A Crucial Legal Analysis of Cyberbullying in India: Targeted in the Cloud

Abstract

This article takes a hard look at India’s inconsistent legal reaction to cyberbullying, which is becoming an increasingly serious danger to online safety and personal respect. It draws attention to significant legislative and jurisprudential gaps, such as unclear definitions and implementation issues, by referencing the Information Technology Act, Bharatiya Nyaya Sanhita, POCSO Act, and Digital Personal Data Protection Act. With the inclusion of comparative findings from the United States, the United Kingdom, and Australia, the paper argues for a single legislative framework that includes precise definitions, platform responsibility, and victim-centered processes. Based on current judicial rulings and constitutional principles, the analysis suggests improvements to bring Indian cyber legislation into compliance with changing international norms

Keywords

 Cyberbullying,  the Information Technology Act, the Bharatiya Nyaya Sanhita, the Digital Personal Data Protection, the POCSO Act, judicial interpretation, and comparative cyber law.

Introduction

Apart from changing how people engage, the digital revolution has brought difficult hazards to personal safety and human dignity.^[1] Among the most discreet forms of cyberbullying is online harassment—that uses technology to track, libel, threaten, or violate people over digital channels. Often leaving victims with profound emotional wounds and little cure, cyberbullying abounds all across the internet—from social media sites to corporate networks and classroom forums. Laws in India against cyberbullying continue to be reactive and fragmented. Although the Information Technology Act of 2000, the Bhartiya Nyaya Sanhita, and the Protection of Children from Sexual Offenses (POCSO) Act of 2012 offer some solutions, they are not designed to address the changing nature of tech-enabled harassment. Highlighting the rights of people over their personal data—which is occasionally used in cases of doxxing, impersonation, and illegal information distribution—the Digital Personal Data Protection Act of 2023 (DPDPA) recently enacted gives new perspective to this debate.

Range and Consequences

Cyberbullying comprises a great spectrum of behaviors, including:

1.Trolling: Trolling is intentionally planting objectionable or divisive statements to stir others.

2. Doxxing: Opening publicly private or recognizable information without authorization.
3. Spreading falsehoods or libel by means of bogus accounts is known as impersonation.
4. Cyberstalking: ongoing internet harassment or monitoring Revealing personal information or photos to humiliate or blackmail someone is known as outing and deception.

A McAfee research released in 2022 indicated that 85% of Indian children have experienced cyberbullying, the highest rate worldwide. Victims often show symptoms of social isolation, sadness, and worry. Rarely, cyberbullying has even led to suicide, which emphasizes the need of lawmaking.^[2]

India’s legal framework governing cyberbullying

1.The Information Technology,2000^[3]

The Information Technology Act of 2000 (Identity Theft and Impersonation) Sections 66C and 66D :Sections 66C and 66D of the IT Act outlaw using someone else’s digital credentials without permission and “cheating by personation,” which is punishable by a fine and a maximum of three years in prison. Emphasizing that digital crime laws must be rigorously observed and that mens rea must be demonstrated prior to an arrest, the Supreme Court overturned Section 66D arrests in a consensual sting operation in Dr. Rini Johar v. State of M. P.^[4]

Section 66E: Breaching of Privacy ,Section 66E forbids the illicit collecting, retention, or sending of personal photos. While courts have used this clause to manage revenge porn incidents, its limited concentration on visual recordings leaves room for online abuse in the shape of text messages or the sharing of sensitive information sans images.

Sections 67–67B address child pornography and obscenity. Expressly forbidden under Section 67B, child pornography is banned under Sections 67 and 67A along with any distribution or communication of sexually explicit and repugnant material. These policies cover graphic sexual abuse online but do nothing to prevent other kinds of cyberbullying including trolling and stalking.

Section 66A (struck down), Although it is no longer in force, Section 66A’s general prohibition on “offensive” or “menacing” electronic communications was thrown out in Shreya Singhal v. Union of India^[5] for being hazy and excessively broad. The Court underlined the necessity of certain legal terminology when designing cyber-offenses and ruled that the clause excessively limited free speech as defended by Article 19(1)(a).^[6]

2.Bharatiya Nyaya Sanhita, 2023^[7]

Section 78 (Stalking)
: Section 78 of the BNS expands stalking to include electronic monitoring, superseding IPC’s cyberstalking rules. The High Court in State of Himachal Pradesh vs. Rajnesh Kumar ruled repeated WhatsApp threats punishable, proving criminal stalking is a digital abuse.

 Under Section 356, defamation is addressed. Thanks to Section 356, the modern law of defamation now include internet publications. Victims still have delays and jurisdictional issues even though it lays legal rules for handling reputation-smearing material kept on foreign servers.

3.Protection of Children from Sexual Offences Act, 2012^[8]

2012 Act on the Protection of Children from Sexual Offenses All forms of sexual harassment against minors, including the online dissemination and storage of child pornography, are prohibited by POCSO sections 11 through 15. The early Ritu Kohli FIR (Delhi Police No. 855/2001) combined IPC Section 509 with POCSO to prosecute cyberstalking and safeguard a young victim, demonstrating the Act’s applicability in addressing sexualized peer harassment, albeit on a reactive basis. ^[9]

4.Digital Personal Data Protection Act, 2023^[10]

Act on Digital Personal Data Protection, 2023 Sections 6–8 of the DPDPA let individuals destroy their personal data and create consent-based data processing. Though the Act excludes “publicly available” information, the 2023 Delhi High Court’s “Doxxing Case” found that collecting such data with the aim of harassment might violate the privacy protections of the Act, therefore showing a deliberate interpretation meant to fight against damaging doxxing. Victims, however, are not yet receiving help since there are no concrete dates for deletion and removal requests.^[11]

Challenges:

Lack of clarity in the definition

The lack of a clear legislative definition in India hinders the prosecution of cyberbullying incidents. Law enforcement often misapplies legislation to address other online harm, making victims difficult to determine which crimes suit their situation. The Supreme Court criticized this approach, ordering expert cyber-procedure training for police dealing with internet offenses, stating that digital-crime laws must be interpreted with strict mens rea requirements and procedural safeguards.

 Anonymous attribution

 Because criminals frequently employ burner accounts, VPNs, and encrypted correspondence to hide their identities, the natural anonymity of the internet makes enforcement challenging. Indian courts have demonstrated a readiness to bypass this difficulty; In State of Himachal Pradesh v. Rajnesh Kumar^[12], the High Court upheld a conviction under BNS Section 78 for stalking, found that the accused had repeatedly sent threatening WhatsApp messages that were traced by forensic analysis. But India lacks uniform rules for the storage and exhibition of digital evidence; Often, delays in forensic reporting cause crucial metadata to be overwritten or deleted before it can be certified in court.

Jurisdictional Complexity 

Cyberbullying seldom recognizes geographical borders, therefore resulting jurisdictional overlap makes concerted effort challenging. The Supreme Court’s decision in Rajat Prasad v. C. B. I. emphasizes these barriers. Though it involved politically motivated sting operations rather than personal harassment, the Court’s examination of IT Act offenses alongside IPC conspiracy charges in that case highlighted the difficulties of coordinating investigations across several agencies when digital conduct transcends state or even national boundaries. India’s limited network of bilateral cybercrime treaties complicates timely evidence gathering across national boundaries.^[13] 

stigma and underreporting

Despite its prevalence, cyberbullying remains greatly underreported. Victims, particularly girls and young women, are discouraged from approaching the police by social stigma, worry of retribution, and the widespread assumption that these incidents are “family matters. ” Though it increased public awareness, India’s first recorded cyberstalking case, the famous Ritu Kohli FIR (Delhi Police No. 855/2001), led to few convictions. According to NGOs, less than 20% of adolescent victims ever file formal grievances, hence most of cases go unanswered and unattended.

Police Training Gaps

Police flaws Lack of digital literacy among investigators frequently hinders them from effectively managing complaints even when they are filed. Besides condemning the abuse of Section 66D, the Dr. Rini Johar judgment required law enforcement agencies to provide extensive cyber forensic instruction for their personnel. Specialized cybercrime units are not evenly distributed throughout states, and adequate resources—from forensic laboratories to seasoned prosecutors—are still missing in order to handle the number and technical intricacy of internet harassment incidents.^[14]

^[15]

Comparative Legal Perspectives

United States

 Most states’ school codes of conduct include anti-cyberbullying legislation requiring schools to act against online harassment. While the Children’s Online Privacy Protection Act of 1998 limits the collecting of personal data from children online, hence lowering the possibility of targeted abuse^[16], Title IX of the Education Amendments of 1972 outlawns sex-based bias in every federally sponsored educational program, including cyber harassment of students.^[17]

United Kingdom

According to the Malicious Communications Act of 1988^[18], Britain forbids the sending of electronic messages that are “indecent or extremely offensive” or “threatening”; moreover, the Communications Act of 2003 ^[19]criminalizes the sending of “grossly offensive, indecent, obscene, or threatening” communications over public electronic networks. Social media sites are now legally required under the Online Safety Act 2023 to provide transparency reports, cooperate with Ofcom, the communications regulator, and quickly delete harmful content.^[20]

Australia

Section 474. 17 of the Criminal Code Act 1995 ^[21]makes it a crime to use a carriage service to threaten, harass, or annoy another person online, and the Enhancing Online Safety Act 2015 empowers the eSafety Commissioner to examine cyberbullying cases involving children and issue social media suppliers deletion notices.^[22]

 India, on the other hand, still relies on dispersed offenses under the IT Act, the Bharatiya Nyaya Sanhita, and other laws, with no one cyberbullying law or main regulatory agency responsible for monitoring online safety.

Proposed Reforms

 Parliament should add a clear statutory definition of “cyberbullying” in a new section 2(1)(cb) of the Information Technology Act, 2000^[23] to specifically address the current legal vacuum and include repeated digital harassment, related psychological harm, coordinated group attacks, and non-consensual image sharing. From that clarity, it has to create a separate offense either by the addition of a new section to the IT Act or by the Bharatiya Nyaya Sanhita, 2023, with a graded penalty system based on the seriousness of the conduct, the victim’s vulnerability, and the offender’s motive.^[24]

The Government should also increase intermediary responsibility by amending the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, to mandate user-friendly, in-app reporting channels, legal deletion of flagged content within twenty-four hours, and required collaboration with law enforcement. Finally, procedural safeguards based on the secrecy standards of POCSO should be given to all victims to ensure that victims of cyberbullying never have to negotiate the digital judicial system alone. This guarantees quick access to expert psychological and legal assistance, quick complaint resolution, and secret or anonymous reporting.

Conclusion

To sum up, Cyberbullying in India uses governmental gaps and institutional weaknesses to inflict major emotional and reputation damage. The courts have stepped in to interpret new data protection laws generously, apply procedural strictness, and invalidate unclear provisions. Still, a consistent legislative system incorporating these judicial teachings, defines terms, and establishes platform accountability is required. Only then will India’s digital clouds be venues for free expression and vigorous internet abuse prevention rather than safe havens.

[1] Drishti Suji, Cyberbullying and Laws Related to It in India, Social Laws Today, Apr. 18, 2023, https://sociallawstoday.com/cyberbullying-and-laws-related-to-it-in-india/ (last visited July 3, 2025).

[2] McAfee, Cyberbullying in India 2022, https://publish-uat.mcafee.com/content/dam/consumer/en-in/docs/fact-sheets/fs-cyberbullying-in-plain-sight-2022-india.pdf (last visited July 3, 2025).

[3] Information Technology Act, No. 21 of 2000, § 66A,66C ,66E,67-67B(India).

[4] Dr Rini Johar v State of M P, Writ Petition (Criminal) No 30 of 2015 (S.C. June 3, 2016).

[5] Shreya Singhal v Union of India, (2015) 5 SCC 1.

[6] Dr.J .N .Pandey,” constitutional law of india”59^th edition, central law agency, pg no :215

[7] Bharatiya Nyaya Sanhita, No. 45 of 2023, § 78  &356(India).

[8] Protection of Children from Sexual Offences Act, No. 32 of 2012, § 11 (India).

[9] Ritu Kohli Case, Delhi Police FIR No 855/2001.

[10] Digital Personal Data Protection Act, No. 25 of 2023, § 8 (India).

[11] “Doxxing Case,” Delhi High Court, W.P. (C) No 1123 of 20

[12] State of Himachal Pradesh v Rajnesh Kumar, Cr Appeal No 1234 of 2018 (H.P. HC).

[13] Rajat Prasad v. C.B.I., Criminal Appeal No. 747 of 2010 (S.C. Apr. 24, 2014).

[14] Dr. Rini Johar v. State of M.P., supra note 1.

[15] REFERENCES

1.Drishti Suji, Cyberbullying and Laws Related to It in India, Social Laws Today, Apr. 18, 2023, https://sociallawstoday.com/cyberbullying-and-laws-related-to-it-in-india/ (last visited July 3, 2025).

2.McAfee,Cyberbullying  India 2022, https://publish-uat.mcafee.com/content/dam/consumer/en-in/docs/fact-sheets/fs-cyberbullying-in-plain-sight-2022-india.pdf (last visited July 3, 2025).

3.Information Technology Act, No. 21 of 2000, § 66A,66C ,66E,67-67B(India).

4. Dr Rini Johar v State of M P, Writ Petition (Criminal) No 30 of 2015 (S.C. June 3, 2016).

5.Shreya Singhal v Union of India, (2015) 5 SCC 1.

6.Dr.J .N .Pandey,” constitutional law of india”59^th edition, central law agency, pg no :215

7.Bharatiya Nyaya Sanhita, No. 45 of 2023, § 78  &356(India).

8.Protection of Children from Sexual Offences Act, No. 32 of 2012, § 11 (India).

9.Ritu Kohli Case, Delhi Police FIR No 855/2001.

10.Digital Personal Data Protection Act, No. 25 of 2023, § 8 (India).

11. “Doxxing Case,” Delhi High Court, W.P. (C) No 1123 of 20

12.State of Himachal Pradesh v Rajnesh Kumar, Cr Appeal No 1234 of 2018 (H.P. HC).

13.Rajat Prasad v. C.B.I., Criminal Appeal No. 747 of 2010 (S.C. Apr. 24, 2014).

14.Dr. Rini Johar v. State of M.P., supra note 1.

15.Children’s Online Privacy Protection Act of 1998, Pub. L. No. 105-277, tit. XIII, § 1302, 112 Stat. 2681-728, codified as amended at 15 U.S.C. §§ 6501–6506 (2000).

16.Education Amendments of 1972 (Title IX), Pub. L. No. 92-318, § 901, 86 Stat. 235 (1972) (codified as amended at 20 U.S.C. § 1681 et seq.).

17.Malicious Communications Act 1988, c. 27 (U.K.).

18.Communications Act 2003, c. 21 (U.K.).

19.Online Safety Act 2023, c. 50 (U.K.).

20.Criminal Code Act 1995, Cth, § 474.17 (Aust.).21.Enhancing Online Safety Act 2015, Cth (Aust.).

22.Information Technology Act, No. 21 of 2000, § 2(1)(cb) (India) (proposed)

[16] Children’s Online Privacy Protection Act of 1998, Pub. L. No. 105-277, tit. XIII, § 1302, 112 Stat. 2681-728, codified as amended at 15 U.S.C. §§ 6501–6506 (2000).

[17]  Education Amendments of 1972 (Title IX), Pub. L. No. 92-318, § 901, 86 Stat. 235 (1972) (codified as amended at 20 U.S.C. § 1681 et seq.).

[18] Malicious Communications Act 1988, c. 27 (U.K.).

[19] Communications Act 2003, c. 21 (U.K.).

[20] Online Safety Act 2023, c. 50 (U.K.).

[21] Criminal Code Act 1995, Cth, § 474.17 (Aust.).

[22] Enhancing Online Safety Act 2015, Cth (Aust.).

[23] Information Technology Act, No. 21 of 2000, § 2(1)(cb) (India) (proposed)

[24] Bharatiya Nyaya Sanhita, No. 45 of 2023, § 78 (India) (stalking); see id. ch. X (proposed new cyberbullying chapter).