than the actual content of the law (end-focussed approach). This creates a lot of confusion with respect to the applicability of the rule of law. Modern democracies are founded on this principle, however, there are contrasting convictions about what ‘law’ is/should be.

Previously, the concept of rule of law was limited in its application to the sovereign territory of the state as the interactions were primarily intranational. However, over a period of time, with the advent of technology and the movement of people, goods and services across borders, such interaction became international, leading to cross-border disputes. Through the process of globalization, “political, economic, and technological changes have had globalizing ramifications that penetrate state borders in ways that transformed the core rule of law values in the international legal order and have created a shift away from the previously prevailing state-centric system.”[4]

With respect to the applicability of rule of law at the international level, globalisation has made the world one single market where individual and state entities interact with other individuals and entities on a daily basis. Therefore, such interaction cannot be left unchecked with respect to the foundation principle of the legal system i.e. the rule of law. Hence, there is a need to transpose the principle of rule of law, internationally, in light of the globalized world. The significance of rule of law at the international level in the era of globalisation has been pointed out a number of times[5].

However, this transposition is easier said than done. There are some inherent issues in applying the principle globally. Firstly, with respect to whether such a principle, which was originally developed to be applicable to the national legal system, can be applied to the international legal system, in the absence of a central sovereign authority. Secondly, if the answer to the first issue is affirmative, does such international application require a reconceptualization of the original concept of rule of law in order to adapt it to the legal issues arising at the international level. Thirdly, should the international rule of law be limited in its application with respect to the relationship of different sovereign nation-states, or should it also be applied to the relationship of different individuals who are subjects of such nation-states?

The first roadblock towards the applicability of the principle of rule of law in the globalised world today encompasses the fact that there is no common sovereign power in the international arena. There is United Nations, however, the international law establishing such an institution, is a soft law in itself. Besides, it is left to the discretion of the nation-states to decide whether they wish to be a part of the U.N. Since there is no common sovereign, it is often contented by scholars that the rule of law cannot meaningfully exist in the international arena.[6] This further entails the difficulty in ascertaining what constitutes “law” in the international context since there is no “one” sovereign, and no “one” law regulating the conduct of individual nation-states.

Secondly, the Dicean concept of rule of law highlights a very narrow and process-focused approach. Such a framework will not satisfy the end objective of rule of law at the international level, with respect to acting as a constraint against the gross violation of the fundamental human rights of the individuals by the sovereign states. Therefore, the rule of law, when transposed to the international level, should not only be process-oriented but also end-oriented.

However, the nation-states, in light of the growing interaction in the globalized world and the common aim to attain international peace and order, have taken the necessary steps to address these roadblocks in the applicability of the principle internationally[7]. Globalization has a significant contribution to the development of both domestic and international legal frameworks governing and regulating transnational transactions and activities. This has led to the development of international institutions tasked with the implementation of international law to secure peace, order and respect for basic human rights in the international community.

In today’s world, however, the significance of the rule of law stretches far beyond its application to traditional inter-state relations. The second aspect of the rule of law at the international level is the increasing attention of the international community on the impact of the international rule of law on individuals, with respect to the need to protect the inalienable human rights of the individuals. The international humanitarian law and human rights law has ensured that the basic human rights of the “individuals” are brought at the centre stage[8], and that every nation-state is obligated to protect them. These developments have placed legal constraints on the conduct of sovereign states in the international community and prescribed international standards which ensure that substantive aspects of justice are also catered to, at the global level.

However, this individual-focused approach to rule of law at the international level is being implemented at the domestic level, by making the domestic legal system in line with the international standards. In light of this, it is important to keep a check on the discretion provided to the national legal system regarding the substantive rules as rule of law cannot be considered effective in its true essence if the laws are unjust and oppressive.

 

[1] LTJ, http://lawtimesjournal.in/rule-of-law/ (last visited Feb. 1, 2021).

[2] A V DICEY, INTRODUCTION TO THE STUDY OF THE LAW OF THE CONSTITUTION (1885).

[3] Id.

[4] Ruti G. Teitel, Humanity’s Law: Rule of Law for the New Global Politics, 35 CORNELL INT’L L.J. 355, 357 (2002).

[5] The Rio +20 Conference on Sustainable Development Outcome Document, 2012; UN Millennium Development Goals etc.

[6] Charles Sampford, Reconceiving the Rule of Law for a Globalizing World, GLOBALISATION AND THE RULE OF LAW 9, 10 (2005).

[7] UDHR, ICCPR, ICESCR, Convention against Terrorism, Human Trafficking etc.

[8] United Nations Human Rights Committee, the International Criminal Tribunals (ICTY, ICTR), and the International Criminal Court (ICC) etc.

Categories
Blog

Data Protection Regime in India

Privacy has been considered an international human right, as is enumerated under Article 12 of the Universal Declaration of Human Rights[1] and Article 17 of International Covenant on Civil and Political Rights.[2] India being a signatory to these international instruments, is under an obligation to protect privacy of the individuals. The current legal framework in India with respect to privacy and data protection is scattered in different legislations, rules and regulations, which individually deal with certain aspects of data protection.

The most important piece of legislation with respect to data protection is the Information Technology Act, 2000 (IT Act). Section 43A of the Act imposes civil liability on the body corporates if, while dealing with sensitive personal data or information, they are found to be negligent in implementing reasonable security practices and procedures and this leads to wrongful loss or gain to any person[3]. Furthermore, Section 72A imposes criminal liability on any person for disclosing personal information of an individual to a third party, without the consent of such individual[4]. These provisions are to be read with the IT (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011[5] [SPDI Rules], which defines sensitive personal data or information[6] and provides the procedures to be followed by a body corporate for collection[7], disclosure[8] and transfer[9] of information. The Rules further provides what constitutes reasonable security practices and procedures[10].

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

Furthermore, the Information Technology (the Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (Cert-In Rules) impose an obligation on the service providers, intermediaries, data centers and corporate entities to mandatorily notify, in case of certain type of ‘Cyber Security Incidents’.

With respect to the protection of financial data, the Credit Information Companies (Regulation) Act, 2005 (CICRA) requires that the credit information of individuals in India has to be collected as per privacy norms enunciated in the CICRA regulation. Entities collecting the data and maintaining the same have also been made liable for any possible leak or alteration of this data.

With respect to the protection of health data, the Digital Information Security in Healthcare Act (DISHA), 2018 aims to protect the privacy of patients by protecting their medical data. It lays down the procedure for sharing of personal health records, through digital medium, between various healthcare service providers. Further, the Indian Medical Council (Professional Conduct, Etiquette and Ethics) Regulations, 2020 impose an obligation on the registered medical practitioner to comply with the relevant provisions of the IT Act, data protection and privacy laws[11].

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

The Indian Contract Act, 1872 also become applicable if the privacy and confidentiality clauses enumerated in the agreement are breached by either party.

The Indian Penal Code, 1860 becomes applicable in the realm of data protection regime, as when there is a theft of data, prosecution can follow for the offenses of theft[12], misappropriation of property[13] or criminal breach of trust[14] under the Code.

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

The most significant development in India has been the case of Justice K S Puttaswamy v Union of India[15], wherein the nine-judge bench of the Apex Court unanimously held that the right to privacy is an intrinsic part of personal liberty under Article 21 of the Indian Constitution. This highlighted the need for a data protection legislation dealing with all the direct and incidental aspects. The latest step towards this has been the Personal Data Protection Bill of 2019 which is currently being reviewed by the Joint Parliamentary Committee. Once this Bill becomes a law, India will have a single piece of legislation exclusively dedicated to privacy and data protection.

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

[1] Universal Declaration of Human Rights, 1948, art. 12.

[2] International Covenant on Civil and Political Rights, 1966, art. 17.

[3] Information Technology Act, 2000, s. 43A

[4] Information Technology Act, 2000, s. 72A.

[5] Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

[6] Id, rule 3.

[7] Supra note 66, rule 5.

[8] Supra note 66, rule 6.

[9] Supra note 66, rule 7.

[10] Supra note 66, rule 8.

[11] Applicability of the Regulations.

[12] Indian Penal Code, 1860 , s. 378 and s. 379.

[13] Indian Penal Code, 1860, s. 403.

[14] Indian Penal Code, 1860 , s. 405, s. 408 and s. 409.

[15] Justice K S Puttaswamy v. Union of India, (2017) 10 SCC 1.

Categories
Blog Intellectual Property Law

Ritu Kumar v. Biba

Ritika Private Ltd. vs Biba Apparels Pvt Ltd. 230 (2016) DLT 109

Delhi High Court

Judges: Justice Valmiki J. Mehta

Applicable law: Section 15 of the Copyright Act, 1957

Did you know: In order for the owner of a design to enjoy protection under the Designs Act, 1911, it is necessary that the design be registered under the act.

Effect of Legal Provisions: Section 15 of the Copyright Act states that if a design is registered under the Designs Act, 1911 the copyright in such design will cease. Copyright will also cease even if the design is not registered but is capable of registration and the design has been reproduced more than 50 times.

Where it all began:

  1. Ritika owns the famous brand ‘Ritu Kumar’ and Biba Apparels also owns a famous brand called ‘Biba’. Both produced apparel and accessories using industrial designs
  2. Ritika alleged that Biba had copied the designs of Ritu Kumar and had used them to produce apparel and as such, it had infringed the copyright of Ritika.
  3. Ritika’s designs are not registered under the designs act.

Legal issue: Once the copyrighted works of the plaintiff are applied for the making of dresses, and the production of dresses exceeds 50 in number, whether protection of copyright is lost?

Learn more about IPR with Enhelion’s Online Law firm certified Master Course! 

Ritika’s arguments: there is originality in the garment prints and sketches created by Ritika Pvt Ltd for the dresses/garments. It is pleaded that its ensembles are so designed that each component, such as sleeves, front and back panels etc are delineated and are coordinated with unique features. As such it is entitled to copyright protection.

Biba’s arguments: Because the designs of Ritika are industrial designs, the suit for infringement of copyright is barred because of Section 15 of the Copyright Act.

Judgment in the case:

  1. The court came to the conclusion that the suit was barred by Section 15(2) of the Copyright Act, 1957 as Ritika’s copyright in the said works had ceased to exist.
  2. Ritika’s case fell squarely under Section 15(2) of the Copyright Act, 1957 i.e. the copyright in Ritika’s designs ceased to exist as it had been reproduced more than 50 times by an industrial process.

Significance

The court elucidated the position as to the operation of subsection (2) of section 15 and re-affirmed the view that the bar would apply under certain conditions even if the design is not registered.

Learn more about IPR with Enhelion’s Online Law firm certified Master Course! 

Categories
Blog

Significance of Cyber Forensics in the modern digital world

The influence of Information and Communication Technologies (referred to as ‘ICTs’ hereafter) on society goes far beyond establishing basic information infrastructure. It has proven to be a foundation for development in the creation, availability and use of network-based services. It has played the most significant role in transforming the world we live in.

Although ICTs have helped in the creation of a truly global marketplace, characterized by a constant flow of information through networks and websites, however, just like everything, Internet technology to has its own pros and cons. On one hand, the ICT makes our life easier and on the other hand, it provides a platform for individuals to commit crimes in cyberspace, by taking advantage of the vulnerabilities and risks associated with the Internet. This led to the development of jurisprudence with respect to ‘cybercrime’ or crime committed in cyberspace.

Learn about Digital Forensics with Enhelion’s Online Law firm certified Course! 

With the recognition of new age crimes as ‘cybercrimes’ and their peculiar nature, as opposed to traditional crimes, there was also a need to develop a security framework as well as a legal framework to exclusively combat such crimes. This led to the development of the regime of ‘cyber security and ‘cyber laws’ in various jurisdictions.

The basis of the cyber law regime was the same as that of traditional law- for the prosecution of crimes, whether traditional or new age, the court of law required credible evidence. However, it was no secret that the form of evidence required in traditional criminal cases differs from that in the case of cybercrimes, as the latter entails procurement of evidence from the ‘cyberspace’ itself, as opposed to a physical location. Since the traditional investigation and evidence procurement tools were not adequate in the context of cybercrimes which eventually led to a lack of prosecution of cybercriminals, therefore, a new disciple of forensics[1] known as ‘cyber forensics’ emerged.

Cyber forensics is defined as “the collection and analysis of data from computer systems, networks, communication streams and storage media in a manner that is admissible in a court of law[2]. In general terms, it was the use of knowledge of computer science to gain access to credible evidence which will be considered admissible in the court of law while prosecuting an accused in a case concerning the commission of cybercrime.

Learn about Digital Forensics with Enhelion’s Online Law firm certified Course! 

Initially, the use of cyber forensic tools was limited to the purpose of prosecution in court where cybercrimes were committed against private individuals. However, cybercrimes were not directed only at private individuals, various public, as well as private organizations which adopted ICTs in their day-to-day operations, were increasingly becoming victims of such crimes. Therefore, these organizations realized the potential of cyber forensics in identifying the offenders and securing their networks and started using the same within their organizations. Presently, cyber forensic tools are used equally by the government, private organizations and investigating authorities.

Cyber forensics per se involves the utilisation of knowledge of computers, computer systems, computer networks and the Internet i.e. it is primarily technical in nature. It is pertinent to note that the evidence collected with the use of cyber forensics should be admissible in a court of law, otherwise such evidence is futile. Therefore, there is also a requirement for setting legal standards as to how to collect, store and process evidence in cases of cybercrime. The legal framework of the country provides for these legal standards. For example, in India, the Indian Evidence Act, 1872[3] was amended in 2000 to insert various provisions relating to the admissibility of electronic evidence. The definition of the term ‘evidence’ was amended to include within its ambit, electronic records.[4] Section 65A[5] read with section 65B[6] provides for the admissibility of electronic records.

The COVID-19 pandemic had an unprecedented impact on the technological sector. Most individuals were completely dependent on the use of technology for their day-to-day activities, employment and education, among other things. This dependence provided a breeding ground for cybercriminals to exploit the vulnerable networks. Therefore, the significance of cyber forensic tools to combat such cybercrime activities was realised during the COVID-19 pandemic, more than ever.

Learn about Digital Forensics with Enhelion’s Online Law firm certified Course! 

[1] Forensics is the use of scientific knowledge to collect information for supporting a fact.

[2] Anjani Singh Tomar, Cyber forensics in combating cybercrimes, 3 PARIPEX 69, (2014).

[3] The Indian Evidence Act, 1872.

[4] Id., § 3.

[5] Special provisions as to evidence relating to documents may be given.

[6] Admissibility of electronic records.

Categories
Blog

Data Protection Regime in the European Union- General Data Protection Regulation (EU-GDPR)

Originally proposed by the European Commission in 2012, the EU GDPR[1] came into effect on 25th May 2018. It is intended to harmonize privacy and data protection laws across Europe. It further aims to provide a framework to ensure that the data subjects have control over their personal data. The provisions are GDPR are applicable[2]

  1. When a controller or a processor is established in the EU
  2. When the personal data of EU data subjects is processed

The Regulation defines terms like ‘personal data’, ‘processing’, ‘data subject’, ‘controller’, ‘consent’, ‘processor’ and ‘personal data breach’.[3] It also enumerates the basic principles on which GDPR is based. These include “lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability[4].

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

One of the grounds mentioned under the Regulation which makes the processing of personal data by the controller or the processor lawful is when the data subject has consented to such processing[5]. The declaration seeking such consent should be made in an intelligible and easily accessible form, using clear and plain language[6]. Further, the data subject has the right to withdraw his consent at any time, and such withdrawal will not affect the lawfulness of the processing prior to the withdrawal.[7] When the data subject is a child below the age of 16 years, consent for the processing of personal data can only be given or authorized by the parents.[8] However, the Regulation gives the discretion to the individual member states of the EU to decide the minimum age for which parental consent will be required, however, such age cannot be lower than 13 years.[9]

The GDPR prohibits the processing of personal data relating to a specific category (sensitive personal data)[10]. However, such data can be processed in certain conditions like when the data subject gives explicit consent or when processing is necessary to protect the vital interests of the data subject or when processing is necessary for substantial public interest etc.[11]

Chapter 4 of GDPR enumerates the rights provided to the data subject with respect to the processing of their personal data. These include the right to access the data by the data subject (to know the purpose of processing, the categories of data being processed, recipients of such data, the period for which data will be stored, right to be informed of additional safeguards if data is transferred to a third country or an international organization etc.)[12], right to rectification (of inaccurate data concerning the data subject), right to erasure (when data is no longer necessary, when consent is withdrawn when data is unlawfully processed etc.), right to restriction of processing (for a particular time period) , right to data portability (receive the data in a machine-readable format and transmit the same to another controller) and right to object.

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

The member states of the Union have the right to restrict the scope of rights and obligations[13] of the data subject and the controllers/processors, under the Regulation on the ground of national security, defence, public security, and criminal offences[14], general public interest etc.[15] by means of legislative measures.

The controller is obligated to take necessary technical and organizational measures which are designed to implement the principle of GDPR while processing the personal data of the subject (data protection by design).[16] Furthermore, the technical measures should be implemented to ensure that, by default, only the personal data which is required for specific purposes, is processed[17] (data protection by default).

In case of a data breach which is likely to risk the rights of natural persons, the controller should notify the supervisory authority within 72 hours of becoming aware of such breach. The controller should also inform the data subject about such data breaches in certain specific situations[18].

Further, if the processing of data involves new technology which might result in “high risk to the rights and freedoms of natural persons, the controller should carry out an impact assessment, before processing any data[19].

The Regulation also mandates the appointment of a Data Protection Officer by the controller and processor in certain situations.[20] The Officer has the duty to inform and advise the employees of their obligations while processing the data of data subjects, to monitor the compliance of provisions of GDPR, to cooperate with supervisory authority etc.[21]

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

In case of infringement of any right of the data subject or any obligation mentioned under GDPR, the data subject has the right to lodge a complaint with the supervisory authority of a particular member state[22]. For severe violations, the fine framework can be “up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher[23]. In case of less severe violations, the Regulation sets forth fines of “up to 10 million euros, or, in the case of an undertaking, up to 2% of its entire global turnover of the preceding fiscal year, whichever is higher[24].

Therefore, the privacy and data protection regime in the European Union is very stringent. Although it has only been two years since the GDPR came into effect, however, the recent cases of imposition of huge sums of fines on Twitter[25] and Google[26] in Europe for violating the provisions of GDPR, highlight the seriousness of privacy and data protection in Europe.

Learn about Information Security, Privacy and Data Protection with Enhelion’s Online Law firm certified Course! 

 

[1] General Data Protection Regulation, Regulation (EU) (2016/679).

[2] Id, art. .

[3] Supra note 1, art. 4.

[4] Supra note 1, art. 5.

[5] Supra note 1, art. 6(1)(a).

[6] Supra note 1, art. 7(2).

[7] Supra note 1, art. 7(3).

[8] Supra note 1, art. 8(1).

[9] Id.

[10] Supra note 1, art. 9(1).

[11] Supra note 1, art. 9(2).

[12] Supra note 1, art. 15.

[13] Supra note 1, under art. 12-22, art. 34 and art 5.

[14] Prevention, Investigation, Detection or Prosecution.

[15] Supra note 1, art. 23.

[16] Supra note 1, art. 25(1).

[17] Supra note 1, art. 25(2).

[18] Supra note 1, art. 34(3).

[19] Supra note 1, art. 35.

[20] Supra note 1, art. 37.

[21] Supra note 1, art. 39.

[22] Supra note 1, art. 77.

[23] Supra note 1, art. 83(5).

[24] Supra note 1, art. 83(4).

[25] BGR, https://www.bgr.in/news/twitter-fined-547000-dollars-for-not-disclosing-data-breach-927683/ (last visited Feb. 1, 2021).

[26] REUTERS, https://www.reuters.com/article/us-google-privacy-france/french-watchdog-fines-google-amazon-for-breaching-cookies-rules-idUSKBN28K0NA (last visited Feb. 1, 2021).

Categories
Blog Intellectual Property Law

The Himalaya Drug Company vs Sumit 2006

Delhi High Court

Judges: Justice Badar Durrez Ahmed

Applicable law: Copyright Act, 1957

Did you know: ‘Meta-Data’ is like a digital footprint, which allows a person to assess what tools and code have been used to develop a particular website

Where it all began:

  1. Drug Company is engaged in the manufacture and sale of Ayurvedic Medicinal preparations and was established in the trade in the year 1930. Realizing the potential of the Internet as a medium of information, the plaintiff registered its own domain name www.thehimalayadrugco.com’ on 10.6.1998 and developed a website under the said name.
  2. The most important feature of the website is the section titled “HIMALAYAS HERBS”. This section essentially consists of a database of a wide variety of medicinal herbs, arranged in alphabetical order.
  3. Such information is not only comprehensive but is also arranged in a manner that is visually appealing and easy to grasp. It was clear that Himalaya has expended considerable time, labour, skill and money in preparing this database of Ayurvedic Herbs that find mentioned on its website. Himalaya has claimed that the preparation of the database began sometime in June 1998 and took more than a year to complete.

Legal issue: Whether Sumit has infringed the copyright of Himalaya and if so what damages is Himalaya entitled to?

Learn more about IPR with Enhelion’s Online Law firm certified Master Course! 

Himalaya’s arguments: Himalaya noticed that Sumit was operating a website “http://ayurveda.virtualave.net” which reproduced Himalaya’s entire herbal data verbatim. The copying was to such an extent that even the grammatical or syntactical errors that appear on Himalaya’s website have been copied onto Sumit’s website. Moreover, the meta tag of the source code of Sumit’s website includes Himalaya’s trademark “Himalaya Drug Co.”

Sumit’s arguments: Sumit did not appear despite service and the case proceeded ex-parte

Judgment in the case:

  1. The Court held that Sumit had misappropriated the effort, skill and expense that had gone into the creation of Himalaya’s website. Therefore, Sumit had copied the entire herbal database of the plaintiff and had infringed the copyright of Himalaya.
  2. The plaintiff has also been able to demonstrate that the defendants have attempted to pass off its herbal database as and for that of the plaintiff’s and have also violated the “trade dress” rights that exist in respect of the plaintiff’s herbal database. The reason being that the plaintiff’s herbal database is unique and, therefore, any similar herbal database that appears on a different website is bound to create confusion by causing a consumer to associate the website with that of the plaintiff’s.
  3. Because Sumit did not appear in this case it was impossible to assess what kind of profits he had earned from the website and accordingly difficult to calculate damages. Thus the court calculated the costs involved in preparing and putting up the website. Those costs were 7.9 Lakhs and the court granted 7.9 Lakhs as compensatory damages and an additional 7.9 Lakhs as punitive/Exemplary damages.

Significance: The judgment is noteworthy because it has used a novel way of calculating damages and has awarded both compensatory as well as punitive damages.

 

Learn more about IPR with Enhelion’s Online Law firm certified Master Course!