Critical Analysis of the Information Technology Act 2000, Its Amendments, and the Emerging Digital Personal Data Protection Act 2023 in the Context of Global Regulatory Benchmarks
Author(s): Malathi Sundaram Iyer, Krishnaswamy Venugopalan, Shirin Fatima Ansari, Rohit Desai Shettigar
Affiliation: Department of Law, Vivekananda College of Law, Bengaluru, Karnataka, India, Department of Criminology and Forensic Science, Karnatak University Dharwad (PG Department), Dharwad, Karnataka, India
Page No: 14-17-
Volume issue & Publishing Year: Volume 3, Issue 3, 2026/03/06
Journal: International Journal of Modern Engineering and Management | IJMEM
ISSN NO: 3048-8230
DOI:
Abstract:
The rapid digitization of India's economy and society has generated a correspondingly rapid proliferation of cybercrime—encompassing financial fraud, data breaches, online harassment, ransomware, and state-sponsored intrusions—that has severely strained legal frameworks designed for the early 2000s digital environment. India's primary legal framework, the Information Technology Act 2000 (ITA 2000) and its 2008 Amendment, was enacted before smartphones, social media, cloud computing, and cryptocurrency existed at meaningful scale, and has been subjected to sustained scholarly criticism for definitional inadequacies, evidentiary challenges, and constitutional tensions with fundamental rights guarantees. This article conducts a comprehensive doctrinal and comparative analysis of India's cybercrime legal framework from the ITA 2000 through the Digital Personal Data Protection Act 2023 (DPDPA 2023), the IT Rules 2021, and relevant Supreme Court jurisprudence, evaluating India's framework against the Budapest Convention, GDPR, and CFAA benchmarks. While DPDPA 2023 represents a significant advance in data protection governance, the article identifies important limitations including absence of data portability rights, weak accountability for government data processing, and concerns about enforcement body independence, and proposes five legislative and institutional reform priorities.
Keywords:
cybercrime legislation, Information Technology Act 2000, Digital Personal Data Protection Act 2023, GDPR, Budapest Convention, data protection, India, cyber law reform, intermediary liability, privacy rights, data fiduciary, cybersecurity governance
Reference:
[1] Budapest Convention on Cybercrime. (2001). European Treaty Series No. 185. Council of Europe.
[2] Data Security Council of India (DSCI). (2022). India Cyber Threat Report 2022.
[3] European Parliament. (2016). General Data Protection Regulation (GDPR) 2016/679.
[4] Government of India. (2000). Information Technology Act, 2000 (Act No. 21 of 2000).
[5] Government of India. (2008). Information Technology (Amendment) Act 2008.
[6] Government of India. (2021). IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.
[7] Government of India. (2023). Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023).
[8] K.S. Puttaswamy (Retd.) and Anr. v. Union of India and Ors. (2017). (9) SCC 1.
[9] Nappinai, N. S. (2010). Cyber Crime Law in India. Journal of International Commercial Law and Technology, 5(1), 22–33.
[10] Shreya Singhal v. Union of India. (2015). AIR 2015 SC 1523.
[11] Solove, D. J. (2013). Privacy self-management and the consent dilemma. Harvard Law Review, 126(7), 1880–1903.
[12] Wacks, R. (2015). Privacy: A Very Short Introduction (2nd ed.). Oxford University Press.