wordpress blog stats
Connect with us

Hi, what are you looking for?

Will companies protect user rights when faced with threats of criminal liability from law enforcement agencies? #NAMA

Nikhil Pahwa posed a question on personal criminal liability imposed upon companies and if it needs to be addressed in the Digital India Act

“There have been too many cases of this happening…criminal liability specifically without categorizing what harm has been caused…One step back is to say the government wants someone to catch, and they feel that often they are not able to catch somebody. But the other side is like criminal liability seems too draconian,” observed Venkatesh Krishnamoorty from BSA, The Software Alliance, while speaking as a panelist at MediaNama’s MarketsNama conference on May 19, 2023.

MediaNama Editor Nikhil Pahwa posed a question on personal criminal liability imposed upon companies and whether it is something that needs to be addressed in the Digital India Act. The question was important in the context of challenges that arise for companies, service providers and platforms when they are faced with threats of legal proceedings in situations wherein a user has raised a complaint or if they fail to meet the requests of the enforcement agencies, and in other cases, which involve investigation of crimes conducted by third-party actors.

STAY ON TOP OF TECH POLICY: Our daily newsletter with top stories from MediaNama and around the world, delivered to your inbox before 9 AM. Click here to sign up today! 

We have covered the initial part of the discussion wherein the panelists touched upon the inconsistencies in the practice of law and the broad nature of requests that roughen the cooperation between the two parties.

Note: Under Section 6 of the IT Rules 2021, any other intermediary other than a significant social media intermediary is required to meet due diligence requirements laid out under Section 4 of the rules. This includes appointing a Chief Compliance Officer who shall be responsible for ensuring compliance with the IT Act and rules and shall be liable in proceedings relating to any “relevant third-party information, data or communication link made available or hosted by that intermediary where he fails to ensure that such intermediary observes due diligence while discharging its duties”.

Advertisement. Scroll to continue reading.

On the process of requesting data: Responding to Pahwa’s question, Shekhar, a discussant who has dealt with law enforcement agencies for over a decade, pointed out that the situation currently is not too informal or random. He states that initially, there was not enough awareness among law enforcement agencies on what kind of requests must be sent to which service providers, and companies did not know how to respond to some of these requests. But, according to Shekhar, the process is becoming more streamlined with every district having their own cyber cell, companies having their own platforms to register these complaints and ground-level cops becoming more tech-savvy.

As he discusses the procedural aspects of cooperation, Shekhar hints at certain formal and informal engagements with law enforcement agencies in cases where aspects of national security are involved. To this, Pahwa questioned whether these procedures must be codified in law and made public for greater transparency. One of the reasons for this is, there are greater chances of illegal requests for data being made, which have a direct impact on a user’s fundamental rights like privacy, for example, requests for real-time data of a citizen’s location.

As Pahwa pointed out, the most important question that needs attention in this discussion is, what prevents a company from sharing the live location data of an individual upon a law enforcement request? And will any company want to take on a law enforcement agency that can have potential criminal liability charges against an employee? While the discussants discussed various aspects of the procedure laid out under Section 91 of the Code for Criminal Procedure, there’s no substantial take on whether there’s any provision under law that may provide sufficient safeguards for users against potential infringement upon their rights.

On oversight mechanism for surveillance:

As the discussants touched upon the data that the government aims to access, formally or informally, they also talked about targeting end-user devices for surveillance, for example, the Pegasus case, wherein spyware was reportedly deployed against Indian journalists, activists and other citizens. When asked about what must an oversight mechanism for surveillance entail, panelist Krishnamoorty stated that one of the things that the Digital India Act must focus on is to provide provisions for “narrowly tailored” requests by the law enforcement agencies and the specifics of the safeguards for companies and individuals from misuse of these powers. These, he explains, must consider points like specifics of data to be accessed, safeguards and thresholds for real-time monitoring, interception and judicial oversight for such requests.

He also emphasises the need to align the framework for privacy laid out under the Puttaswamy judgment and the need for international cooperation agreements, specifically with respect to law enforcement under the Digital India Act.

Advertisement. Scroll to continue reading.

“If there is any leeway for committee analysis or things that could compare different legislations, provisions for government to embark in those exercises, it may not come through an act, it won’t, but there could be provisions to do things around that,” he added.

This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.

Also Read:


Written By

Curious about privacy, surveillance developments and the intersection of technology with education, caste and welfare rights.

Click to comment

You must be logged in to post a comment Login

Leave a Reply

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Is it safe to consider all "publicly available data" as public?


PhonePe launched an e-commerce buyer app for ONDC called Pincode. We, however, believe that it should also launch a seller app.


Amazon announced that it will integrate its logistics network and SmartCommerce services with the Open Network for Digital Commerce (ONDC).


India's smartphone operating system BharOS has received much buzz in the media lately, but does it really merit this attention?


After using the Mapples app as his default navigation app for a week, Sarvesh draws a comparison between Google Maps and Mapples

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ