School of Law

Dr Subhajit Basu FRSA

Associate Professor in Information Technology Law (Cyberlaw)

I am an Associate Professor of Information Technology Law where I teach and research on the regulation of the internet, including issues relating to privacy, data protection, freedom of expression and also e-commerce. I am Vice-Chair of British, Irish Law Education and Technology Association (BILETA).

I hold a PhD from Liverpool John Moores University and an LLB from the  University College of Law, Faculty of Law, Calcutta University. I was called to the Bar in 1998 and worked as an Advocate specialising in Corporate Law in India.

I aim to explore the challenges that the Internet has created in transforming our lives, especially in the area of governance and in our legal framework. Understanding and making sense of the increasing amount of “data” that is out there is central to my research. “Big data” can control our lives, and I am particularly interested in how we can better inform and empower consumers. I am also keen to examine how we can update our legal framework to protect privacy and equip the public with the knowledge needed to make informed choices.

I am a co-author of the Book “Privacy and Healthcare Data: ‘Choice of Control’ to ‘Choice’ and ‘Control’?” (Routledge, 2016). The book aims to open up the debate of how data could help medical research. The book also aims to shape and inform policy and to prevent one specific party – government or industry from exerting too much control.

I am the author of the critically acclaimed book “Global Perspectives on E-Commerce Taxation Law (Ashgate, 2008). The book proposed the most effective mean for a collection of consumption taxes which is technically feasible, efficient, and cost-effective. It examined the volatile and rapidly changing intersection of e-commerce and tax law, particularly it focused on how to ensure the efficient collection of consumption taxes concerning the cross-border supply of digital goods and services.

I am currently working on and involved in the following externally funded research projects.

  • Co-Investigator: CRITiCaL - Combatting cRiminals In The Cloud (EPSRC) June 2015 - May 2020. In this project, we seek to understand the different types of crime that can happen in the Cloud, build systems that will allow the detection of this criminal behaviour and enable the use of digital evidence to lead to successful prosecution of Cloud crime perpetrators.

  • Co-Investigator: ‘Review of Legislation and Policy Guidance Relating to Adult Social Care’ (funded by Commissioner of Older People Northern Ireland and Government of Northern Ireland, 2014-2015).The full report for the COPNI can be downloaded here.

  • Co-Investigator: “International Justice for Older Adults - Crossing Barriers as well as Borders” (funded by Borchard Foundation Center on Law and Aging, USA (2011-2013). Inter-disciplinary research on the need for better integration of health and social care (comparative and international perspectives) and rights and responsibilities of older adults and families.

  • Legal Expert and co-investigator on European Commission funded “HuWY”. The project aims to support young people’s eParticipation in policies about the Internet and its governance, through a distributed discussion (2009-2010).

  • Partner on European Commission funded Legal Framework for the Information Society (LEFIS) project on IT and Legal Education (2004) and LEFIS APTICE Thematic Network (2007). The project was responsible for developing, implementing and consolidating a cross-national teaching and research infrastructure which adequately responds to the needs and problems raised by the information and knowledge society.

Professional Activities:

Vice-Chair of British, Irish Law Education and Technology Association (BILETA); Fellow of the Royal Society for the Encouragement of Arts, Manufactures and Commerce; Member of the Brazilian Academy of Crime Sciences: Committee on International Cybercrime Law; Research Fellow of African Centre for Cyberlaw and Cybercrime Prevention (ACCP); Advisor to Centre for Law and Technology (Nepal); Member of Advisory Board Centre for Cyber Victim Counselling; Fellow of the Higher Education Academy; Member of Dean’s Council, International Association of Law Schools.

I have been a Visiting Scholar at the Dickinson School of Law, Penn State University. I am visiting Professor of National University of Law, (NLU) India and SGT University, India.

I am the Deputy Editor of International Review of Law Computers and Technology (IRLCT). I also sit on the Editorial Boards of five journals: European Journal of Law and Technology (EJLT); International Journal of Innovation in the Digital Economy; Electronic Journal of e-Government (EJEG); SciFed Journal of Intellectual Property Rights

I regularly receive invitations to speak at national and international conferences and delivered Guest lectures in a large number of Universities both in the UK and abroad concerning all aspects of Information and Technology Law. I have provided consultancy to Cybercrime Research Centre at Nicolaus Copernicus University in Toru?; the Institute for Transport Studies, University of Leeds. I have provided training for policy-makers, government officials and business on E-Commerce Law from around the world. I  worked as an International Consultant for Drafting “Integrated Information Technology Bill” for Nepal (Department of Information Technology, Nepal).

Research Interests

The focus of my research and writing is on “emerging technologies”, especially in the context of the “regulation of cyberspace”. Specifically, I explore how online activities and behaviour can be regulated and how we can provide protection for those using the internet. As a “realist”, I care about the opportunities created by these technologies, in particular ensuring a useful adaptive regulatory framework. I continuously question the political and economic power that technologies offer – a power that can be seised and bought and sold. Who will own these technologies? Who will control them? Who will be ethically responsible for their application and use? My research provokes, and challenges established conventions around regulation.

I am interested in all aspects of regulation of cyberspace and contribute to the critical policy debate around privacy, freedom of expression and innovation. In today’s world, most creative expression takes place on Twitter and Facebook but are they liable for their users’ online activities? Should they be legally responsible for what their users do and say?


I teach in the areas of Information and Technology Law, E-commerce Law, Cybercrime, Intellectual Property Law.

PhD Supervision

I am happy to supervise PhD students in the general areas of my research interests.

Key Publications


  • Basu S, Munns C, Privacy and Healthcare Data: Choice of Control to Choice and Control (Routledge Ashgate, 2015)

    Author URL []

    In order for the information society to realise its full potential, personal data has to be disclosed, used and often shared. This book explores the disclosure and sharing of data within the area of healthcare. Including an overview of how health information is currently managed, the authors argue that with changes in modern society, the idea of personal relationships with a local GP who solely holds and controls your health records is becoming rapidly outdated. The authors aim to encourage and empower patients to make informed choices about sharing their health data. They do this by developing a three-stage theoretical model for change to the roles of the NHS and the individual. The study generates debate to stimulate and inspire new models and policy, and to provoke new visions for the sharing of healthcare data. Such discussion is framed through an exploration of the changing concept of 'privacy' and 'patient control' in healthcare information management. The volume draws on best practices from Europe and the USA and combines these to form a suggested vision for the UK as an early adopter of change. The volume will be essential reading for academics in the field of privacy and data protection, as well as healthcare and informatics professionals across different jurisdictions.

  • Basu S, Global Perspectives on E-Commerce Taxation Law, Markets and the Law (Ashgate, 2007), 1-344

    Author URL []

    It is trite, but true, that taxation of e-commerce is a major concern for international agencies and tax authorities worldwide. In its most advanced form e-commerce allows unidentified purchasers to pay obscure vendors, in ‘electronic cash,’ for products that are often goods, services, and licenses all rolled into one. A payee may be no more than a computer that can take up `residence’ anywhere at the drop of a hat; national boundaries are of no consequence whatsoever. The book looks at the implications of the growth of e-commerce for domestic and international tax systems. It covers a wide array of activities such as discussions on the basic principles that govern direct and indirect taxes, overview of the technological changes that have brought about e-commerce, a concise explanation of how and what happens when e-commerce is conducted, examination of the ways in which businesses are using the new technology in conducting their everyday activities, discussion of the application of existing tax principles to e-commerce, exploration of questions and problems raised by applying tax rules that evolved before e-commerce, and observations and suggestions for a variety of approaches to international tax problems resulting from e-commerce and the associated benefits and problems, since the implications of e-commerce vary from industry to industry, it focus on the broader issues. This book also analyses a number of fast-moving trends in the behaviour of national taxation authorities, web-based companies, certain low-tax (or no-tax) jurisdictions, and international organizations that have significant bearing on the future development of the taxation of e-commerce principally influence of economic organisations like OECD, WTO and EU, in particular the influential OECD ongoing study and the latest and most up to date development in OECD and European Community. It examines how US domestic and international tax rules are being interpreted and adopted in the effort to accommodate e-commerce. How VAT rules in EU countries and other jurisdictions are being restructured. It looks into the issues of revenue loss, specifically into the danger of revenue loss for developing countries. The book also offer solutions and future trends in this field.

Journal articles

  • Omotubora A, Basu S, ‘Regulation for E-payment Systems - Analytical Approaches Beyond Private Ordering’, Journal of African Law 2017 (Accepted)
    Repository URL:

    Author URL []

    Technology-driven payment instruments and services are facilitating the development of e-commerce; however, security concerns beleaguer their implementation, particularly in developing countries. This article considers the limits of private ordering in the regulation of e-payment systems. We use Nigeria to exemplify a developing country that is increasingly pushing for adoption of a regulatory framework for e-payment systems based on private ordering. We argue that although technical standards and self-regulation by the financial industry are important, the law is an essential regulatory mechanism that is largely missing. This article proposes that law be used as a mechanism to set and compel compliance with technical and industry standards, thus building trust, catering to public interest concerns and legitimising the regulatory process.

  • Basu S, ‘International Direct Taxation and E-Commerce: A Catalyst for Reform?’, NUJS Law Review, 10.1 (2017), 19-48
    Repository URL:

    This article critically analyses the challenges e-commerce poses to the traditional source- and residence-based taxation systems. It presents an exploratory study of two fundamental taxation principles that apply to international transactions in general and, more specifically, to e-commerce: the choice of residence-based or source-based taxation in governing the tax treatment of both domestic income accruing to non-residents and foreign income accruing to residents; and use of permanent establishment (PE) status in instituting the economic nexus required to assert jurisdiction over tax business profits. It is argued that in the interpretation and application of the rules, a clear distinction should be made between conceptual and practical issues. While there may be overlap between them, distinct issues exist regarding the normative questions of how and where profits arising from e-commerce should best be taxed as a matter of principle, as well as how such taxes should be implemented. The formulary apportionment of income earned by e-commerce business based on an economically justifiable formula provides a viable solution.

  • Munns C, Basu S, ‘The NHS information revolution: 'choice of control' to 'choice' and 'control’, International Review of Law, Computers and Technology, 27.1-2 (2013), 124-160
    DOI: 10.1080/13600869.2013.764132

    This paper provides a novel and critical analysis of the necessary and important balance between 'individual privacy' and 'collective transparency'. We suggest that the onset of the Information Revolution has created a dilemma for the National Health Service (NHS) in terms of how it addresses its obligation to use information to improve best practice in healthcare for society ('collective transparency') whilst also keeping sensitive personal information confidential ('individual privacy'). There is clearly a need to consider both whether the NHS is balancing this critically important informational relationship and whether its approach is fit for purpose. We argue that the NHS's 'proxy-individual' information guardian role could inadvertently mask individuals' intended roles, effectively circumventing autonomy-based laws by limiting the power of individuals to be autonomous. In this article we have identified three issues-first the prevailing 'Mindset' (the 'M') of 'privacy', which is viewed as individualistic, resulting in an overpowering concept of confidentiality; second, the quality and control of Information (the first 'I'); and third, the concept of innovation (the second 'i'), which is being used as a 'solution' rather than a vehicle for transparency. Indeed, transparency is our target of 'best practice,' and we suggest that individual privacy and collective transparency are best embedded within a complementary privacy framework that offers a better fit than the current split of control between the roles of the NHS and the roles of the individual. It is suggested that when facilitated by transparency, 'control' and 'privacy' form a continuum, aligning through the desire for choice. Therefore, the choice of control could facilitate control and choice. Together, they could replace the concept of privacy by empowering 'informed patients' to support the NHS's 'No decision about me, without me' pledge. © 2013 Copyright Taylor and Francis Group, LLC.

  • Basu S, ‘Stalking the Stranger in Web 2.0: A Contemporary Regulatory Analysis’, European Journal of Law and Technology, 3.2 (2012), 1-36

    Author URL []

    In this article, a virtual, community-based concept of regulation is developed to regulate cyberstalking in Web 2.0. Such a concept offers a novel approach based on three elements fundamental to the discussion of regulation of cyberstalking: (1) the differences between physical stalking and cyberstalking; (2) the character of a virtual community and the effects of social interactions; and (3) the scope of experience and reality. This formulation is based on an expansive view of regulation and “normativity” of a virtual community. The author advocates the formation of codes of conduct based on the “rights and responsibilities” discourse, termed here as “protocols,” which reflect optimal sociological conceptions. The philosophical underpinning of protocols recognises the value of community, essentially the connection between individuals and their community. As such, these protocols will assist in the formation of private laws that are practical and acceptable within the virtual community. The aim of this concept of regulation is to ensure that cyberspace remains a lawful and socially useful space.

  • Basu S, ‘Privacy Protection: A Tale of Two Cultures’, Masaryk University Journal of Law and Technology, 6.1 (2012), 1-34

    The paper provides a novel and critical analysis of privacy as an instrumental notion within social and cultural contexts. The argument suggests there is much utility in a novel multiple-perspective approach to the study of privacy in a socio-legal context. It questions our assumptions about privacy by looking to a differing privacy culture - that of the India. It examines the Indian perception of privacy based on India's cultural values and offers an explanation for why India's concept of privacy is beyond the often dominated public-private dichotomy and why it has implicitly or explicitly affected the agenda for privacy theory by placing some issues in the limelight while leaving others backstage. The importance of the argument is due to its critical assessment of the current European approach (from the EC, ECJ and ECHR) where privacy is regarded as an inalienable right with a concrete psychological foundation. I argue that privacy interests are far more extensive and deeper than the European definition which can at best capture only some of the issues which require elucidation when we litigate over privacy.

  • Basu S, Duffy J, Pearson K, ‘Older people and legal advice – the need for joined up and creative approaches’, Journal of Social Welfare and Family Law, 34.1 (2012), 31-37
    DOI: 10.1080/09649069.2012.675463, Repository URL:

    This paper reports the findings from research conducted with older people in Northern Ireland which investigated whether their needs for legal information and advice were being met. One of the unique aspects of the research involved investigating the potential of the internet as a possible source for advising older people in relation to legal problems. The findings suggest that on-line legal information may frequently assist older people in identifying potential answers to their legal questions, but may not be an adequate substitute for personal communication and advice. The research also highlights the need for professionals to work together to meet the needs of older persons for legal advice and to safeguard their interests. Such “joined up” approaches are particularly important, for example, at the point of dementia diagnosis, where information sharing between health and social care professionals may significantly promote the legal and welfare interests of the older person at a vulnerable point in their lives. This paper therefore turns to work by university-based legal clinics in the United States, such as the Elder law Clinic at Pennsylvania State University, where social work or health care professionals, lawyers and law students collaborate to support older people in their search for resolution of legal problems.

  • Basu S, Duffy J, ‘Providing Legal Information and Advice to Older People: as much a question of accessibility as affordability’, European Journal of Law and Technology, 1.3 (2010), 1-32
    Repository URL:

    No continent has as high a proportion of older people as Europe. In this paper, we report the findings of an empirical project examining the legal advice needs of older people. An important element of the project also sought information about the capacity of the internet for meeting the legal advice needs of older people. Overall our findings broadly indicate considerable failings in legal information provision for older people from more traditional advice sources. Whilst we have uncovered some examples of individualised good practice,our research in the main revealed an alarming sense of fear, mistrust, uncertainty and ambivalence among older people towards accessing legal advice. The research was funded by the Changing Ageing Partnership (CAP). We believe our findings have broad implications and applicability across Europe.

  • Basu S, ‘Implementing E-Commerce Tax Policy’, British Tax Review 2004, 46-69


  • Basu S, Jones R, ‘Regulating Cyberstalking’, in Crimes of the Internet, ed. by Schmalleger F and Pittaro M, 1 (USA: Prentice Hall, 2008), 1, 141-165


  • Duffy J, Basu S, Davidson G, Pearson KC, Review of legislation and policy guidance relating to adult social care in Northern Ireland, (Commissioner for Older People for Northern Ireland (COPNI), 2015), 1-98
    DOI: 10.13140/RG.2.2.11269.86247, Repository URL:

    Author URL []

    Multi-disciplinary research project is commissioned by the Commissioner for Older People for Northern Ireland to provide a piece of research to review the current position in terms of policy guidance and law and practice in adult social care in Northern Ireland and to make suggestions, based in part on comparing with best practice in other jurisdictions, to the Commissioner, as to the best way to reform the legislation. The legislative review found: 1. Current legislation and policy guidance surrounding Adult Social Care is outdated, confusing and fragmented in Northern Ireland. Definitions and terminology used in the legislation need updated to fully reflect and meet the needs of modern society. 2. The effect of the out of date legislation and policy position is to disadvantage older people in both understanding what social care services are available to them and in terms of how to access these services. 3.Early intervention to assess need is key together with the provision of necessary support to enable older people to be fully involved in decisions about their future care needs. A preventative type of “Support Visit”, similar to that currently offered in Scandinavia, to all over 75 year olds, would enable information and support to be shared and assessments conducted in a more controlled, proactive and consistent way.

Media Contact Areas

  • Regulation of Cyberspace
  • Data Protection
  • Privacy and Freedom of Expression Issues related to Social Networking Sites
  • Big Data
  • Cybercrime
  • Digital Divide
  • Regulation of emerging Technologies
  • E-commerce: Data Protection, Consumer Protection, Taxation, Trust 

© Copyright Leeds 2018