• Legal Consultation
  • Appointment

About bhumesh

Bhumesh Verma is Managing Partner of Corp Comm Legal, a Delhi-headquartered Law firm. He is a senior corporate lawyer and author. A law graduate from Campus Law Centre, Delhi University (1994), he started his career at Ajay Bahl & Co. (now part of AZB & Partners) and went on to become partner at some of the leading Indian law firms.

He was selected as a Chevening Scholar in 2000 by the UK government. During this scholarship, he studied at the College of Law at York and worked with a big London law firm.


Currently, he is ranked among Top 100 Indian Lawyers by Indian Business Law Journal (“IBLJ”).


He has advised clients from more than 50 countries on M&A, inbound and outbound FDI, incorporation of companies, regulatory approvals and compliances, joint ventures, financial and technical collaborations, private equity, venture capital, corporate and securities laws, commercial agreements, exchange control laws, structuring cross-border transactions and strategy on legal and business issues.


He is a keen reader, prolific speaker and writer. He has contributed to in-house journals of many international law firms on India law


He is guest faculty with law colleges and online legal education portals too and conduct workshops on corporate laws and drafting skills. 

ROAR

Analysis of the IBC…

It has been almost a year and half that the Insolvency & Bankruptcy Code ('Code') aimed at solving and easing out insolvency process was enacted. An unprecedented framework was established with this as the board of directors of the company was dissolved, a moratorium was effected, Committee of Creditors was made in-charge of the day-to-day affairs of the company and a new institution / profession of Resolution Professionals was established. The Code had strictly mandated that within 180 days (90 days as extension from the NCLT) the resolution process of an insolvent company had to be completed.

Since then, issues regarding the interpretations of the Code have kept the NCLT, the NCLAT and the Supreme Court busy as even the judiciary endeavoured to not disturb the pace of ongoing proceedings. The matters which came up extended from determining the meaning of term ‘dispute’ to disqualification of Resolution Applicants.

In wake of this, the first amendment to the Code was given effect in 2017 which introduced Section 29A prohibiting certain persons from submitting resolution plans. With rising complexities in the Code, the recommendations of the fourteen-member committee were considered for easing out the complexities. On 6th June 2018, giving effect to the recommendations, a second ordinance has been promulgated by the Union government for balancing the interests of various stakeholders, promoting resolution of corporate debtor and clarifying the provisions relating to eligibility of resolution applicants.

Key Amendments and Analysis

1. Homebuyers and Financial Creditors

The question regarding the status of home buyers was looming large since the time associations of home buyers made an application to stay insolvency resolution process of Jaypee Infratech before the Hon’ble Supreme Court. Their foremost grievance was related to their treatment as unsecured creditors of the company, as a result of which they were to be at great loss by incurring substantial haircuts on their amount to real estate companies coupled with the risk of losing their future homes. The Insolvency and Bankruptcy Board of India, in the meanwhile, had introduced Form F for home buyers to register their claims with the appointed resolution professional. The Supreme Court had taken a considerate stand for these home buyers in the cases regarding these real estate companies viz. Jaypee, Amrapali and Unitech.

This amendment was heavily critiqued earlier, however, has paved its way into the law of the land.

The amendment would be welcomed by homebuyers who were stranded in middle as they were also not able to pursue their remedies under the Consumer Protection Act, 1986 because of the moratorium imposed on the legal proceedings against the developer companies. As a result of the amendment, they will be treated at par with the lending institutions and their rights would be guaranteed before the operational creditors. This would make sure that the money deposited with the developer companies is substantially received back by them in case of insolvency.

On the other hand, this might be worrying for the banks and other lenders who form the Committee of Creditors. As, in the case of insolvency process, the Committee of Creditors is at the helm of affairs of the company and is constituted by the financial creditors, as an effect of the Ordinance the home buyers too will be part of this very Committee. Moreover, the homebuyers will also be holding voting power in proportion of the overall credit. Although, on an individual level the voting power would be negligible, the associations of such homebuyers would be having substantial voting power.  Thus, it can be a cause of fear among lenders that during the resolution they might lose control of the process.

Earlier, the homebuyers had also their rights secured in the Consumer Protection Act, 1986 and the newly enacted Real Estate (Regulation and Development) Act, 2016. While under the former legislation the redressal forum was State Commission or National Commission, the latter authorised Adjudicating Officer under the RERA.

2. Relief for MSMEs

The amendment has removed the restriction of promoter not being eligible to participate in the bidding process with respect to the MSMEs. This measure was taken in the light of the fact that resolution process of such MSMEs did not attract others outside the scope of promoters. This would ensure that a resolution plan is made for these entities and are not just liquidated because of no bidders.

3. Reduction in voting threshold

As the intent behind the Code was always to revive the company and not to liquidate it, there were issues with regard to the higher voting requirement in the Committee of Creditors for passing resolutions. The amendment thus, has reduced the voting threshold from 75 per cent to 66 per cent for instances such as passing the resolution plan. Also, for regular functioning too 51 per cent is now the threshold.

4. Extended period for resolution applicant

The amendment has also relieved the successful resolution applicant by granting a period of 1 year to pass all the legal hurdles and gain necessary approvals in accordance with the resolution plan. Earlier, there was no statutory period of fulfil the legal obligations.

Conclusion

The amendment would provide relief to many stakeholders of the Code - most importantly, the homebuyers of the real estate companies undergoing insolvency resolution process. These amendments will certainly result in increasing confidence of the lenders in the insolvency process and result in promoting resolution over liquidation of the companies.

Research and inputs by Pradyumna Kibe

The Code on Wages Bill,…

Introduction

Labour laws in India are vast and expansive. Sometimes, a term has different meanings and interpretations under different legislation. For example, even a basic yet most important term ‘wages’ is defined differently in many labour enactments.

This has led to immense confusion in the applicability of labour laws. Labour law experts have time and again emphasised the need to ensure uniformity in labour laws. The Government, in pursuance of such recommendations, introduced the Code on Wages Bill, 2017 (“Code on Wages”) in August, 2017 in the Lok Sabha.

This Bill proposes to consolidate four existing laws namely, Payment of Wages Act, Payment of Bonus Act, Minimum Wages Act and Equal Remuneration Act. We have discussed and analysed the key features of the Code on Wages in the present article.

Key Features of the Code on Wages

Changes to Minimum Wages

Ø Minimum Wages now to be applicable to all types of employment: Under the extant minimum wage legislation, certain employments are notified as scheduled employments and only the persons employed in such employment are entitled to minimum wages. This leads to exclusion of a large amount of workforce, especially those employed in the unorganised sector.

 

The Code on Wages would dispense away with the system of applying minimum wages only to scheduled employments and would bring all employment within the ambit of minimum wages.

 

Hence, under the Code on Wages, persons employed in all kinds of employments including the unorganised sector would be entitled to a minimum wage.

Ø National Minimum Wage:The Code on Wages has proposed the formulation of a National Minimum Wage by the Centre. Unlike its nomenclature, a National Minimum Wage does not mean a uniform minimum wage across the country.

A National Minimum Wage would be a baseline wage fixed by the centre. It may be different for different regions. States would be compelled to fix their respective minimum wages, either equal to or above such National Minimum Wage.

Ø A fixed time period of five years has been set for wage revision. Earlier, the state governments were free to revise the minimum wages at any point of time, as long as it did not exceed a period of five years.

Provisions relating to Equal Remuneration

The Code on Wages would also subsume the Equal Remuneration Act, 1976. While it mandates no discrimination in payment of wages, the provisions pertaining to no discrimination at the time of recruitment are absent from the Code.

The maximum penalty under the Code on Wages has been fixed as three    months imprisonment and a fine up to INR 1 Lakh.

Analysis of the Code on Wages

While the intent to proposing a uniform code which would deal with payment of wages, minimum wages, bonus and equal remuneration all by itself is a laudable move, there are still certain creases which need to be straightened before this Code can be implemented.

Firstly, the proposal of introducing a national minimum wage which may vary regionally can cause confusion among the stakeholders. It is better, if the centre releases guidelines for a base minimum wage and the States follow the same, rather than introducing the concept of a national minimum wage.

Secondly, fixing the time period for revision of wages as five years may not be the best thing to do. Earlier system provided the State governments with flexibility to revise their minimum wages. The only condition imposed was to do so within a time span of five years. Such flexibility should remain under the new system as well.

Thirdly, the Code on Wages is silent with respect to provisions prohibiting gender discrimination at the time of recruitment. This is an essential provision which cannot be omitted from the Code on Wages.

Having discussed only some of the existing loopholes in the Code on Wages Bill, it is pertinent to state that, despite such flaws, the Code on Wages would go a long way in creating more definitiveness in the Indian labour law jurisprudence and infuse more confidence in all quarters.

Bhumesh Verma

Soumya Shekhar

IMPLICATIONS OF EXPANDING…

Introduction

Online advertising primarily promoted by digital giants such as Google and Facebook generatesconsiderable revenue for them. The Indian government with an aim to tax such revenue had introduced a new tax called the equalization levy or the `google tax’ as it is popularly called, in 2016.

This tax was introduced as a self-contained code to tax digital transactions. Google tax in simple terms is a tax levied on the consideration derived for any specified service. Specified service includes online advertising, provision of services pertaining to digital advertising and any other service (which may be notified later).

The government is now planning to expand the scope of these specified services and bring non-digital companies too within the ambit of the google tax. Such a proposal merits an analysis of the implications it might have on the economy. But before we delve into analysing this proposal, it is imperative to understand the scope of equalisation levy/google tax as it stands currently.

Scope of equalisation levy/google tax

This tax is applicable on the consideration received by a non-resident from an Indian resident or a permanent establishment in India owned by a non-resident for the aforementioned specified services. It is not applicable on non-residents who have a permanent establishment in India. The applicability extends only to Business-to Business (B2B) transactions, consideration for which exceeds an aggregate value of approximately USD 1,500 in a year. Such consideration is made exempt under the Income-tax Act, 1961in order to prevent double taxation.

All residents and foreign residents having a permanent establishment in India are mandated to withhold 6% of equalisation levy from payments made to non-residents for the aforementioned specified services. In addition, a no ‘PE certificate’ is typically required to be furnished in order to assess the applicability of equalisation levy/google tax. Delayed payments also lead to incurring of late payment interest.

Rationale behind equalisation levy/google tax

Some of the major reasons behind the imposition of an equalisation levy are as follows:

The tendency of most online companies is to shift their profits offshore. This leads to loss of revenue for the government as a digital company’s entire profit from the Indian market would go abroad. Introduction of an equalisation levy would help in retaining at least some percentage of such profits.

The equalisation levy would enable the government to earn higher revenue. The digital economy of India is growing at a rapid rate and hence not taxing online companies just because they do not have any permanent establishment in the country would mean significant losses for the government.

The imposition of equalisation levy may act as an incentive for the digital companies to set up a permanent establishment in India, because they are being taxed irrespectively.

Expanding the scope of equalisation levy/google tax

The government is further proposing that the scope of equalisation levy be expanded to include within its scope even non-digital companies. This proposal essentially means that all companies who trade in India despite not having a permanent establishment here would be liable for domestic taxation. It is being debated that such a change can have a two-pronged effect on the economy.

Taxing every company which earns a certain minimum income from the Indian markets may on the one hand lead to a massive increase in the revenue of the government whereas on the other hand, it might also deter companies from trading in India. The government argues that the income earned by companies from trading in India should not go tax-free just because they do not have a permanent establishment in India. This could translate into economic loss for the country.

However, introducing a proposal to impose blanket tax on all companies based on the quantum of their trading may not be viewed very favourably. Moreover, the entire rationale behind equalization levy is to tax companies who basing their claim on a `mere digital presence’ may seek to evade taxation. Widening this net to cover non-digital companies might not serve this purpose. Non-digital companies who merely trade with resident entities or non-resident entities with a PE in India may be deterred to do so if they have to pay domestic taxes on all their transactions and this might adversely affect investments in India.

 

Corp Comm Legal

Bhumesh Verma, Managing Partner

Soumya Shekhar, Associate

AADHAAR VS. PRIVACY…

Bhumesh Verma, Managing Partner, Corp Comm Legal

Somashish, 5th Year B.A. LL.B. (Hons.) student, School of Law, Christ (Deemed University), Bangalore

Introduction

Recently, the government’s overdrive on making Aadhaar mandatory in every walk of life for Indians and the litigation pertaining to Aadhaar Unique Identification has brought forth the issue of data protection and privacy into civic debate spehere. Between MP Sharma[1] and Rajagopal[2], the Supreme Court in Justice K.S Puttaswamy (Retd.) v. Union of India[3] has decisively held in favour of the right to privacy recognised in the latter. Thus, right to privacy, the right to be free and protected from unwanted intrusion into one’s private life, is now a part of right to life and personal liberty under Article 21. It is worth noting that the judgment provides us profound conceptual insights into privacy while permitting necessary factual flexibility needed for deciding future disputes.

The judgement, inter alia, pertains to informational privacy. In other words, an individual’s interest in preventing and if necessary controlling access to and dissemination of private information is protected under Art. 21. Any encroachment upon this right can only be enforced by virtue of law which  serves a legitimate and compelling State interest and if the means adopted by the said law to achieve such interest are proportional in nature.

Simultaneously, the encroachment on privacy must not be disproportionate to the compelling State interest to be served by the law. Further, notwithstanding the presence of any such law, the State has a positive obligation to protect informational privacy from patently illegal intrusions.

It is noteworthy that hitherto the issue of data protection has been statutorily addressed in a manner which is friendly to the State and confusing for the individual. The legal framework under the Information Technology Act, 2000 (ITA) and rules thereunder has been continuously felt inadequate for protection of privacy and severely constrains the ability of individuals to hold violators liable for data theft and breaches.

In terms of government interception of digital/electronic communication, the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption) Rules, 2009 (Interception Rules) and sections 69 and 69B of the ITA now provide far greater surveillance powers to the Central Government and State Governments (the governments). Experts are unanimous about the fact that these powers are even greater than the powers granted by the Indian Telegraph Act, 1885.[4]

Arguably, the rules also make significant departure from the judgement of the Supreme Court in PUCL v. Union of India.[5] Nevertheless, going by the governments’ poor record in respecting these norms, one is tempted to believe that the Interception Rules are far more likely to be honoured in the breach than compliance. In any scenario, even the most literal conservative interpretation of the aforesaid norms does very little to control the governments’ all-pervasive powers of monitoring and interception.

Ultimately, when it comes to the privacy test laid down by the Supreme Court in Justice K.S Puttaswamy (Retd.) v. Union of India[6] one finds it difficult to defend the Aadhaar project, both constitutionally and practically for a number of reasons elucidated in this article. The Central Government’s record in protecting privacy is extremely poor and its Aadhaar project only adds to the existing problems in relation to privacy protection in India.

Aadhaar—an astronomical data project with big risks

Aadhaar Unique Identification project is a gigantic data gathering project which seeks to provide a Unique Identification to persons living and accessing government subsidies, benefits, and services in India. Section 2(a) of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services), Act, 2016 (‘Aadhar Act’) defines “Aadhaar number” to be an identification number issued to an individual by a Central Government-recognised enrolment authority on the basis of the demographic information and biometric information. Thus, we find a 12 digit unique Aadhaar number on Aadhaar/Unique Identification cards.

The uniqueness of the Aadhaar number is confirmed by section 4 of the Aadhaar Act which declares that one person’s Aadhaar number shall not be assigned to any other and that it shall be a random number without any relation with the holder’s attributes.  Section 9 declares that Aadhaar is not a proof of citizenship. This means that the identity function of Aadhaar is connected to the economic activity of availing any government related subsidy, service or benefit. Hence, it is not surprising that one of the key contentions in favour of the Central Government in the ongoing case is purely economic. Thus, it’s argued by the government that Aadhaar is not about sneaking on citizens but on keeping identification of anyone availing any advantage or benefit from the government.

It would be pertinent to note the definitions of “biometric information” and “core biometric information” under section 2(g) and 2(j) of Aadhaar Act. Biometric information means photograph, fingerprint, iris scan, or other biological attributes as decided by regulations. Of the aforesaid, fingerprint, iris scan (and other biological attributes prescribed by regulation) are defined as core biometric information. Section 10 empowers the UIDAI to establish a Central repository containing the data of all Aadhaar number holders. Section 28 stipulates that protection of the aforesaid voluminous data is to be the sole responsibility of UIDAI. Thus, no civil suit or private lawful enforcement effort for Aadhaar data protection is permissible under the Act.

One of the key controversies which have arisen relating to Aadhaar is with respect to the merits of the Aadhaar project. Over 82 billion rupees have been spent on the project till now.[7] Maintenance and planned security upgrades might push up expenditure even further on an annual basis.[8] It would not be an exaggeration to suggest, as the World Bank has recognised, Aadhaar now contains identification data of more than one billion Indian citizens.[9] In such a scenario, one is bound to assess the benefits which arise on account of the project—a valuable consideration in overall constitutionality test of Aadhaar. 

There have been two highly diverging discourses on Aadhaar - Central Government’s optimistic propaganda has presented the project as a panacea for plugging economic leakages in the implementation of government benefits, whereas a sobering sceptical discourse of several legal and technical experts has doubted the efficacy, security of Aadhaar apart from the reliability of government’s tall claims. The Central Government has employed or engaged a plethora of private technology firms for implementation of Aadhaar, but without so much as initiating a tender based process.[10] This has also been one among major reasons for sceptics to be wary of Aadhaar project.

While, the authentication by Aadhaar is acclaimed as having earned global fame[11] on account of effectively plugging leakages in LPG distribution,[12] weeding out fake ration cards,[13] or providing citizens with a welfare-oriented identification mechanism,[14] it is not without its critics, which include constitutional experts. Therefore, the challenge to Aadhaar has both legal as well as technical facets.[15]

Like demonetisation spree 18 months back, India has been in a “linking” frenzy. Everyone’s email account and phone is flooded with messages from banks, insurance companies and who not. A large number of government schemes, apart from bank accounts and mobile connections, now require compulsory Aadhaar verification, flagrantly violating an interim Supreme Court order which was made during the course of the Justice KS Puttaswamy[16] matter. This gives rise to a worry that the Aadhaar based authentication may be akin to “signing a blank paper”.[17] As any lawyer would understand, such a signature can be used for all kinds of mischief, attributing them to its maker who may not even be aware of them.  Citizens do not know nor determine who all will have access to their Aadhaar information, it is the other way round. Citizens are being hounded from all corners to share their Aadhaar information. 

There are two reasons for the aforesaid conclusion—firstly, the authentication involves the separate but successive twin stages of Aadhaar number input and biometric/fingerprint verification over the internet; secondly, the separateness between the two stages enables the biometric/fingerprint information to be stored independently, albeit connected with the Aadhaar number.[18] As to how this independent fingerprint can be deployed without consent of the citizen is anyone’s guess in a country like India.

Least surprisingly, instances of serious data breaches have occurred during the Aadhaar linking processes in banks such as Axis Bank.[19] Axis Bank, Suvidhaa Infoserve and eMundhra were proceeded against by UIDAI for attempting unauthorised authentication and impersonation by illegally storing Aadhaar biometrics.[20] The said breach did not lead to any financial loss or fraud as per official replies.[21] Even if it did cause such loss to bank customers, under the Act, it is not possible for any civil/private enforcement or compensation in light of such breach.

Another illustration is the recent Airtel Payments Bank fiasco. Airtel used its customers’ biometric data provided for the purposes of mobile connection KYC requirements was used by the company to open hundreds of bank accounts in Airtel Payments Bank.[22] The principles of informed consent and purpose specificity affirmed in the UN Data Protection Guidelines[23] were disregarded.

The other threat which could strike Aadhaar data is a “Man-in-the-middle” attack by even the most novice hackers.[24] The very methods and structure of the Aadhaar infrastructure is such that in between the separate communication stages pertaining to Aadhaar number input and biometric verification over the internet, a hacker could divert to other servers, the crucial data being processed in any particular stage.[25]

Therefore, it is most alarming to note that the Tribune newspaper had last year revealed in an exposé that certain urban tech-savvy criminals in Punjab were capable of doing the business of providing access to crucial Aadhaar database for a relatively humble sum of Rs. 500.[26] The most shocking part of the exposé was that the hackers revealed that they had sold such access to more than one lakh different service providers.[27]

Even the Indian government’s computer systems have repeatedly been attacked by foreign hackers on an almost routine basis every year.[28] In 2017-18 alone over 114 government website-related servers were subjected to cyber invasion.[29] Thus, in the background of such weak security record of the government tech infrastructure a citizen might rightly consider his Aadhaar data to be insecure, despite newly added security features in the UIDAI website[30] and repeated assurances by the government.[31]

Most of the government’s claims on success of Aadhaar based economic initiatives such as LPG or PDS access verification, have fallen flat on closer scrutiny. Several reports[32] have found errors and exaggeration in the government’s claims of significant plugging of leakage of subsidies or huge reduction in subsidy burden by Aadhaar implementation, including the CAG’s Report on Implementation of Aadhaar-linked Direct Benefit Transfer in LPG subsidies.[33]

While achieving very little in comparison to the high expectations of the government, the Aadhaar linkage with LPG subsidies, large number of government welfare schemes, as well as the Public Distribution System in select villages has been found to make life difficult for the poor. A phenomenal study[34] by Jean Dreze, et. al, on the implementation of both DBT and Aadhaar verification for access to foodgrains, found that the technical discrepancies made the system so flawed that significant numbers among the poor often had to run pillar to post either to obtain their DBT entitlement or foodgrains under the PDS.[35] Even the most basic issues of low internet and weak mobile connectivity led to miserable delays in obtaining the aforesaid entitlements by the poor.[36] 

Thus, Aadhaar, as an astronomical data project with less-than-satisfactory security and reliability, is thus difficult to defend in both constitutional and practical terms.

Umbrella with holes: Data Protection under the ITA

Any person aggrieved by any data theft or system breach can sue for damages under section 43 of the ITA. The competent authority to decide such complaints is the Adjudicating officer established by different state governments in each state, having pecuniary jurisdiction to decide complaints for damage amounting upto Rs 5 crores. For complaints pertaining to damage beyond Rs 5 crores, the appropriate remedy shall be a regular civil suit. Unfortunately, section 46 of the Act uses the terms “damage”, “injury” and “compensation” interchangeably without regard for the long and rich jurisprudence that finds them to be different concepts.[37]

As per section 46(2) of the Act, the quasi-judicial adjudicating officer may impose penalties, thereby vesting him with some of the powers of a criminal court. The adjudicating officer can award compensation, the quantum of which is to be determined after taking into account factors including unfair advantage, loss suffered and repeat offences. The adjudicating officer may impose penalties for any of the offences described in section 43 of the Act. The law as to the appointment of the adjudicating officer and the procedure to be followed on all adjudications is prescribed by Information Technology (Qualification and Experience of Adjudicating Officers and the Manner of Holding Enquiry) Rules, 2003. Appeals are to be taken up by the Cyber Appellate Tribunal.

Section 43 provides for the following offences:

“(a) accesses or secures access to such computer, computer system or computer network or computer resource;

(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;

(j) steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage.”

In respect of the aforesaid offences, as per section 66, the criminal punishment prescribed is a maximum of three years imprisonment and/or fine of Rs 5 lakhs. The jurisdiction lies with the Judicial Magistrate of First Class and the offence is both cognizable and non-bailable.

The Adjudicating officers have had a mixed record in deciding complaints. In most decisions, they have sought to literally apply the statute to the facts and awarded compensation. There have been at least 47 cases filed before the adjudicating officer in Maharashtra.[38] Of these cases, there are three decisions in which the adjudicating officer particularly interpreted the law relating to privacy.

Vinod Kaushik v. Madhvika Joshi[39] involved misuse of husband’s email access to take away his income details for the purpose of use in maintenance suit filed by the estranged wife. The first decision of the officer was that there was no violation of the Act because the wife had gained access owing to a special personal relationship of trust. On being challenged, in the Delhi High Court, the adjudicating officer finally re-decided that the lack of consent on the part of husband to allow access to his emails for the purpose intended by the wife was key to the case. Thus, it was a violation of the ITA. Delhi High Court, which was moved in appeal because the Cyber Appellate Tribunal was non-functional, upheld the final order in its decision of 27.01.2012.

In Nirmalkumar Bagherwal v. Minal Bagherwal[40] the facts were similar to the Vinod Kaushik complaint. The electronic records of bank account of the complainant was given away to the wife by the bank which was one of the respondents. A greater quantum of compensation was ordered by the adjudicating officer against the respondent bank. It is noteworthy that in its decision, the adjudicating officer reviewed decisions and laws from European Union and USA apart from the relevant consumer protection cases and RBI Master Circular.

Amit D. Patwardhan v. Rud India Chains[41] involved a claim against an employee who had revealed bank account statement of the complainant and other private data of the complainant to rival business before jumping ship. The confidentiality agreement had been violated by the respondent. The complainant specifically argued that his privacy had been violated. While accepting the contentions the adjudicating officer, granted only a token compensation liability on the respondent. The bank had not been made a party to the proceeding.

It is worth noting that the adjudicating officer’s jurisdiction does not extend to matters entailing loss beyond Rs 5 crores. This severely limits the ability of individuals to hold body corporates and governments liable for massive data theft or system breaches. Section 43A of the ITA and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (SPDI rules), do hold body corporates liable for misuse of sensitive personal data or information of users or customers. But this is fruitless in situations such as the one caused by the recent fiasco pertaining to the unauthorised Aadhaar verification for Airtel Payments Bank in which almost Rs 190 crores of subsidies got redirected to newly set up accounts without informed consent of Airtel consumers.[42]

UIDAI fined Airtel Rs. 2.5 crore.[43] However, owing to the quantum of loss being greater than Rs 5 crores, Airtel consumers may not be able to proceed against the company before the adjudicating officers. The rules on jurisdictional issues in relation to wrongdoing spanning across multiple states are also unclear in the SPDI rules. Redundant to add that the Government/government bodies are not within the bounds of either the ITA or SPDI rules.

Interception by governments under ITA

In terms of government interception of digital/electronic communication, the Interception Rules and sections 69 and 69B of the ITA now provide far greater surveillance powers to the Central Government and State Governments (the governments). Experts are unanimous about the fact that these powers are even greater than the powers granted by the Indian Telegraph Act, 1885 (Telegraph Act).[44] The erstwhile Indian Telegraph Act, 1885 had been challenged in PUCL v. Union of India[45] in which the Supreme Court adjudged that the grounds mentioned under section 5(2), namely public emergency, public safety or matters under Art. 19(2) ought to be strictly complied for a valid surveillance order to be made.

The judgement provided that there ought to be a Review Committee consisting of Cabinet Secretary, the Law Secretary and the Secretary, Telecommunication at the level of the Central Government. The Review Committee at the State level shall consist of Chief Secretary, Law Secretary and another member, other than the Home Secretary, appointed by the State Government. The other mandates declare that the total duration of a surveillance order must not exceed 6 months, and the order itself is valid only for two months at a time. The Review Committee can reverse orders and order destruction of material obtained from interception.

The Interception Rules by and large mimic the aforesaid judgement and the Telegraph Act. The only competent authority for passing interception orders under the rules is the Home Secretary to the State government or Union government. Rules 11 and 22 similarly embody the PUCL restrictions on the use of the power. The grounds for ordering interception are defined under section 69 and also include “investigation of offence”, which is a significant departure from PUCL. There are no similar limits to a cyber-monitoring direction under section 69B except that it should be for preventing a “computer contaminant”. Rule 23 also obligates the security agency to destroy records within six months unless necessary for lawful purposes. 

The problems are threefold- firstly, there is no redressal mechanism for citizens to hold the government accountable if the requisite interception powers are used in a manner contrary to the aforesaid ITA and rules; secondly, the destruction of all intercepted data leads information relating to criminal activity to be permanently lost to citizens who may have an interest in obtaining this data under the Right to Information Act; thirdly, there are different thresholds that the government has to fulfil for interception under section 69 and section 69B even though the surveillance activity is, for all practical purposes, equivalent under both sections, thus making these provisions vulnerable to a constitutionality challenge based on Art. 14.

The Ratan Tata[46] writ petition against the Union government for the tapping of phone calls between the industrialist and a lobbyist named Nira Radia, tending to implicate both for shady lobbying for favourable 2G spectrum allocation is yet to be decided.  However, some significant issues are posed by the case. The phone tapping by the Income Tax Dept. may have been legal under the Telegraph Act. Yet, this could be reversed in light of recent KS Puttaswamy[47] judgement granting that right to privacy is a facet of Art. 21.

If the constitutionality of Aadhaar could be struck down on the basis of the same judgement, it is likely that the disproportionately conducted phone tapping could also be declared to be in violation of Art. 21. Alternatively, if the tapping was held legal the fact that the tapes ended up with the media could be construed to be a violation of privacy of Ratan Tata, caused by the government’s failure to comply with the legal duty under the Telegraph Act viz. to maintain security of information obtained from phone tapping.[48]

Conclusion

The Supreme Court in Justice K.S Puttaswamy (Retd.) v. Union of India[49] has decisively held in favour of the right to privacy. Thus, right to privacy, the right to be free and protected from unwanted intrusion into one’s private life, is now a part of right to life and personal liberty under Article 21. It is worth noting that the judgment provides us profound conceptual insights into informational privacy while permitting necessary factual flexibility needed for deciding future disputes. It is definitely a step in the right direction for the apex court to steer public debate and constitutionality assessment of Aadhaar project on the touchstone of informational privacy. Unfortunately, for the astronomical expenditure incurred on the project, the Central Government may not succeed in defending the Aadhaar project because it is gravely vulnerable to any scrutiny based on the privacy test laid down by the Supreme Court. The Central Government’s record in protecting privacy is extremely poor and its Aadhaar project only adds to the existing problems in relation to privacy protection in India.

[1] (2017) 10 SCC 1.

[2] AIR 1954 SC 300.

[3] 1994 SCC (6) 632.

[4] Frost & Sullivan, Lawful Interception: A mounting challenge for service providers and governments https://wikileaks.org/spyfiles/docs/FROSTSULLIVAN-LawfInteA-en.pdf (last visited 14 Feb 2018).

[5] AIR 1997 SC 568.

[6] 1994 SCC (6) 632.

[7] Ronald Abraham, Elizabeth Bennet, et. al., State of Aadhaar Report 2016-2017, Omidyar Network http://stateofaadhaar.in/wp-content/uploads/State-of-Aadhaar-Full-Report-2016-17-IDinsight.pdf (last visited 12 Mar 2018).

[8] Id.

[9] World Bank Group, World Development Report 2016: Digital Dividends, 2-5.

[10] IANS, Aadhaar card projects over Rs.13,000 crore awarded without tenders, The Hindu, 19 Sept. 2015 http://www.thehindu.com/news/national/aadhaar-card-projects-over-rs13000-crore-awarded-without-tenders/article7668321.ece (last visited 12 Mar 2018).

[11] World Bank Group, World Development Report 2016: Digital Dividends, 2-5; Khanna, Tarun, and Anjali Raina; "Aadhaar: India's 'Unique Identification' System." Harvard Business School Case 712-412, January 2012. (Revised September 2012.); Amrit Raj, Aadhaar goes global, finds takers in Russia and Africa, LiveMint 19 Jul 2016 http://www.livemint.com/Politics/UEQ9o8Eo8RiaAaNNMyLbEK/Aadhaar-goes-global-finds-takers-in-Russia-and-Africa.html (last visited 12 Mar 2018).

[12] Prasanta Sahu, DBTL weeds out 3 crore bogus LPG connections, Financial Express, 27 April 2015 http://www.financialexpress.com/economy/dbtl-weeds-out-3-crore-bogus-lpg-connections/67103/ (last visited 12 Mar 2018).

[13] PTI, Aadhaar helped cancel 3 crore fake, duplicate ration cards: Minister, Indian Express, 26 Feb 2018 http://indianexpress.com/article/india/aadhaar-helped-cancel-3-crore-fake-duplicate-ration-cards-minister-5079183/ (last visited 12 Mar 2018).

[14] UNICEF, Why is birth registration important? http://unicef.in/Story/365/Why-is-birth-registration-important (last visited 12 Mar 2018); World Bank Group, World Development Report 2016: Digital Dividends, 2-5; Khanna, Tarun, and Anjali Raina; Jose Ragas, The Silent Revolution: How Id Cards are Changing the World, Harvard International Review, 38(2), 24-27.

[15] Ruchi Gupta, Justifying the UIDAI: A Case of PR over Substance? Economic and Political Weekly, Vol. 45, No. 40 (OCTOBER 2-8, 2010), pp. 135-136.

[16] (2014) 6 SCC 433.

[17] Prof. Jayanth R Varma, Why Aadhaar Transaction Authentication is like signing a blank paper, faculty.iima.ac.in/~jrvarma/blog/index.cgi/Y2017-18/adhaar.html (last visited 12 Mar 2018).

[18] Prof. Jayanth R Varma, Why Aadhaar Transaction Authentication is like signing a blank paper, faculty.iima.ac.in/~jrvarma/blog/index.cgi/Y2017-18/adhaar.html (last visited 12 Mar 2018).

[19] Suranjana Roy, Aadhaar biometric data breach triggers privacy concerns, LiveMint, 25 Feb. 2017  http://www.livemint.com/Industry/IKgrYL5pg3eTgfaP253XKI/Aadhaar-data-breach-triggers-privacy-concerns.html (last visited 12 Mar 2018).

[20] Id.

[21] Suranjana Roy, Aadhaar biometric data breach triggers privacy concerns, LiveMint, 25 Feb. 2017  http://www.livemint.com/Industry/IKgrYL5pg3eTgfaP253XKI/Aadhaar-data-breach-triggers-privacy-concerns.html (last visited 12 Mar 2018).

[22] Anand Venkatanarayanan and Srikanth Lakshmanan, Aadhaar Mess: How Airtel Pulled Off Its Rs 190 Crore Magic Trick, The Wire https://thewire.in/206951/airtel-aadhaar-uidai/ (last visited 14 Feb 2018).

[23] UN Guidelines for the Regulation of Computerized Personal Data Files, General Assembly resolution 45/95 of 14 December 1990.

[24] Nethanel Gelernter, Senia Kalma, et. al, The Password Reset MitM Attack, accessible at: https://www.ieee-security.org/TC/SP2017/papers/207.pdf (last visited 12 Mar 2018).

[25] Nethanel Gelernter, Senia Kalma, et. al, The Password Reset MitM Attack, accessible at: https://www.ieee-security.org/TC/SP2017/papers/207.pdf (last visited 12 Mar 2018).

[26] Rachna Khaira, Rs 500, 10 minutes, and you have access to billion Aadhaar details, 4 Jan 2018,

http://www.tribuneindia.com/news/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details/523361.html (last visited 12 Mar 2018).

[27] Id.

[28] PTI, Over 22,000 Indian websites hacked between April 2017-Jan 2018, LiveMint http://www.livemint.com/Politics/KPLenpHmMKDwQvVlNRbgWI/Over-22000-Indian-websites-hacked-between-April-2017Jan-20.html (last visited 12 Mar 2018);PTI, 33,531 cyberattacks in India in 2014-16, LiveMint http://www.livemint.com/Politics/EsLu5w25R9oZY0cxys2ldK/33531-cyberattacks-in-India-in-201416.html (last visited 12 Mar 2018).

[29] Id.

[30] Aadhaar: Security Concerns Linger, BloombergQuint, 4 Jan 2018 https://www.bloombergquint.com/in-the-news/2018/01/04/aadhaar-security-concerns-linger (last visited 12 Mar 2018).

[31] Id.

[32] Kieran Clarke, Shruti Sharma, et. al., Ghost savings: Understanding the fiscal impacts of India’s LPG subsidy, http://www.iisd.org/blog/ghost-savings-understanding-fiscal-impacts-indias-lpg-subsidy (last visited 12 Mar 2018); Jean Drèze, Dipa Sinha, et. al., Ration Bachao: Why do Protesters in Ranchi Want Food not Cash? 1 March 2018 http://www.epw.in/engage/article/ration-bachao-why-do-protesters-in-ranchi-want-food-not-cash

[33] Report of the Comptroller and Auditor General of India on Implementation of PAHAL (DBTL) Scheme (Pratyaksh Hanstantrit Labh Yojana), Union Government (Commercial) Ministry of Petroleum and Natural Gas Report No. 25 of 2016 (Compliance Audit), accessible at:

http://www.cag.gov.in/sites/default/files/audit_report_files/Union_Commercial_Compliance_Full_Report_25_2016_English.pdf (last visited 12 Mar 2018).

[34] Jean Drèze, Reetika Khera, et. al., Aadhaar and Food Security in Jharkhand: Pain without Gain?, 16 Dec 2017, Economic & Political Weekly.

[35] Id.

[36] Jean Drèze, Reetika Khera, et. al., Aadhaar and Food Security in Jharkhand: Pain without Gain?, 16 Dec 2017, Economic & Political Weekly.

[37] State of Gujarat v. Shantilal Mangaldas AIR 1969 SC 634; Ranbir Kumar Arora v. State of Haryana, AIR 1983 P&H 431.

[38] Adjudicating Officer’s orders – http://it.maharashtra.gov.in/1089/IT-Act-Judgements (visited on 30 September 2017).

[39] Rajesh Aggarwal, Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra, 10.10.2011.

[40] Rajesh Aggarwal, Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra, 26.08.2013.

[41] Rajesh Aggarwal, Adjudicating Officer, ex-officio Secretary, IT Government of Maharashtra, 15.04.2013.

[42] Anand Venkatanarayanan and Srikanth Lakshmanan, Aadhaar Mess: How Airtel Pulled Off Its Rs 190 Crore Magic Trick, The Wire https://thewire.in/206951/airtel-aadhaar-uidai/ (last visited 14 Feb 2018).

[43] PTI, Airtel deposits ‘interim penalty’ of Rs 2.5 cr with UIDAI, The Hindu https://www.thehindubusinessline.com/money-and-banking/airtel-deposits-interim-penalty-of-rs-25-cr-with-uidai/article9996332.ece (last visited 14 Feb 2018).

[44] Frost & Sullivan, Lawful Interception: A mounting challenge for service providers and governments accessible at: https://wikileaks.org/spyfiles/docs/FROSTSULLIVAN-LawfInteA-en.pdf (last visited 14 Feb 2018).

[45] AIR 1997 SC 568.

[46] Writ Petitions (C) No. 398 Of 2010 With No. 16 Of 2011.

[47] Writ Petition (Civil) No. 494/2012.

[48] §§23 & 24, Indian Telegraph Act, 1885. 

[49] 1994 SCC (6) 632.

ROLE OF LEGAL DEPARTMENT…

In today’s corporate world, the concept of Corporate Governance has attained substantial prominence for systematic and well-organized management of day to day corporate affairs and complying with legal and regulatory necessities.

It is universally known that nowadays, Corporate Governance is at the heart of the corporate management and has the power to dictate the success or failure of a company in so far as complying with the legal obligations, achieving business objects and ultimately reaching the targeted financial projections.

As a result, more and more companies are enunciating their Corporate Governance policies and procedures of its own delineating the protocols to be adhered for:

·        The administration of the company affairs;

·        Effective dispensing of company’s business operations;

·        Dealing with the conduct of company personnel (e.g., Prevention of Sexual Harassment at work);

·        Handling client management; and

·        Complying with rules and regulations formulated by the government and regulatory authorities.

While formulation of the Corporate Governance policies and procedures is one side of the coin, numerous companies are despondently dwindling in austere execution of the Corporate Governance policies and procedures.

What is the reason for certain companies’ failure to maintain or comply with the Corporate Governance standards?

The fundamental reason for certain companies’ dismal performance in preserving and complying with the Corporate Governance standards and ending up paying hefty price for non-compliance in the form of penalties is either not having a legal department in the organization structure or engagement of inefficient personnel in the company legal department.

Certain companies blatantly ignore the importance of the legal department and engagement of qualified legal and compliance professionals on board to ensure effective and efficient compliance with the legal, compliance and regulatory requirements. They tend to be penny wise and pound foolish and fail to do the cost – benefit analysis.

Such companies, however, do not grasp the importance of legal department (which plays strategic character in companies’ compliance with legal and regulatory requirements) until they end up getting punished by way of penalty and facing court proceedings as a consequence of non-compliance with mandatory legal and regulatory requirements.

Why is it very important for a company to have legal department with qualified professionals?

We are witnessing numerous instances of companies’ failure to comply with the legal and regulatory requirements and frauds committed by certain corporations. As a consequence, most of the companies face hefty penalties and prosecution for violating laws and end up as defunct companies, some even defrauding banks, shareholders, creditors and the economy at large.

Recently, in a major crackdown, the Indian government declared companies (2.26 lakhs) as defunct companies for non-compliance with mandatory legal and regulatory requirements imposed on these companies by the law. This shows the magnitude of the consequences that a company has to face for ignoring the obligation of compliance with legal and regulatory requirements.

Most of these companies overlooked the consequences for non-compliance with laws as a result wrecked up disqualified to conduct its business operations and guilt less independent directors barred from acting as directors for no fault of them. It is evident that if these companies entrusted competent legal and compliance professionals, they could have avoided the embarrassment of garnering the status of defunct companies. Now, many among the disqualified companies are seeking relief and condonation from the government.

Further, Indian government is also intensifying laws to stringently deal with the companies continuously falling short of complying with the mandatory legal and regulatory requirements.

Considering all this, one cannot undermine the critical role that a competent legal department could play in ensuring compliance with the laws and regulatory requirements.

Role of Legal Department in formulation and Implementation of Company Corporate Governance and other polices:

An effective execution of the Corporate Governance and related policies involves two parts:

Formulation:

·        It is very important to articulate strong corporate policies concerning Corporate Governance and other key protocols to ensure company complies with all of its legal, business and financial commitments.

·        The primary aspect in formulating the policy should be to employ a team of legal and compliance personnel who would be competent and qualified.

·        Such legal team will consult all the stakeholders involved (legal, business and finance team) and incorporate all the representations received from them in the draft policy.

·        Legal team will review and fine tune the policies covering interests of all stakeholders and protecting company’s business interest and ensure that such policy is in line with the objectives of the laws of the nation.

Implementation:

·        Articulating a strong Corporate Governance and other related polices will not by itself serve the objective for which such policies are enacted.

·        Proper implementation of such polices is equally important to ensure that objective of the policies is accomplished in veracity and to ensure that such polices won’t end up as paper presentation.

·        Legal and compliance team will play mammoth role in enunciation and austere implementation of company policies.

·        Legal and compliance team will be responsible to ensure that:

1.      Company policies are implemented in a well-organized manner to make certain that company is complying with all existing laws and regulatory regulations without fail.

2.      All the personnel of the Company are complying with the company internal policies and procedures.

It is evident that the legal department is the knight in shining armor of the Company for articulating company polices and well-organized execution of such polices without fail aiding companies to comply with mandatory legal and regulatory commitments without default.

Functions of a legal department in a company from the Corporate Governance aspect:

The legal department of a company is responsible to:

·        Make certain company is complying with existing laws and regulations without flop.

·        Educate the company management about cutting-edge development of laws and consequences for botch to comply with such laws.

·        Articulate company policies and procedures with the objective to inculcate the elements of accountability and responsibility into the organization workflow.

·        Provide sound legal advice to the company and its personnel in relation to any legal and compliance transaction and guide them in right path to preserve clean Corporate Governance standards within the organization.

·        Maintain all legal, financial and business records of the company up to date with clean and spotless information to prevent any violation of laws and leaving no latitude for any fraudulent deeds within the organization.

·        Conduct workshops on the importance of compliance with the existing laws and regulations along with internal policies and procedures to all departments of the company.

·        Build a robust mechanism to identify the fraudulent intent of any company personnel at grass root level and ensure that such personnel getting punished for bad vices and no longer working in the company or any other company.

Right mix of talent and experience:

·        Most of the companies do not pay attention to the importance of employing competent and qualified legal professionals. This is a dangerous practice that needs to be changed to catch up with the ever changing landscapes of the legal and compliance field.

·        As a consequence, such companies willingly or unwillingly one way or the other join the bandwagon of the default or defunct companies for violation of laws which is a bad omen for the reputation and business of such companies and the country at large.

·        It is thus very important for every company to comply with legal and regulatory commitments to employ a legal / compliance department with right mix of talented and experienced professionals and allocate adequate funds to run the legal department without any glitches.

·        Such team should service the companies in the best possible way to fulfil their legal and compliance commitments and salvage the company a lot of time, money and most importantly the humiliation from getting punished for violation of the laws.

Conclusion:

It is evident that every company needs to employ well organized and equipped legal and compliance department to maintain the Corporate Governance standards mandated by the law. It is also responsibility of the government and legal fraternity to educate companies about the prominence of the employing good Corporate Governance practices.

No company should ignore the strategic role that the legal / compliance department will play in a company’s ability to successfully comply with the laws and regulations of the nation and effective implementation of company’s internal and external policies and procedures.

To conclude, a legal department comprising of competent, talented and qualified professionals in the armor of company to guide the company in right direction and ensure that company complies with all relevant laws and salvage the company from the humiliation of facing the punishment for non-compliance with violation of laws.

Tackling the menace…

Cybercrime is defined as a crime in which an electronic device is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes, etc.).


These days, too many people and organisations are becoming victims of cyber-crimes. Cyber attackers/hackers are opting cyber-hacking as a weapon to generate easy money in single stroke without much hassle by hacking and intruding into personal data of persons, companies and government agencies using virus such as ransom virus.


As a consequence, common people feel that no data or information is safe in this digitalized world which is terrorized by the cyber criminals.


According to the official reports 1, 44,496 cyber security attacks observed in the country during 2014-16 period.  5,693, 9,622 and 11,592 cyber-crime cases were registered during 2013, 2014 and 2015 respectively.


Tremendous upsurge in the utility of computers, smart phones and internet by citizens and lack of knowledge amid most of citizens on the aspect to safe guard their data and information is considered as the major component that contributed to raise in cyber-crime cases.


These official statistics expose the imminent need to take certain immediate measures to build a robust cyber mechanism in place which will be well armored and equipped with right tools to hunt down the cyber criminals.


In order to sternly deal with cyber criminals who are habituated to commit cyber-crimes such as financial frauds, circulation of communal and pornographic contents, the Central Government is deliberating to establish an Indian cyber-crime coordination centre in Delhi - with the underlying intent to repose the lost confidence of common man about the safety of data or information stored in cyberspace.


States governments are also mandated to establish State cyber-crime coordination cells at the headquarter-level and also establish district cyber-crime cells.


Central government has further allocated funds to constitute a cyber-forensic laboratory-cum-training centre for police officials in each state.


As a part of its efforts to eradicate (or at lease reduce and minimize) cyber-crimes Central Government will preserve a list of suspects and the leads generated via cyber-crime cases investigations and share such list with law enforcement agencies.


Going forward, cyber hackers need to be aware of the hefty price they are going to pay for committing cyber-crimes as Central government will initiate stringent action against such hackers and websites which contravene India's laws and circulate child porn, and communally and racially sensitive content.


It is hoped that with the establishment of the Indian Cyber Crime Coordination Centre at Central level and associated bodies at State level will strengthen the cyber mechanism in the country and punish the cyber criminals with stringent punishment – ultimately triumph the end objective (i.e to make common man feel confident again that the data or information owned by them in cyberspace is secure, safe and free of cyber threats).


Research and inputs by Paruchuri Baswanth Mohan

Contact Us



New Delhi, Delhi, India

Call us : 9811336533

E-mail : bhumesh.verma@corpcommlegal.com