Cyber Security – CERTs, Policy, etc

Draft UN Cyber Crime Convention


From UPSC perspective, the following things are important :

Prelims level : UN Cybercrime Convention , Budapest Convention

Mains level : Not Much

Central Idea

  • The Union Home Ministry recently reviewed the draft of the UN Cyber Crime Convention.
  • The purpose of this review was to assess the necessary changes in India’s existing systems if the convention is signed and ratified by the country.

UN Cybercrime Convention (Draft)

  • Under negotiation, aiming to reshape global criminal laws regarding cross-border access to personal data, surveillance, and international cooperation in cybercrime cases.
  • The convention is scheduled for adoption in January 2024, with member states working towards consensus.
  • A vote may occur if consensus is not reached.
Content of Zero Draft
  • Zero draft outlines the convention’s scope, provisions, and areas of discussion.
Focus Areas of Concern 1. Scope of Cybercrimes: The draft narrows the list of cybercrimes but leaves room for expanding the scope through references to other international conventions.

2. Speech-Related Offenses: While removing certain content-related offenses, it reintroduces them by applying the convention to crimes established under other international conventions.

3. Surveillance Powers: The draft retains surveillance powers, raising concerns about the lack of consensus on legal safeguards.

4. Use of Budapest Convention Language: Some provisions in Chapter IV are based on the 2001 Budapest Convention but with weakened safeguards.

  • Groups advocate for strong safeguards, including the justification for surveillance powers, independent authorization, transparency, and enforcement mechanisms.
  • They propose authorizing international human rights bodies to oversee convention implementation.
  • Ongoing negotiations may lead to changes in the draft text, emphasizing the need to monitor developments regarding human rights and cybersecurity.


Why discuss this?

  • India enacted the Digital Personal Data Protection Act in August, ushering in a framework for personal data protection within the country.
  • This legislation allows personal data to be processed in the interest of India’s sovereignty, integrity, and state security while fulfilling legal obligations.
  • Notably, it also mandates that firms disclose to users the identity of other firms entrusted with their data for processing.
  • However, the Act explicitly exempts firms from disclosing or sharing data in the case of lawful interception of data.

India’s position on the Convention

India put forth several key positions:

  1. Deleting Data Transfer Clause: India advocated for the deletion of a clause that encourages state parties to “establish bilateral or multilateral arrangements” to facilitate the transfer of personal data. This underscores India’s emphasis on the sovereignty of its data and its desire to maintain control over cross-border data transfers.
  2. Authorization for Data Transfer: India expressed its agreement with the clause stating that state parties may transfer personal data to a third country or an international organization only with the prior written authorization of the original transferring state party, subject to effective and appropriate safeguards. This reflects India’s commitment to ensuring data security and responsible handling.
  3. Designation of Points of Contact: The draft convention outlines that each state party should designate a point of contact available 24/7 to provide immediate assistance for investigations, prosecutions, or judicial proceedings related to cyber criminal offenses. This demonstrates India’s commitment to effective cooperation in addressing cybercrimes.

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Notify of
Inline Feedbacks
View all comments


Join us across Social Media platforms.