The Karnataka High Court has dismissed a petition from digital payment app PhonePe challenging the authority of the cyber police to seek information of its merchants, holding that the "protection of consumer privacy cannot eclipse the lawful imperative of investigating officers to secure evidence and take the investigation to its logical conclusion."
“Confidentiality must coexist with accountability,” Justice M Nagaprasanna said in a recent 32-page judgment, the copy of which is available now.
PhonePe's writ petition was triggered by a notice from the cybercrime team of the Bengaluru City Police who sought several details from the Bengaluru-based digital payment app as part of an investigation in a case of alleged cyber fraud.
The police are investigating a complaint from a citizen who said he deposited his bets on six online betting sites during the India and South Africa cricket match in September 2022.
The sites, however, had blocked themselves off after he placed his bets. He could see the money he had deposited on the wallets on the site, but he was blocked from withdrawing it. He urged the police to trace the people operating the sites and book them as per the law.
The police, after registering the case, asked PhonePe to give details including URL/IP address/mobile app shared by the merchant at the time of on-boarding, the source through which the merchant on-boarded, transaction history and the KYC details of the merchant, through a formal letter under Section 91 of the CrPC.
PhonePe argued that it was only a service provider, governed under the Payment and Settlement Systems Act, 2007. It had no role in any of the transactions leading to the filing of the FIR. It also insisted that The Bankers Books Evidence Act, 1891, barred them from disclosing confidential information of customers. The company further said the police notice was contrary to law, and no investigating officer could summon documents under Section 91 of the Cr PC unless there was a court direction.
The government advocate argued that the police have the power to seek information for conduct of a fair investigation in these times of cybercrimes being reported in large numbers. The Centre, he said, has also issued guidelines under Section 87 of the IT Act. PhonePe, he added, had violated the guidelines of the Centre to safeguard merchants involved in cricket betting.
The court called the case ... "a delicate interplay between multiple enactments. The petitioner being an intermediary is regulated under the Payment and Settlement Systems Act, 2007. The claim of the petitioner is that it is protected under the Bankers' Books Evidence Act, 1891. The State places heavy reliance upon the IT Act and violation of the Information Technology Rules, 2011."
Justice Nagaprasanna wrote: Today, conventional crimes have receded, and new-age crimes have sprung in large numbers. The new-age crimes are cybercrimes – the clandestine modern offences. Such offences demand swift, targeted and effective response. The police must be empowered within the limits of law to unearth digital footprints that could otherwise vanish. Therefore, while privacy, as contended by the petitioner, should be maintained, it cannot be wielded as a shield against lawful investigation."
The petitioner (PhonePe), the court said, cannot contend being a digital system payment gateway that it will not divulge any information as sought by the Investigating Officer while rejecting its petition.
“Confidentiality must coexist with accountability,” Justice M Nagaprasanna said in a recent 32-page judgment, the copy of which is available now.
PhonePe's writ petition was triggered by a notice from the cybercrime team of the Bengaluru City Police who sought several details from the Bengaluru-based digital payment app as part of an investigation in a case of alleged cyber fraud.
The police are investigating a complaint from a citizen who said he deposited his bets on six online betting sites during the India and South Africa cricket match in September 2022.
The sites, however, had blocked themselves off after he placed his bets. He could see the money he had deposited on the wallets on the site, but he was blocked from withdrawing it. He urged the police to trace the people operating the sites and book them as per the law.
The police, after registering the case, asked PhonePe to give details including URL/IP address/mobile app shared by the merchant at the time of on-boarding, the source through which the merchant on-boarded, transaction history and the KYC details of the merchant, through a formal letter under Section 91 of the CrPC.
PhonePe argued that it was only a service provider, governed under the Payment and Settlement Systems Act, 2007. It had no role in any of the transactions leading to the filing of the FIR. It also insisted that The Bankers Books Evidence Act, 1891, barred them from disclosing confidential information of customers. The company further said the police notice was contrary to law, and no investigating officer could summon documents under Section 91 of the Cr PC unless there was a court direction.
The government advocate argued that the police have the power to seek information for conduct of a fair investigation in these times of cybercrimes being reported in large numbers. The Centre, he said, has also issued guidelines under Section 87 of the IT Act. PhonePe, he added, had violated the guidelines of the Centre to safeguard merchants involved in cricket betting.
The court called the case ... "a delicate interplay between multiple enactments. The petitioner being an intermediary is regulated under the Payment and Settlement Systems Act, 2007. The claim of the petitioner is that it is protected under the Bankers' Books Evidence Act, 1891. The State places heavy reliance upon the IT Act and violation of the Information Technology Rules, 2011."
Justice Nagaprasanna wrote: Today, conventional crimes have receded, and new-age crimes have sprung in large numbers. The new-age crimes are cybercrimes – the clandestine modern offences. Such offences demand swift, targeted and effective response. The police must be empowered within the limits of law to unearth digital footprints that could otherwise vanish. Therefore, while privacy, as contended by the petitioner, should be maintained, it cannot be wielded as a shield against lawful investigation."
The petitioner (PhonePe), the court said, cannot contend being a digital system payment gateway that it will not divulge any information as sought by the Investigating Officer while rejecting its petition.
You may also like
Dramatic footage shows devastating burst water main battering home
Liam Gallagher's daughter pregnant to Liverpool FC star as Oasis icon to become grandad
Uttarakhand: Weather Dept forecasts possibility of thunderstorm, hailstorm, and heavy rain in some districts
'Those Who Raise Finger At India Won't Even Have Mourners At Their Funeral': UP CM Yogi Adityanath Issues Stern Warning To Pakistan (VIDEO)
Top BSF official emphasises need for heightened vigilance on Indo-B'desh border
