The amendments introduced to the Information Technology Act, 2000, notified through the Jan Vishwas (Amendment of Provisions) Act, 2023, came into effect on Thursday (November 30). Five offences have been decriminalised, while penalties for two others have been increased.
The Jan Vishwas Act was notified in August and amended 183 provisions across 42 acts. In many provisions across different acts, offences have been decriminalised, and fines have been converted into penalties.
Amendments to different acts will come into force through notifications by respective administrating ministries. On October 31, the Union ministry of electronics and information technology (MeitY) had notified in the gazette that the amendments to the IT Act would come into force on November 31.
Read More: Telangana assembly election results 2023: Congress takes early lead, BRS trails
The contentious Section 66A of the Information Technology Act, which penalised people for sending “offensive” messages through any communication services, has also now officially been removed from the Act. To be sure, the controversial section was struck down by the Supreme Court in the seminal Shreya Singhal judgement in 2015 for being “unconstitutional” by violating the right to freedom of speech. Even after the apex court struck down the provision, police across the country continued to file cases under this section.
Under section 69B, any intermediary who “intentionally or knowingly” does not provide an authorised government agency “technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating, transmitting, receiving or storing such traffic data or information” to “enhance cyber security and for identification, analysis and prevention of intrusion or spread of computer contaminant” will now attract a jail term of up to one year and/or a fine of up to ₹1 crore. Earlier, Section 69B carried a punishment of imprisonment of up to three years and an undefined amount of fine.
The scope of adjudication through a central government-appointed officer under section 46 has also been expanded to the entire Act. Earlier, it was restricted to Chapter IX of the Act, that is, the chapter related to penalties, compensation, and adjudication. It is not clear how this adjudicating officer will function concurrently with other bodies — such as the grievance appellate committee prescribed under the IT Rules 2022 to adjudicate upon grievances related to social media platforms — prescribed for adjudication under the IT Act.
Five offences decriminalised
Under section 72, if any person who gets access to any information “in pursuance of any powers conferred” under the IT Act, discloses this information to a third party without the consent of the person concerned can be slapped with a penalty of up to ₹25 lakh. For instance, if an investigative agency under Section 69 legally intercepted communication between two individuals and then disclosed this to an unrelated party, it would violate this provision. Earlier, this carried an imprisonment term of up to two years and/or a fine of up to ₹1 lakh.
In its February representation to the chair, the joint committee on the Jan Vishwas (Amendment of Provisions Bill), 2022, Bharatiya Janata Party (BJP) MP P P Chaudhary recommended against decriminalisation under section 72 as it “enhances privacy and confidentiality of third-party information”.
The committee had voiced this suggestion to the MeitY in its February 2023 meeting. The committee’s report states that this was not accepted by the ministry as “they justified that the proposed amendments will be an effective deterrent and are in alignment with the draft Digital Personal Data Protection Bill being proposed by the Ministry”.
Under section 72A, a person who, while providing services under a lawful contract, having “secured access to any material containing personal information about another person”, discloses this information without consent of the person concerned or in violation of the contract “to cause wrongful loss or wrongful gain” will now attract a penalty of up to ₹25 lakh. Earlier, this carried an imprisonment term of up to three years and/or a penalty of up to ₹5 lakh.
Failure of a certifying authority (a person licensed to issue an electronic signature certificate, which includes a digital signature certificate, under the Act) to surrender its licence after it is suspended or revoked, will now result in a penalty of ₹5 lakh. Earlier, Section 33 attracted imprisonment of up to six months and/or a penalty of up to ₹10,000.
Under section 68, any certifying authority or its employee who does not comply with the Controller’s (appointed by the central government to licence certifying authorities) orders to ensure compliance with the IT Act can now attract a penalty of up to ₹25 lakh. Earlier, this carried a prison term of up to two years and/or a penalty of up to ₹1 lakh.
If intermediaries fail to preserve and retain information, in the manner, for the duration and in the format, prescribed by the central government as per section 67C, they will now attract a financial penalty of up to ₹25 lakh. Earlier, this attracted imprisonment of up to three years and an undefined fine.
Read More: Wedding Budget Of Middle-Class Indian Is Rs 15-25 Lakhs, 60% Women Plan Self-funding: Report
Penalties increased
Under section 44, failure to furnish any document, return or report to the Controller or the certifying authority, will now attract a fine of ₹15 lakh for each such failure, up from the earlier ₹1.5 lakh fine.
For each day of delay in furnishing the information, the person will now have to pay ₹50,000 which was earlier ₹5,000. If the person does not maintain the required books of account or records, they shall now be liable to pay ₹1 lakh for each day of non-compliance, up from the earlier ₹10,000.
Section 45 of the IT Act defines the residuary penalty under the Act, that is penalty for sections for which no specific penalty has been defined. Its scope has been expanded to include “directions or orders” in addition to the extant rules and regulations. The financial penalty has been increased to a maximum of ₹1 lakh, up from the previous ₹25,000.
In addition, compensation to persons affected by the violation of law has been increased to a maximum of ₹10 lakh, if the contravention is by an intermediary, company, or body corporate; and a maximum of ₹1 lakh if it is by any other person. Earlier, compensation was capped at ₹25,000.
Mixed bag
Before the notifications of the amendments, leading industry body Nasscom had welcomed the decriminalisation but with some caveats. “The Jan Vishwas Bill is a right step to protect bonafide businesses against criminal punishment or excesses for trivial violations,” it wrote in March. However, it raised concerns about the lack of decriminalisation under Section 70B.
Section 70B deals with the establishment and functioning of the Indian Computer Emergency Response Team (CERT-In). Under the new amendments, not complying with CERT-In’s orders and directions can attract a penalty of up to ₹1 crore, a hundred times increase over the previous penalty of ₹1 lakh. The increased penalty is in addition to the extant provision of imprisonment of up to one year.
In its representation to the JPC, Nasscom wrote, “This [amended Section 70B] is not a case of decriminalisation, nor is it a rationalisation of a monetary penalty, as this continues to contemplate a fine, the quantum of which has been increased significantly by 100 times.”
It is not clear if not complying with the directions that the CERT-In issued in April 2022 would also attract this penalty. This is because after the legally binding directions were released, the CERT-In had also released FAQs – which are not legally binding – that relaxed the compliance requirements.
“Industry is thus faced with legal uncertainty,” the industry representation read.
“Against this backdrop of a worrying precedent of how the power to make direction has been used to see this offence being strengthened rather than being decriminalised is discouraging, and in our view, currently a step backwards from the overall effort to build trust in governance,” Nasscom said in its representation.
