1 WEBZINE ON CYBER LAWS

Contents
4 Cyber
News 16 Cyber
Literature

10 Watch to Know
More: YouTube
Videos 17 Legal Updates from
the International
Sphere

11 Quiz
Column 19 We
Speak

13 Did You
Know? 22 Centre for Cyber
Laws Team

14 Safety
Tips
 Cyber News
Religion in the metaverse: The Vatican is launching an
NFT gallery
The Vatican is planning to launch an NFT gallery meant to democratize
art, hence bringing the headquarters of the Roman Catholic Church
closer to the metaverse. Home to around 800 art pieces by famous artists,
which include works of Michelangelo, Raphael, Marc Chagall, Salvador
Dalí, Vincent van Gogh, and Pablo Picasso, the Vatican’s museum
attracts millions of visitors every year. Founded in the 16th century, it
is considered one of the most culturally significant sites of Vatican City.
The project will kick off in partnership with a metaverse developer,
Sensorium, and the Humanity 2.0 Foundation – a Vatican-led non-
profit organization. It will be chaired by Father Philip Larrey, Dean of
Philosophy at the Pope’s University in Vatican City. “The public-private
partnership aims to extend the availability of the Vatican’s heritage –
manuscripts, masterpieces, and academic initiatives – to people, who
otherwise won’t be able to experience it,” Sensorium’s press release reads.
The gallery should become available over the course of this year. It will
be accessible via desktop and VR glasses for full immersion.
Sources:
https://techstory.in/vatican-to-start-an-nft-gallery/
https://finbold.com/the-vatican-to-officially-launch-nft-gallery-to-
democratize-art/
https://cybernews.com/news/religion-in-the-metaverse-the-vatican-
is-launching-an-nft-gallery/
4 WEBZINE ON CYBER LAWS
Biggest European economy tightens its grip on another proceeding against Meta for linking Meta
Meta Quest’s (formerly Oculus) offer of VR headsets/products
with Facebook.
Germany’s cartel office, the Bundeskartellamt, imposed
stricter rules on Meta after determining its “paramount
significance for competition across markets.” A new
provision gives Germany’s regulator more control
over the practices of large digital companies. “If
the Bundeskartellamt formally determines that an
undertaking is of paramount significance for competition
across markets, it can prohibit it from engaging in anti-
competitive practices,” it said. Meta owns Facebook,
Instagram, and WhatsApp, operates features such
as Stories and Reels, offers like Shops or Watch, and
continuously expands its range of services. It also owns
a manufacturer of VR technology, Oculus, and aims to
build a metaverse. “The digital ecosystem created by Meta
has a very large user base and makes the company the key
player in social media. Our investigations have shown that
Meta is of paramount significance across markets, also
within the meaning of competition law,” Andreas Mundt,
President of the Bundeskartellamt, said. “Following a
proceeding which was contested for some time, we have
now formally proven the company’s relevant position.
Based on this, we are able to intervene against potential
competition infringements more efficiently than with the
toolkit available to us so far. Meta has waived the right to
appeal our decision. Meta’s services are used by more than
3.5 billion people worldwide. In early 2019, Germany’s Sources:
cartel office prohibited Meta from combining user data https://www.reuters.com/article/us-markets-stocks-
from different sources due to competition concerns. tech-idUSKBN25T1NN
Since 2020, the Bundeskartellamt has been conducting https://cybernews.com/news/biggest-european-
economy-tightens-its-grip-on-meta/
https://www.euractiv.com/section/digital/news/
german-antitrust-body-to-adopt-stricter-measure-
against-meta/

Global tech industry body seeks revision in

India’s directive on reporting of cyber security
breach
ITI country manager for India Kumar Deep, in a letter
to CERT-In chief Sanjay Bahl dated May 5, asked for
a wider stakeholder consultation with the industry
before finalising on the directive. US-based technology
industry body ITI, having global tech firms such as
Google, Facebook, IBM and Cisco as its members, has
sought a revision in the Indian government’s directive
on reporting of cyber security breach incidents. ITI said
5 WEBZINE ON CYBER LAWS
 Sources:
https://telecom.economictimes.indiatimes.com/
news/global-tech-industry-body-seeks-revision-in-
indias-directive-on-reporting-of-cyber-security-
breach/91389005
https://www.newindianexpress.com/business/2022/
may/07/global-tech-industry-body-seeks-revision-in-
indias-directive-oncyber-security-breaches-2450930.
html
https://tradebrains.in/features/biz-iti-cyber-rules/

Centre’s New Rules on User Data Collection

requires VPN companies to store excessive data
The stage is set for a stand-off between virtual provider
network (VPN) companies and the Centre, over a new
rule that requires the firms to collect and store user data
for a period of at least five years. Some of the biggest
that the provisions under the new mandate may adversely VPN companies such as NordVPN or ExpressVPN state
impact organisations and undermine cyber security in they collect only minimal information about their users
the country. Indian Computer Emergency Response and also allow for ways for their users to remain largely
Team (CERT-In) on April 28 issued a directive asking anonymous by accepting payment through Bitcoin. Their
all government and private agencies, including internet internal rules are now set to bring them into confrontation
service providers, social media platforms and data centres, with the IT ministry, which last week quietly issued a new
to mandatorily report cyber security breach incidents to directive requiring an array of technology companies to
it within six hours of noticing them. The new circular start logging user data.
issued by the CERT-In mandates all service providers, NordVPN, has reportedly stated that they are examining
intermediaries, data centres, corporates and government the new directive and may choose to shutdown their
organisations to mandatorily enable logs of all their Indian servers if it sees “no other options”. The official
ICT (Information and Communication Technology)
systems and maintain them securely for a rolling period
of 180 days and the same shall be maintained within
the Indian jurisdiction. ITI has raised concerns over
the mandatory reporting of breach incidents within six
hours of noticing, to enable logs of all ICT systems and
maintain them within Indian jurisdiction for 180 days,
the overbroad definition of reportable incidents and
the requirement that companies connect to the servers
of Indian government entities. Deep, in the letter, said
that the organisations must be given 72 hours to report
an incident in line with global best practices and not
just six hours. ITI said that the government’s mandate
to enable logs of all covered entities’ information and
communications technology systems, maintain logs
“securely for a rolling period of 180 days” within India
and make them available to the Indian government upon
request is not a best practice.
6 WEBZINE ON CYBER LAWS
directions that sparked controversy come from CERT-In https://www.businessinsider.in/tech/news/it-ministry-
– the government body in charge of analysing and tracking orders-vpn-providers-to-store-user-data-for-five-years-
national cybersecurity incidents. In a press release, it tech-news/articleshow/91334830.cms
noted that all “Data Centres, Virtual Private Server (VPS) https://www.indiatimes.com/explainers/technology/
providers, Cloud Service providers and Virtual Private what-does-govts-mandates-for-vpn-apps-to-store-share-
Network Service (VPN Service) providers” would be user-data-mean-568809.html
required to maintain a range of user data for a period of
five years or longer even after cancellation or withdrawal The EU Commission accuses Apple of illegally
of the service. eliminating competition
What kind of data does the government want them to The European Commission released the results of its
store? According to the directive, the following categories investigation, accusing Apple of distorting competition
of information will need to be logged: in the European mobile wallets market and impeding
innovation in the sector. In the statement, the Commission
points to Apple’s monopoly on the mobile wallets market
• Validated names of subscribers/customers hiring the
on Apple devices. It suggests that by shielding others from
services
entering the game and hence destroying competition,
• Period of hire including dateS Apple has been securing the dominant position of Apple
• IPs allotted to/being used by the members Pay since its release in 2015. This, according to the
• Email address and IP address and time stamp used at Commission, is illegal. “We are concerned that Apple
the time of registration/on-boarding may have illegally distorted competition in the market for
mobile wallets on Apple devices,” the press release says.
• Purpose for hiring services
The investigation began back in June 2020, when the
• Validated address and contact numbers
European Commission started assessing whether Apple
• Ownership pattern of the subscribers/customers violates any established regulations with respect to
hiring services Apple Pay. The findings reveal that Apple restricted
Sources: access to key inputs required for the development and
operation of mobile payment apps, which allow users to
https://thewire.in/tech/stand-off-looms-between-
make instant transactions using their phones. Across the
vpn-providers-and-govt-over-new-rule-mandating-
European Union, the most widespread and commonly
collection-of-user-data
used technology for mobile payments is Near Field

7 WEBZINE ON CYBER LAWS

Communication or NFC. The technology is standardized Cryptocurrency mixers, also called tumblers, are privacy-
and allows customers to “tap and go” by linking the focused services that allow users to move cryptocurrency
terminal with the person’s phone. However, the way assets between accounts without leaving a transaction
Apple’s devices and operating system function prevents trail by obfuscating their origins. Mixers like Blender
other mobile wallets from accessing NFC. As a result, a are known to take a “dynamic” service fee that ranges
variety of features, including financial complementary anywhere between 0.6% and 2.5% every time money is
services, remain unavailable. This forces users to opt for transferred to a wallet address under its control. Since its
Apple Pay for the ‘tap and go’ function. launch in 2017, Blender is estimated to have transferred
Sources: more than $500 million worth of Bitcoin. “Through
these services, threat actors can achieve their end goal of
https://www.dailymail.co.uk/news/article-10774861/
cashing out and keeping the criminal underground liquid
EU-moves-forward-antitrust-case-against-Apple.html
through the trade of illicit goods and services,” Intel 471
https://cybernews.com/news/the-eu-commission- noted in a report published in November 2021. The Ronin
accuses-apple-of-illegally-eliminating-competition/ Bridge hack saw the state-sponsored cyber hacking group
U.S. Sanctions Cryptocurrency Mixer Blender stealing $540 million from a decentralized protocol that
permits users to transfer their crypto between Ethereum
for Helping North Korea Launder Millions
and the popular blockchain game Axie Infinity.
The U.S. Treasury Department on Friday moved to On April 16, the Treasury Department blocklisted
sanction virtual currency mixer Blender.io, marking the Ethereum wallet address that received the stolen
the first time a mixing service has been subjected to digital currency, although by then the Lazarus Group
economic blockades. The move signals continued efforts had managed to launder 18% of the siphoned funds
on the part of the government to prevent North Korea’s (about $97 million) through centralized exchanges and
Lazarus Group from laundering the funds stolen from an Ethereum mixing service called Tornado Cash. Over
the unprecedented hack of Ronin Bridge in late March. the past two weeks, around $273.9 million of Ether was
The newly imposed sanctions, issued by the U.S. Office sent to four of the newly-sanctioned addresses, according
of Foreign Assets Control (OFAC), target 45 Bitcoin to blockchain analytics firm Elliptic, with one of those
addresses linked to Blender.io and four new wallets linked addresses already moving $37 million through Tornado
to Lazarus Group, an advanced persistent with ties to the Cash, leaving behind $236 million.
Democratic People’s Republic of Korea (DPRK).

8 WEBZINE ON CYBER LAWS

Sources: team, CERT-In. The new rules will apply to critical
https://thehackernews.com/2022/05/us-sanctions- parts of India’s network and IT infrastructure, including
cryptocurrency-mixer.html service providers, data centers, government organizations,
and corporations. The reporting window is much shorter
https://www.reuters.com/business/us-adds-virtual-
than those in other large economies: in the EU, the
currency-mixer-sanctions-list-over-north-koreas-cyber-
GDPR mandates that breaches are reported within 72
activities-2022-05-06/
hours. Incidents can be reported by phone, fax or email.
https://www.washingtonpost.com/ Organizations covered by the rule must keep logs for 180
technology/2022/05/06/treasury-crypto-sanctions/ days after an incident.
Elon Musk, Twitter are sued by shareholder Some sectors, including data centers, cloud service
over $44 billion takeover providers, and VPN operators, will also have to register
and maintain certain information about customers,
Elon Musk and Twitter Inc were sued on Friday by a including names, IPs, and their reason for using services,
Florida pension fund seeking to stop Musk from quickly for at least five years. Similarly, cryptocurrency services
completing his planned $44 billion takeover of the will be obliged to maintain ‘know your customer’ (KYC)
social media company. In a complaint filed in Delaware records. CERT-In has issued a list of 20 types of incident
Chancery Court, the Orlando Police Pension Fund said (PDF) that organizations must report within the six-
that under Delaware law Musk cannot complete the hour window. These include malware and ransomware
takeover until at least 2025 unless holders of two-thirds attacks; identity theft, spoofing and phishing attacks;
of shares not “owned” by him approved. The lawsuit said and data breaches and data leaks. The list also includes
Musk became an “interested stockholder” after taking a unauthorized access to social media accounts and attacks
more than 9% Twitter stake, requiring the delay. Twitter or suspicious activities affecting cloud computing services,
and its board, including Chief Executive Parag Agrawal, the blockchain, robotics, additive manufacturing, 3D
are also defendants. The lawsuit seeks to delay the merger’s printing, or drones. All organizations covered by the
closing until at least 2025, declare that Twitter directors directive must synchronize their systems to network time
breached their fiduciary duties, and recoup legal fees and (NTP) servers maintained by India’s National Informatics
costs. Twitter declined to comment. A lawyer for Musk Centre or National Physical Laboratory, or NTP servers
did not immediately respond to a request for comment. synched to those systems, presumably to make it easier for
Sources: CERT-In to analyze log data. Organizations that fail to
https://www.business-standard.com/article/ comply may face penalties set out under India’s IT Act,
international/elon-musk-twitter-are-sued-by- 2000. Announcing the new rules, India’s Ministry of
shareholder-over-44-billion-takeover-122050601357_1. Electronics and IT stated that “CERT-In has identified
html certain gaps causing hindrance in incident analysis”,
adding that the rules would “enhance overall cyber
https://edition.cnn.com/2022/05/06/tech/twitter-
security posture and ensure safe & trusted Internet in the
shareholder-lawsuit-elon-musk/index.html
country”.
https://www.independent.co.uk/tech/elon-musk-
Sources:
twitter-lawsuit-shareholder-b2073275.html
https://portswigger.net/daily-swig/india-to-introduce-
India to introduce six-hour data breach
six-hour-data-breach-notification-rule
notification rule
https://www.lexology.com/library/detail.
Organizations in India face a six-hour data breach aspx?g=5eae7307-664d-484e-8a58-f50bc24bb4d2
reporting deadline, following the introduction of new
https://trilegal.com/knowledge_repository/2022-cert-
rules by the country’s computer emergency response
in-directions-on-reporting-cyber-incidents/

9 WEBZINE ON CYBER LAWS

 Watch to Know More:
YouTube Videos
Biggest European economy tightens its grip on Meta | cybernews.com|
https://www.youtube.com/watch?v=hfzmgbPu3Jk

The World’s Most Terrifying Spyware | Investigators |

https://www.youtube.com/watch?v=QX7X4Ywuotc

The Russian hackers being hunted by the West | BBC News |

https://www.youtube.com/watch?v=UG1lJaJsru8

Cybersecurity expert on the threat from Russia | CBS News |

https://www.youtube.com/watch?v=5Xjz6ImKMsM

Australia’s oil and gas infrastructure at risk from cyber attacks | ABC News |
https://www.youtube.com/watch?v=BSElsHFNT2s

Truecaller, Cyber Peace Launch Nationwide Campaign To Tackle Cyber Fraud | NDTV |
https://www.youtube.com/watch?v=hr2f J1ZCMq8

10 WEBZINE ON CYBER LAWS

 Quiz Column
1. Many Cyber Crimes comes under Indian Penal Code Which one of the following
is an example?
A. Sending Threatening message by Email
B. Forgery of Electronic Record
C. Bogus Website
D. All of above

2. The Information Technology Act 2000 is an Act of Indian Parliament notified on

A. 27th October 2000
B. 15th December 2000
C. 17th November 2000
D. 17th October 2000

3. Digital Signature Certificate is ________ requirement under various applications

A. Statutory
B. Legislative
C. Govenmental
D. Voluntary

11 WEBZINE ON CYBER LAWS

 4. Assessing Computer without prior authorization is a cyber crime that comes under____
A. Section 65
B. Section 66
C. Section 68
D. Section 70

5. ____________ means a person who has been granted a licence to issue a electronic signature certificate.
A. Certifying Authority
B. Certifying Private Key Authority
C. Certifying system controller
D. Appropriate Authority

6. ________ is a data that has been organized or presented in a meaningful manner.

A. A process
B. Software
C. Storage
D. Information
7. _______ is an application of information and communication technology (ICT) for
delivering Government Service.
A. Governance
B. Electronic Governance
C. Governance and Ethics
D. Risk and Governance.

8. The Altering of data so that it is not usable unless the changes are undone is
A. Biometrics
B. Encryption
C. Ergonomics
D. Compression

9. Authentication is _________
A. To assure identity of user on a remote system
B. Insertion
C. Modification
D. Integration

10. The following cannot be exploited by assigning or by licensing the rights of others
A. Patent
B. Design
C. Trademark

12 WEBZINE ON CYBER LAWS

 Did You Know?
EU’s new Digital Services Act
In a watershed moment to rein in big intermediaries, the European
Parliament and European Union Members states have reached a political
consensus to pave the way for Digital Services Act. The Act intends to
force big Internet companies to act against disinformation, illegal and
harmful content. The Act which is yet to become laws was proposed
by EU Commission (anti-trust) in December 2020. The Digital
Services Act is a set of common rules on intermediaries’ obligations and
accountability across the single market and ensures higher protection
to all EU users.
The DAS will tightly regulate the way intermediaries, especially large
platforms such as Google, Facebook and You Tube, function when it
comes to moderating user content. Instead of letting platforms decide
how to deal with abusive or illegal content, the DSA will lay down
specific rules and obligations for these company to follow. According
to EU, DSA will apply to large category of online services, from simple
websites to Internet infrastructure services and online platforms. The
obligations for each of these will differ according to their size and role.
The legislation brings in its ambit platforms that provide Internet access,
domain name registrars, hosting services such as cloud computing and
web-hosting services. But more importantly, very large online platforms
(VLOPs) and very large online search engines (VLOSEs) will face
‘more stringent requirements.

13 WEBZINE ON CYBER LAWS

 Safety Tips
A guide to safety tips for crypto trading beginners
Suppose that you have recently made a cryptocurrency purchase and
now you wish to keep them for a very long period in your wallet. As
the internet trend is spreading everywhere in the world, the number of
people using it for malicious intentions is also increasing. They want
to get a hold of your cryptocurrencies through illegal activities, which
you cannot allow. You will lose your cryptocurrencies if any such
thing happens to you. Therefore, it is essential to ensure the security
of your crypto coins if you want to make a long-term profit. Well, it
is not as simple as you think it to be. There are a lot of complications
in cryptocurrency security, and this is something that we are going to
refer to today. Today, we will give you some details on how you can
ensure the safety of your cryptocurrencies if you are a beginner. If
you’re interested in knowing the qualities of the best bitcoin trading
app visit this link for more information.
Ensuring the safety of your crypto coins like bitcoin is not very easy.
Therefore, there are some complicated steps that you may have to
follow. A few of them are given here. These are the steps that any
beginner can easily understand, and so, you must go through them
carefully.

Store private keys away from the internet!

Storage is probably one of the most important things you have to
keep in mind when dealing with cryptocurrencies. If the storage space
for your crypto coins is not safe, anyone can easily steal them. It is
14 WEBZINE ON CYBER LAWS
not something that you can allow, and therefore, the
private key you use for getting access to your coins is
essential. You need to ensure that you save them away
from internet connectivity. When they are available on
the internet, getting access is very easy. Therefore, ensure
that you store your private keys offline so that anyone
cannot get hold of them. They are easily traceable while
they are in connection to the internet.

Use dedicated hardware

Using a hardware cryptocurrency wallet is going to ease
up everything for you. The hardware wallets can stay
out of the Internet reach and, therefore, can ensure the
safety of your cryptocurrencies on The official trading
software. On the contrary, hot storage wallets like web
wallets, software wallets, and many more do not have the
capacity of any such thing. They stay active all the time,
and therefore, your cryptocurrencies are traded all the
time. So, using a hardware wallet will be the safest move
you can make to ensure the safety of your crypto coins

Secure your personal computer

The security of your device is one of the essential factors
if you want to keep your crypto safe. So, make sure that
you download an antivirus on your personal computer
before you use it for dealing with cryptocurrencies. The
antivirus will ensure that any malicious software or file
is kept away from your internet-accessible computer
system. With the accessibility of the internet, the
computer system becomes more vulnerable to threats
from outer space. So, the antivirus will protect it and
keep your crypto safe.

Create backup
Creating a backup of the private keys is very helpful for
cryptocurrency security. Even if the private keys are lost,
you can recover them quickly when there is a backup.
So, it is one of the essential factors that you can use to
ensure safety whenever you are using bitcoin or any
other cryptocurrency. Also, with the backup, the actual
numbers of cryptocurrencies can be evaluated so that
you can see if anything has happened to your storage.

Use 2FA
Some of the cryptocurrency wallets provide you with the
service of two indication factors. First, it provides you
with the second authentication password, which is new
every time you access your coins. It is the safest method
of securing your cryptocurrencies, and therefore, you
must use it for safety.

15 WEBZINE ON CYBER LAWS

 Cyber Literature
For this month’s issue, we bring you readings on Data Localization:
• John Selby, “Data localization laws: trade barriers or legitimate responses to cybersecurity
risks, or both”, International Journal of Law and Information Technology, 2017.
Available here: https://academic.oup.com/ijlit/article-abstract/25/3/213/3960261

• Arindrajit Basu, “The retreat of the data localization brigade: India, Indonesia and
Vietnam”, The Diplomat, 2020.
Available here: http://www.viet-studies.net/kinhte/DataLocalizatinRetreat_Diplomat.
pdf
• Anupam Chander and Uyên P. Lê, “Data nationalism”, Emory Law Journal, 2014.
Available here: https://heinonline.org/HOL/Page?handle=hein.journals/emlj64&div=
32&g_sent=1&casa_token=F8Gcbs5ZOBAAAAAA:8vnR8tXAQoGv_41vw5hL3K72
lMwM1ZT3LB5-M6dQe6Wfaf9qkPKotMQkYyI_CjCdjPhsuDY&collection=journals

• Aynne Kokas, “Grindr and Data Trafficking: Theorizing consent in data localization”, In
Proceedings of the 55th Hawaii International Conference on System Sciences, 2022.
Available here: https://scholarspace.manoa.hawaii.edu/bitstream/10125/79681/027
6.pdf

• Neha Mishra, “Data localization laws in a digital world: Data protection or data
protectionism?”, NUS Centre for International Law Research, The Public Sphere 2016.
Available here: https://deliverypdf.ssrn.com/delivery.php?ID=1851190050710100121
060960741160250740170470060410590021181040691060841020260251031120250
161001181100610320011210071271040910720160800110500641080810250670831
2209109
16 WEBZINE ON CYBER LAWS
 Legal Updates from the
International Sphere
US Government launches Bureau of Cyberspace and Digital Policy
to enhance cyber security across nation (5th April 2022)
The US Department of State has announced that the bureau of cyberspace
and digital policy will address the national security challenges, economic
opportunities, and implication for US values associated with cyberspace,
digital technologies and digital policy. The bureau comprises of three policy
units: International Cyberspace Security, International Information and
Communications Policy and Digital Freedom. Their main mission is to lead and
coordinate the Department of State’s work on cyberspace and digital diplomacy
to encourage responsible state behavior in cyberspace and advance policies that
protect the integrity and security of the infrastructure of the Internet, serve US
interests, promote competitiveness and uphold democratic values.

Addition of Utah Consumer Privacy Act wrinkles the US legal

landscape (19th April 2022)
Recently, Utah became the fourth state to enact a comprehensive consumer
privacy law, the Utah Consumer Privacy Act (UCPA), which will go into effect
on December 31 2023. A number of provisions on UCPA are similar to that
of the California Privacy Rights Act, the Utah law also departs from these
consumer privacy statutes in several material respects. But while the myriad of
new and innovative ways personal data is being leveraged for commercial purposes

17 WEBZINE ON CYBER LAWS

continues to proliferate, the associated legal risks are
also rising in the US as lawmakers seek to strengthen
requirements placed on businesses’ data collection and
processing practices.
Source: The Daily Swing (https://portswigger.net/daily-
swig/utah-consumer-privacy-act-new-legislation-adds-
another-wrinkle-to-the-us-legal-landscape )
with proprietary firmware and operating systems, along
with a lack of planning for security upgrades. As a
result of which industrial control systems and critical
infrastructure has become too hard to patch or upgrade
in response to emerging vulnerabilities or new security
threats. Concerns about industrial cybersecurity are
growing because of increased international tensions
raising concerns that hostile nation states might resort
to using cyber-attacks to disable or compromise critical
systems.
Source: The Daily Swig (https://portswigger.net/daily-
swig/ot-security-coalition-aims-to-bolster-industrial-
cybersecurity )

Elon Musk Twitter purchase prompts privacy

concerns (27th April, 2002)
It has been reported that the purchase of Twitter by
Elon Musk has raised the emerging privacy concerns.
He has floated a real name policy saying he wants to
authentic “all humans”, and open sourcing the company’s
algorithm. Jeffery Kossef, an associate professor of
cybersecurity at the US Naval Academy has said that
“What concerns me the most is what if everyone has to
authenticate their identity with Twitter.”

India redrafts bill for government’s access to Source: International Association of Privacy
Professionals (https://iapp.org/news/a/elon-musk-
data (21st April, 2022)
twitter-purchase-prompts-privacy-concerns/ )
Indian Union Minister of State for Electronics and
Information technology said a bill has been drafted
to address concerns around government’s access
and monetization of personal data. The proposed
National Data Governance Framework and Policy will
set standards for data collection, use and storage by
government agencies, concepts that have been omitted
from India’s Data Protection Bill proposals.
Source: International Association of Privacy
Professionals (https://iapp.org/news/a/india-re-drafts-
bill-for-governments-access-to-data/ )
Operational Technology security aims to
bolster cyber security (25th April 2022)
The US based industrial control system security i.e.
OT Technology Security has been set up to build
close relationships and bolster the resilience of critical
infrastructure components. The group will promote
security intelligence sharing among manufacturers. This
has been hampered in the past by custom technologies
18 WEBZINE ON CYBER LAWS
 We Speak
Reporting Cyber Attacks
In what seems to be new cyber security regulations in the offing, the
Ministry of Electronics and Information Technology has decided to
come up with regulations requiring the organizations to report cyber-
attacks and data leaks within their organization within 72 hours of
becoming aware of such breach. This is in sync with the European
Union’s General Data Protection Regime which also requires
organizations to report data breach incidents.

Security Breaches
Clause 25 of the Data Protection Bill 2021 puts an obligation on data
fiduciaries to report breaches of any personal or non-personal data
within their organizations. The objective of such a regulation is to curb
instances of cyber-crime and improve the cyber environment of the
country. Ballpark figures provided by Cyber Crime Magazine estimate
the extent of damages caused by cyber-crimes to the tune of $6 trillion
globally in the year 2021- ranking just behind economic powerhouses
U.S. and China.

19 WEBZINE ON CYBER LAWS

Apart from private entities, government entities especially incidents as the probability of finding breach incidents
those engaged in critical services too are prone to cyber- during such audits is extremely low.
attacks. One of the most notable incidents surrounding
Possible Solutions
cyber-attacks is the nationwide attack on a gas pipeline in
the US which brought down the transportation of about What other options are there for dealing with the
45% of all petrol and diesel consumed on the east coast. above-mentioned complexity of disclosure besides
Hence, there is also a dire need to increase reportage implementing rules? The first is that the government
requirements in government entities to strengthen the appoints third-party cyber security auditors to undertake
cyber security infrastructure of government organizations. periodic cyber security impact assessments, primarily
among all government departments, both at the national
There is an inherent advantage in reporting instances
and state levels, in order to detect and prevent security
of cyber-attacks in an organization. Instances of cyber-
risks and events. The government can also order private
attack and its reporting will alert the Indian Computer
companies to disclose periodic security audit reports and
Emergency Response Team which in turn will alleviate
conduct surprise security audits in order to catch violators
risks associated with cyber-attacks and avert future cyber
off guard.
breaches.
The Ministry has established Common Criteria Testing
But most of the firms are loath to report instances
Laboratories and certification bodies around the country
of cyber breach as they fear a significant loss in the
as part of the Government of India’s cyber security
reputation of their firms and plummeting of share prices.
assurance programs to analyze and certify IT security
A study conducted by ‘Comparitech reports plummeting
products and protection profiles. These plans can also be
of share prices of such companies to the tune of around
applied to cyber security audits and assessments. Other
3.5% on average over three months following the breach.
significant corporations, like IBM, which established a
Furthermore, the companies experiencing cyber-attack
massive cyber security command center in Bengaluru, can
too performed very badly in the market. The share
be urged to do the same for the protection of their assets.
prices of such firms fell 8.6% after one year following the
Such measures will also pass the EU GDPR muster,
breach. Hence, the firms chose to face penalties following
bringing India closer to joining the group of countries
non-disclosure than to report such instances and risk
with the same level of cyber security and data protection
underperformance in the market.
as the EU, allowing for frictionless cross-border data flow.
However, such reporting requirement poses huge
enforcement challenges. It is highly improbable that the
Nidhi Pratap Singh
concerned authorities will get to know of cyber breaches
(Student member, Centre for Cyber Laws)
unless the firms voluntarily report the same. Such
instances of breach can only be detected if regular cyber Sources:- https://www.thehindu.com/opinion/op-ed/
security audits are conducted. Even then, detection of reporting-cyber-attacks/article65094638.ece
cyber breach incidents is highly improbable. Hence, firms
have an incentive to not disclose instances of cyber breach

20 WEBZINE ON CYBER LAWS

 Quiz Answer:

1. D

2. D

3. A

4. B

5. A

6. D

7. B

8. B

9. A

10. C

21 WEBZINE ON CYBER LAWS

 Centre for
Cyber Laws Team
Centre Director: Dr. Aparajita Bhatt
Dr. Aparajita Bhatt, Assistant Professor, Faculty of Law at National
Law University, Delhi specializes in Business Laws. She teaches
Cyber Laws, Corporate Laws and Mergers & Acquisitions at NLUD
She is the Director of the Centre for Cyber Laws. She has also been
a course coordinator of UGC Swayam MOOCs and UGC e-pg
Pathshala course on Information and Communication Technology.

Student Team:

Abhishek Jain is a 5th year student at National Law University, Delhi.

He is deeply interested in researching on emerging areas of law and
policy. He is also engaged in certain projects to better understand the
interplay between cyber laws and space laws.

Anshul is a 5th year student at National Law University, Delhi. He is

interested in issues relating to cyber security, social media surveillance
and privacy. He aims to create more awareness around cyber offenses
such as cyberstalking and hacking. In his free time, he enjoys playing
sports and watching movies.

22 WEBZINE ON CYBER LAWS

 Drishti Kaushik is a 5th year student at National Law University,
Delhi. She has a keen interest in learning more about how and where
law and technology intersect and aims to create awareness about one’s
rights in the virtual world. In her personal time, she enjoys cooking
and trying out new cuisines.

Kunika Champawat is a fifth year student at National Law University,

Delhi. She is interested in the intersection of technology with law
and human rights and is engaged in various research projects related
to data protection, privacy and surveillance.

Nidhi Pratap Singh is a 5th year student at National Law University,

Delhi. She is interested in data privacy, artificial intelligence and
digital rights and seeks to learn more about issues around surveillance.
Outside of work, she enjoys running and playing sports.

Saksham Sabarwal is a 5th year student at National Law University,

Delhi. He is interested in issues relating to internet governance,
jurisdictional conflicts in cyber space and data protection. In his free
time, he enjoys travelling and reading books.

23 WEBZINE ON CYBER LAWS

 Smriti Phuyal is a 4th year student at National Law University, Delhi.
She is deeply interested in data sovereignty and internet governance.
She seeks to create a strong user privacy centric model for social
media companies and aims to spread awareness about digital privacy.
In her free time, she enjoys travelling and reading books.

Arvind Kumar Tiwari is a 4th year student at National Law

University, Delhi. He has a keen interest in Data Protection Laws,
Artificial Intelligence and Blockchain and aims to learn more about
the interplay between Technology Law and Human Rights. His
hobbies include cycling, playing basketball and running.

Aditendra Singh is a 4th year student at National Law University,

Delhi. He has deep interest in the interplay of law and technology.
He wishes to contribute to the discourse around evolution and
applicability of data principles in India and around the world. In his
free time, he likes to read on topics of history and astronomy.

Niraj Jha is a 4th year student at National Law University, Delhi. He

has a deep interest in Blockchain technology, FinTech and Crypto
world and the related legal strings attached with it. He aims to create
awareness about Blockchain technology and Crypto world, and
also to create awareness about the Regulations, Safety and security
Related to it. He enjoys Trading and Reading. 

24 WEBZINE ON CYBER LAWS