With the ever-increasing use of various online means of communication, the prevalence of crimes committed in cyberspace has also been on the rise. Apparently to address the issue of cybercrimes, the infamous Digital Security Act, 2018 (DSA), and later the Cyber Security Act, 2023 (CSA) were passed. Both the laws drew criticisms for their particularly vague language, largely used by the previous regime to suppress dissenting voices. Following the July uprising, the Cyber Protection Ordinance, 2024 was expected to be substantively different. However, on multiple counts, the ordinance fell short to meet our expectations.

Among the several changes brought about through this Ordinance, the explicit recognition of 'cyberbullying' as a distinct offence under Section 25 has been a significant one. Cyberbullying is a growing concern all over the world, with legislation being passed in several jurisdictions to specifically deal with the issue. It is commendable that the interim government decided to legislate in that regard. In fact, the provision on 'cyberbullying' may appears fine. However, the said provision suffers from certain fatal defects too.

First, the definition of 'cyberbullying' is not specific as to what exactly constitutes the offence. The Explanation to the Section defines 'cyberbullying' as harming one's reputation or mental health by threatening, intimidating or harassing that person, or publishing false or harmful information, spreading insulting or abusive messages about someone, or spreading rumours or defamatory content. Interestingly, we do not find the mention of 'cyberbullying' in the main content of section 25, although 'blackmailing' has been explicitly mentioned there and subsequently defined in the Explanation as well. It is not clear what purpose defining 'cyberbullying' serves when the same has not been used in the main text of the provision.

Notably, both the DSA and CSA criminalised the act of a person intentionally or knowingly sending such data or information to others, known to be offensive, intimidating or false. Thus, the two Acts did in fact cover some aspects of cyberbullying. Therefore, it is not clear what specific objective this new law intends to pursue.

Second, the section does not delineate what degree or seriousness of harm caused to the victim's mental well-being constitutes the offence. Hence, trivial or non-substantial harm to one's mental health may be counted as an offence of cyberbullying, leading to a floodgate of cases coming to the court.

Third, the definition suffers from lack of nuances. The Section does not provide any exceptions. The Online Safety Act 2023 of the UK, for example, provides an exception in favour of recognised news publishers from the offence of 'false communications.' We have a history of section 25 being used against journalists and media outlets, and a lack of exemption can potentially aggravate the situation, instead of ameliorating the same.

In sum, the progress that the Ordinance made lies in naming and defining the offence and broadening its scope. Yet this 'progress' is overshadowed by its use of rather vague and ambiguous language. Given the intricacies and sophistication of the offence, an ill-defined provision will only exacerbate the crises.

The writer works at the Law Desk.