Pavan Duggal is an Advocate specialising in the field of cyberlaw and e-commerce. He has been recognised as one of best cyber lawyers around the world. He has made a tremendous impact with an international reputation as an expert and authority on Cyberlaw, Cyber Security Law and e-Commerce law.
His empanelment as a consultant to UNCTAD and UNESCAP on Cyberlaw and Cyber crime respectively, membership of the AFACT Legal Working Group of the UN / CEFAT, consulting as an expert with the Council of Europe on Cyber crime, inclusion in the Board of Experts of European Commission’s Dr. E-Commerce and his work as an expert authority on a Cyberlaw primer for e-ASEAN Task Force and as a reviewer for Asian Development Bank speaks volumes of his worldwide acceptance as an authority. He is the President of Cyberlaw Asia, Asia’s pioneering organisation committed to the passing of dynamic Cyber laws in the Asian continent. He is also a member of the WIPO Arbitration and Mediation Center Panel of Neutrals.
He has been associated with the Ministry of Communication and Information Technology, Government of India on Cyberlaw and Electronic Governance legal issues. He is a member of Advisory Committee on E-Governance in Karnataka constituted by the Government of Karnataka. Pavan is a member of Information Forensic Working Group on e-Information Systems, Security and Audit Association.
He heads his niche law firm Pavan Duggal Associates, which has practice areas, amongst others, in Cyberlaw, Business Process Outsourcing Law, Intellectual Property Rights and Information Technology Law, Information Security Law, Defence, Biotech and Corporate Law.
HOW WOULD YOU LIKE TO INTRODUCE YOURSELF TO OUR READERS? PLEASE TELL US SOMETHING ABOUT YOUR PRE-COLLEGE LIFE?
I would like to introduce myself as a student of Cyberlaw. A person who is constantly trying to discover new nuances pertaining to legal, policy and regulatory aspects pertaining to the Internet, Cyberspace and the newly emerging technologies. A scholar who has dedicated more than 23 years of his life in this space and who still believes that he is at the outside periphery of knowledge. A person who believes that the Internet is a game-changing paradigm, which is potentially the most significant, that human civilization has seen after the advent of fire. I have been working on various issues on the intersection of law and technology. Hence, my path has not been like traditional lawyers. I have chosen to create my own path on the road to discovery. In fact, it is strange that you could never even think while in school what you will ultimately land up doing in life. I have been the student of Delhi Public School, Mathura Road, New Delhi and did my entire schooling from that school, excelled in academics and topped the school in Humanities and was also in the merit list. As a student, I was extremely active in extra-curricular activities including debating, music, theatre, dance, essay writing, quizzes and various other kinds of extra-curricular activities. I won a record number of prizes in school.
YOU ARE FAMOUS AS A CYBER LAW EXPERT. WHAT KIND OF WORK DO YOU CURRENTLY DO?
It is true that today I am known as a Cyberlaw expert. This is primarily so because of the kind of super specialization that I have acquired the area of Cyberlaw. I have worked for more than the last 2 decades in this space. I have been extensively working on the intersection of law and technology. Currently, I do various kinds of works. I advise clients on nuances pertaining to cyberspace transactions, compliances under the applicable provisions of the Indian Cyberlaw, advise on cyber/electronic transactions and the legal nuances, help companies to protect and preserve their domain names and their web presence online, do litigation for variety of clients so as to protect their legal interests, whether in the form of plaintiffs or defendants. I write extensively and have written 102 books on various aspects of Cyberlaw and connected nuances. I teach extensively in select law colleges and international and national institutions including the National Police Academy, National Judicial Academy, Delhi Judicial Academy and various state judicial academies. I extensively interact with various international stakeholders on the nuances of cyberspace.
I had been contributing a column entitled “Brief Facts” for 8 years in the Economic Times. I have extensively featured in various international and national media. My different columns published in various media, news portals and columns include The Economic Times, The Hindustan Times, The Business Standard, The Pioneer, The Deccan Chronicle, and The Mint etc. I have launched a Course on Cyber Security Law last year, which today has more than 9750 students from 157 countries. I speak at various conferences, seminars and workshops.
I am the Conference Director of the International Conference on Cyberlaw, Cybercrime &Cybersecurity which is the world’s unique Conference looking at the intersection of Cyberlaw, Cybercrime &Cybersecurity. I am chairing the International Commission on Cyber Security Law which is looking at collating legal principles governing cybersecurity at a global level. I am also heading the Artificial Intelligence Law Hub which is looking at the examination of cutting-edge nuances concerning Artificial Intelligence. I am also heading the Blockchain Law Epicentre which is also looking at legalities concerning Blockchain. I am extensively working with international organizations including UNESCO, ITU, ICANN, Council of Europe, INTERPOL and many other organizations so as to contribute to the evolving jurisprudence on Cyberlaw, Cybercrime &Cybersecurity. In my humble manner, I have been trying to contribute my small inputs to pushing the envelope of evolving jurisprudence on Cyberlaw, Cybercrime and Cybersecurity. In a nut-shell, I try to do the variety of activities all surrounding the Internet, cyberspace and legal, policy and regulatory issues connected therewith. I advise the Government of India and its various Ministries especially the Ministry of Electronics & Information Technology, Government of India on various issues concerning Cyberlaw and am part of various governmental bodies. I have also been part of G Gopalakrishna Working Group on Electronic Banking formed by the Reserve Bank of India which determined and set the cybersecurity standards for Banks in India.
WHAT SORT OF CASES DO YOU USUALLY HANDLE?
I handle a variety of cases on diverse issues. These cases invariably involve data thefts in the corporate sector, unauthorized transmission of data, violation of trade secrets, breach of privacy of individuals, disputes concerning electronic contracts, cybercrime prosecution and defence. I also do cases pertaining to liability arising from contravention under the law. I advise on domain name disputes and try to get domain names back from the squatters. I do a lot of cases for protection of reputation. I do cases concerning cyber defamation, cyber nuisance, cyber harassment, cyberstalking and trolling and help affected persons and provide advisories. I also do various cases pertaining to breaches of cybersecurity and the potential ramifications emerging therefrom. I also advice intermediaries, in terms of their respective compliances on how they can limit their liability for third-party data. I do cases pertaining to abuse of Over The Top Applications and also the social platforms like Facebook, Twitter, Instagram etc. I also do cases for protecting and preserving digital rights of netizens. I also file Public Interest Litigations (PIL) on legal aspects concerning cyberspace which impact the public interest at a broader level.
HOW IS CYBER LAW AND ENFORCEMENT SYSTEM IN INDIA? IS IT ADDING TO THE CHALLENGES OF TIME?
The Cyberlaw system in India has been put in place by virtue of the Information Technology Act, 2000. India enacted this law, keeping in mind the UNCITRAL Model Law on Electronic Commerce. The said legislation is indeed historic as it not only legalized the electronic format but also paved the way for the growth of electronic commerce and electronic governance in the country. It also sought to cover various cybercrimes. This law also elaborated the liabilities of intermediaries. However, in the year 2000, this law did not specifically cover the mobiles, despite the fact that mobiles had already emerged as a major factor in mainstream society. The Information Technology Act, 2000 was amended by the Information Technology (Amendment) Act, 2008, after 26/11 Mumbai attacks. The said amendments sought to enhance the scope and applicability of the Indian Cyberlaw to be applicable to all kinds of mobiles and communication devices. Various new cybercrimes were added and also the concept of intermediaries and their liability was more specifically well defined. Cybersecurity as a concept was distinctly added in the said law and various provisions concerning the same were also adequately put in the same. It has been for the last more than 10 years since the amendments have taken place. However, when one looks at the cyber legal regime in the country, one finds that it has not been effectively implemented. First and foremost, it needs to be understood that the Information Technology (Amendment) Act, 2008 effectively watered down the deterrent effect of the previous law. This is so because, barring few cybercrimes, almost all cybercrimes were transformed into bailable offences where the accused is entitled to bail. I was the counsel for the complainant in India’s first cybercrime conviction in the year 2003. We had hoped that this first conviction could be the precursor of more convictions to follow. However, with the change of law and given the sloppy enforcement of the law, cybercrime convictions have effectively dried up. Today, India is seeing a famine of cybercrime convictions. This is also primarily so because enforcement of provisions of law has not been very effective. The way the Police is detecting, investigating and prosecuting cyber crimes, leaves a lot of potential gaps.
Electronic evidence is not given the right kind of legal treatment, as is mandated by the Hon’ble Supreme Court of India in its various judgments. Consequently, there is a big gap between the registration of such cybercrimes and final prosecution. Majority of electronic evidence has not been able to be put in the right manner that further complicates the entire scenario. Further, it needs to be understood that technology is a constantly growing target and technology invariably leaves the law 10 steps behind. The problem in the Indian Cyberlaw is that despite various shortcomings, it is not effectively amended, given the newly emerging challenges that have already come up, which have not been appropriately addressed under the law. Social media as a paradigm has not been adequately addressed. Further, issues like cyber stalking, cyber trolling and cyber harassment are not effectively detailed in the said law. The advent of Over The Top Applications has brought forward new challenges, which are not adequately covered under the law. Further, the coming of new technologies like Blockchains, Artificial Intelligence and the Internet of Things have further highlighted the inadequacy of the Indian Cyberlaw. There is a need for appropriate amendments in the same so as to make it topical and relevant to the requirements of today’s times. While it is indeed laudable that the Indian Cyberlaw has provided the legal framework for the legal validity, sanction and growth of electronic commerce and electronic governance, the fact remains that there is lot more work that is required to be done. India as a country needs to provide utmost focus and priority to Cyberlaw frameworks since the Indian Information Technology Act, 2000 is special legislation and it supersedes any other law prevailing for the time being in force. Currently, I do feel that due to the advent of emerging technologies, the inadequacy of the Indian Cyberlaw has not been effectively brought forward. It is high time to make the Indian Cyberlaw more topical and relevant, by updating it and incorporating new offences so as to deal with new technological challenges.
HOW DID YOU BUILD YOUR PRACTICE? THREE STEPS YOU HAVE TAKEN THAT MADE THE DIFFERENCE.
I began as a civil and corporate lawyer. I started practice in Tis Hazari Court, Delhi and then moved on to the High Court and Supreme Court. I was initially interested in technology. In the early 1990s, I got certain software clients and that retriggered my interest in technology. The advent of the Internet provided a completely new game-changing moment in my life. After being overwhelmed by the media in the first couple of months, I quickly realised that there are a lot of legal, policy and regulatory issues that need to be appropriately addressed and I started working on the same. At that time, there was not much work happening in India and I started working with the international players.
Towards the end of 1990s, the Government of India was preparing the Information Equipment Bill, 1999. I got active and started working with various stakeholders including the Parliamentarians and the Government of India so as to give inputs on the Bill. I also started working with the Ministry of Electronics & Information Technology, Government of India on Cyberlaw issues. All this time, I had started doing work on domain name disputes. The coming of the Information Technology Act, 2000 provided a new area to focus on, where I focused. As time passed by, clients came back and said that they wanted us to expand the scope of services that we were providing. So, I swam with time and kept on expanding the bouquet of services that were provided to clients and slowly, the practice grew. Today, I am primarily known because of my super-specialization in Cyberlaw, Cybercrime and Cybersecurity. My law firm PavanDuggal Associates, Advocates also does commercial and civil litigations as well.
As regards three steps that I have taken that made the difference, I believe that Almighty has got its own ways of getting work done from us. I distinctly believe that we all are puppets on the stage of life, for whom all work has been predetermined. Looking back, the three steps that made the difference for me would include the following:
I was driven with my passion for technology and its intersection of law and technology. I followed my passion and my heart and landed up where I am currently standing.
My perseverance and hard work. A lot of people only try to see the glossy side of legal career. However, it takes a huge volume of untiring effort to make one’s position and contribution. I have been extensively doing hard work which potentially could also be a contributing factor to my current position.
Patience is also one factor that has helped me. A lot of people often run out of patience and do not have the patience to pursue their passion for their dreams, if they don’t get early success. There were numerous hiccups and massive earlier failures that I actually experienced but I felt that cyber is the next domain of the future and I need to focus. I patiently waited and kept on working silently in this space.
COULD YOU TELL OUR READERS ABOUT THE FIRST TIME THAT YOU APPEARED IN COURT?
I remember the first time when I appeared in the Court. That was immediately after passing out from LL.B. My first appearance was in the Tis Hazari Court, Delhi. I was nervous. I was appearing before a Trial Judge and while I was reading the case, I was slightly confused as to how to address the Judge, whether the Judge should be addressed as Your Honour or My Lord. I had done a lot of preparations for the case and ultimately, when the hearing of the case happened, it took a couple of minutes. I did fail initially because of the slight nervousness but as the case began, I confidently stated what I had to state and the Judge also asked the other side about the proposition and thereafter proceeded to pass an order. That particular appearance is still vivid in my mind. It was a completely different experience from the traditionally filmy legal appearances that we are used to seeing in the Bollywood and Hollywood films. However, I distinctly remember extensively reading the file prior to my first appearance. I also told myself that I need to be most updated with all the aspects of the file, and worked towards that direction. It was my very interesting first appearance.
WHY DID YOU CHOOSE CYBER LAW AS YOUR SPECIALISATION?
I chose Cyberlaw as my specialisation because I felt that cyberspace is the paradigm of the future. I was very clear that the world is increasingly going more and more digital and therefore if I have to look in the future, I must be fully prepared for the same. Hence, I chose Cyberlaw as my specialisation since I felt that over a period of time, my specialisation will increasingly have to grow very significantly and will even land up having a large impact, on other specialisation as well.
MANY LAWYERS ARE INTERESTED IN CYBER LAW. WHAT WOULD BE YOUR ADVICE TO THOSE WORKING AS CYBER LAWYERS?
My advice to lawyers who are interested in working as cyber lawyers is that there is a lot of scope in Cyberlaw in the coming times. However, everything is not as rosy, as it appears. There is a lot of hard work, required before one can achieve the desired destination. There is an increasing need for cyber lawyers as more and more stakeholders are increasingly using the digital format and are using cyberspace as a central theme point for all their operations, activities and initiatives. As time passes by, the volume of work is constantly going to increase. So if you are interested in Cyberlaw, this is the right time to get started and be involved in this area.
HOW IMPORTANT IS IT TO HAVE MENTORS FOR A YOUNG LAWYER IN STARTING HIS CAREER? WHO WERE YOUR MENTORS AT THE START OF YOUR CAREER?
It is very important for a young lawyer in starting his career to have mentors. Mentors are not just pillars of strength but also inspiration, encouragement and source of advice. One should not believe that one knows everything in the starting of the career. On the contrary, after passing out from the law college, it is very important to unlearn what you have learnt and then relearn aspects in the profession. Mentors help guide and supervise young lawyers and also put them in the right direction. The brilliant aspect about mentors is that mentors can use their lifetime experience to guide youngsters to reach their best potential. My mentor in the starting of my career was my father and he still continues to be my mentor. My father is a practicing Advocate. I looked upto him as my hero, as my idol and as my mentor. Consequently, I started looking up to him for all advice and inputs to get started and what to do in important cases that I am doing. My father still plays a very significant and invaluable role in my evolution as a lawyer. He is the rock-solid pillar to whom I always go back in the event of any challenge. He appropriately guided me in the right direction and also warned me on how to face various challenges that lie ahead in my legal practice.
PRIVACY HAS BECOME VERY FRAGILE. HOW INDIA SHOULD PROTECT PRIVACY OF CITIZENS?
Privacy is an integral part of our human existence. No wonder, when the Hon’ble Supreme Court has declared the right to privacy as an integral part of the fundamental right to life, it is effectively ventilating the hopes and aspirations of millions of Indians. India needs to do extensive homework to protect and preserve the privacy of its citizens. Currently, India does not have a dedicated law on privacy. The Indian Information Technology Act, 2000 is not a law on privacy and only has provided lip service to privacy. There is a need for a dedicated law on privacy that would help define the roles, duties and responsibilities of various stakeholders. Personal and data privacy needs to be adequately specifically addressed.
As a nation, we should not confuse privacy with data protection. Data protection is important but privacy is critical to human existence, human dignity and human life. As a nation goes forward, we need to have specific courts who only look at privacy related violations so that privacy violation matters are handled with utmost care in a very gentle manner and with distinctive victim friendly approach. With now increasingly the Government being straddled with the duty to ensure that the right to privacy is effectively implemented, the Government has also a lot of work to do. India is currently in the process of coming up with a new Personal Data Protection Bill. While that could address some aspects of privacy, but India needs to do far more. Privacy would require the adoption of distinctive new approaches for the purposes of adequately addressing it. Also, stringent, effective and efficacious remedies need to be provided to victims whose privacy, both data privacy and personal privacy is infringed or violated. India needs to provide for a regime of exemplary damages so as to give a right message to all stakeholders, that privacy of citizens cannot be taken for granted and is a value of human dignity that needs to be respected and handled with utmost care, caution and regard.
WHAT IS THE CURRENT STATE OF CYBER SECURITY IN INDIA?
Today, India as a nation has not been giving its best efforts to the cause of cybersecurity. In fact, India as a nation is giving only lip service to cybersecurity. India did come across with its National Cyber Security Policy, 2013 which was a remarkable document containing good motherly statements and the Policy of the Indian nation on cybersecurity. However, the last 5 years have shown that the National Cyber Security Policy of 2013 has only remained as a paper-tiger. In addition, we need to appreciate that India does not have dedicated legislation on cybersecurity, in comparison to a large number of other countries. The Indian Information Technology Act, 2000 is not a cybersecurity legislation. This is despite the fact that cybersecurity as a concept has been defined and introduced under the Indian Information Technology Act, 2000 by virtue of the Information Technology (Amendment) Act, 2008.
At a time when countries like China, Singapore, Vietnam, Egypt etc. are racing miles ahead in terms of coming up with detailed and elaborate cyber security legislation, India as a nation has been left behind. Further, as a nation, we are also not clear as to whose responsibility is cyber security. A large number of people in India believe that cyber security is a governmental responsibility, without realising that it is not a correct picture. Cyber security is a collectively shared responsibility for all stakeholders. The Government has to play an important role in cyber security, but other shareholders have to increasingly also play a very significant role in this direction. India as a nation needs to define the rights, duties and responsibilities of various stakeholders. Indian networks and systems are constantly under attack and as a nation, we have not been very effective in terms of repelling those attacks. There is a need for a dedicated cyber army in India who can actually protect and preserve cyber security attacks, both in the actual world and also in cyberspace on a 24/7 basis. We still don’t have a dedicated cyber security authority in the country. Cyber security is a shared baby and is a subject of turf war amongst various ministries. India as a nation needs to quickly realise that in case if we are not effectively working on protecting and preserving cyber security, it could potentially start adversely affecting the sovereignty, security and integrity of India in the coming times.
WHAT IS YOUR OPINION IS ON ONLINE DISPUTE RESOLUTION. DO YOU THINK IT WILL BECOME REALITY ANYTIME SOON IN INDIA.
I feel online dispute resolution is the way going forward. We have seen the success of online dispute resolution for protection of domain names with the effective implementation of Uniform Domain Name Dispute Resolution Policy (UDRP) of the Internet Corporation for Assigned Names & Numbers (ICANN). We have also started seeing the beta use of online dispute resolution. It will become a reality very soon with the coming of a few years in India. In fact, cyber arbitration should be an important element in online dispute resolution in the coming times.
WHAT IS THAT ONE CASE THAT HAS LEFT A LASTING IMPACT ON YOU?
The one case that has left a lasting impact on me is the case that I did for an online card processing company. The company suffered a cybersecurity breach and the said breach was extremely complicated and sophisticated. The breach led to not just theft of data but also subsequent cloning of credit cards of some high net worth individuals. The said cards were subsequently cloned and sent to different countries. In more than 2 dozen countries, the said cards were used in massive global operations all aimed to physically withdraw millions of dollars from ATMs across the world. Our client lost millions of dollars. The client was however insured. This case demonstrated to me the enormity of cybercrimes through various highly professionally organised and ultra sophisticated cybercrime gangs. It also showed the inadequacy of organisations and companies to deal with cybersecurity breaches and new challenges of cybercrimes. This case brought to my attention the enormous manipulations of ATMs and planning done by cyber criminal gangs and also showed me the ground reality that in the present and in the coming future, there is nothing known as complete security and that nobody is secure. This case further sensitised that everybody is capable of being hacked and therefore now the new norm has to be to accept the fact that breaches of cybersecurity will be a part of our day-to-day lives. How can we concentrate on cyber resilience and how can we be up and about after being breached by the cyber attack, has to be the new focus area. This case has been an important case which made me understand the impermanence of today’s present scenario. Just because everything is going fine, there is no guarantee that these things will keep on going fine tomorrow. On the contrary, change is constant and will be so, in the lives and times of stakeholders in the digital and mobile ecosystem.
HOW CAN A JUNIOR WISHING TO WORK UNDER YOU GET IN TOUCH WITH YOU? WHAT QUALITIES WILL YOU LOOK FOR HIRING A JUNIOR?
Any junior who wishes to work under me could get in touch with my law firm PavanDuggal Associates, Advocates. He/she could contact us at email ID [email protected] or could also reach out to me personally at my email ID [email protected] and [email protected]. I am looking for the hunger and passion to learn as important qualities of any junior that could work for me. A lot of juniors today are not willing to learn. They come out under the presumption that they know everything and due to overconfidence, often land-up missing important milestones. Hard work, perseverance, patience, dedication, discipline and good interpersonal relations are important attributes and qualities that I look forward to while hiring a junior.
WHAT INSPIRES YOU TO WRITE? HOW DOES BEING AN AUTHOR OF NUMEROUS BOOKS AND ARTICLES HELP YOU IN YOUR CAREER?
I believe that life is short. We will all be dead and gone tomorrow. Hence, it is very important to write your thoughts and express them in print so that they can be your contribution to society. I get inspired to write because I believe that my thoughts must be well captured and communicated to other stakeholders. I have had a flair for writing from the very beginning. I love to write as I feel that writing is the best way of sharing experience, knowledge, perspectives and opinions. I write rigorously and regularly. Over the last more than 2 decades, I have authored 102 books on different aspects of Cyberlaw, Cybercrime &Cybersecurity and connected legalities. In addition, I have written a number of articles that have appeared in various newspapers, online media platforms, websites and other publications.
Being an author of articles and books will help you in your career. People see you with a different perspective and in a different light, once you become an author. They start giving you more respect and regard and also your books then become ambassadors of your capacities and capabilities. Also, writing books demonstrates your authoritative command on your subject and hence contributes to your career.
YOU ARE A PROLIFIC WRITER. DOES IT HELP A LAWYER TO WRITE ARTICLES AND BOOKS?
As a prolific writer, I believe that it does help a lawyer to write articles and books. We have to traditionally change our mindsets about the legal profession. The perception that lawyer must only go and argue matters in courts is an old perception and needs to be slightly changed with the times. Today, lawyers are expected to do multi-dimensional roles. Hence, they must not only have people friendly soft skills but also have appropriate contributions to give back to society. Writing books and articles is one such contribution that one can make in terms of giving back to society. Your books and articles could get read by members of the public who will then become your potential clients and will start forming an opinion about you. In the event of any challenge and issue, they would come back and seek your opinion. So over a period of time, a lawyer which writes books and articles not only tends to enhance his/her capability but also tends to contribute to the growth of evolving jurisprudence. Having authored 102 books and numerous articles, I believe that it definitely helps lawyers to write articles and books.
In the end, I would just like to say that the world is a constantly changing paradigm. Everything is in a constant state of flux. Hence, the focus of any lawyer has to be to try to update his/her skill-sets. We must unlearn, relearn, unlearn, relearn all the time. This is so because the coming times are very challenging times ahead. The advent of new technologies will bring in, not only new challenges but far more opportunities as well. It requires a vision to understand and identify some key opportunities that the coming future will bring across. The legal profession has been one of the best professions in the world. I believe that with the advent of technology and cyberspace, it will continue to grow by leaps and bounds. Cyberlaw, as a discipline, will increasingly contribute in the evolving digital law jurisprudence at global and national levels.