The Delhi High Court, in its recent judgment (pronounced on August 30, 2022) by J. Pratibha M. Singh in the case of Neetu Singh & Anr v. Telegram FZ LLC & Ors., CS (Comm) 282/2020 held an Indian Court has the authority to direct an extra territorial service provider (providing services to Indian customers) to adhere to Indian laws and disclose the relevant information pertaining to user data even if the data is not residing in India.
In this case, a suit was filed by Ms Neetu Singh (and her entity K.D. Campus Private Limited) seeking permanent injunction restraining infringement of copyright, damages and other reliefs in respect of unauthorised dissemination of her work. The plaintiff was the publisher of several educational books and had also made several videos explaining educational concepts to her students for a nominal fee. Some perpetrators, however, unauthorizedly recorded and downloaded such educational material and videos, and provided the same to the public at lower rates through the popular social media application – ‘Telegram’. The Defendant (Telegram) was directed vide order dated July 28, 2020 to take down channels active on their mobile application which were being used for disseminating the copyright infringing material. The Plaintiff, thereafter, moved an interim application seeking discovery of the details of the persons operating the channels to pursue other legal actions against such individuals and put a definite end to such unauthorised circulation of their work.
The defendant, in response to this application, submitted the following contentions to persuade the Court to dispose of the application:
- There already was a system in place for users to raise grievances against such copyright infringement.
- As per the judgment in Justice K.S. Puttaswamy V. Union of India & Ors., (2017) 10 SCC 1 unless and until a law requires disclosure of such information, it is not permissible to direct disclosure of the same inasmuch as the privacy of the person operating such channel would be protected by Article 21;
- The Information Technology Act, 2000 (and the rules made thereunder) state that unless there are exceptional circumstances as captured in Rule 4 of the Information Technology Intermediary Guidelines and Digital Media Ethics, 2021, user information cannot be shared.
- Since Telegram has its servers based in Singapore, the Personal Data Protection Act, 2012 of Singapore is applicable on the defendant.
- Under Section 72A of the Information Technology Act, 2000, any disclosure of information in breach of a lawful contract is punishable.
The Court, in regard to the submissions of the defendant regarding the data centre of the defendant being located in Singapore, held that the same would not be an impediment for an Indian court to have jurisdiction over issues concerning the application since the same has been made available to a large number of users in India. In addition to that, the Court held that the defendant should adhere to laws of India as well as orders passed by courts in India in respect of disclosure of relevant information. The Court observed that the defendant’s current policy made it extremely easy for infringers to continue their illegal activities unfettered causing financial loss to the plaintiff.
In response to their defence that since the Personal Data Protection Act (“PDPA”) of Singapore applies to them, the Court held that even the Singapore PDPA allows for disclosure of information for legitimate interests and information pertinent for carrying out an investigation or proceedings would allow such disclosure.
As regards Telegram’s contention based on the Information Technology Act, 2000 and the rules formed thereunder, the Court held that the guidelines in no manner obviate the duty of Telegram as a platform to take all effective steps to protect intellectual property rights. In addition to the above, in as much as Telegram attempted to rely on the Puttaswamy judgment, the Court categorically stated, while quoting the same judgment, that the intent behind the judgment was to recognise that if there is a law in existence to justify the disclosure of information, and there is a need for such disclosure considering the nature of the encroachment, then the right of privacy cannot be a ground to justify non-disclosure of such information.
The Delhi High Court directed the defendant to disclose the relevant information pertaining to the infringement of copyright of the plaintiff by perpetrators to the Court in sealed cover within two weeks. The view of the Court shall act as a deterrent for potential infringers who find it easy to hide behind the cloak of anonymity on the internet. Another pertinent issue addressed in the judgment is that of the lack of India’s own data privacy laws which has assisted technological companies like the defendant in the present suit to avoid liability by storing their information on servers that are located in other jurisdictions. While Justice Singh took a rather holistic approach towards identifying jurisdiction in cyber matters, it would be helpful to have a comprehensive data protection law that deals with the protection and processing of data belonging to residents of India.