From UPSC perspective, the following things are important :
Prelims level : UN Cybercrime Convention , Budapest Convention
Mains level : Not Much
- The Union Home Ministry recently reviewed the draft of the UN Cyber Crime Convention.
- The purpose of this review was to assess the necessary changes in India’s existing systems if the convention is signed and ratified by the country.
UN Cybercrime Convention (Draft)
|Content of Zero Draft||
|Focus Areas of Concern||1. Scope of Cybercrimes: The draft narrows the list of cybercrimes but leaves room for expanding the scope through references to other international conventions.
2. Speech-Related Offenses: While removing certain content-related offenses, it reintroduces them by applying the convention to crimes established under other international conventions.
3. Surveillance Powers: The draft retains surveillance powers, raising concerns about the lack of consensus on legal safeguards.
4. Use of Budapest Convention Language: Some provisions in Chapter IV are based on the 2001 Budapest Convention but with weakened safeguards.
Why discuss this?
- India enacted the Digital Personal Data Protection Act in August, ushering in a framework for personal data protection within the country.
- This legislation allows personal data to be processed in the interest of India’s sovereignty, integrity, and state security while fulfilling legal obligations.
- Notably, it also mandates that firms disclose to users the identity of other firms entrusted with their data for processing.
- However, the Act explicitly exempts firms from disclosing or sharing data in the case of lawful interception of data.
India’s position on the Convention
India put forth several key positions:
- Deleting Data Transfer Clause: India advocated for the deletion of a clause that encourages state parties to “establish bilateral or multilateral arrangements” to facilitate the transfer of personal data. This underscores India’s emphasis on the sovereignty of its data and its desire to maintain control over cross-border data transfers.
- Authorization for Data Transfer: India expressed its agreement with the clause stating that state parties may transfer personal data to a third country or an international organization only with the prior written authorization of the original transferring state party, subject to effective and appropriate safeguards. This reflects India’s commitment to ensuring data security and responsible handling.
- Designation of Points of Contact: The draft convention outlines that each state party should designate a point of contact available 24/7 to provide immediate assistance for investigations, prosecutions, or judicial proceedings related to cyber criminal offenses. This demonstrates India’s commitment to effective cooperation in addressing cybercrimes.