Uniform International Law In Cyber Space And Data Protection


In today’s world, where humans and their lives are intermingled with technology, telecommunications, IT and networks, Laws regarding their regulation are of immense significance. Technological development has its own set of hazards and shortcomings. As much as people today are dependent on it, its misuse or rather an abuse has often wreaked havoc and therefore laws guarding this new cyberspace are imperative. Since technology does not always obey geographical boundaries hence, its consequences must be borne by all the states on the international level. Lawmakers and legal scholars often pride their subject to be a living truth, a reality that must change with changing times. With new aspects of life unfolding right in front of our eyes, laws to regulate them and to punish the miscreants are of necessity[1]

Often, International law is termed as soft law which means that the enforcement mechanism of international law is not always very rigorous.[2] While acknowledging the world to be a “global village”, various countries have retained their sovereignty. They do not wish to give up their control over the internal and external matters of their nation to an unelected International government which is mostly swayed by power and economic prowess.  Keeping it aside, the nations need to build a consensus to legislate on these new emerging technological issues.[3] Various governments have attempted to make laws for their respective countries.

Another important aspect of regulations is the often-unnecessary censorship which could in multiple ways hamper freedom of speech and expression. The “netizens” are sceptical of government control over a free space where they could share their opinions and ideas without being censored. Issues like net neutrality have been a hot topic in not only India but across the world.[4]Though, even the netizens want some amount of control and facilitation to protect their interests like privacy, or prevent data breach or cybercrimes, etc. We need to strike a balance between the dual aspects of freedom of speech and protection. The aim of the article is to explore these various International laws that govern our cyberspace and to understand their limitations.

Limitations of Legislating the International Law on Cyber Space

Legislating International Law is a complicated procedure. It requires tedious and scrupulous drafting and then signing and ratification by the sovereign nations to make it binding.[5] Three main challenges to the formation of International Law are related to[6]

  1. Jurisdiction
  2. Arbitration
  3. Legal Instrument and jurisprudence

Cyber Space has multiple players including both state and non-state actors like business houses, individuals, IT Companies, etc hence it becomes difficult to make laws that govern and hold accountable all these classes of people. Besides, International law being a soft law the question of its arbitration and trial is always an issue. The courts to be employed, the arbitrators to be appointed, all are problems difficult to adjudicate upon. One of the articles mentions that-

“In cyberspace law, due to its actors’ diversity, there is still no universally agreed legal norm reached on who should get the mandate of dispute settlement mechanisms and arbitration.”[7]

Most of the countries, to tackle the issue of cyber-crimes, have already made legislations and they to tend to often conflict with the other nations. Like policies regarding Privacy or Data Protection are controversial issues. The leaders have to choose between the privacy of their citizens and national security. This gives immense power in the hands of the government as in the name of national security the government could infringe privacy and harass its citizens. Building consensus on such contentious issues among countries with very different moral principles and the Bill of Rights is a hard task to accomplish. Therefore, there isn’t much international legislation relating to cybercrimes.

International Law Relating to Cyber Space and Data Protection

Budapest convention or the Convention on Cybercrime was signed on 23rd November 2001.[8] It is considered to be one of the first and the very few International Conventions on Cybercrime. It was drafted with an intent to stop hate crimes, child pornography, fraud etc. Sixty-four countries are a party to it. Countries like Brazil, India, Russia, with huge populations, have not signed it. India claims that the treaty was drafted without any consultation and hence India will not be a part of this convention.[9]

To counter it, the Russians proposed the “Draft United Nations Convention on Cooperation in Combating Cybercrime” in 2017. Russia argues that the Budapest convention infringes on its sovereignty. But through this new convention, the countries could allow cross-border access to various information.[10]

The General Data Protection Regulation (GDPR) is formed by the European Union. It concerns with many controversial data protection laws.[11] It is applicable to the members of the European Union and is considered to be an important step towards forming a data protection regime. GDPR is one of the first regulations to give the Right to be Forgotten, which means that the owner of the information could ask the processors to remove their information from the web if that information is useless and not necessary. It is done to prevent unnecessary harm to the owner. It is a controversial right but very significant because often data which was not supposed to be on the web finds a place and then has a lasting negative impact on the owner.[12]

These are some of the International conventions which regulate Cyberspace, though none of them are truly accepted at an international level. The world still awaits legislation which is built on the trust of every nation so that a common solution could be formed against the misuse of cyberspace.

Indian Laws Pertaining to Cybercrimes

Indian legislature has formulated the Information Technology Act, 2000 which is the main legislation in India to deal with cybercrimes. Indian Ministry of Electronics and Information Technology has drafted a bill for data privacy. S. 20 (1)(b)of the Personal Data Protection Bill, 2019 explicitly recognizes that ‘data fiduciary’ is supposed to remove personal information of ‘data principle’ which is inaccurate, unnecessary, out of date or incomplete.[13]

This ultimately protects the privacy of the user and is a step forward to recognize Right to be Forgotten in the country. In K.S. Puttaswamy and Anr. Vs Union of Indiaand Ors,[14] the Apex court explicitly recognized the right to privacy under Article 21 of the Indian Constitution, which provides for the right to life and personal liberty.[15]Still, India is not a signatory to the Budapest Convention at the International Level. [16]


The immediate surge in the use of technology has been termed the fourth industrial revolution. Klaus Schwab, the Founder and Executive Chairman of the World Economic Forum write that this revolution unlike the other three is based on digital assets of the nations. He writes-

“…the breadth and depth of these changes herald the transformation of entire systems of production, management, and governance.”[17]

Hence, laws regarding cybercrimes and data protection are significant. Through the article, the researcher finds that it is a tedious task to make legislations on an International Issue which has consequences for multiple actors- both state and non-state. Currently, the law is highly ineffective and difficult to impose, yet progress has been made. The International Organizations are working to build consensus on some universal rights and duties of people, using the web, so uniform laws could be developed.

[1] Daniel Malan, the law can’t keep up with the tech, World Economic Forum, 21 June, 2018.

[2] Dinah Shelton, Soft Law, George Washington Law Faculty Publication, 2008.

[3]Supra Note 1.

[4] Apoorva, The Net Neutrality Debate in India, PRS India, 9 Feb, 2016.

[5] Quincy Wright, The Legal Nature of Treaties, The American Journal of International Law, Oct., 1916, Vol. 10, pg. 706-736.

[6] Abid Adonis, International Law on Cyber Security in the Age of Digital Sovereignty, E-International Relations, 14 March, 2020.


[8] Budapest Convention on Cybercrime, 23 Nov, 2001.

[9]Karishma Mehrotra, on global cybercrime, India votes in favour of Russia-led resolution, The Indian Express, 22 Nov, 2019.


[11]General Data Protection Regulation,  25 May, 2018

[12]Devarshi Mukhopadhyay and Rahul Bajaj, Locating The ‘Right to Be Forgotten’ In Indian Constitutional Jurisprudence: A Functional-Dialogical Analysis, Comparative Constitutional Law And Administrative Law Quarterly, Vol 3, 2017.

[13] Personal Data Protection Bill,2019, § 20(1)(b).

[14] K.S. Puttaswamy and Anr. vs Union of India and Ors.,(2017) 10 SCC 1.

[15]Indian Const, art.21.

[16]Supra Note 9.

[17] Klaus Schwab, The Fourth Industrial Revolution: what it means, how to respond? World Economic Forum, 14th Jan, 2016.

This Article Written by Suhani Agarwal, Student of NALSAR University of Law, Hyderabad.

Law Corner

Leave a Comment