Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

respondent side memorial, Transcriptions of Civil Law

it's a memorial of moot court and very helpful to understand

Typology: Transcriptions

2023/2024

Uploaded on 09/16/2024

the-creon-bug
the-creon-bug 🇮🇳

1 document

1 / 30

Toggle sidebar

Related documents


Partial preview of the text

Download respondent side memorial and more Transcriptions Civil Law in PDF only on Docsity! 9 TEAM CODE – TN324 THE 3RD SYMBIOSIS HYDERABAD NATIONAL MOOT COURT COMPETITION, 2018 Before THE HONORABLE HIGH COURT OF CITY OF JOY UNDER ARTICLE 226 OF THE CONSTITUTION OF NARNIA, 1950. W.P. ______/ (2018) IN THE MATTER OF MR. TRUE LIES…………………………………………………………………….PETITIONER VERSUS UNION OF NARNIA AND ANOTHER...…………………………………...............RESPONDENT 1. UNION OF NARNIA………………...……………….……………..…...RESPONDENT NO.1 2. SAYPM……………………………………………………………..…..RESPONDENT NO.2 MEMORANDUM FOR THE RESPONDENTS DRAWN AND FILED BY COUNSEL ON BEHALF OF RESPONDENTS I Memorandum on behalf of the Respondent TABLE OF CONTENTS TABLE OF CONTENTS ........................................................................................................... I LIST OF ABBREVIATIONS .................................................................................................. III INDEX OF AUTHORITIES..................................................................................................... V STATEMENT OF JURISDICTION.......................................................................................... 1 STATEMENT OF FACTS ........................................................................................................ 2 ISSUES RAISED ....................................................................................................................... 3 1. WHETHER THE WRIT PETITION IS MAINTAINABLE OR NOT. ............................ 3 2. WHETHER THE GOVERNMENT AND SAYPM ACTED IN COLLUSION AND VIOLATED THE RIGHT TO PRIVACY OF THE CITIZENS UNDER ARTICLE 21 OF THE CONSTITUTION OF NARNIA. .................................................................................. 3 3. SAYPM HAS VIOLATED THE CONTRACT AND DATA PROTECTION LAWS OF NARNIA IN A MANNER THAT IMPACTED PUBLIC INTEREST AT LARGE. ........... 3 SUMMARY OF ARGUMENTS ............................................................................................... 4 ARGUMENTS ADVANCED ................................................................................................... 5 ISSUE 1: THAT THE WRIT PETITION IS NOT MAINTAINABLE. ................................... 5 1.1 THE PETITIONER HAS NO LOCUS STANDI ............................................................ 5 1.2 THERE IS NO PUBLIC INTEREST INVOLVED AND NO VIOLATION OF FUNDAMENTAL RIGHTS HAS OCCURRED. ................................................................. 6 1.3 THE HIGH COURT LACKS THE AUTHORITY TO DO COMPLETE JUSTICE…………………………………………………………………………………...6 ISSUE 2: THAT THE GOVERNMENT AND SAYPM HAVE NOT ACTED IN COLLUSION AND THE RIGHT TO PRIVACY OF THE CITIZENS UNDER ARTICLE 21 OF THE CONSTITUTION OF NARNIA HAS NOT BEEN VIOLATED. ............................. 8 2.1 NO NEXUS CAN BE ESTABLISHED BETWEEN THE GOVERNMENT AND SAYPM. ................................................................................................................................. 8 2.1.1 DEMONETISATION WAS NOT AN ACT DRIVEN BY COMMERCIAL PROPOGANDA .................................................................................................................. 8 IV Memorandum on behalf of the Respondent • Sec. : Section • S.C.C. : Supreme Court Cases • S.C.R. : Supreme Court Review • Supp. : Supplement • T.N. : Tamil Nadu • U.P : Uttar Pradesh • U.S. : United States • U.K. : United Kingdom • U.O.I. : Union of India • USA : United States of America • UDHR : Universal Declaration of Human Rights • Vol. : Volume • v/vs : Versus • W.B : West Bengal • WP : Writ Petition • W.L.R. : Weekly Law Reports V Memorandum on behalf of the Respondent INDEX OF AUTHORITIES CASE LAWS 1. Ajay Hasia Etc vs Khalid Mujib Sehravardi & Ors.,1981 AIR 487 (India). ............... 26 2. Ashok Kumar Pandey v. State of W.B., 2004 (3) SCC 349 (India). ........................... 12 3. Barada Kanta v. State of West Bengal, AIR 1963 (Cal.) 161 (India). ......................... 14 4. Bareilly Develpoment Authority & Anr. v. Ajai Pal Singh & Ors., 1989 AIR 1076 (India). .......................................................................................................................... 15 5. Bata India Ltd. v. A.M. Turaz & Ors., 2013 53 PTC 536 (India)................................ 18 6. Binny v. Sadasivan, 2005 (6) S.C.J. 15 (India)............................................................ 26 7. C.S Rowjee v. State of Andra Pradesh, AIR 1964 SC 962 (India). ............................. 13 8. Central Inland Water Transport Corporation Ltd. V. Brojo Nath, A.I.R 1986 S.C 1571 (India). .......................................................................................................................... 25 9. Court on its own motion vs State, 146 (2008) DLT 429 (India).................................. 19 10. Damodar S. Prabhu v. Sayed Babalal, AIR 2010 SC 1907 (India). ............................ 13 11. District Registrar and collector v. Canara Bank, AIR 2005 SC 186 (India). ............... 18 12. Divisional Manager, Aravalli Golf Club and Anr. v. Chander Hass and Anr, (2008) 1 SCC 683 (India). .......................................................................................................... 14 13. Forrest v. Verizon Comm., Inc., 805 A 2d 1007, 1011 (DC 2002). ............................ 24 14. I. Lan Systems, Inc. v. Netscout Level Corp., 183 F. Supp. 2d 328 (2008). ............... 24 15. Indian Airlines Corporation v. Madhuri Chaudhary, A.I.R. 1965 Cal 252 (India). .... 24 16. Janata Dal v. H.S. Chowdhary and Ors., (1992) 4 SCC 305 (India). .......................... 13 17. Jasbhai Motibhai Desai v. Roshan Kumar, Haji Basheer Ahmed and Ors., (1976) 1 SCC 671 (India). ................................................................................................................... 12 18. Jogeswar Swain v. Union of India, 2005 (3) JKJ 143 (India). ..................................... 25 19. K.S. Puttaswamy v. Union of India, LNIND 2017 SC 420 (India). ............................ 16 20. Kartar Singh v. State of Punjab, AIR 1967 SC 1643 (India). ...................................... 14 21. Kerala State Electricity Board v. Kurien E. Kallathil, (2018) 4 SCC 793 (India) ....... 15 22. Kesavananda Bharati and Ors. v. State of Kerala and Anr. (1973) 4 SCC 225 (India). ...................................................................................................................................... 14 23. Lachoo Mal v. Radhey Shyam, 1971 A.I.R. 221 (India). ............................................ 25 24. M Kheri v. M Hamid Ali Gardish, AIR 1940 Oudh 137 (India). ................................ 19 25. Miami herald v. Tornillo, (1974) 418 US 241. ............................................................ 19 26. Official Trustee v. Sachindra Nath Chatterjee, (1969) 3 SCR 92 (India). ................... 14 VI Memorandum on behalf of the Respondent 27. Pandey Surindra Nath Sinha v. Bageshwari Pd., 1961 AIR (Pat) 164 (India). ........... 18 28. R&M Trust v. Koramangala Residents Vigilance Group, AIR 2005 SC 894 (India). 12 29. R. Rajagopal v. State of T.N., 6 S.C.C. 632 (1994) (India) ......................................... 17 30. R. Rajagopal v. State of T.N., 6 S.C.C. 632 (1994) (India). ........................................ 17 31. R. v. Godolphin, (1838) 8 A. & E. 338 (344) (USA). ................................................. 14 32. R. v. Harland, (1838) 8 A. & E. 826 (829-830). .......................................................... 14 33. Ratanchand Hirachand v. Askar Nawaz Jung, A.I.R 1976 A.P. 112 (India). .............. 25 34. Re Flether’s Appliction, (1970) 2 AER 527n .............................................................. 14 35. S. Raja Chetty v. Jaggannathadas Govinda and Anr., (1949) 2 MLJ 694 (India). ...... 25 36. State of Bihar v. Bal Mukund Shah, (2000) 4 SCC 640 (India) .................................. 14 37. State of UP v. Bridge and Roof, (1996) 6 SCC 22 (India) .......................................... 15 38. State of Uttaranchal v. Balwant Singh Chaufal & Ors., (2010) 3 SCC 402 (India). ... 12 39. State of West Bengal & Ors. v. Committee for protection of Democratic Rights, West Bengal & Ors., AIR 2010 SC 1476 (India). ................................................................. 14 40. The Post Master General and Gangaram v. Chenmal Mayachand, (1941) 43 BOM LR 758 (India). ................................................................................................................... 25 41. U. Kesavulu Naidu v. Arithulai Ammal, (1912) ILR 36 Mad 533 (India). ................. 28 42. Vishaka & Ors. v. State of Rajasthan and Ors., AIR 1997 SC 3011 (India) ............... 14 STATUTES, LEGISLATIONS & INTERNATIONAL CONVENTIONS 1. Chapter VI, Privacy Principles, CIC Regulations. ....................................................... 21 2. Clause 37.2, Unified License Agreement. ................................................................... 22 3. Clause 39.17, Unified License Agreement. ................................................................. 22 4. INDIA CONST. art. 19 cl. 1(a).................................................................................... 17 5. INDIA CONST. art. 21. ............................................................................................... 15 6. Indian Contract Act, § 2 cl. a (India. 1872). ................................................................ 23 7. Information Technology (Amendment) Act, 2008. ..................................................... 20 8. Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. ................................................................ 20 9. Information Technology Act, § 11 (India. 2000). ........................................................ 23 10. Information Technology Act, § 43. cl. a. (India. 2008). .............................................. 20 11. Information Technology Act, § 72. cl. a. (India. 2008). .............................................. 20 12. PEN. CODE. 1860. ...................................................................................................... 20 2 Memorandum on behalf of the Respondent STATEMENT OF FACTS I. BACKGROUND SayPM being a digital wallet company offering e-payment services, akin to a necessary public utility, collects sensitive data from its users such as bank account and card details for access to its services. It claims to be in compliance with the applicable data protection laws. However, the consent form which users need to agree to before using the services is lengthy and complex. II. ALLEGED NEXUS AND DATA BREACH During demonetization, SayPM advertised using the PM’s photograph which was widely criticized and led to various PILs alleging a commercial propaganda. AnacondaPole, famous for its investigative journalism, conducted an investigation during which Mrs. Money Bag in a drunken conversation, allegedly claimed receiving a call from the PMO demanding user data before the General Elections. Mrs. Money Bag also claimed to have an association with the PMO and that the PM had written a book which was being sold on SayPM regarding which the PM demanded user data and some other information. However, the claim was not substantiated. The transcripts and video clips were released on social media. SayPM claimed that their user data being 100% secure has not been shared with anyone except law enforcement agencies on request, the names of which were not released. Also, Allegedly the PM’s own mobile app “SayMo” transferred user data to a few foreign companies for data analytics. While this was denied by the PMO, no investigation was conducted. III. UPDATED PRIVACY POLICY SayPM revised its privacy policy including a new clause allowing them to share user data on their sole discretion to any 3rd party. The users who did not consent to this clause were blocked from using the app. SayPM claimed that the data was shared as per the contract, only for necessary purposes, in compliance with the existing laws. Money of the users in the wallet will not be blocked entirely but can be transferred back into their bank A/c by paying a minor fee. IV. THE RESULTED LITIGATION Due to rising concerns regarding data protection, Mr. True Lies filed a PIL by way of a WP in the HC of City of Joy, alleging the violation of Right to Privacy guaranteed under Art. 21 of the Constitution and the provisions of the IT Act. SayPM was made a party to the WP. Hence, the matter is presented before this Hon’ble Court. 3 Memorandum on behalf of the Respondent ISSUES RAISED I. WHETHER THE WRIT PETITION IS MAINTAINABLE OR NOT. II. WHETHER THE GOVERNMENT AND SAYPM ACTED IN COLLUSION AND VIOLATED THE RIGHT TO PRIVACY OF THE CITIZENS UNDER ARTICLE 21 OF THE CONSTITUTION OF NARNIA. III. SAYPM HAS VIOLATED THE CONTRACT AND DATA PROTECTION LAWS OF NARNIA IN A MANNER THAT IMPACTED PUBLIC INTEREST AT LARGE. 4 Memorandum on behalf of the Respondent SUMMARY OF ARGUMENTS ISSUE 1: THE WRIT PETITION IS NOT MAINTAINABLE. It is most humbly submitted before this Hon’ble HC that the writ petition is not maintainable as Mr. True Lies has no locus standi and this writ petition does not a involve general question of public interest. Moreover, Mr. True Lies has a personal hidden motive in this petition. Lastly, High Court lacks the authority to do complete justice. ISSUE 2: THE GOVERNMENT AND SAYPM HAVE NOT ACTED IN COLLUSION AND THE RIGHT TO PRIVACY OF THE CITIZENS UNDER ARTICLE 21 OF THE CONSTITUTION OF NARNIA HAS NOT BEEN VIOLATED. It is most humbly submitted before this Hon’ble Court that the Government and SayPM have not acted in collusion and the right to privacy of the citizens has not been violated. No nexus can be substantiated on the basis of assumptions and allegations, such as demonetisation being alleged as a commercial propaganda. Moreover, the fundamental right of the respondents under the Constitution has been violated by the sting operation. Lastly, the existing laws of Narnia are sufficient to ensure data protection of the citizens of Narnia and users of mobile apps such as SayPM and SayMo. ISSUE 3: SAYPM HAS NOT VIOLATED THE CONTRACT AND DATA PROTECTION LAWS OF NARNIA IN A MANNER THAT IMPACTED PUBLIC INTEREST AT LARGE. It is most humbly submitted before this Hon’ble Court that there is valid contract between SayPM and its customers, as the customers have consented for the terms and conditions. Moreover, the customers can voluntarily waive off their statutory rights, which won’t lead to a breach of contract. Lastly, there is no violation of any data protection laws affecting the general public at large as SayPM has complied with all the laws and rules and regulation while dealing with the sensitive personal data of the customers. 7 Memorandum on behalf of the Respondent there is a legislative vacuum which would be justified. A similar line of reasoning has also been found in other cases as well.12 9. Therefore, it is submitted that framing or any subsequent direction of such measure will amount to judicial legislation which is not permissible considering High Court’s lack of authority to do complete justice as compared to the Supreme Court. Under the Constitution of Narnia, the Legislature, Executive and Judiciary have their own broad spheres of operation.13 In State of Bihar v. Bal Mukund Shah14, separation of Powers has been held to be part of the Basic Features of the Constitution15. It is not proper for any of these three organs of the State to encroach upon the domain of another.16 10. The respondent also submits that for a court to be regarded as having jurisdiction to decide a particular matter, the court with the jurisdiction to try the action must also have the authority to pass the order sought.17 In the instant case, even if we assume that the Hon’ble High Court has the jurisdiction to try the action, the court does not have an authority to intervene into the functioning of the legislature, and thus cannot direct the legislature to make a law and therefore to bring a law on data protection. 11. Before granting Writ of Mandamus the Court must be satisfied that- (i) The tribunal has jurisdiction to make the order sought18 (ii) The order may be enforced if resisted19 (iii) The exercise of the power is obligatory.20 It is contended that the court is not a competent authority in this case to issue Writ of Mandamus against SayPM. In the case of Barada Kanta v. State of West Bengal21, it was held that a Writ of Mandamus cannot be issued against an individual person or any private organisation because they are not entrusted with a public duty. In the instant case, SayPM has been stated as akin to a necessary public utility in Narnia, which means that is has characteristics similar to that of a public utility, but this fact cannot be moulded as to assume that SayPM has been entrusted with a public duty or carries out a public duty. The duty of SayPM is in personam i.e. only towards its customers and not public in rem. Hence, no writ can be issued against SayPM. Lastly, it is a settled 12 Vishaka & Ors. v. State of Rajasthan and Ors., AIR 1997 SC 3011 (India); Vineet Narain v. Union of India AIR 1998 SC 889 (India). 13 Ram Jawaya v. State of Punjab, AIR 1955 SC 549 (India); Kartar Singh v. State of Punjab, AIR 1967 SC 1643 (India). 14 State of Bihar v. Bal Mukund Shah, (2000) 4 SCC 640 (India); State of West Bengal & Ors. v. Committee for protection of Democratic Rights, West Bengal & Ors., AIR 2010 SC 1476 (India). 15 Kesavananda Bharati and Ors. v. State of Kerala and Anr. (1973) 4 SCC 225 (India). 16 Divisional Manager, Aravalli Golf Club and Anr. v. Chander Hass and Anr, (2008) 1 SCC 683 (India). 17 Official Trustee v. Sachindra Nath Chatterjee, (1969) 3 SCR 92 (India). 18 R. v. Godolphin, (1838) 8 A. & E. 338 (344) (USA). 19 Id. 20 Re Flether’s Appliction, (1970) 2 AER 527n; R. v. Harland, (1838) 8 A. & E. 826 (829-830). 21 Barada Kanta v. State of West Bengal, AIR 1963 (Cal.) 161 (India). 8 Memorandum on behalf of the Respondent law that disputes relating to contracts cannot be agitated under Article 226 of the Constitution of India.22 12. The Respondent therefore contends that PIL shall not be used for private or political motive. The allegations made by the petitioners are vague and indefinite and are made with a political motive. Allowing such PIL will be an abuse of the process of the court. There is not an iota of truth in the allegations and all the averments of the petitioners are completely baseless. Hence, the PIL is not maintainable. ISSUE 2: THAT THE GOVERNMENT AND SAYPM HAVE NOT ACTED IN COLLUSION AND THE RIGHT TO PRIVACY OF THE CITIZENS UNDER ARTICLE 21 OF THE CONSTITUTION OF NARNIA HAS NOT BEEN VIOLATED. 13. It is humbly submitted that the Right to Privacy of the citizens of Narnia under Article 2123 of the Constitution has not been violated. The contentions of the counsels on behalf of the petitioners is vehemently denied. 2.1 NO NEXUS CAN BE ESTABLISHED BETWEEN THE GOVERNMENT AND SAYPM. 14. It is humbly submitted that there is no established nexus between the Government and SayPM. A nexus between the above mentioned parties cannot be established on the basis of vague statements and illogical assumptions. 2.1.1 DEMONETISATION WAS NOT AN ACT DRIVEN BY COMMERCIAL PROPOGANDA 15. It is humbly submitted that post demonetisation, usage of the Prime Minister’s photograph for advertisements by SayPM does not establish any commercial nexus on their part, as the allegation was refuted while clearly stating that above mentioned act was done to promote the positive effects of demonetisation on the citizens, and not with any mala fide intention.24 Also, no commercial propaganda has been directed towards in the fact sheet of the instant case. 16. It is humbly submitted that demonetisation cannot be assumed to be an act driven by a commercial propaganda between the above mentioned parties, as it was an act solely 22 Kerala State Electricity Board v. Kurien E. Kallathil, (2018) 4 SCC 793 (India); State of UP v. Bridge and Roof, (1996) 6 SCC 22 (India); Bareilly Develpoment Authority & Anr. v. Ajai Pal Singh & Ors., 1989 AIR 1076 (India). 23 INDIA CONST. art. 21. 24 ¶ 2, Compromis. 9 Memorandum on behalf of the Respondent executed for the eradication of black money. It is implied that e-transactions will increase after such an act, and SayPM being a body corporate established solely for e-commercial purposes, will have positive repercussions of such an act. 2.1.2 ALLEGED DATA BREACH 17. It is humbly submitted that there was no breach of data protection by the Respondents. As stated in the instant case, AnacondaPole, famous for its investigative journalism, conducted an investigation during which Mrs. Money Bag in a drunken conversation, allegedly claimed receiving a call from the PMO demanding user data before the General Elections.25 Mrs. Money Bag also claimed to have an association with the PMO and that the PM had written a book which was being sold on SayPM regarding which the PM demanded user data and some other information.26 Also, Allegedly the PM’s own mobile app “SayMo” transferred user data to a few foreign companies for data analytics. While this was denied by the PMO, no investigation was conducted.27 It is humbly submitted that none of the allegations against SayPM were substantiated with actual evidence and hence cannot be admissible in Court. 18. As for SayMO, being in the official capacity of the PMO, the counsel would like to draw attention to the Principle of Proportionality as laid down in the Puttaswamy case28, which states that “The right to privacy as already observed is not absolute. The right to privacy as falling in part III of the Constitution may, depending on its variable facts, vest in one part or the other, and would thus be subject to the restrictions of exercise of that particular fundamental right. National security would thus be an obvious restriction, so would the provisos to different fundamental rights, dependent on where the right to privacy would arise. The Public interest element would be another aspect.”29 19. It has been held in the above mentioned case, that with respect to the European Union Regulation of 201630, restrictions of the right to privacy maybe justifiable in certain circumstances, one of them being “Public interest including scientific or historical research purposes or statistical purposes”31. Hence, it is contended that the data being sent for analytical and statistical purposes falls under the above stated exemption and does not encroach upon the Right to Privacy of the users of the app. 25 ¶ 5, Compromis. 26 ¶ 6, Compromis. 27 ¶ 9, Compromis. 28 K.S. Puttaswamy v. Union of India, LNIND 2017 SC 420 (India). 29 Id. 30 JOHN STUART MILL, ON LIBERTY 13 (1859). 31 Supra note 28. 12 Memorandum on behalf of the Respondent AnacondaPole should have informed law enforcement agencies before releasing the video and transcripts on social media, instead of taking the law in their own hands and giving rise to sensationalism. 28. In District Magistrate, Kheri v. M. Hamid Ali Gardish,42 the Division Bench of the Oudh Chief Court observed, “The special privilege of the press is a time-worn fallacy and the sooner the misconception that the press is not accountable to the law is removed the better it will be. No editor has a right to assume the role of investigator or try to prejudice the court against any person”. It is humbly submitted that the obiter dicta of the Supreme Court in Rajagopal case,43 it can be reasonably gauged that sting operations are not legal in India, as it would defeat the purpose of privacy. 29. The press is the servant, not the master, of the citizenry, and its freedom does not carry with it an unrestricted hunting license to prey on the ordinary citizen.44 In plain English, freedom carries with it responsibility even for the press; freedom of the press is not a freedom from responsibility for its exercise. Without a lively sense of responsibility, a free press may readily become a powerful instrument of injustice. 30. In a recent case, Court on Its Own Motion v State45, the Delhi HC laid down certain guidelines to be followed by agencies carrying out sting operations. • A sting operation must have the sanction of an appropriate authority. Since no such authority exists in India, and until it is set up, a sting operation by a private person or agency, ought to have the sanction of a court of competent jurisdiction. • A channel proposing to broadcast a sting operation should obtain prior permission from a committee appointed by the Ministry of Information and Broadcasting, to broadcast the sting operation by producing unedited tapes. • The reports should not be such as to create panic. Certain standards having regards to sentiments of the viewers should be observed by media. It is imperative that such guidelines are followed or carried out. 31. It is humbly submitted that in countries like US and UK, sting operations are usually deemed a legal method of law enforcement, albeit in a limited way (which incidentally, is not the case in India). Since we do not have law for regulating sting operations there is a possibility to abuse the process. Therefore, sting operations do not have a blanket of immunity from criminal prosecution, even if the sting was done for larger public good. 42 M Kheri v. M Hamid Ali Gardish, AIR 1940 Oudh 137 (India). 43 Supra note 25. 44 Miami herald v. Tornillo, (1974) 418 US 241. 45 Court on its own motion vs State, 146 (2008) DLT 429 (India). 13 Memorandum on behalf of the Respondent 32. Hence, it is humbly submitted no nexus can be established between the Government and SayPM on the basis of the act of demonetisation or the sting operation, as all statements made were mere allegations or were vague and without proper evidence, and also encroach upon the Fundamental Rights of the Respondents. 2.2 THE EXISITNG DATA PROTECTION REGIME IS SUFFICIENT TO PROTECT THE USERS OF SAYPM AND OTHER SIMILAR MOBILE APPLICATIONS. 33. It is humbly submitted that it was in 2017, that Right to Privacy was declared as a fundamental right under Article 21 of the Constitution. There have been various judicial and legislative developments regarding Right to Privacy and data protection. Although Narnia is at a nascent stage in the overall data privacy and protection regime, avenues under the law of torts and Indian Penal Code46 have always existed. The concepts of data privacy and data protection have been given focused attention through provisions of the IT Act after the amendments in 2009 (Information Technology (Amendment) Act, 2008)47 and subsequently in 2011 (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 201148, forming the main laws governing data protection and information technology in India. • AMENDMENTS IN THE INFORMATION TECHNOLOGY ACT, 2000. 34. The Information Technology (Amendment) Act, 2008, brought into existence provisions such as section 43-A49 and Section 72-A50. However, as per the amendment in 2011, section 43-A51 of the IT Act primarily focuses on ‘reasonable security practices and procedures’ and ‘sensitive personal data or information’ (SPDI)52. Section 72-A53 of the IT Act mandates punishment for disclosure of ‘personal information’ in breach of lawful contract or without the information provider’s consent. This laid down the foundation for the data privacy law in India and steered the thought process in the direction of data privacy and protection. 35. It is humbly submitted that the Ministry of Electronics and Information Technology released the White Paper on the proposed ‘data protection regulatory framework for India’ 46 PEN. CODE. 1860. 47 Information Technology (Amendment) Act, 2008. 48 Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. 49 Information Technology Act, § 43. cl. a. (India. 2008). 50 Information Technology Act, § 72. cl. a. (India. 2008). 51 SPDI Rules, § 72 cl. A. 52 Supra note 48. 53 Supra note 50. 14 Memorandum on behalf of the Respondent in November 201754, which discussed various aspects of data protection and analysed pertinent issues from the perspective of laws in several jurisdictions. Some of key issues that find a prominent place in the white paper are the territorial jurisdiction under the proposed law, nature of personal data and sensitive personal data protected and the rights associated therewith, cross border flow of data and authorities responsible for controlling and processing data. • CIC ACT. 36. The CIC Act, along with the CIC Regulations, has the most comprehensive provisions on data protection in the financial sector. The CIC Act primarily applies to credit information companies (CICs) and recognises them as collectors of information.55 The CIC Act imposes an obligation on CICs to adhere to privacy principles at the stage of collection, use and disclosure of credit information56, and requires them to ensure that credit information held by them is accurate, complete and protected against loss or unauthorised use, access and disclosure.57 The CIC Regulations impose an obligation on CICs to ensure data security and secrecy. It also requires them to adhere to a large number of recognised data protection principles such as: data collection limitation, data use limitation, data accuracy, data retention and access and modification.58 • RBI CIRCULARS 37. The KYC (Know Your Customer) norms limits the categories of information that banks and financial institutions can seek from their customers.59 Once such information is collected, there is an obligation with the banks to keep it confidential.60 • TELECOM SECTOR 38. Data protection norms in the telecom sector are primarily dictated by the Unified License Agreement (ULA) issued to Telecom Service Providers (TSP) by the Department of Telecommunications (DoT). The format in which, and the types of information that are to be collected from the individual is prescribed by the DoT.61 A TSP has an obligation to 54 Justice B.N. Srikrishna Committee, ‘White paper of the committee of experts on a data protection framework for India’, November 27, 2017. 55 Regulation 2(b), CIC Regulations. 56 Section 20, CIC Act. 57 Section 19, CIC Act. 58 Chapter VI, Privacy Principles, CIC Regulations. 59 RBI Master Direction on Know Your Customer (KYC) Direction, 2016 dated 25 February 2016, updated as on 8 July 2016, available at: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=10292&Mode=0 (last accessed 13 November 2017). 60 RBI Master Circular on Customer Service in UCBs dated 1 July 2015, available at: https://www.rbi.org.in/scripts/BS_ViewMasCirculardetails.aspx?id=9863, (last accessed November 5, 2017). 61 Clause 39.17, Unified License Agreement. 17 Memorandum on behalf of the Respondent 46. Clickwrap Agreements72 have been enforced because the consumer has manifested assent to the terms of the agreement by clicking the “I agree” button. The prospective consumer does need to be given reasonable notice of the contract terms, but as long as the vendor does not hide those terms, courts are likely to find reasonable notice was given.73 47. In dealing with the case74 of a passenger travelling by plane in India which crashed causing death of passenger, his widow sued for the damages where the air ticket exempted the carrier from liability on account negligence of the carrier were duly brought to the notice of the passenger and that he had every opportunity to know them. The exemption clause in the contract was good by all the terms and conditions. 48. Further, In the case of Forrest v. Verizon Comm., Inc.75, the court has relied on the traditional notion of a contract law that “ one who signs a contract is bound by a contract which he has a opportunity to read whether he does so or not” and hence, modernizing this, court stated that “the use of a ‘scroll box’ in the electronic version that displays only part of the agreement at any one time [is not] inimical to the provision of adequate notice and same can be applied here. Hence it is contended that in the instant case, the customers had the opportunity to read the terms and conditions, and have given their consent by clicking “I Agree” button post such opportunity hence, the terms and conditions are binding on them. 49. In the instant case, a valid e-contract has been constituted between the customers and SayPM as it fulfils all the requirement of Section 10 of the Indian Contract Act read harmoniously with Section 10A – 13 of the IT Act. As it is a click wrap – agreement, the customers of SayPM has consented by clicking “I agree” button and making it a valid contract. 3.3 UNDER A CONTRACT AN INDIVIDUAL CAN WAIVE OFF HIS STATUTORY RIGHTS 50. As a general principle of law, parties are said to be free to contract as they wish and deem.76 Everyone has a right to waive and to agree to waive the advantage of a law or rule made solely for the benefit and protection of the individual in his private capacity which may be 72 The term “Click Wrap” agreements refers to online contracts in which the consumer or user must click on “I agree” in order to indicated party assent to the standardized terms and conditions before the transaction or download can continue. 73 NANDAN SETH, LAW RELATING TO COMPUTERS, INTERNET & E-COMMERCE (5th ed. 2012). 74 Indian Airlines Corporation v. Madhuri Chaudhary, A.I.R. 1965 Cal 252 (India). 75 Forrest v. Verizon Comm., Inc., 805 A 2d 1007, 1011 (DC 2002). 76 MAXWELL ON INTERPRETATION OF STATUTES 423 (11th ed. 2010). 18 Memorandum on behalf of the Respondent dispensed without infringing any public right or public policy.77 Thus, the maxim which sanction the non – observance of the statutory provision is cuilibet licat renuntiare juri pro se introducta.78 Any one may renounce a law introduced for his own benefit79. 51. As a rule, any person can enter into a binding contract to waive the benefits conferred upon him by an Act of Parliament, or, can contract himself out of the Act, unless it can be shown that such an agreement is in the circumstances of the particular case were contrary to public policy.80 • PUBLIC POLICY 52. Under the Act, there is no precise definition of “Public Policy”81 but can be constructed. Some agreements are so obviously inimical to the interest of the society that they offend almost any concept of public policy82 which the court has surveyed in a vast body of common law precedent to hold that “Public Policy” was equivalent to the “Public Good”.83 Here, No, Public decision whatsoever was involved in this decision making of the customer. Hence, allows waiver of rights in such situation. 3.4 UNDER ARTICLE 12 RESPONDENT IS NOT UNDER THE AMBIT OF STATE 53. The fundamental rights are guaranteed against state action and can be claimed in case the state violates the same. It cannot be guaranteed against the actions of private individuals which do not satisfy the five tests laid down in the case of Ajay Hasia.84 The courts are not willing to consider private actors either as guarantors or as violators of fundamental rights.85 3.5 DATA PROTECTION LAWS HAS NOT BEEN VIOLATED BY THE RESPONDENT. 54. It is humbly submitted that the data protection laws have not been violated by the respondent in any manner. Moreover, the SayPM has followed all the data protection laws with the EU directives. 77 S. Raja Chetty v. Jaggannathadas Govinda and Anr., (1949) 2 MLJ 694 (India). 78 Supra note 76 at 375, 376. 79 The Post Master General and Gangaram v. Chenmal Mayachand, (1941) 43 BOM LR 758 (India). 80 Lachoo Mal v. Radhey Shyam, 1971 A.I.R. 221 (India). 81 Central Inland Water Transport Corporation Ltd. V. Brojo Nath, A.I.R 1986 S.C 1571 (India). 82 Ratanchand Hirachand v. Askar Nawaz Jung, A.I.R 1976 A.P. 112 (India). 83 Jogeswar Swain v. Union of India, 2005 (3) JKJ 143 (India). 84 Ajay Hasia Etc vs Khalid Mujib Sehravardi & Ors.,1981 AIR 487 (India). 85 Binny v. Sadasivan, 2005 (6) S.C.J. 15 (India). 19 Memorandum on behalf of the Respondent 3.5.1 SAYPM WORKED IN CONSONANCE WITH THE REASONABLE SECURITY PRACTICES AND PROCEDURES ON SENSITIVE PERSONAL DATA AND INFORMATION, 2011. 55. Rule 4 states that the body corporate shall provide privacy policy for handling the information and sensitive personal data.86 Here, the body corporate, SayPM mentioned its policy relating on the application’s terms and conditions only after reading such a term the customer gave his assent. 56. According to the Rule 5 the body corporate shall obtain consent in writing through letter, etc., before collection of such information and shall use the information for the purpose for which it has been collected.87 Collection of sensitive data can be permissible only where it is collected for a lawful purpose, is related to the activity of the body corporate and is “necessary”88. In the present case, the collection of banking information was to facilitate e- payment services of the company and hence was required for the performance of a lawful contract. 57. Rule 7 lays down that any disclosure of sensitive personal data or information by body corporate to any third party shall require prior permission from any provider of such information.89 It is however not necessary to obtain consent if such disclosure has been agreed to in the contract between the body contract and the provider of the information or where the disclosure is necessary for compliance with a legal obligation.90 Under Rule 8, a body corporate can transfer sensitive personal information to another body corporate in or outside India, where such reasonable security are prescribed by the said rules that requires compliance with ISI/ISO/IEC 27001 which is followed.91 3.5.2 SECTION 43A: THAT THE COMPANY HAS NOT VIOLATED SECTION 43A OF THE ACT, 2000 AND HENCE, NOT ENTITLED TO PAY COMPENSATION. 58. Section 43A92 clearly imposed a liability upon the body corporate to adopt reasonable security standards in protecting personal data. This data should be protected in such a manner that it does not cause “wrongful losses” or “wrongful gains” to a person. According to the department of Information Technology, the terms wrongful loss or wrongful gain are 86 KARNIKA SETH, COMPUTER, INTERNET AND NEW TECHNOLOGY LAW 365 (2nd ed. 2012). 87 APARNA VISHWANATHAN, CYBER LAW 195 (Lexis Nexis, New Delhi). 88 Rule 5(2) of Information Technology (Reasonable Security Practices and Sensitive Personal Data or Information) Rules, 2011. 89 See id. Rule 7. 90 Supra note 87. 91 Supra note 88. Rule 8. 92 Supra note 49.