Law and Technology

By Nabarun Chandra Ray, GNLU 

Editors Note: Technology interacts with social, economic and legal frameworks to set the basic ‘affordances’ and constraints of human activity over time. The most significant present transformation revolves about computers and the emergence of the networked information economy. These new technological and economic conditions are creating new forms of production and new forms of social behavior that are fundamentally altering the way we know the world, how we learn about how the world is and how we can make it become. It is important that we know this transformation and understands it in political as well as economic terms.


We stand at a moment of transformation in the conditions of economic production and human freedom a moment wrought by a cluster of technological shifts and, in large measure, are managed through law. Law already is and will continue to be, a major domain in which the conditions of tomorrow are negotiated, but it cannot be thought of without understanding the technological, economic and social context in which it operates and the historical moment at which it intersects with these other disciplines. A systematic dedication to understanding how technology is affecting life and how law interacts with technology is a precondition to understanding the stakes and implications of the institutional battles we observe today.

What is ‘Technology’?

Technology which derived “from Greek τέχνη, techne, “art, skill, the cunning of hand”, and (λογία,) -logia,” is the collection of tools, including machinery, modifications, arrangements, and procedures used by humans. Engineering is a discipline that seeks to study and design new technologies. Technologies significantly affect human as well as other animal species’ ability to control and adapt to their natural environments. The term can either be applied generally or to specific areas- examples include construction technology, medical technology, and information technology.[i]

Rise of Technological Economy

The networked personal computer inverts the capital structure of information production and exchange that has been the stable fact for over one hundred and fifty years. While the exact number is difficult to pin down, somewhere between six hundred million and one billion people around the globe now own the basic physical capital necessary to reduce information, knowledge, and culture, and to participate in the global economy centered on them.

That means that almost one billion people on the planet now have the freedom to decide to produce information or culture simply because they want to – they already have access to the physical requirements and the human intuition, wisdom, and creativity necessary to do so. They do not need a business plan to write software to serve a need they have. If they know how to do it, they can write it and find others who will work with them to improve it.

This is the fundamental fact proven by the dramatic success of free and open-source software development. Over a million programmers participate in tens of thousands of projects, the best known of which are responsible for most of the basic functions of Internet communications, some having been adopted in the face of strong, but ultimately unsuccessful, competition from proprietary firms.

Thirty thousand individuals can come together to construct a free online encyclopedia such as Wikipedia, which may not displace the Encyclopedia Britannica quite yet, but is a very good substitute for most other online encyclopedias. Examples are by now legion, and we have reasonably good economic models to explain why commons-based information production in general, and peer production in particular, occurs, and why both types of production are sustainable under the conditions that typify a networked information environment.

What is Law?

Almost everything we do is governed by some set of rules. There are rules for games, for social clubs, for sports and for adults in the workplace. There are also rules imposed by morality and custom that play an important role in telling us what we should and should not do. However, some rules — those made by the state or the courts — are called “laws”. Laws resemble morality because they are designed to control or alter our behavior. But unlike rules of morality, laws are enforced by the courts; if you break a law — whether you like that law or not — you may be forced to pay a fine, pay damages, or go to prison.

Why are some rules so special that they are made into laws?

 Why do we need rules that everyone must obey?

 What is the purpose of the law?

If we did not live in a structured society with other people, laws would not be necessary. We would simply do as we please, with little regard for others. But ever since individuals began to associate with other people — to live in a society –laws have been the glue that has kept society together.

For example, the law in Canada states that we must drive our cars on the right-hand side of a two-way street. If people were allowed to choose at random which side of the street to drive on, driving would be dangerous and chaotic. Laws regulating our business affairs help to ensure that people keep their promises. Laws against criminal conduct help to safeguard our personal property and our lives.

Even in a well-ordered society, people have disagreements and conflicts arise. The law must provide a way to resolve these disputes peacefully. If two people claim to own the same piece of property, we do not want the matter settled by a duel: we turn to the law and to institutions like the courts to decide who is the real owner and to make sure that the real owner’s rights are respected.

We need the law to ensure a safe and peaceful society in which individuals’ rights are respected. But we expect even more from our law. Some totalitarian governments have cruel and arbitrary laws, enforced by police forces free to arrest and punish people without trial. Strong-arm tactics may provide a great deal of order, but we reject this form of control.

Goals of the Law

In our society, laws are not only designed to govern our conduct: they are also intended to give effect to social policies. For example, some laws provide for benefits when workers are injured on the job, for health care, as well as for loans to students who otherwise might not be able to go to university.

Another goal of the law is fairness. This means that the law should recognize and protect certain basic individual rights and freedoms, such as liberty and equality. The law also serves to ensure that strong groups and individuals do not use their powerful positions in society to take unfair advantage of weaker individuals.

However, despite the best intentions, laws are sometimes created that people later recognize as being unjust or unfair. In a democratic society like Canada, laws are not carved in stone but must reflect the changing needs of society. In a democracy, anyone who feels that a particular law is flawed has the right to speak out publicly and to seek to change the law by lawful means.

The System of Law and Justice

The law is a set of rules for society, designed to protect basic rights and freedoms and to treat everyone fairly. These rules can be divided into two basic categories: public law and private law.

Public Law

Public law deals with matters that affect society as a whole. It includes areas of the law that are known as criminal, constitutional and administrative law. These are the laws that deal with the relationship between the individual and the state, or among jurisdictions. For example, if someone breaks a criminal law, it is regarded as a wrong against society as a whole, and the state takes steps to prosecute the offender.

Private Law

Private law, on the other hand, deals with the relationships between individuals in society and is used primarily to settle private disputes. Private law deals with such matters as contracts, property ownership, the rights and obligations of family members, and damage to one’s person or property caused by others. When one individual sues another over some private dispute, this is a matter for private law. Private suits are also called “civil” suits.

Exploring the law and technology relationship

Law has often to deal with technologies, i.e. with human activities which, employing the attainments of science, bring into existence new media, tools, devices, systems which improve the quality of life of human beings.

Some examples are-

  1. Law and exploitation of natural resources (energies): energies can be exploited thanks to the emergence of modern technologies. The law regulates the production, processing, distribution of energies and natural resources.
  2.  Law and food: the food chain requires the regulation of technologies related to food in order to guarantee, for example, high-quality standards.
  3.  Law and biology: in order to provide a legal framework for medically assisted procreation or for cloning we have to deal with the technologies which allow obtaining gametes, stem cells, crossbreds, chimeras.
  4. Law and medicine: some choices related to the end-of-life issues which are legally significant are dependant on medical notions such as that of brain death. The same notion of therapeutic tenacity must be measured against the available technologies.
  5. Law and information technologies: IT has made available tools such as e-documents and e-signatures. The law must cope with these technologies to regulate them or to make them legally available.
  6. The relation between law and technology has several implications. Let’s focus on three of them.

Utilization of Technology by Law

A. Technology has the capacity to change the contents of protected legal interests, as in the case of the right to privacy, which has been transformed by the rise of Information Technology. The so-called technology convergence in telecommunications swiped away the features which framed telecommunications as a natural monopoly, opening the market to a potentially infinite number of operators, enhancing the free competition within of the sector.

This is also true for the vanishing distinction between article 15 and article 21 of the Italian Constitution. Traditionally the former is enforced whenever, for example, the freedom and secrecy of personal correspondence are at play. The latter protects freedom of expression toward a public audience.

B.  Law can also employ new technologies to pursue goals which were pursued by other technologies in the past: this is the case of the e-document, the e-signature, the payment of obligations through e-money, the conclusion of contracts through Internet, and so on. In all these examples, new rules set the possibilities of employment of digital technologies in order to attain this or that goal which was reached through other technologies in the past.

The rules arising from technologies are shaped by the features characterizing such technologies. For example, one thing is to have rules concerning the matter (atoms), another is to have rules concerning the bits. In some cases, this implies the need to re-frame concepts which traditionally refer to material things (such as ownership and possession) or to draw on new concepts (such as the ideas of title and legitimization in the case of dematerialized financial instruments).

C. The role of technologies to help to create new commodities was true in the past for the new value prompted by the invention of printing, from which after a lengthy process the new right of copyright emerged. In more recent years this is happening with regard to data banks (of human tissues for example, but several other examples may be offered). The law is continuously confronted with the need for regulating new commodities which were unknown in the past.

D. The change in technologies influences also the source and the structure of the rules. Sometimes legal systems prefer to regulate given phenomena by making recourse to international instruments or to regulatory patterns which are not imposed from outside (for example codes of conduct)

E. Technology sometimes may itself become the rule because:-

i) It imposes the operational rules. For example, the regulation of the digital signature.

ii) It incorporates the rule.

iii) It guarantees enforcement. For example, Digital Rights Management.

The Copyright Act

The Copyright Act, 1957(Act No. 14 of 1957) governs the laws & applicable rules related to the subject of copyrights in India. Copyright Law in the country was governed by the Copyright Act of 1914, was essentially the extension of the British Copyright Act, 1911 to India, and borrowed extensively from the new Copyright Act of the United Kingdom of 1956. All copyright-related laws are governed by the Copyright Act, 1957.[iii]

The Copyright Act today is compliant with most international conventions and treaties in the field of copyrights. India is a member of the Berne Convention of 1886 (as modified at Paris in 1971), the Universal Copyright Convention of 1951 and the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) Agreement of 1995. Though India is not a member of the Rome Convention of 1961, WIPO Copyrights Treaty (WCT) and the WIPO Performances and Phonograms Treaty (WPPT), the Copyright Act is compliant with it.

Various crimes have started occurring especially in the field of computer, which has been categorized as cyber-crimes:

Cybercrime is an act commonly performed by a knowledgeable computer user, sometimes referred to as a hacker that illegally browses or steals a company’s or individual’s private information. In some cases, this person or group of individuals may be malicious and destroy or otherwise corrupt the computer or data files.

Few examples of computer crimes are:

1. Cyber terrorism– Hacking, threats, and blackmailing towards a business or person.

2. Child pornography– Making or distributing child pornography.

3. Cyberbully or Cyberstalking– Harassing others online.

4. Creating Malware – Writing, creating, or distributing malware (e.g. viruses)

5. Denial of Service attack – Overloading a system with so many requests it cannot serve normal requests.

6. Espionage – Spying on a person or business.

7. Fraud– Manipulating data, e.g. changing banking records to transfer money to an account.

8. Harvesting– Collecting an account or other accounts’ related information on other people.

9. Identity theft – Pretending to be someone you are not.

10. Intellectual property theft – Stealing other persons’ or companies’ intellectual property.

11. Phishing – Deceiving individuals to gain private or personal information about that person.

12. Salami slicing – Stealing tiny amounts of money from each transaction.

13. Spamming – Distributed unsolicited e-mail to dozens or hundreds of different addresses.

14. Spoofing – Deceiving a system into thinking you are someone you really are not.

15. Unauthorized access – Gaining access to systems you have no permission to access.

16. Wiretapping – Connecting a device to a phone line to listen to conversations.

To prevent these crimes, intellectual property rights were established, which are discussed below in short:

Introduction to the IPR:

Computer technology plays an increasingly important role in modern society. Computers electronic machines with a capacity to store and/or process data — are called ”hardware.“ The development of hardware is astonishing: computers are more potent and computer technology enters more areas of life, not only in technological environments and offices (their initial stronghold), but also in more mundane surroundings such as household appliances, cars, watches and similar products.

A computer cannot operate without instructions. These instructions (programs) may be embedded into the hardware (the computer itself), for example in ROMs (Read Only Memory, circuits from which digital information can be retrieved), but most often they are created, reproduced and distributed in media which are separate from the computer hardware. Typically, computer programs for personal computers are distributed on diskettes, or CD-ROMs. Usually, computer programs are created in a programming language which can be understood by people trained in that language.

That form of appearance of the program, which can be on the computer screen or printed out on paper, is normally referred to as the ”source code.“ Another form of appearance is the so-called ”object code,“ where the program is transferred (”compiled“) into the digital values ”0“ and ”1.“ In this form, the program is unintelligible for persons, but it is machine- readable, for example from a diskette, and in that form, it can be used actually to control the operations of the computer.

Usually, the computer hardware and the programs need to be supplemented by manuals and other support material, prepared by the producer of the program, which provide the necessary instructions and reference material for more advanced uses of the program. The program and such reference material and manuals (together with the more technical background material which rests with the producer) are referred to as computer software.

The investment needed for the creation of computer programs is often very heavy, and their protection against unauthorized copying and use is of crucial importance. Without such protection, producers of computer programs would not be able to recoup their investment, and so the creation and development of this decisive side of computer technology would be jeopardized.

In countries which have not yet provided sufficient protection, it is frequently only possible to obtain foreign programs which are not adapted to the specific needs of those countries, because it is difficult to secure the financing of the necessary translations and local adaptations. Also, computer viruses tend to be much more widespread in countries with insufficient protection, because they are distributed with pirated software which is not subject to the same quality control as authorized products.

Therefore, it is vital for national legislation to ensure sufficient protection of computer programs. Even in cases where local translations or adaptations are not necessary, such protection improves access to the most advanced and the best suited software, since producers and distributors are only reluctantly releasing their valuable products in countries where rampant piracy can be expected.


Amid the 1970s and the first 50% of the 1980s, concentrated worldwide discourses with respect to the security of machine programming occurred, mostly going for determining the inquiry of whether such assurance ought to be under copyright or patent law, or potentially under a sui generis arrangement of insurance.

A Council of Specialists met mutually by WIPO and Unesco in February – Walk 1985 denoted an unequivocal achievement in the decision of copyright as the proper manifestation of insurance of machine projects, which could be acclimatized to abstract works. A couple of months after the fact, a few nations passed enactment illuminating that machine projects were viewed as works, subject to copyright security, and from that point forward it has been by and large acknowledged overall that copyright insurance ought to be connected instead of a sui generis approach.

There are vital explanations behind picking copyright security. Above all else, machine projects are essentially works and, under Article 2(1) of the Berne Tradition, the reason for which compositions are made is immaterial from the perspective of their qualifying as abstract works, on the off chance that they are unique educated manifestations.

CASE: Satyam Infoway Ltd. v. Siffynet Solutions Pvt. Ltd.


The defendant was the holder of two domain names, and The plaintiff company, Satyam Infoway, incorporated in 1995, registered several domain names that included the fanciful word ‘sify’:,,, etc. The similarity between these names registered in 1999 and the two domain names of Siffynet Solutions (registered later in 2001), led Satyam Infoway to file a suit in the City Civil Court of Bangalore on the basis that the defendant was passing off its business and services by using its business name and domain name.

The Court acknowledged that the plaintiff was the prior user of the trade name ‘Sify’ and that it had earned a good reputation in connection with Internet and computer services under this name. The Court stated that Siffynet Solutions’ domain names were similar to the domain names of the plaintiff, and that confusion would be caused in the mind of the general public by such deceptive similarity.

The Court was pleased to grant a temporary injunction in favor of the plaintiff. The case was brought before the High Court, which allowed the appeal. According to the High Court, the respondent was doing business other than what was being done by the appellant, so consumers could not be misled nor misguided, and would not get confused.

The High Court also underscored the point that the plaintiff company had a separate trade name – Satyam Infoway – which it could use if it were not granted an order of injunction. Since the complaint was filed in order to protect a trade name, there could have been recourse to the UDRP procedure. Even if the UDRP has been designed for abusive registrations of trademarks, it is still possible to get protection for a trade name under it, when it is deemed equivalent to a trademark.[iv] This is despite the World Intellectual Property Organization (WIPO) not being favorably disposed towards this trend.

In fact, there is already a precedent of an Indian firm having taken advantage of this broad interpretation of the UDRP rules.[v] However, here, since the plaintiff chose to bring the case before a national court, it gave a chance to the Supreme Court of India to pronounce its first decision on domain names. The Court’s judgement offers an interesting perspective on domain name disputes to the legal community in India and beyond. It characterizes the domain name under two main aspects – as “an address for computers” and, also as a “business identifier” owing to increased commercial activity on the Internet.[vi]

Due to the rise of Cybercrime globally and because hackers are able to exploit everything that is virtually available, India has made efforts to protect data. They are Copyright Act, IT Act and Contract act from which two are already mentioned.

Data Protection Efforts in India:

But before going into any details about the data protection efforts, there arises but one question : WHY PROTECT DATA?

The answer is-

The need to protect data and data privacy in India is relatively new, arising from the ever expanding off-shoring business operations conducted in India by overseas companies wherein personal data is exported by these overseas companies to their off-shore agents or counterparts in India.1 If it was not for this mushrooming off-shoring business, India would perhaps never have worried much about data protection, as there are already existing provisions in the Indian legal framework for the protection of data, albeit not at the scale at which protection is warranted under the current circumstances.

India had been the hot-spot for off-shoring operations for foreign companies for a long time, till concerns of data security were raised, following certain incidents of data theft and breach of data privacy by certain Indian off-shoring companies.4 These incidents made headlines in national and international media and brought India’s legal framework for data protection  under worldwide scrutiny. While India continues to be a hotspot for off-shoring, it cannot avoid data security issues for much longer, as both the industry and the government have been under tremendous pressure to enact a law for data protection in India.

Contract Law

It is one of the steps taken to ensure data protection. The existing Indian legal framework for data protection from an off-shoring angle falls mainly under the law of contract. Under the Indian Contract Act, 1872, a company can bind another through a contract to protect the data of the former. This is possible because of the reason that the Act defines ‘consideration’ as any act or abstention at the desire of the promisor,[vii] which means that for certain reciprocal consideration, one firm can bind another so as to refrain from revealing data without authorization, and foist upon it the positive obligation to protect data.

Such a contract may mention the specific duties and obligations of both the parties involved and should have provisions relating to the duty of the Indian company to protect the privacy of data, as well as the terms and conditions of the use and processing of data. Currently, all off-shoring operations in India are regulated by such contracts. In a scenario like this, contractual clauses are crucial in order to determine the extent of data security. Most of the time, negotiations by foreign data exporters with Indian companies aim at reaching a balance between maximum business benefits and adequate protection of personal data.


Instances of data theft have compelled both the government and the industry to remedy the situation as a response to international pressure, in terms of providing some sort of framework for data protection. Some of these efforts are discussed below.

A. Proposal to Amendment to the IT Act

Proposed Amendments to The IT Act In view of growing concerns raised by recent instances of data theft, the Ministry of Information Technology proposed certain amendments to the IT Act, 2000. One such amendment, pertinent to data protection, is the proposed insertion of a new Section 43A wherein sensitive personal information would be handled with reasonable security practices and procedures. The proposed amendment reads as follows:

43A. Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation not exceeding five crore rupees, to the person so affected.


(i) ‘body corporate’ means any company and includes a firm, sole Proprietorship or other association of individuals engaged in commercial or professional activities;

(ii) ‘reasonable security practices and procedures’ means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit;

(iii) ‘sensitive personal data or information’ means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit. This has taken the form of Clause 20 of the Information Technology (Amendment) Bill, 2006. However, nothing in the proposed amendments deals with crucial aspects of data protection such as the processing of personal data, handling of sensitive personal data, the conditions under which data may be collected from an individual, the precautions to be taken while collecting data, confidentiality and security of processing of the data collected and so on. The proposed amendments have not yet materialized into new provisions under The IT Act and have only recently received the comments of the Standing Committee on Parliamentary Affairs.

B. The Data Security Council of India

The National Association of Software and Services Companies (NASSCOM) has set up a self-regulatory initiative in data security and privacy protection called the Data Security Council of India (DSCI). What led to the establishment of the DSCI is the continuing effort by NASSCOM to ensure that the Indian information technology industry has a safe environment that can be benchmarked with the rest of the world.[viii]

The DSCI is a self-regulatory body established under the premise that the industry, rather than the government, is best positioned to develop appropriate data privacy and security standards as it has greater knowledge and a better understanding of the practical commercial issues involved. It is felt that such an approach would allow the DSCI to evolve and effectively respond to global developments.

The DSCI would adopt global standards in order to move towards this end, initially focussing on establishing its membership and evolving a code of conduct by promoting a culture of privacy. Initially, the DSCI would promote and encourage voluntary compliance with the code of conduct, gradually creating a mechanism for enforcement of the same in an effort to establish its credibility.[ix]

The DSCI is envisaged as a non-profit organisation, with its governing body having an adequate representation of independent directors and industry specialists. Organisations associated with data security and privacy protection such as Information Technology (IT) and Information Technology enabled Services (ITeS) companies, academic or research institutions and universities can also become members of the DSCI.


Effective from October, 2007, TRAI put in place the National ‘Do Not Call’ Registry (NDNC), with the primary objective of curbing unsolicited commercial communication (UCC). The Telecom Unsolicited Commercial Communications Regulations, 2007, defines UCC as, “any message, through telecommunications service, which is transmitted for the purpose of informing about or soliciting or promoting any commercial transaction in relation to goods, investments or services which a subscriber opts not to receive.”[x]

Exceptions to UCC are messages received under a contract, communications relating to charities etc., and communications transmitted under the directions of the government, in the interest of the sovereignty and integrity of India. The NDNC register will, therefore, be a database containing the list of all telephone numbers of subscribers who do not wish to receive UCC.


A reading of the report of the Standing Committee on Information Technology on the proposed amendments to The IT Act concerning data protection makes it clear that while the industry and the legislators are familiar with terms like ‘personal data’, ‘sensitive personal data’, ‘personal privacy’, ‘data privacy’ and so on, there is a lot of ambiguity as to how these terms should be interpreted for effective data protection in India.

Without an in-depth understanding of the industry’s needs and what is involved in the protection of data and data privacy in India, all the above efforts will remain mere efforts. Nor would attempts to do patchwork on existing legislation, so as to protect data, meet the current need for a legal framework. Emulating the European example of data protection by distinguishing it from the protection of e-commerce transactions would undoubtedly place India on the global map when it comes to data protection.

Besides, it would also create a safe environment for foreign companies to invest in India. Till then, it needs to be seen how long the off-shoring industry is going to indulge India’s baby steps towards data protection.

The rise of the networked information economy and its contributions to both freedom and development seem to be an important and immediate conclusion of a systematic study of law and technological change in our age. We are in the midst, however, of a series of deep transformations in how we produce information, knowledge and culture and how these elements of human knowledge will be applied to improve the human condition.

The next few decades will offer more opportunities to do the right thing, as well as to go wrong. Incumbents will generally try to optimise law to protect their rents and business models. But in order to diagnose the likely benefits or costs of new practices, and, as a consequence, of the laws that will be proposed and opposed along the fault lines of these transformations, one must have a good analytical basis from which to evaluate both the old and the new and the stakes of the transition from one to the other. This is why the study of law and technology will be central to the understanding of human flourishing, welfare and freedom for many years to come.

Formatted on February 28th, 2019.


[i] See

[ii] For details,see: art. 3 of the Italian Data protection code.

[iii] “INDIAN COPYRIGHT ACT, 1957”. Govt of India. Archived from the original on July 21, 2011. Retrieved 30 September 2012.

[iv] See, e.g., LIN Television Corporation v. Home In USA and Home In USA, Inc, WIPO D2000-0257 (June 2, 2000), at 0257.html; Cedar Trade Associates, Inc. v. Gregg Ricks, NAF 93633 (February 25, 2000), at

[v] Second WIPO Internet Domain Process, The Recognition of Rights and the Use of Names in the Internet Domain Names System, September 3, 2001, § 318 to 320, at process2/report/html/ report.html.

[vi] Satyam, (2004) 6 S.C.C. at 150.

[vii] Section 2 of the Indian Contract Act states that “[w]hen, at the desire of the promisor, the promisee or any other person has done or abstained from doing, or does or abstains from doing, or promises to do or to abstain from doing, something, such act or abstinence or promise is called a consideration for the promise.”

[viii] See Data Security Council of India (DSCI), available at

[ix] See Data Security Council of India: A Self-Regulatory Initiative in Data Security and Privacy Protection, available at (setting out the objectives of the Council in the guiding principles).

[x] Telecom Unsolicited Communications Regulations 2007, Regulation 2(q).

1 thought on “Law and Technology”

Leave a Comment