SSRana Newsletter 2023 Issue 12

November 9, 2023
Biggest Breach of Data in India

Centre Bans 22 Illegal Betting Apps

Illegal Betting

By Rupin Chopra and Apalka Bareja

With a rise in the availability and accessibility of technology and gadgets, one has seen a rapid increase in the online gaming apps available for users. A few factors for such uncalled growth and popularity of these apps are convenience, ease of use, and accessibility. These rapid developments have given rise to new conundrums where users are susceptible to online betting scams with ease.

Despite the recent developments in Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 20211 for online gaming, it has been reported that apps like ‘The Mahadev Book online betting2’ have managed to scam people by performing unholy work under a holy name.

It is further reported through various news houses that the promoters of Mahadev Book are currently in custody having been arrested as per section 19 of the Prevention of Money Laundering Act,20023 (PMLA) for the commission of the offense of Money Laundering under section 3 of the PMLA, 2002.

In light of the investigations conducted by the Enforcement Directorate (ED) unveiling the app’s unlawful operations, The Ministry of Electronics and Information Technology (MeitY) issued blocking orders on November 05, 2023 against 22 illegal betting apps (The list of names of the apps blocked is not available in the public domain as of yet).

The orders to block the apps were issued by MeitY under Section 69A of the Information and Technology Act, 20004. The said section empowers the Government to block information from public access under the following conditions5:

i) Interest of sovereignty and integrity of India
ii) Defense of India
iii) Security of the state
iv) Friendly relations with foreign states
v) Public order
vi) Preventing incitement to the commission of any cognizable offense relating to above

Even with amended rules being established, appropriate and stringent guidelines and examination system is a need of the hour. MeitY’s action of banning the apps undoubtedly does restore faith of the people in the Government and provides a sense of assurance and safety. Illegal betting can lead to numerous issues including fraud and exploitation. By taking action against these apps, the center is likely sending a clear message that they prioritize the well-being of the citizens and are committed to maintaining fair and regulated environment.

4 Information Technology Act, 2000-

Related Posts

Karnataka Notifies Law Banning Online Betting Games

Foreign Investment or Foreign Technology Collaboration & Betting Sector

India’s Biggest Data Breach

Biggest Data Breach

By Anuradha Gandhi and Rachita Thakur


A report by US based cyber-security firm, Resecurity, (hereinafter referred to as the “Report”)has disclosed a serious data breach wherein personally identifiable information of 815 million Indians has been put up for sale on dark web. Details such as Aadhaar, passport information along with names, phone numbers and addresses are available.1

Leaked Information

The hacker with a handle on Platform X (formerly known as Twitter) advertised the Aadhaar and passport information along with names, phone numbers and addresses which as claimed by the hacker were extracted from the Covid-19 test details of citizens registered with ICMR.

As a proof, the hacker posted the spreadsheets with four large leak samples with fragments of Aadhaar data, which are identified as valid Aadhaar card IDs. The said information is believed to be collected and maintained by the Indian Council of Medical Research (ICMR) during Covid-19 testing.2

What’s next?

The Computer Emergency Response Team of India (CERT-In) has also alerted ICMR about the breach. However, the covid-19 test information is also scattered across various government bodies like the National Informatics Centre (NIC), ICMR, and the Ministry of Health thereby making it challenging to identify where the breach originated from.

Recent cyber-attack on healthcare data

Earlier in 2022, All India Institute of Medical Sciences (AIIMS) had also faced an incident of data breach. Cybercriminals had hacked into the servers of AIIMS and took charge of more than 1TB of data at the Institute asking for hefty ransom. This led the Institute to switch to manual record keeping process thereby slowing down the processes at the Institute.

The Digital Personal Data Protection Act, 2023

The new legislation on data protection, the Digital Personal Data Protection Act, 2023 (hereinafter referred to as the “Act”) has been enacted to tighten the data protection landscape of India. The contours of the Act revolve around the three parties namely, Data Fiduciaries (who collects the data), Data Principals (whose data is collected) and Data Processors (contractually obligated to process the data of behalf of Data Fiduciary).

To ensure safety, security and prevention of such incidents of data breach, the Act entrusts the Data Fiduciaries with certain responsibilities as to protection of personal data of Data Principals through adequate technical and organizational measures. The CERT-In Cybersecurity Directions, 2022,3 classifies 20 types of cybersecurity incidents that need to be reported to CERT-In within six hours of noticing such incident.

Though the rules are awaited, the Act clearly mentions about the Data Fiduciaries’ responsibility to inform Data Principals along with the Data Protection Board about the incident of data breach. In case of non-compliance with the provisions of the Act, the Act prescribes significantly high penalties amounting up to INR 250 Crores.

The Act also entrusts the Data Principals with the right to authenticate the personal data shared with the Data Fiduciaries, the right to withdraw consent and the right to request erasure of their personal data.


Such incidents of data breach necessitate a robust data protection legislation with rules therein to prevent data breach and mitigate the losses arising therefrom. The Digital Data Protection Act, 2023 can be said to be a step ahead in the right direction and will improve India’s standing in the world forum of data protection laws.

3 Issued under the Section 70 (B) (6) of the Information Technology Act, 2002 on April 28, 2022

Related Posts

Corporate Data Theft: A Major Concern

Data Protection Board and Data Protection Rules: Set to be Mobilized Soon

Ministry Proposes to reduce Fees for filing Geographical Indication Application by 80%

Ministry Proposes

The Ministry of Commerce and Industry (Department for Promotion of Industry and Internal Trade) on October 17th, 2023, has notified the Draft rules to further amend the Geographical Indications of Goods (Registration and Protection) Rules, 2002[1].

The notification provides that the proposed Draft Rules will be taken into consideration after the expiry of a period of thirty days from October 17th, 2023. It also provides that any objections and suggestions to the Draft Rules can be sent before the expiry of the period so specified to-

The Secretary, Department for Promotion of Industry and Internal Trade, Ministry of Commerce and Industry, Government of India, Vanijya Bhawan, New Delhi- 110011 or by e-mail at .

The Proposed Amendment to Geographical Indication Rules

The Ministry in the draft Rules has proposed to amend the First Schedule of the Geographical Indications Rules, which provides for the Form and Fees for filing, registration, prosecution, renewal of Geographical Indications applications in India.

It is noteworthy to mention here that the official fees for an application for the registration of a geographical indication has been reduced by 80% and huge rebate in official fees has also been proposed for other processes, such as, renewal of geographical indication registration. A comparative table is demonstrated below:

Geo – graphical Indication
S. no. On what payable Amount in Rupees- Before Amendment Amount in Rupees- After Amendment
1 On application for the registration of a geographical indication for goods included in one class [Section 11(1), rule 23(2)]. Rs. 5000 Rs. 1000
2 On application for the registration of a geographical indication for goods included in one class from a convention country[Section 11(1), 84(1), rule 23(3) . Rs. 5000 Rs. 1000
3 On a single application for the registration of a geographical indication for goods in different classes [Section 11(3) rule 23(5)]. Rs. 5000 for each class Rs. 1000 for each class
4 On a single application for the registration of a geographical indication for goods in different classes from a convention country [Section 11(3), 84(1), rule 23(4)]. Rs. 5000 for each class Rs. 1000 for each class
5 On application to Registrar for additional protection to certain goods. Section 22(2), rule 77(1). Rs. 25,000 Rs. 12,000

It is indeed heartening to see such a commendable step being taken by the Ministry. The same will certainly provide an impetus to the “Vocal for Local” campaign of the Government and is also in consonance with the G20 Declaration, that envisages to protect intellectual property and emphasizes on protection against over commercialization and misappropriation of living heritage on the sustainability and on the livelihoods of practitioners and community bearers as well as Indigenous Peoples. 


Related Posts

Geographical Indication Registry Showers GI Certifications

NHRC’s Advisory on Proliferation of Child Sexual Abuse Material (CSAM)

Child Sexual Abuse Material

By Anuradha Gandhi and Isha Sharma


Undoubtedly, the internet is a transformative force that has reshaped and revolutionized how we access knowledge, conduct business, and maintain relationships. It has dismantled geographical barriers, allowing instant global communication, facilitating e-commerce, and fostering a sense of interconnectedness among people across the globe.

Meanwhile, we must also remain acutely aware of the consequences it can entail, particularly concerning the younger generation who may find themselves vulnerable to its addictive qualities. The addictive nature of the internet, coupled with the constant influx of content and the allure of social media, can impose a significant risk to the well-being of children. As they navigate this digital landscape, the potential for addiction, distraction and keen exposure to inappropriate content becomes a growing concern for parents, educators and society as a whole.

A national survey conducted in India found that six out of ten youngsters between the ages of 9 and 17 spend over three hours daily on social media or gaming sites. The survey revealed that prolonged social media use increases the risk of mental health problems such as depression and anxiety among children. Additionally, children exhibited signs of aggression, impatience, and hyperactivity after spending extended periods on social media. [1]

Harsh Reality in this digital realm: The National Human Rights Commission

The National Human Rights Commission (NHRC) acknowledges the substantial impact of the internet in contemporary society. However, it cannot overlook the unfortunate reality that is, in certain realms such as child sexual abuse, it has facilitated considerable harm. The production, distribution and consumption of Child Sexual Abuse Material (CSAM) represent one of the most abhorrent forms of sexual harassment and abuse endured by children, thereby violating their fundamental human rights.

In light of the distressing increase in the proliferation/dissemination of CSAM, the NHRC has taken a proactive step by issuing an advisory intended to confront this urgent issue comprehensively. This advisory recognizes the urgent need to protect children from the adverse consequences of CSAM and underscores the NHRC’s commitment to safeguarding their rights and dignity in the digital environment.


According to the National Center for Missing and Exploited Children (NCMEC) ‘CyberTipline 2022 Report’, out of the 32 million reports received by NCMEC, 5.6 million reports pertained to CSAM uploaded by perpetrators based out of India. A total of 1505 instances of publishing, storing and transmitting CSAM under Section 67B of the Information Technology (IT) Act, 2000 and Sections 14 and 15 of the Protection of Children from Sexual Offences (POCSO) Act, 2012 had been reported in the year 2021.

The production of CSAM establishes an enduring record of sexual abuse, while its subsequent dissemination through the internet and other channels perpetuates the victimization of children. This continuous exposure has a profound and lasting psychological impact on the child, disrupting their overall development. Therefore, the pressing necessity lies in the effective identification and blocking of CSAM content, prompt data sharing among concerned stakeholders, and the swift prosecution of offenders.

Recently, it was brought into news that 41 States in the US sued Meta, alleging that the tech giant harms children by integrating addictive features into social media applications and compromise the underscoring a significant stride by state enforcers to tackle the impact of social media on children’s mental health. A 233- page federal complaint alleges that the company engaged in a ‘scheme to exploit young users for profit’ by misleading them about the safety features and the prevalence of harmful content, harvesting their data and violating federal laws on children’s privacy. The tech giant rejected the investigation at the time saying the allegations were false and demonstrate a deep misunderstanding of the facts. Since then, Meta has unveiled numerous policy and product changes intended to make its apps safer for children, including giving parents tools to track activity, building in warnings that urge teens to take a break from social media and implementing stricter privacy settings by default for young users.[2]

Advisory for Protection of the Rights of Children against CSAM: NHRC

Given that the NHRC is entrusted with the duty of safeguarding and advocating for the human rights of all individuals, including children, under Section 12 of the Protection of Human Right Act, 1993, it has taken significant strides to shield them in the digital realm. This has culminated in the issuance of the following advisory, consisting of four parts, titled “Advisory for Protection of the Rights of Children against Production, Distribution and Consumption of Child Sexual Abuse Material (CSAM).[3]

  1. Part I deals with addressing legal gaps and issues of harmonization of laws pertaining to CSAM:
    • One significant aspect of this part of advisory is the proposal to replace the term ‘Child Pornography’ with ‘Child Sexual Abuse Material (CSAM)’ in Section 2(1) (da) of the POCSO Act, 2012. The NHRC firmly believes that more accurate terms such as ‘use of children in pornographic performances and materials’, ‘child sexual abuse material’, and ‘child sexual exploitation material’ should be preferred over ‘Child Pornography’.
    • Furthermore, it calls for the government to redefine the term ‘sexually explicit’ under Section 67B of the IT Act, 2000 to facilitate the improved identification and removal of CSAM along with expanding the definition of ‘intermediary’ by including Virtual Private Network (VPN) service providers, Virtual Private Servers (VPS) and Cloud Service Providers to avoid any ambiguity.
    • The advisory also addresses the need to reconsider the quantum of punishment, taking into account the gravity of the offences pertaining to online CSAM under Section 14 of the POCSO Act and Section 67B of the IT Act related to CSAM, especially when the sentences are seven years or less. It suggests revaluation or potential legislative changes to Section 41 A of the CrPC.
    • The advisory also suggests reviewing the necessity of issuing a certificate under Section 65B of the Indian Evidence Act, 1872 for online CSAM cases aiming to prevent delays and expedite investigation process.
  2. Part II contains measures for monitoring and regulating Internet Intermediaries, including use of technology to monitor CSAM content online, sharing of information and cooperation with the Government:
    • The advisory calls for a fundamental shift in terminology, recommends leveraging technology and platforms such as social media and Over-The-Top (OTT) services, to proactively detect CSAM on their platforms and remove the same. Similarly, platforms using End-to-End Encryption services may be mandated to devise additional protocols/technology to monitor circulation of CSAM.
    • Intermediaries, including social media platforms, Over-The-Top (OTT) applications, and cloud service providers are urged to develop a CSAM specific policy. This policy shall clearly outlines a user-friendly in-house reporting mechanism, notification of a dedicated point of contact, standardized response time and use of technology for detection and removal of CSAM from their respective platforms. The said policy should be made in consultation with Government and conveyed to the users by prominently displaying the same.
    • The advisory emphasizes that given the rapid dissemination of online CSAM, the duration for intermediaries to remove content after receiving notifications from the appropriate government or authorised agencies should not exceed 6 hours. This is a substantial reduction from the existing 36 hours window specified in Rule 3 (1) (d) of the Intermediary Guidelines, 2021. The swifter response time is essential to combat the urgent challenges posed by the circulation of such harmful material.
    • Further, the advisory urges internet service providers, web browsers and OTT players in displaying pop-up warning messages when users search for content related to CSAM. This measure is crucial to raise awareness and preventing inadvertent access to harmful content, thereby contributing to the overall effort to combat the spread of CSAM.
  3. Part III pertains to creation of a specialized mechanism of law enforcement for addressing CSAM as well as strengthening the existing mechanism involved in detection, investigation and monitoring of CSAM.
    • The advisory emphasizes that every State/UT to have at least one Specialized State Police Unit for detection and investigation of CSAM related cases and apprehension of offenders.
    • The advisory advocates for the creation and maintenance of a national database of such material with hash values by the proposed Specialized Central Police Unit so that the required content be blocked by intermediaries.
    • In accordance with this advisory, the proposed Specialized Central Police Unit should be responsible for collection of detailed data pertaining to prevalence, trends and patterns of CSAM. This data should be disaggregated by factors such as gender, age, caste, ethnicity or other socioeconomic parameters which would aid in enhancing better understanding of the issue, thereby allowing for more informed policy-based interventions addressing the complexities surrounding CSAM comprehensively.
    • Further, it also recommended to establish a separate dashboard on issues pertaining to CSAM related offences to be incorporated in the Inter-Operable Criminal Justice System (ICJS) / Crime and Criminal Tracking Network & Systems (CCTNS) database which is issued by National Crime Records Bureau (NCRB) for Investigation Tracking System for Sexual Offences (ITSSO).
  4. Part IV recommends measures for capacity building and training of officials, sensitization, awareness and support to survivors of CSAM.
    • It stressed on creating awareness and sensitization among students, parents and teachers at schools, colleges and institutions on the modus operandi of online child sexual abusers, specific vulnerabilities of children online, reporting mechanisms, recognizing early signs of online child abuse and grooming through emotional and behavioral indicators, use of parental control apps, Internet safety among children through different means, like conducting workshops.
    • Further, the advisory emphasizes that SMS alerts must be sent to every mobile application through Telecom Service Providers every quarter/month cautioning users about CSAM.


The NHRC has advised all concerned authorities of the Union/State Government(s)/UT Administration(s) to implement the recommendations contained in this comprehensive advisory, both in letter and spirit, and to submit an Action Taken Report (ATR) within a period of two months, emphasizing the urgency of this matter.

The NHRC’s recommendations underscore the pressing need to combat the dissemination of CSAM and protect the rights of children. They emphasize the pivotal role of technology, legal frameworks and terminology in addressing this deeply concerning issue. By implementing these measures, the NHRC aims to significantly enhance efforts to eradicate the production, distribution and consumption of Child Sexual Abuse Material, ultimately ensuring a safer environment for children in India.




Related Posts

TikTok’s Liability: Violation of Children’s Data

Calcutta High Court: No sexual flavor in touching student’s shoulder to restrain her from copying in exam

No sexual flavor in touching student’s shoulder to restrain her from copying in exam

Calcutta High Court grants

By Anuradha Gandhi and Rachita Thakur

The Calcutta High Court’s circuit bench at Port Blair has quashed the orders of the Disciplinary Authority, Appellate Authority and Central Administrative Authority Tribunal (hereinafter referred to as the “CAT”) dismissing a middle school teacher (hereinafter referred to as the “Petitioner”) on an allegation made by a class 8 student that the Petitioner has outraged her modesty in 2009 by physically touching her on her back.

The division bench noted that the act of restraining the victim from copying in an exam could not be said to have sexual intent.

Why was the plea filed?

The plea was filed by the Petitioner against an order of the CAT dated August 08, 2018[1] affirming the orders of dismissal passed against him.

Facts of the case

  1. The departmental proceedings were initiated against the Petitioner, a primary school teacher at Government Middle School, Krishna Nagar, Havelock, on an allegation made by a girl student (hereinafter referred to as the “Victim”) of class VII of the school that the Petitioner outraged her modesty on November 21, 2009;
  2. The charge framed against the Petitioner was proved to the extent that the Petitioner had physically touched the Victim on her back caused unrest among the students for which the school did not function normally on November 23, 2009;
  3. There Disciplinary Authority, by an order passed on February 28, 2012, imposed a major penalty of dismissal from service by holding the Petitioner guilty of the allegation;
  4. Appeal was preferred against the impugned order of the Disciplinary Authority wherein the Appellate Authority affirmed the order of the Disciplinary Authority including the penalty imposed upon the Petitioner;
  5. The review petition, filed by the Petitioner, was also rejected by an order dated August 8, 2018. However, the matter was carried to the Central Administrative Tribunal by the Petitioner, which by impugned order turned down the prayer of the Petitioner and dismissed the application filed by him.

Submissions of the Petitioner

  1. It was submitted by the Petitioner that the criminal case instituted against the Petitioner under Section 354 of the Indian Penal Code acquitted the Petitioner on the anvil of a compromise petition filed by the Victim and the Petitioner jointly before the Trial Court. The Petitioner was not guilty of the offense in view of the compromise and hence acquitted of the charge.

The Disciplinary Authority noted that since the minor is not competent to enter into a contract, the compromise petition filed by the Victim and the Petitioner jointly cannot be of aid to the Petitioner.

  1. However, a charge was framed against the Petitioner in the departmental proceeding to the effect that the Petitioner committed gross misconduct unbecoming of a Government Servant;
  2. On examining the Victim during the departmental proceedings, the Victim adduced evidence and stated in her examination-in-chief that the Petitioner put his hand on her back and pulled the straps of her undergarment. It was further stated by the Victim that she was not interested in contesting the case further and the case may be dropped/dismissed. The Victim also admitted that she was copying during the science test held on the date of the incident and she gave false statement before the police on self defence as she was shocked, nervous and aggrieved as well as angry due to the act of the Petitioner. The Victim had also stated that the remaining part of her statement recorded by the police was also falsely stated by her.

Respondent’s Contentions

It was contended by the Respondent that the orders passed by the authorities were considered decisions and the writ court in exercising jurisdiction under Article 226 of the Constitution of India, cannot interdict the findings of fact finding authorities. The counsel for the respondent placed reliance on the authority in B.C. Chaturvedi v. Union of India and others[2] and submitted that in a judicial review, the court may interfere only when the authority as conducted the proceeding in a manner inconsistent with the rule of natural justice or in violation of statutory rules prescribing the mode of inquiry or where the conclusion or finding reached by the Disciplinary Authority is based on no evidence.

Re-appreciation of evidence and nature of punishment is best left to the Appellate Authority and only when the conclusion, upon consideration of the evidence reached by the Disciplinary Authority, is perverse or suffers from patent error on the face of the record or based on no evidence at all, a writ of certiorari could be issued.

Observations of the Court

The court observed that the Victim had changed her stance from time to time, her statement that the Petitioner touched her from the back could not be relied upon. Even if it is held that the Petitioner touched the shoulders of the Victim from the back, it was only for the purpose of restraining her from copying in the examination and there was no sexual/criminal intent on the part of the Petitioner in doing so.

The Court noted that the compromise petition filed by the Victim and the Petitioner cannot be termed as a contract instead it clearly demonstrates that the Petitioner is innocent and the complaint was falsely lodged against him by the Victim. The fact that the Victim was not inclined to proceed with the case further and sought discharge of the Petitioner therefrom, did not impede her filing the compromise petition jointly with the Petitioner before the learned Trial Court.

It was also observed that the witnesses that were examined by the Disciplinary Authority neither corroborated the allegations made against the Petitioner nor the unrest/agitation made against the Petitioner over the alleged incident. The further also noted that the Victim though had initially stated in her evidence that she was molestated by the Petitioner and then subsequently retracted from her earlier evidence and stated that the Petitioner had only touched her shoulder from the back while she was copying in the examination.

The Court observed that the act of touching shoulders of the Victim by the Petitioner from behind for the sole purpose of restraining her from copying in the examination cannot be said to have any sexual flavor. the observation was made considering the version of Victim who also stated that the Petitioner held her shoulders when she was copying in the examination without even indicating that the said touch was with sexual intent or inappropriate.

The Rule of Preponderance of Probability

The court noted that the CAT reiterated the observations made by the Disciplinary Authority as well as the Appellate Authority. No independent consideration as made by the CAT in adjudicating the legality and correctness of the orders. The Court further remarked that since the disciplinary proceedings are quasi criminal in nature, preponderance of probability should be based on some evidence on record while referring to the observations of the Hon’ble Supreme Court with the standard of proof in departmental inquiry as recorded in the authorities in Nirmal Jhala v. State of Gujarat and another,[3] and M.V. Bijlan v. Union of India and others.[4] The same was reiterated in the case of Apparel Export Promotion Council v. A.K. Chopra,[5] that there has to be some evidence before the inquiry officer for it to come to the conclusion that the allegations made are true.

The Disciplinary Authority in the present case had awarded penalty upon the Petitioner though there was no evidence at all against him. There was not an iota of evidence on record that suggested misconduct on the part of the Petitioner. Thus, the Court held that the decision of the authorities was based on no evidence at all and no misconduct resulting in violation of the service rules was substantiated against the Petitioner.

Whether Judicial Review amounts to Appeal?

The Court iterated that a judicial review is not an appeal and in exercising extra jurisdiction under Article 226 of Constitution of India, the Court is not empowered to sit in appeal against the impugned orders and can only review the decision making process. On that, the Court relied on the decision of the Supreme Court in the case of B.C. Chaturvedi v. Union of India and Others, [6] wherein it was held that the court may interfere when the conclusion or finding reached by the disciplinary Authority s based on no evidence.

Decision of the Court

The inquiry report as well as the orders passed by the disciplinary Authority, The Appellate Authority and the Tribunal were set aside/quashed and were directed to reinstate the Petitioner in service with full back wages as well as other consequential benefits to which the Petitioner was entitled. The Petitioner was also awarded a cost of Rs. 10,000/- to be paid by the Respondent Authorities.

[1] OA No. 351/1539/2021

[2] (1995) 6 Supreme Court Cases 749

[3] (2013) 4 SCC 301

[4] (2006) 5 SCC 88

[5] LPA No. 297 of 1997

[6] (1995) 6 SCC 749

Related Posts

NHRC’s Advisory on Proliferation of Child Sexual Abuse Material (CSAM)

Major found guilty of sexual harassment: Indian Army General Court Martial

For more information please contact us at :