[By Aditya Anand]
The author is a Third Year student at NLU, Delhi. He can be reached at aditya.anand16@nludelhi.ac.
Towards the end of 2017, Reuters published a news report[i] in which it claimed that three days before Dr Reddy’s Laboratories Ltd announced quarterly results, a message was circulated on the popular social media platform, ‘WhatsApp’, stating that the company would be reporting a loss which in time proved to be true. In furtherance to the above-made claim, it named at least 12 more companies in which prescient numbers related to their financial results, and due for announcement were shared by the users on some of the WhatsApp groups. These 12 companies involved names like – HDFC Bank, Axis Bank, Tata Steel, Mahindra Holidays, to name a few[ii].
This lead to Securities and Exchange Board of India (“SEBI”) conducting an investigation which led to a search being conducted on 31 brokers and analysts in Mumbai, Delhi and Bangalore, by a team of 70 SEBI officials and they ended up seizing devices such as mobiles, laptops, computers and other documents with the intention of accessing the WhatsApp and other social media accounts, as well as the data that was stored in these devices.[iii]
This was done because the leakage of the figures which were not yet declared by the Company, fell under the category of ‘unpublished price sensitive information’ and was in contravention of Regulation 3 of the Prohibition of Insider Trading Regulations, 2015 which states that no insider shall communicate, provide or allow access to any unpublished price sensitive information, relating to a company or its securities unless it is in furtherance of legitimate purposes, performance of duties or for discharging of legal obligations.[iv]
Further Section 12A (d) and (e) of the SEBI Act[v] bars any person from indulging in insider trading and dealing with securities while being in possession of material or non-public information and also bars the person from communicating such information.
Thereby, SEBI conducted an inquiry in this matter and even asked WhatsApp to share the specific data[vi], which was required in order to trace the origin of such messages that allegedly contained the Unpublished Price Sensitive Information and was crucial for the market regulator, in order to further its investigation. To SEBI’s disappointment, WhatsApp declined the same, citing its privacy policy[vii]. This entire incident was labelled as the ‘WhatsApp Leak Case’, but the real question that arises is whether this seizure of smart-phones can be justified or not, especially with the emerging jurisprudence of data security and privacy.
The seizure of smartphones can be termed as a violation of the Fundamental Rights granted under Part III of the Constitution. Many experts argue that there is an urgent need to ensure that the privacy of the citizens is accorded and respected especially in this new and ever-growing era of cyberspace. The same has been opined by the Supreme Court in the case of Justice K.S. Puttaswamy (retd) and Anr v Union of India[viii] where the court opined that, ‘The existence of zones of privacy is felt instinctively by all civilized people, without exception. The best evidence for this proposition lies in the panoply of activities through which we all express claims to privacy in our daily lives. We lock our doors, clothe our bodies and set passwords to our computers and phones to signal that we intend for our places, persons and virtual lives to be private.[ix]’ In the same case, the Supreme Court held that the right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21[x] and is guaranteed by the Part III of the Indian Constitution.
Various legal systems around the world have prevented the attempt to extract such passwords or to gain access to the personal devices as an invasion of privacy and the United States Supreme Court in the case of Riley v California[xi] held that ‘a cell phone is unlike a physical lock box and is in a sense the extension of the person to whom it belongs as it is a vast repository of information pertaining to its owner.[xii]’ Therefore in the light of emerging jurisprudence relating to privacy, SEBI’s power to seize smart-phones and other electronic devices can be questioned.
In addition to that, in the case of Indian Council of Investors v Union of India[xiii], SEBI had asked for the Call Data Records and the details related to the location of the towers from the telecom service providers in order to investigate a matter. The same was challenged but however, allowed by the Bombay High Court with a caveat that such a power should be used ‘carefully’[xiv] as it can lead to a situation wherein the privacy of a citizen can be compromised and stated that certain safeguards should be there in order to ensure the same.
Talking about another Constitutional Law facet, Article 20 (3)[xv] guarantees protection against self-incrimination which basically means that no man, not even the accused can be compelled to answer any question, which may tend to prove him guilty of any crime, he is accused of. The concept of ‘personal knowledge’ was introduced in the case of State of Bombay v Kathi Kalu Oghad[xvi] and applying the same concept, it can be asserted that passwords, pass-codes etc. required in order to unlock such devices can be said to be a part of the personal knowledge of any given person, which he or she is not required to divulge during the course of investigation.
But the real issue that exists is the absence of proper statutory framework, for the purpose of regulating the conduct of the social media platforms as observed by the Delhi High Court in the case of Karmanya Singh Sareen and Ors v Union of India[xvii]. Later the Supreme Court also constituted a committee of experts in the same case, under the leadership of Justice B.N. Srikrishna, to identify key data protection issues in India and to recommend methods for addressing the same. It submitted the report in the month of August 2018 and stated that collection, recording, analysis, disclosure of personal data should be done only for ‘clear, specific and lawful’ purposes[xviii], which was a vague standard to set.
In conclusion, it can be said that the policymakers should understand that the interest of the market regulator, as well as the individuals, should be balanced and if SEBI succeeds in extracting the information from WhatsApp or the cell phones, then it would lead to an extremely problematic jurisprudence in the data security realm. SEBI has the power to protect the interests of investors, backed by Section 11 of the SEBI Act[xix] but at the same time, it has to form its Regulations in such a way that they are not in contravention to the Constitutional safeguards.
[i] Rafael Nam, ‘Prescient Messages About Indian Companies Circulate in WhatsApp Groups’ Reuters <https://in.reuters.com/article/india-whatsapp/exclusive-prescient-messages-about-indian-companies-circulate-in-whatsapp-groups-idINKBN1DG0IQ > Last Visited on 24 March 2019
[ii] ibid
[iii] Jayshree P.Upadhyay, ‘SEBI Conducts searches on 31 Brokers’ LiveMint <https://www.livemint.com/Money/8jq7gLVsDMeF9Cku5OUYQO/Sebi-conducts-searches-on-31-stockbrokers-in-WhatsApp-leak-c.html > Last Visited on 24 March 2019
[iv] Prohibition of Insider Trading Regulations, 2015, Regulation 3
[v] Securities and Exchange Board of India Act, 1992
[vi] Pavan Burugula, ‘WhatsApp Refuses to Share User-Specific Data With SEBI’ Business Standard <https://www.business-standard.com/article/technology/whatsapp-refuses-to-share-user-specific-data-with-sebi-118030100069_1.html> Last Visited on 24 March 2019
[vii] ibid
[viii] Justice K. S. Puttaswamy (Retd.) and Anr. vs Union Of India And Ors., (2017) 10 SCC 1 (India)
[ix] ibid
[x] Constitution of India, Article 21
[xi] Riley v. California, 134 S. Ct. 2473, 2477 (2014) (U.S.)
[xii] ibid
[xiii] Indian Council of Investors v. Union of India & Ors. ,(2014) 123 CLA 267 (India)
[xiv] ibid
[xv] Constitution of India
[xvi] State of Bombay v. Kathi Kalu Oghad, 1962 SCR (3) 10 (India)
[xvii] Karmanya Singh Sareen And Anr. v. Union Of India, (2017) SCC Online SC 434 (India)
[xviii] Sushovan Sircar & Vakasha Sachdev , ‘Key Highlights From Srikrishna Committee Report on Data Protection’ The Quint <https://www.thequint.com/news/india/key-highlights-from-srikrishna-committee-report-on-data-protection > Last Accessed on 24 March 2019
[xix] Securities and Exchange Board of India Act, 1992
Very ցοod info. Lucky me I found your blog by ϲhance (ѕtumbleupon).
I have bookmarked it for later!
Exceptional post however , I was wondering if yⲟu could ԝrite a litte more on this subject?
I’d be very thankful if you could elaƅorate a little bit mοre.
Many thanks!