Professional Documents
Culture Documents
Memorial of Petitioners
Memorial of Petitioners
Memorial of Petitioners
8
GOVERNMENT LAW COLLEGE KOZHIKODE MOOT COURT
EXERCISE
6 SEMESTER LLB
TH
STATE OF INDISTHAN
MEMORIAL ON BEHALF
OF THE PETITIONERS
1
TABLE OF CONTENTS
Sl
No. Contents Page
No.
1 Text Book 3
Dynamic Links 3
2
List of Abbreviation 4
3
Table of Cases 5
4
Statement of Jurisdiction 6
5
Statement of Facts 7
6
Statement of Issues 9
7
Arguments Advanced 10
8
Prayer 18
9
2
TEXT BOOK
DYNAMIC LINKS
1.https://www.advocatekhoj.com/library/judgments/index.php?go=2008/dece
mber/147.php
2. https://blog.ipleaders.in/cheating-a-criminal-offence-under-the-indian-penal-
code/
3. https://blog.ipleaders.in/need-know-facebook-data-scandal-case/
4. https://blog.ipleaders.in/pegasus-case-laws-concerning-spyware-india/
3
LIST OF ABBREVIATION
4
TABLE OF CASES
5 Rajesh Bajaj v. State NCT of Delhi & Ors. (1999) 3 SCC 259
Trisuns Chemical Industry v. Rajesh Agarwal & Ors. (1999) 8 SCC 686
6
State of Haryana & Ors. v. Bhajan Lal & Ors. (1992) Supp. (1) SCC
7
335
5
STATEMENT OF JURISDICTION
6
STATEMENT OF FACTS
1. Infinity Analytics is a French firm and well- known for data analytics and
consulting services. The company was incorporated in France in the year 2012
and its operations extended to the countries beyond the European Union. Infinity
Analytics in its endeavor to explore niche markets has partnered with the
Research Wing of a Government University headed by Professor Walter Stefan
who has great experience in academic research. Professor Walter Stefan has
developed a platform known as the Brainbook for the purpose of collecting
information and data for his research. Prof Walter, for his research project on
consumer preferences, designed a questionnaire and conducted a survey using
the Brainbook platform to understand personal traits and collected information
from various stakeholders across the European Union. The survey had a catch
that every stakeholder who participated in the survey had to login or signup
through Brainbook, and all the personal information of the stakeholders was
stored in the Brainbook.
2. Prof. Walter’s survey was for the purpose of academic research. Prof
Walter shared the data harvested with Infinity Analytics as per the agreement
with the Research Wing of the University without the knowledge and consent of
the people being surveyed. The user’s data harvested was strategically collected
from individuals of different professions including political parties, social and
philanthropic organizations, business houses, medical professionals and others
in addition to the employees and students. The information collected spread
over a period of 2 years.
3. Prof Walter developed an application called “your life” on the advice of the
Directors of Infinity Analytics which could be used on the Brainbook. The data
collected through Brainbook was analyzed according to their personality,
location, taste & habits and their political affiliations. The information gathered
through ‘your life’ app from the users of Brainbook was sold to Infinity Analytics
as per the terms agreed earlier.
7
commercial purpose.
6. A case was filed against Brainbook, Infinity Analytics and Mr. Walter
Stefan in the European Court of Justice alleging that they had violated the data
privacy of millions of users wherein Infinity Analytics declared bankruptcy and
contested that they followed the standard component of online promotion in all
areas and the allegations made under GDPR were unfounded. The Aggrieved
parties approached the authorities in the European Union to put forth the
matter and to appeal for the relief with regard to the provisions of GDPR. The
illegal harvesting of data by the Brainbook platform was not limited to France
and the European Union, but it reached other countries like Indisthan and
Desertistan. The Government of Indisthan on the floor of its Parliament said that
the matters on illegal harvesting of personal data should be investigated into.
The illegal harvesting of data has been handed over to the Indisthan Bureau of
Investigation to probe into the matter.
8
STATEMENT OF ISSUES
1. Whether the act of Infinity Analytics and others amounts to cheating under
section 420 of Indisthan Penal Code 1860 ?
2. Whether the act of Infinity Analytics and other amounts to the violation of
Data privacy under the provisions of Indisthan Information Technology Act
2000?
9
ARGUMENTS ADVANCED
3. An offence of cheating cannot be said to have been made out unless the
following ingredients are satisfied:
4. These are the essential ingredients for an offence of cheating as per the
directions of the following cases by this honorable court – Hira Lal Hari Lal
Bhagwati V. CBI 2003 SCC (Cri)1121; State of Kerala V. K. Vareed Pillai AIR 1973
SC 426; Indian Oil Corporation V. NEPC India Ltd. AIR 2006 SC 2780.
10
time of making promise or representation. Even in a case where allegations are
made in regard to failure on the part of the accused to keep his promise, in
absence of a culpable intention at the time of making initial promise being
absent, no offence under Section 420 of the Indian Penal Code can be said to have
been made out.
6. There cannot be any doubt whatsoever that the facts disclosing the
ingredients of the offence must be averred. In this case the facts does not disclose
the ingredients of the 420 IPC. Prof. Walter conducted a survey using the
Brainbook platform with the consent of users for academic research. Prof. Walter
shared data with Infinity Analytics as per the agreement for developing a new
app. In this case there is no element of fraudulent intention, therefore 420 IPC
will not attracted, because mens rea is lacking. Mens rea refers to the mental
state or intention of a person in committing a crime. It is a mental state of the
accused which is taken into consideration while deciding the liability for a crime.
Mens rea has to be proved as it an essential ingredient for the offence of
cheating. It has to be proved that the accused deliberately committed the offence
of cheating with a prearranged plan. The offence of cheating has an element of
fraudulent or dishonest intention from the very beginning. When a party makes a
false representation to another party in order to gain some profit, the intention
to honour the promise at the time of false representation is presumed to be
absent. Prof. Walter had no dishonest intention when he conducted the survey.
8. In Hira Lal Hari Lal Bhagwati v. CBI [(2003) 5 SCC 257], this Court held:
11
misrepresentation. The appellants, could not be attributed any mens rea of
cheating.
10. The investigation agency miserably fails to prove this case, therefore
may this honorable court squash this case. Otherwise this case will abuse the
process of this court or otherwise to secure the ends of justice. We may here at
refer to the decision of this Court in State of Haryana & Ors. v. Bhajan Lal & Ors.
[(1992) Supp. (1) SCC 335]. It was stated that, in the backdrop of the
interpretation of the various relevant provisions of the Code under Chapter XIV
and of the principles of law enunciated by this Court in a series of decisions
relating to the exercise of the extraordinary power under Article 226 or the
inherent powers under Section 482 of the Code which we have extracted and
reproduced above, we give the following categories of cases by way of
illustration wherein such power could be exercised either to prevent abuse of
the process of any court or otherwise to secure the ends of justice, though it may
not be possible to lay down any precise, clearly defined and sufficiently
channelised and inflexible guidelines or rigid formulae and to give an exhaustive
list of myriad kinds of cases wherein such power should be exercised.
11. Prof. Walter and Infinity Analytics did not commit an offence under
420 IPC. They collected data only for academic research and the contrary is not
proved by the investigation agency. But for the sake of arguments if we consider
that the data used apart from the academic research. Then it is only a breach of
contract, because the data is collected upon a contract. Therefore 420 IPC will
not attracted to it. There cannot, furthermore, be any doubt that only because
civil law can be taken recourse to would not necessarily mean that criminal
proceedings should be barred as has been opined by this Court in Pratibha Rani
v. Suraj Kumar & Anr. [(1985) 2 SCC 370].
12. In Rajesh Bajaj v. State NCT of Delhi & Ors. [(1999) 3 SCC 259],
wherein Thomas, J. opined: “It may be that the facts narrated in the present
complaint would as well reveal a commercial transaction or money transaction.
But that is hardly a reason for holding that the offence of cheating would elude
from such a transaction.”
13. One of the illustrations set out under Section 415 of the Indian Penal
Code (Illustration f) is worthy of notice now: “A intentionally deceives Z into a
belief that A means to repay any money that Z may lend to him and thereby
dishonestly induces Z to lend him money, A not intending to repay it. A cheats'.”
12
15. It is also settled law that once a civil case has been compromised and
the alleged offence has been compounded, to continue the criminal proceedings
thereafter would be an abuse of the judicial process.
2. Whether the act of Infinity Analytics and others amount to the violation
of Data privacy under the provisions of Indisthan Information Technology
Act 2000?
17. Data Protection refers to the set of privacy laws, policies and
procedures that aim to minimise intrusion into one's privacy caused by the
collection, storage and dissemination of personal data.
18. Personal data generally refers to the information or data which relate
to a person who can be identified from that information or data whether
collected by any Government or any private organization or an agency.
19. The Constitution of India does not patently grant the fundamental
right to privacy. However, the courts have read the right to privacy into the other
existing fundamental rights.
21. The (Indian) Information Technology Act, 2000 deals with the issues
relating to payment of compensation (Civil) and punishment (Criminal) in case
of wrongful disclosure and misuse of personal data and violation of contractual
terms in respect of personal data.
22. Under section 43A of the (Indian) Information Technology Act, 2000, a
body corporate who is possessing, dealing or handling any sensitive personal
data or information, and is negligent in implementing and maintaining
reasonable security practices resulting in wrongful loss or wrongful gain to any
person. In the instant case no such wrongful gain or loss is being made.
13
23. The Government has notified the Information Technology (Reasonable
Security Practices and Procedures and Sensitive Personal Data or Information)
Rules, 2011. The Rules only deals with protection of "Sensitive personal data or
information of a person", which includes such personal information which
consists of information relating to:-
• Passwords
• Financial instrument
• Physical, physiological and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information
Here in the instant case data information of academic purpose is being collect
which doesn’t include in any of the points mentioned above.
24. Under section 72A of the (Indian) Information Technology Act, 2000,
disclosure of information, knowingly and intentionally, without the consent of
the person concerned and in breach of the lawful contract has been also made
punishable with imprisonment for a term extending to three years and fine
extending to Rs 5,00,000. According to Section 72 disclosure of information with
consent doesn’t amount to violation of data privacy. It is the main argument
which I would like to stress on.
25. The IT Rules further mandate a body corporate shall obtain prior consent
from the provider of ‘sensitive personal data or information’ for using such
sensitive information. The Rules provide for a list of personal information that
can be construed to be ‘sensitive’ and includes passwords, financial information,
health parameters, sexual orientation, etc. The data harvested doesn’t amount to
any sensitive personal data.
26. PDPB provides that data can be processed without the consent of the
provider only while performing functions of the state, to ensure compliance with
law or court order, responding to a medical emergency or for any other
reasonable specified purposes.
27. However, data subjects have the right to withdraw their consent to
process data. Once consent is withdrawn, data controllers and processors cannot
14
process the data subject’s sensitive personal data. If a data subject withdraws his
or her consent, the data processor can stop the provision of services. The consent
of the persons is also not being withdrawn.
• for a lawful purpose connected with a function or activity of the body corporate
or any person on its behalf; and
29. The company has collected the data for a Lawful purpose and the
information is necessary for that purpose. Prior express consent must be
obtained from the data subject, with no exceptions. However, notably, the
Privacy Rules apply only if the parties have not agreed to their own reasonable
security practices and procedures.
32. However, in accordance with the Privacy Rules, any third party that
receives information must ensure the same level of protection as stated under
the Privacy Rules.
33. Disclosures can be made to a third party that observes the same level
of data protection as provided by the Privacy Rules.
15
36. The right to privacy’ has been canvassed by litigants before the higher
judiciary in India by including it within the fold of two fundamental rights: the
right to freedom under Article 19 and the right to life and personal liberty under
Article 21. The decisions by the Supreme Court have already established the
right to privacy in India as flowing from Articles 19 and 21, in the case PUCL v.
Union of India: AIR 1997 SC568.
37. The Aadhaar Act of 2016 was a major step towards concretizing the
notion of privacy, but that was only in the narrow context of Aadhaar. The
ground reality today is that there is very little understanding of personal privacy
at all levels of society. Look around and you may see a bank employee sharing
another customer’s file to explain how to complete a form, or a doctor pulling up
another person’s medical record to explain a procedure, with nary a thought of
patient confidentiality.
38. Voicing concern over vexatious use of RTI Act, Prime Minister
Manmohan Singh said the citizens’ know should definitely be circumscribed if it
encroaches on an individual’s privacy. He said “there is a fine balance required to
be maintained between right to information and the right to privacy, which
stems out of the fundamental right of life and liberty. The citizen’s right to know
should definitely be circumscribed if disclosure of information encroaches upon
someone’s personal privacy. But where to draw a line is a complicated question.”
39. Surely, we have a lot of homework and public education ahead of us.
As experts have often observed, balancing the conflicting interests of the public’s
right to know and an individual’s right to privacy is the single most challenging
part of any effort to legislate privacy rights.
41. When creating the content for your website, legal notices like your
Terms of Service, Cookie Notifications, and Privacy Policies are often an after
thought. Blog posts might be a lot more fun to write, but neglecting to give your
readers the right information can get you in legal trouble. You might think only
the giants like Google and Facebook really need a Privacy Policy, or websites that
handle sensitive data like credit card numbers or social security numbers.
16
43. Organizations don’t always need your consent to use your personal
data. They can use it without consent if they have a valid reason. These reasons
are known in the law as a ‘lawful basis’, and there are six lawful bases
organisation can use.
An organisation might be able to use your data for legitimate business interests.
46. The basic requirements for the effectiveness of a valid legal consent
are defined in Article 7 and specified further in recital 32 of the GDPR. Consent
must be freely given, specific, informed and unambiguous. In order to obtain
freely given consent, it must be given on a voluntary basis. The element “free”
implies a real choice by the data subject. Any element of inappropriate pressure
or influence which could affect the outcome of that choice renders the consent
invalid. In doing so, the legal text takes a certain imbalance between the
controller and the data subject into consideration. For example, in an employer-
employee relationship: The employee may worry that his refusal to consent may
have severe negative consequences on his employment relationship, thus
consent can only be a lawful basis for processing in a few exceptional
circumstances. In addition, a so-called “coupling prohibition” or “prohibition of
coupling or tying” applies. Thus, the performance of a contract may not be made
dependent upon the consent to process further personal data, which is not
needed for the performance of that contract.
47. In this instant case, Infinity Analytics & Others doesn’t violate data
privacy under provisions of Indisthan Information technology Act 2000. The data
harvested was purely for academic research purpose. Professor Walter Stefan
conducting this survey being an academic researcher for years. The participants
engaged in the survey as part of their own willingness and consent. There was no
extra pressure to participate in this survey. As the research was conducted with
consent thus privacy violation cannot be claimed. Academic research is being
done by the professor for gathering various information and publish them for
the various educational purposes. Educational information will not amount to
17
private or secret data. Moreover these information are needed to be shared
among all the people. Educational information are needed to be shared rather
than keeping in it secret. The information shared to the company was also clearly
on the basis of academic purpose as well. There is no evidence to prove that the
information shared was being illegally used rather only information relating to
academic purposes is only being shared. By sharing these only ones knowledge
will be increased to an extent. More contents of information will be available by
various persons through sharing.
For the reasons aforesaid in the light of the issues raised, arguments
advanced and authorities cited it is humbly submitted before the Hon’ble
Supreme Court that.
The actions of Infinity Analytics & others does not amount to cheating, As
the ingredients doesn’t fulfill or attract according to the provisions of cheating.
Thus section 420 IPC doesn’t attract and the allegations against Infinity Analytics
& others should be quashed.
The allegations of data privacy should be set aside. As the data harvesting
by consent doesn’t amount to violation of data privacy under the provisions of
indisthan information technology act 2000. Thus the Infinity Analytics & others
should be acquitted from the alleged charges.
18