Authored By: Prisha Dhimmer
Bharti Vidyapeeth, New Law College, Pune
ABSTRACT
Social media is a fast, global method of communication and information sharing, especially among the younger generation. These forums enable socialization, information dissemination, and cross-border interactions, however, they create problems in the form of fake news and adverse mental health impacts due to over-engagement. While it provides unprecedented freedom of speech, its ubiquity comes with considerable negative effects. These are the proliferation of fake news, which comes from the volume of material provided, and increasing dependence, which can be harmful to relationships in real life.
Cyberbullying, defamation, phishing, and phony profiles are among the categories of crimes with which the virtual community has to put up. The legislature in India has brought about legislative safeguards to these risks: mainly by the Indian Penal Code of 1860, along with the Information Technology Act of 2000, which address the issues regarding cybercrimes and also abuses to the dignity of women. Because internet platforms are increasingly used, strong legal protection against illegal access, data theft, and misuse becomes necessary. The government of India is addressing the increase in cybercrime incidences and data breaches with the establishment of a strong framework, reflected in the 2019 Personal Data Protection Bill. This paper looks into the social media law framework of India, its efficacy, drawbacks, and the possibilities for internet safety.
KEYWORDS
Cybercrime, IT Act, Online platforms, Personal Data Protection Bill, Digital Media Ethics Code, Digital Personal Data Protection Act.
INTRODUCTION
Social media sites have become part and parcel of day-to-day modern Indian life. Social networking sites represent important spaces for commerce, leisure, and communication. However, there is no denying that with such widespread usage, there are several issues. Platforms like Facebook, Instagram, X (formerly Twitter), WhatsApp, and YouTube have been important for day-to-day communications and commercial purposes in India. However, this also gives way to problems arising from the propagation of fake news and cyberbullying. Serious problems have emerged due to the rapid increase in the use of social media: false information and fake news, suffering and agony caused by cyberbullying, data breaches, and various types of online harassment. For 2024, 3,205 cyberattacks have caused compromised data, according to the Annual Data Breach Report by the Identity Theft Resource Center (ITRC). That equates to about 8.7 attacks every day. Due to the nature of social media, users remain free to share contents with one another that may inadvertently turn a platform vulnerable to these harmful effects. The need for active management is thus felt here.
The Government of India has enforced several cyber laws, considering all these risks and threats for the proper regulation in the use of these two potent digital spaces. These regulations are supposed to lay down a crystal clear legal mechanism with which online malpractices can be dealt with and also ensure digital security for every user. Cybercrimes, including those against the safety of a person or personal information, are prosecuted under notable laws like the Information Technology Act, 2000, and certain sections under the Indian Penal Code, 1860.
Further, India has begun to take legislative measures, such as the Personal Data Protection Bill, 2019, in recognition of the dire need for strong personal data protection in a world becoming increasingly better-connected with each passing day. The object of this ongoing legislation is to afford a current legal framework that would protect personal information against theft, misuse, and unauthorized access. The current legal framework governing social media in India is the subject of deliberation in this paper, its effectiveness and the challenges that exist at present times are gauged, and further steps that are necessary for a secure online environment.
Need for Cyber Laws
Cyber laws are important for data protection because they create a legal framework that protects digital information and prevents the unlawful access, use, or disclosure of sensitive data. Increased dependence on technology and the internet exposes people to cyberattacks and data breaches, misinformation and fake news, online harassment and cyberbullying, and concerns over data security and privacy. Cyber laws fight against such dangers by making activities like hacking, phishing, cyberstalking, and identity theft criminal activities. They also help deter cybercrimes through the punishment and penalties provided by these laws. Further, cyber laws can advance more efficient security procedures and data protection standards, like the adoption of rules for secure storage, transmission of data, and data breach notification.
Therefore, cyber laws are crucial in safeguarding individuals and businesses against any devastating consequences of the cyberattacks while ensuring safe and secure use of technology and digitization of data.
Legal Framework
It outlines a multi-tiered legislative framework for regulating social media in India. Central to this is the Information Technology (IT) Act of 2000, which regulated digital activities and provided punitive actions in case of various cybercrimes, such as electronic transmission or distribution of pornographic or sexually explicit material. Importantly, the IT Act sanctions unapproved disclosure of personal data and grants powers to the government to block online access to specific content when it is traced as a potential threat to public order and national security. The consequence of accessing, downloading, or deletion of data without the permission of the user is narrated under Section 43 of the IT Act.
A person can be imprisoned for a term which may extend to seven years and shall also be liable to fine which may extend to ten lakh Indian rupees or both under Section 67, if he publishes or transmit images of a minor depicting him in engaging in sexually explicit act or induces a child under the age of eighteen years in engaging in sexual activities. Section 69 provides the government the power to intercept, monitor, or decrypt any information created, transmitted, received, or stored in any computer resource where it is necessary for protecting sovereignty and integrity of India. The central government may also prohibit the public to access any material under section 69A.
Apart from this, major social media intermediaries with more than 5 million followers are expected to do much more under the Intermediary Guidelines and Digital Media Ethics Code of 2021. Apart from ensuring effective grievances redressal systems, the latter would also be obligated to ensure easier tracking of the originator of any unlawful or deceptive content. It is a strict compliance issue that such unlawful content is taken down within a maximum of 36 hours of receiving orders from either a court of law or the government.
The appeals are entertained by the Grievance Appellate Committees after the intermediaries accept the grievances, and then the complaints are traced for 24 hours.
There are three levels of self-regulation that publishers of digital media, in this context referred to as news or curated online content, must adhere to: state regulation, self-regulation bodies, or individual publisher grievance redressal officers. According to this code of practice, publishers must classify their contents into age-suited categories, exercise care while promoting contents that could influence the national security or sovereignty of the country of India, do so with care before promoting practices and believes of multi-racial or multi-religious communities in the country, and make more contents or services accessible to the disable.
Apart from this, crimes that are committed on social media platforms are also governed by the general criminal law named Indian Penal Code (IPC). Defamation of any kind that is caused on social media platforms, or inciting animosity between various sections of communities, or harassment and stalking of women fall under IPC.
Some laws such as Protection of Children from Sexual Offences Act offer additional safeguarding since it criminalizes the presence of CSAM on online platforms.
The regulations in social media related to India have actually altered the face of the internet, as their effects are being witnessed far and wide. Social media sites, owing to the effects of the regulations on intermediary liability, would become more responsible for the information being shared by their users. This would affect freedom of speech online, as stricter monitoring of social media contents would severely influence it.
Judicial Interpretation-
Cybercrimes continue occurring day by day
Air India, the Indian carrier, revealed that about 4.5 million of its global clientele had their data compromised through the hacking of data systems. Such cases of data breaches were also witnessed with the internal records of Indigo.
A gang of three is alleged to have created two illegally functioning websites, broken into the website of the Unique Identification Authority of India-UIDAI, and extracted personal information of citizens to subsequently sell it to marketing companies as well as bank loan recovery agents. This peculiar modus operandi was cracked by the Mumbai City Crime Branch in 2022.
Analysis of ICICI Bank’s SIM Swap Fraud Case
ICICI Bank SIM swap
It was the first-time cyber criminals managed to clone the SIM card of a director living in Ahmedabad in March 2023 to overcome the OTP protection on the overdraft account maintained with ICICI Bank for the company called “Collective Trade Links Private Limited.” Such spoofing took the form of an email asking for the change of the SIM card since the number was on international roaming.
This newly got SIM card was activated by Vodafone Idea without proper verification. The scammers got the OTPs and made 22 unlawful transactions (RTGS/NEFT) using the SIM card on a Sunday when the offices were shut down, transferring ₹1,19,37,000 to unknown recipients.
Section 43 and 43A of the IT Act of 2000 were applied to entertain this case. On the other hand, ICICI Bank alleged that its knowledge about the RBI regulations with regard to deals through passwords/OTPs is in conformity with the due care, and therefore there is no liability on the bank
It had maintained that it was governed by telecom SIM card issuing regulations, and not the IT Act, adding that it was responding to a genuine request from the registered email.
It alleged that the company told ICICI that large value transfers on a non-working day must necessarily trigger additional verification. Vodafone was accused of not authenticating any SIM-card transfer while roaming.
The adjudicating officer held Vodafone as well as ICICI Bank liable for negligence, requiring: Payment of compensation of ₹10 lakh to be paid by ICICI Bank. A penalty of ₹5 lakh to be paid by Vodafone Idea. A refund of the principal amount of ₹1,05,00,000 to the company within six weeks by ICICI Bank. More power is given to the users about their data with the advent of data protection and privacy concerns. These policies also generate concerns about their ability to suppress freedom of speech with the expectation of deducing fake news on social media platforms. National security concerns contribute to the enhancement of surveillance and data localization, including social media platforms.
Critical Analysis-
Primarily concentrating on e-commerce and digital records, the IT Act of 2000 suffered from certain shortcomings in dealing with cyber crimes, liability of intermediaries, privacy violation, and social media governance. This led to certain changes in 2008, as well as judicial interventions later on. Sections 66A, 69, and 69A related to cyber crimes and authorities of the government were introduced through the amendment.
In the case of Shreya Singhal v. Union of India (2015), the Supreme Court of India repudiated entirely Section 66A, which was inserted by Act of 2008 to provide punishment for “offensive message causing irritation.” It held that Section 66A is unconstitutional for being too vague, broadly inclusive, and violative of Article 19(1)(a) of the Constitution since it caused a chilling effect on freedom of speech that does not fall within the regulations of Article 19(2). Section 69A of blocking access was held valid by the court.
The 2021 Rules Information Technology [Intermediary Guidelines and Digital Media Ethics Code] introduced stricter norms with respect to due diligence, grievances redressal, and digital media content moderation than the IT (Intermediary Guidelines) Rules, 2011. Such rules were framed for tackling matters like hate speeches, fake news, and privacy of digital users. It brought in new moral values with the advent of internet intermediaries. Today, the social media companies must necessarily act proactively before publishing any material and have fixed some timelines for deleting any offensive material. Overreach with respect to the end-to-end encryption for traceability, exceeding their powers set by the IT Act, widening the definitions of online contents such as misinformation are some of the complaints. Online gambling intermediaries also face more stringent commitments with the advent of the 2023 Amendment. Such legislative changes have irrevocably altered every area of online communications as well as online governance in India. India’s social media regulations were transformed overnight with the introduction of the Intermediary Guidelines and subsequent changes to the Information Technology Act in 2021. The outcome of such reforms is that the platforms were made to follow stringent guidelines such as the appointment of compliance officers, grievance redressal, restructuring of services, among those of strict content moderation. This also gave rise to queries related to censorship, state surveillance, freedom of speech, as well as the manner of state regulation of the internet. Basic human rights issues came into perspective too. These matters of law would influence the way social media is regulated in India since the promise of the state is that both should be balanced: regulation of social media and the promotion of human liberties. The framework is defective, especially in respect of implementation issues, as well as issues of overreach. Cybercrimes go unreported or addressed for the lack of implementation, despite the presence of legislation that addresses such issues. Then, the worry about state overreach and issues of censorship that occur as a result of state power in respect of monitoring. Finally, the problem of “delayed justice,” with cases of cybercrime often pending in courts for quite some time before conclusion.
Recent Developments-
The recommendations by CERT-In were issued in the year 2022 by the Indian Computer Emergency Response Team. This, in turn, enhances the cybersecurity posture of the country by KYC for digital services, putting in place stringent data storage regulations, and the reporting requirement of cyber incidents within six hours. What is needed is a cohesive strategy for securing the digital environment, the starting point of which is rigorous implementation of the Digital Personal Data Protection Act, 2023, since it aims to enhance personal data security. DPDP Act 2023 addresses IT Act deficiencies in privacy through regulating personal data processing-must get express consent, ensure security, and notify breaches. Large platforms have enabled significant data fiduciaries, indicating the need for data officers. There is a requirement to take parental consent regarding children’s data without monitoring or ads. The Data Principals have given rights to access, correction, erasure, and redressal of grievances. Besides IT Act Sections 43A and 72A related to data protection, it enables cross-border transfer unless regulated and prescribes a penalty up to INR 250 crore by a Data Protection Board. Maintaining a balance between national security and privacy rights is a big challenge in the creation of SDFs.
Suggestions
This should be complemented by deep operational improvement in law enforcement to ensure that cybercrime complaints are handled with speed; for instance, better training and more money invested in cyber police. The government should work out a balance between regulation and free speech by not letting the abuse of new restrictions arise. This would also involve setting up an independent body that will openly review content takedown decisions. Digitization camps should keep running across the area to inform people about the responsible use of social media, how to recognize fake material, and how to report online violations. Last but not least, collaboration with technology companies to jointly develop and implement AI-based solutions that effectively address hate speech, disinformation, and other complex cyber threats will be very important.
Conclusion
The laws governing our usage of social media have a global impact in today’s mostly digital environment. They have an impact on our internet freedom and the protection of our personal data. Fighting false information and protecting our nations are vital, but we also need to make sure we can continue to express ourselves freely. This composition shows how the need to protect data online led to the implementation of cyber laws and their impacts on the operations of social media and society in general. Even as these laws attempt to shield people and property from online violence and abuse, their general effectiveness will ultimately depend upon strict enforcement, heightened awareness and understanding, and an effective balance in technological governance of daily activities. It would then follow that the legal landscape, vis-a-vis a careful balance between individual liberties, inventiveness, and protection, is not static.
Reference(S):
Information Technology Act, 2000 , S 43, S 67, S 69
Indian Penal Code, 1860
Personal Data Protection Bill, 2019, Bill No.341 of 2019, S 34(b), S 35 (December 11, 2019)
Protection of Children from Sexual Offences Act, 2012
Shreya Singhal Vs Union of India, AIR 2015 SC 1523 (India)
Intermediary Guidelines Rules, 2011
Intermediary Guidelines and Digital Media Ethics Code 2021
Digital Personal Data Protection Act, 2023
Duaa Hashmi, Social Media And Cyber Law In India, 1(3) Journal of Legal Research and Juridical Sciences,64 (2022)
Karan Sehgal, Legal note- Status of Cyber Laws in India,Academike Articles for Legal Issue,Law Student,(2024)
Sakshi Singh,Cyber Laws and Social Media in India, Law Article A legal Solution for Everyone, (2025)
Virat Kumar,Social Media Laws and its implications,Academike Articles for Legal Issue, Birla Global University, Odisha,2025
Anna Bar Lev,Microsoft Digital Defense Report: 600 million cyberattacks per day around the globe, CEE Multi-Country News Center, November 29, 2024, ITRC Annual Data Breach Report, Microsoft
Ahmad Ali, Mumbai: 2 held for ‘hacking’ UIDAI site for data theft, hunt on for aid, TNN, November 25, 2022, 06:33 IST https://timesofindia.indiatimes.com/city/mumbai/mumbai-2-held-for-hacking-uidai-site-for-data-theft-hunt-on-for-aide/articleshow/95750788.cms
Air India cyber-attack: Data of millions of customers compromised, BBC, 22 May, 2021, https://www.bbc.com/news/world-asia-india-57210118
Hackers swipe IndiGo’s internal documents, airline assures minimal impact,Business Today. In, Dec 31, 2020, 11:47 pm IST https://www.businesstoday.in/latest/corporate/story/hackers-swipe-indigo-internal-documents-airline-assures-minimal-impact-283074-2020-12-31
Anushka Kumari, ICICI Bank Fined Rs 10 Lakh, Vodafone Rs 5 Lakh In Gujarat SIM Fraud Case,NDTV,Dec 10, 2025, 22:54 pm IST https://www.ndtv.com/india-news/icici-bank-fined-rs-10-lakh-vodafone-rs-5-lakh-in-gujarat-sim-fraud-case-9787881
Ministry of Electronics and Information Technology, Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, GSR 139 (E ), Notified on Feb 25, 2021
