Bench Memorial Slcu National Moot 13 2023 BM

SCC Online Web Edition, © 2024 EBC Publishing Pvt. Ltd.
Page 1 Monday, January 22, 2024

Printed For: Sanika Sunil, The National University of Advanced Legal Studies
SCC Online Web Edition: http://www.scconline.com
© 2024 EBC Publishing Pvt. Ltd., Lucknow.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
13th SLCU National Moot, 2023

Bench Memorial
In the Supreme Court of Kennedy

Original Jurisdiction
Writ Petition (Civil) Nos. 172/2022 & 102/2022
Socialistic Liberal Party … Petitioner;
Versus
Union of Kennedy … Respondent.
Petition Under Article 32 of the Constitution of Kennedy
Connected With
Civil Appellate Jurisdiction
Civil Appeal No. 153/2022
Bluetick … Appellant;
Versus
Competition Commission of Union of Kennedy …
Respondent.
Appeal Under Section 53T of the Competition Act, 2002
Bench Memorial for Petitioner
ISSUES:
1. Whether Sections 8, 18, 19 and 22 of the Digital Personal Data
Protection Act, 2022 is Violative of Fundamental Rights Enshrined
in the Constitution of Union of Kennedy?
2. Whether the Government Violated the Fundamental Rights Laid
Down in the Constitution of Union of Kennedy by Employing the
Unicorn Software?
3. Whether Bluetick should have made Available an Opt-Out of
Sharing Data with the Parent Company Option without Having
Users to Let Go of their Services?
4. Whether the Terms and Conditions of the Recent Update by
Bluetick Violate the Provisions of the Competition Act, 2002?
SUMMARY OF ARGUMENTS
˜Issue 1˜
Section 8 of the Digital Personal Data Protection Act, 2022
(hereafter, DPA, 2022) deals with processing of data upon deemed
consent based on the general grounds of public order, public interest.
These grounds and the residuary clause which protects legitimate
interests of data fiduciaries are vague and overbroad rather than
narrowly tailored. They also lack procedural safeguards. Thus, making
-----------------------------------------------------------------------------------------------------------------------------------------------------------
them violative of ‘procedure established by law’ under Art. 21, the right
to privacy and the standard of proportionality as laid down in
Puttaswamy. Blanket exemptions from general duties of a data fiduciary
to State, its instrumentalities and notified data fiduciaries under Sec.
18 also are devoid of procedural safeguards and are manifestly
arbitrary. Differential treatment of the State from private entities does
not satisfy Art. 14- test of reasonableness. Further, the Data Protection
Board, established as a quasi-judicial body under the DPA, 2022 does
not enjoy sufficient independence from the Executive violating the
doctrine of excessive delegation as well as separation of powers which
is a basic feature of the Constitution of Kennedy. Thus Sections 8, 18,
19 and 22 are violative of Fundamental Rights enshrined in the
Constitution of Union of Kennedy.
˜Issue 2˜
The use of the zero click spyware software ‘Unicorn’ as a surveillance
tool by the government patently violates citizens' fundamental right of
privacy and fundamental freedoms under Arts. 21 and 19 of the
Constitution of Kennedy respectively. Restrictions on privacy are only
permissible if they are necessary and proportionate to achieve the
State's legitimate purpose and are provided for in law with a just
procedure. The disproportionate, illegal, or arbitrary use of spyware, like
Unicorn, for surveillance violates the right to privacy (and dignity),
undermines freedom of expression and association by creating a chilling
effect and threatens personal security and lives of citizens.
˜Issues 3 & 4˜
Acanti through its recent Update of privacy policy does not expand
its ability to share data with Bluetick and the said update only intends
to provide users with further transparency about how WhatsApp
collects, uses and shares data. Collection of basic personal information
of data principals for legitimate interests of the data fiduciary and for
the limited purpose of regular operations is also authorised under the
DPA, 2022. Therefore, there is no legal obligation to provide for the “opt
out of sharing data” option. Acanti does not enjoy dominance in the
relevant market of “personal social media networks” due to there being
high number of competitors and no entry barriers in spite of Acanti
enjoying a level of network effects. Thus, there is no contravention of
Sec. 4 of the Competition Act, 2002 (CA, 2002)
ISSUE I
SECTIONS 8, 18, 19 AND 22 OF THE DIGITAL PERSONAL DATA
PROTECTION ACT, 2022 IS VIOLATIVE OF FUNDAMENTAL
RIGHTS ENSHRINEDIN THE CONSTITUTION OF UNION OF
KENNEDY
1.1. SECTION 8 OF THE ACT VIOLATES THE FUNDAMENTAL RIGHTS UNDER
ARTICLES 14 AND 21 OF THE CONSTITUTION
-----------------------------------------------------------------------------------------------------------------------------------------------------------
1. Section 7 of the Digital Personal Data Protection Act, 2022 (the

DPA, 2022), necessitates express and unambiguous consent of the data
principal for the processing of personal data by the data fiduciaries.
However, simultaneously the Act under Sec. 8 provides for an inclusive
list of circumstances when such consent may be ‘deemed’ to be given,
for necessary processing of data. Under Section 8 (1), an individual's
consent is said to be ‘deemed’ where the individual, without actually
giving consent, voluntarily provides personal data to a data fiduciary
and where it is reasonable that the individual would voluntarily provide
such data.
2. While the necessity of deemed consent in legitimate cases, such
as in the protection of vital interests (of life or health, etc.) or for legal
compliance is not contested and though the ‘Explanatory Note to the
DPA, 2022’1 states that “clearly defined situations where insisting on
consent would be counterproductive have been listed under the
Deemed Consent provision in the [Act]”, Sec. 8 is violative of Articles
14 and 21.
A. Section 8 does not satisfy the reasonable classification test
under Article 14
3. The impugned Section does not satisfy the twin test under Article
14. This test was laid down in the Budhan Chaudhary v. State of Bihar,
2 which provides that : (1) the classification proposed in the legislation
must be founded on intelligible differentia and that, (2) there must be

a close nexus between the classification and the object of the Act.
4. The State is empowered to process data on deemed consent for
providing a service under Sec. 8(2). Thus, in the case of commercial
services, public sector entities (which are part of the State) are treated
differently from their private sector counterparts. There is no intelligible
differentia and such a classification has no rational nexus to the
objective of the DPA, 2022, which is “to provide for the processing of
digital personal data in a manner that recognizes both the right of
individuals to protect their personal data and the need to process
personal data for lawful purposes”.
5. Additionally, the residuary clause of Sec. 8 sets deemed consent
as the standard where the legitimate interests of the Data Fiduciary
outweigh any adverse effect on the rights of the Data Principal; this
provision is patently arbitrary.
B. Public interest clause is undefined and overbroad
6. Sec. 8(8) provides for an inclusive definition of “public interest”,
enumerating grounds upon which personal data can be processed
without consent; such grounds include -mergers & acquisitions and
corporate restructuring, credit scoring, search engine optimisation and
recovery of debt. The above-mentioned circumstances fail to establish a
-----------------------------------------------------------------------------------------------------------------------------------------------------------
reasonable or tenable connection with public interest; rather these

circumstances prioritize the economic value of collection and analysis of
big data over individuals' privacy rights. Furthermore, the definition of
public interest under Sec. 2(18)3 does not include any of the above
circumstances.
7. Considering that, the Act discards a valid categorisation and
differential treatment of sensitive personal data, critical personal
information like caste, race or ethnic background, sexual orientation,
genetic, health and financial information can be collected without
consent, which could lead to detrimental effects. For instance, Sec. 8(7)
gives employers the authority to process sensitive information of the
data principal without express consent.4 If employers can obtain broad-
based consent to process such sensitive information of their employees,
it may lead to unfettered workplace discrimination based on gender,
sexual orientation, caste and religious minority.
C. Inadequate procedural safeguards violate Article 21 of the
Constitution
8. In Justice K.S. Puttaswamy v. Union of India5 while recognising
the right to privacy as a fundamental right under Article 21 of the
Constitution, it additionally introduced the requirement of
‘proportionality’. The four - pronged proportionality test, now
concretized by Anuradha Bhasin v. Union of India6 , is as follows : (1)
Legitimacy of State purpose, (2) Presence of rational nexus, (3)
Availability of a less intrusive measure and (4) Proportionality between
the right infringed and the purpose sought to be achieved.
9. The Puttaswamy case has clearly prescribed for a requirement of
‘narrow tailoring’ of a law infringing the right to privacy, i.e., the law
must be framed restrictively to achieve its stated objective.7
10. As per Section 6 of the DPA, 2022, the data fiduciary is obligated
to furnish an itemized notice (notification) containing a description of
personal data aimed to be collected and the purpose of processing of
such personal data.8 This notice does not include intimation of with
which third parties the data will be shared, the duration for storage and
whether it will be transferred to other countries.
11. Sec. 8 being borrowed from Singapore's Personal Data Protection
Act, 2012, lacks adequate procedural safeguards.9 Firstly, unlike its
counterpart, data fiduciaries under the DPA, 2022 are not under any
direction or obligation to as soon as is practicable, notify the individual
of the collection, duration of storage, use or disclosure, opt out option
and the purpose for the such processing of data on deemed consent. In
absence of these circumscribing safeguards the data principal is left
outside the ambit of grievance redressal as well. Secondly, there is no
provision for the withdrawal of consent for non-consensual processing.
12. Therefore, Sec. 8 grants primacy to the interests of data
-----------------------------------------------------------------------------------------------------------------------------------------------------------
fiduciaries in processing data for reasonable and fair purpose while

undermining individual rights and interests and fails the test of
proportionality and procedural due process.
1.2. SECTION 18 - BLANKET EXEMPTIONS FROM GENERAL DUTIES OF A
DATA FIDUCIARY TO STATE, ITS INSTRUMENTALITIES AND NOTIFIED
DATA FIDUCIARIES
13. Under the DPA, 2022, data fiduciaries are subjected to certain
obligations such as : (i) notifying the purpose of data collection, (ii)
ensuring accuracy and completeness of the processed data and
ensuring that it is not misleading, (iii) non retention of data beyond the
necessary period; (iv) grievance redressal and (v) Fiduciaries are
required to report personal data breaches to the data principal and the
Board.10 However, data fiduciaries are exempted from these obligations
(esp. purpose limitation and non-retention) while processing personal
data “in the interest of prevention, detection, investigation or
prosecution of any offence or contravention of any law”11 .
14. Section 18(2) empowers the Central government to exempt “any
instrumentality of the State” from the applicability of the Act without
defining ‘instrumentality’, a term which has been liberally interpreted
by the judiciary in the past. As per Sec. 18(4), these instrumentalities
of state are also exempt from the requirement of purpose limitation,
i.e., erasure of personal data after its purpose has been fulfilled.
Further, Section 18(3) gives the Central Government the power to
notify certain Data Fiduciaries to whom the “notification provision”12
and purpose limitation provisions will not apply.
15. The Act provides these exemptions without any kind of
parliamentary or executive oversight or judicial authorisation. For
example, under the joint reading of the Indian Telegraph Act, 1885 and
Rules, 1951 interception of telephone calls in the interest of national
security only upon an order by the Home Secretary of the central or
state government. These intercepted records have also to be destroyed
within six months.
16. These broad exemptions are devoid of any procedural
safeguards. It implies that a fiduciary may collect more data than
necessary and allows the data fiduciaries (including the government) to
arbitrarily retain data for an indefinite period of time. It is also a plain
violation of the data principal's right to erasure and the right to
be forgotten -rooted in the data principal's autonomy over
personal information. This right has been recognised as concomitant
to the fundamental right to privacy by several High Courts13 and the
Apex Court in Puttaswamy when it observed that when an individual
no longer wants his data to be processed or stored, he should be able
to remove it from the system. People change with time and they should
-----------------------------------------------------------------------------------------------------------------------------------------------------------
be allowed to determine a new path and thus, they should not be

forever associated with expressing their views.
17. In a similar vein, The Supreme Court in Puttaswamy- II14 ,
struck down a regulation that allowed the UIDAI to retain certain
transaction data for a period of five years. The bench noted the
disproportionate nature of the provision and recognized that it affected
the citizens' “right to be forgotten”.
A. Section 18 is violative of the Articles 14 and 21
18. The Apex Court in Shayara Bano v. Union of India15 held that the
two dimensions of Article 14 in its application to legislation and
rendering legislation invalid are (a) discrimination, based on an
impermissible or invalid classification and (b) excessive delegation of
powers- conferment of uncanalised and unguided powers on the
executive, whether in the form of delegated legislation or by way of
conferment of authority to pass administrative orders—if such
conferment is without any guidance, control or checks, it is violative of
Art. 14 of the Constitution.
19. The substantive law as laid down in Section 18 of the Act is
violative of Art. 21 lacking the necessary procedural safeguards as
settled in Maneka Gandhi v. Union of India16 , wherein it was stated that
“procedure which deals with the modalities of regulating, restricting or
even rejecting a fundamental right falling within Article 21 [must] be
fair, carefully designed to effectuate, not to subvert, the substantive
right itself” and the “procedure' must rule out any thing arbitrary.” The
provisions empower the Executive with the last say in who protects the
fundamental rights of the citizens and who is allowed to infringe it. The
legislature, in a sense, has authorised the Central Government to do
something which it might do itself. Such delegation is unwarranted and
unconstitutional and exceeds the limits of permissible delegation.
20. Exempting the State from general obligations under Section 9,
which includes taking reasonable safeguards to prevent data breaches,
or Section 10, which provides for the protection of children in relation to
data processing, bears no rational nexus to the object of preventing
public disorder or maintaining national security. As per Section 18(4),
instrumentalities of the State are specifically and indiscriminately
exempt from the requirement of ‘purpose limitation’, i.e., erasing
personal data after its need has been fulfilled as impugned above. The
DPA, 2022 assumes that the constitutional right to privacy arises only
where operations and activities of private companies are concerned.
This is a clear case of overbreadth and an instance of manifest
arbitrariness as explained in Shayara Bano - “Manifest arbitrariness,
therefore, must be something done by the legislature capriciously,
irrationally and/or without adequate determining principle. Also, when
something is done which is excessive and disproportionate, such
-----------------------------------------------------------------------------------------------------------------------------------------------------------
legislation would be manifestly arbitrary.”.

B. Section 18 does not satisfy the proportionality test under
Article 21
21. Having failed the procedural and content-based mandate of Art.
21 and the manifest arbitrariness test under Art. 14 as explained
above; the provision fails the requirements of legality and legitimate
state aim. Lack of balance between interests of intermediaries and
national interest vis-a-vis privacy is also violative of the proportionality
requirement.
1.3. SECTIONS 19 AND 22 VIOLATE THE FUNDAMENTAL RIGHTS
22. Section 19 of the DPA, 2022 provides for the establishment of
the ‘Data Protection Board’ (hereafter, DPB). According to the
explanatory note and the text of the provision, the DPB is conceived as
the principal regulatory and adjudicatory authority set up under the
law, empowered to enforce the provisions of the Act against all data
fiduciaries (both government and private actors). Such powers include
power to conduct court-like proceedings- inquiring into complaints of
data breach, enforce the attendance of persons, examining them on
oath, impose penalty and also the power of regulatory checks on
companies collecting and processing data, etc. Thus, the Board has all
the trappings of the civil court.
23. The nature and functions of the Board as the primary regulatory
and adjudicatory body being able to deprive citizens of their
fundamental rights demands a robust effective oversight mechanism.
But, the DPA, 2022 enacts a wholesale transfer of powers as to the
Board's composition, selection process, conditions of service,
functioning, etc. to the Executive. Such a body must be independent
and autonomous especially in terms of : (a) Appointment of members,
qualifications, their removal and the terms of service, (b) Financial
autonomy of the Board and (c) Criteria for selection of the Board and
Composition of the Selection Committee- including judicial and expert
membership
24. However, the composition and therefore functioning of the DPB,
as prescribed in DPA, 2022, is executive-driven compromising on the
mandate of independence and autonomy. The DPB, as a quasi-judicial
body, does not enjoy sufficient independence from the Executive in any
of its spheres of functioning. According to the Supreme Court in B.
Rajagopala Naidu v. State Transport Appellate Tribunal17 , separation of
powers extends to the functioning of quasi-judicial bodies as well. Sec.
19 violates the basic structure of the Constitution by infringing on
separation of powers and independence of the judiciary.18
25. The Hon'ble Supreme Court in In re : Delhi laws Act19 , stated
that though the legislature can confer powers to make rules and
-----------------------------------------------------------------------------------------------------------------------------------------------------------
regulations for carrying the enactment into operation and effect, it

should lay down the policy and principles providing the rule of conduct.
The wide latitude in rule-making power to any non-legislative authority
can be left only in cases of emergency like war.
26. In Ajoy Kumar Bannerjee v. Union of India20 , the court held that
declaring the legislative policy and laying down the standard with
sufficient clarity constitutes essential legislative function, which cannot
be delegated. In the case of Agricultural Market Committee v. Shalimar
Chemical Works Ltd.21 , the permissibility of delegation was further
restricted only to mode of implementation. Here, it is made clear that
the role of the Executive is to make the policy functional- extending to
the procedural or administrative matters rather than making policy
choices.
27. Determining the suitability criteria of the DPB as well as its more
specific regulatory and adjudicatory functions are not merely
administrative or procedural in nature. Therefore, such delegation falls
beyond the scope of constitutional parameters. According to the
doctrine of excessive delegation, if the legislature excessively delegates
its legislative function to any other authority, such delegation will be
held unconstitutional. This doctrine fulfills the objective of ensuring
democratic accountability in the laws through which the people are
governed.
28. Sec. 22 states that the DPB may review its order, acting through
a group for hearing larger than the group which held proceedings in a
matter under section 21. The absence of valid conditions for
appointment, etc under Section 19 leading to an arbitrary or an
excessively deferential body, extends the same infirmity to Sec. 22 as
well.
29. The Supreme Court in Union of India v. R. Gandhi, President,
Madras Bar Association22 has held that, if Tribunals are established in
substitution of Courts, they must also possess independence, security
and capacity. Additionally, with transfer of jurisdiction from a traditional
Court to a Tribunal, it is imperative for such a body to include members
of the judiciary as presiding officers/members of the Tribunal. Technical
members could only be in addition to judicial members and that also
only when specialised knowledge or know-how is required.
30. However, no such qualification has been stipulated in the above
provisions. Therefore, Section 19 is violative of Arts. 14, 21 and 50 of
the Constitution in as much as it is in contravention of separation of
powers, independence of judiciary and doctrine of excessive delegation.
ISSUE 2
THE GOVERNMENT VIOLATED THE FUNDAMENTAL RIGHTS LAID
DOWN IN THE CONSTITUTION OF UNION OF KENNEDY BY
EMPLOYING THE UNICORN SOFTWARE
-----------------------------------------------------------------------------------------------------------------------------------------------------------
2.1. THE USE OF THE UNICORN SOFTWARE VIOLATES ARTICLE 21 OF THE

CONSTITUTION
31. The Spyware Unicorn was used to launch probes and raids
against opposition leaders, judges and journalists, etc. The spyware can
be downloaded onto a mobile device, without the knowledge or
acceptance of the user thus compromising his/her privacy. The
company Dementor claims that they only sell this spyware to
governments. As per a Report of an undercover agency, Unicorn has
been actively used in the State since April of 2021 for extracting
personal information majorly by tapping calls and accessing private
SMS’. A grave concern among many is the possibility of such a software
to be perniciously and strategically used by the ruling government to
swing votes. As well is violated by use of such malware. Targets of
Unicorn do not receive any indication of their phone being attacked,
since it is largely undetectable to the general user. They are unlikely to
know if their phone is being surveilled. There is no notice of privacy
being infringed upon when Unicorn is used, nor is there any
accountability or transparency in the process of its employment (say by
an independent supervisory agency).
32. The use of Unicorn involves introducing a ‘contaminant’ or a
‘virus’ that damages the targeted device and extracts data without the
permission of the owner. This is punishable under Section 43 of the
Information Technology Act, 2000 (IT Act). Sec. 66B of the IT Act,
penalizes ‘dishonest receiving of stolen computer resources’ which
includes the data stored on a device. Unicorn spyware also breaches the
confidentiality of an individual by securing access to their digital
material without their consent which is punishable under Sec. 72 of the
IT Act.
33. The PUCL Case23 while deciding on the constitutionality of
wiretapping as per Sec. 5(2) of the Indian TA, 1885, which permits
interception on the occurrence of a public emergency, or in the interest
of public safety, held that- ‘public emergency’ or in the ‘interest of
public safety’, imputes “the prevalence of a sudden condition or State
of affairs affecting the people at large calling for immediate action” and
“the state or condition of freedom from danger or risk for the people at
large”, respectively.
34. NPP's use of the Unicorn software far exceeds interception,
monitoring and decrypting of messages by the Government in the
interest of the sovereignty or integrity of the State, defense and
security of the State which is permitted under Section 69 of the IT Act
and Section 5 of the Telegraph Act, 1885 (TA, 1885).
35. The SC in the above case laid down the following principles,
based on which powers under provisions like Ss. 69, IT Act & 5 of the
-----------------------------------------------------------------------------------------------------------------------------------------------------------
TA, 1885 ought to be exercised : (a) the right to privacy “is a part of
the right to ‘life’ and ‘personal liberty’ enshrined under Art. 21 of the
Constitution” and (b) the right to hold a telephone conversation in the
privacy of one's home or office without interference can certainly be
claimed as “right to privacy” since telephonic conversations are often of
an intimate and confidential nature.
36. Unicorn spyware and indiscriminate surveillance has a ‘chilling
effect’ on the freedom of speech by restraining an individual's ability to
think freely. Pegasus endangers the anonymity of journalistic sources
and negatively affects journalistic freedom. Additionally, this violates a
journalist's ability to practice their profession freely.
37. The employment of Unicorn spyware by the government creates
a pervasive and surveillance State without the sanction of any law or
supervision of an independent body. This is violative of citizens'
fundamental right to liberty and privacy. Functionally concomitant to
the right to privacy is the right to dignity- privacy ensures that a
human being can lead a life of dignity by securing the inner recesses of
the human personality from unwanted intrusions.
2.2. THE USE OF THE UNICORN SOFTWARE VIOLATES ARTICLE 19 OF THE
CONSTITUTION
38. The indiscriminate use of such a tool also induces self-censorship
and creates a chilling effect on speech and expression thus violative
Arts. 19(1)(a) and 19(1)(g) of the Kennedian Constitution.24
39. According to the facts the software has affected several
journalists, which will ultimately reduce their media or digital freedom.
The government will have ruthless power to manipulate the truth and
spread false NEWS. In the case of Romesh Thapar v. State of Madras,
the court stated that:
“Freedom of speech & of the press lay at the foundation of all
democratic organization, for without free political discussion no
public education, so essential for the proper functioning of the
process of popular government, is possible.”25
40. As per Indian Express Newspapers v. Union of India, it has been
held that the press plays a very significant role in the democratic
machinery.26 The courts have duty to uphold the freedom of press and
invalidate all laws and administrative actions that abridge that freedom.
Use of the Unicorn spyware also raises concerns of discrimination.
Targeting only certain individuals could render them to discriminatory
and unfair treatment based on their religious and political views and
affiliations.
ISSUE 3
BLUETICK NEED NOT HAVE MADE AVAILABLE AN OPT-OUT OF
SHARING DATA WITH THE PARENT COMPANY OPTION WITHOUT
-----------------------------------------------------------------------------------------------------------------------------------------------------------
HAVING USERS TO LET GO OF THEIR SERVICES

3.1. BY PROVIDING THE OPT-OUT OF SHARING DATA POLICY DOES NOT
VIOLATE ARTICLE 21
1. Article 21 of the Constitution guarantees right to life and personal
liberty and states that these can be deprived only according to a
procedure established by law. An expansive interpretation of the
Article has resulted in recognition of right to privacy under it,
subject to reasonable restrictions.27
2. All users have voluntarily agreed to abide by the terms and
conditions of the Policy to facilitate the utilisation of the App. In
case of inability to comply with the same, the users are given the
option to delete the App, post which all the data concerning the
user will eventually be taken down from the servers. Even though
privacy is a fundamental right, it is not absolute in nature.28 The
data is shared in the public's interest to enhance user experience,
detect, investigate and prevent fraudulent and illegal activities,
enhance security, etc.
3. Further, the Policy stipulates automatic deletion of messages after
a lapse of a 31-day period for undelivered messages. There are
proper guidelines for sharing location and payment-related details
as well, wherein the users are given options to suit their privacy
requirements best.
3.2. THE POLICY DOES NOT VIOLATE THE PROVISION OF THE IT ACT ,
2000 AND THE IT RULES, 2011
4. Section 43A of the IT Act, 2000 imposes liability for causing loss
due to negligence in maintaining reasonable security practices to
any person possessing, dealing or handling sensitive personal
data. In the present instance, under no circumstance has there
been any proven instance of negligence causing the leak of data
and thereby, a wrongful loss to any party. The end-to-end
encryption policy of the App does not allow for personal data to be
viewed by any third-party entity, including Bluetick itself.
5. Further, Section 72A of the IT Act holds that an entity that causes
wrongful loss or wrongful gain discloses any material containing
personal information about another person without the consent of
the person concerned, or in breach of a lawful contract. There has
been no instance of wrongful loss or gain in the present matter.
The actions of Bluetick are justified under the provision of the
Digital Personal Data Protection Act, 2022, especially the
provisions relating to that data principals.
6. Rule 3 of the Information Technology (Reasonable Security
Practices and Procedures and Sensitive Personal Data or
Information) Rules, 2011 classifies payment account and
-----------------------------------------------------------------------------------------------------------------------------------------------------------
transaction-related information as sensitive personal data. There

are certain conditions that the corporates have to abide by and
they are : (a) obtaining express consent and adopting reasonable
measures to enable informed decisions regarding the collection of
data under the Rules, (b) limiting the collection, use and storage
of date for lawful functions, (c) provision for withdrawal
mechanism and (d) restrict disclosure of the sensitive personal
data. All of these have been duly complied with and followed by
the Respondents.
As per Rule 5(7) it states that no goods or services need to be
provided if the required information sought by the corporates was
not furnished by the data subject or withdraws the consent at a
later stage. It essentially puts the onus on the user to provide the
requisite information to continue using the App and thus, the
Policy of Bluetick is well within the statutory limits prescribed
ISSUE 4
THE TERMS AND CONDITIONS OF THE RECENT UPDATE BY
BLUETICK DOES NOT VIOLATE THE PROVISIONS OF THE
COMPETITION ACT, 2002
41. Acanti's recent update of the privacy policy does not in any
manner negate the choice of the user while joining Acanti's services to
choose to agree or disagree with the disclosed terms. It is asserted that
the 2016 Update is aimed at providing users with further transparency
about how Acanti collects, uses and shares data with third parties and
Bluetick companies. Acanti cannot see users' personal conversations
with friends and family because they are protected by end-to-end
encryption. Thus, the Update does not expand Acanti's ability to
share data with Bluetick and does not impact the privacy of
personal messages of the users. It only provides more specifics
on how Acanti works with businesses that use Bluetick or third-
parties to manage their communications with users on Acanti.
42. Section 4 (2)(a)(i) proscribes abuse of dominant position in the
relevant market by imposing unfair conditions on consumers. Under the
CA, 2002 while defining the relevant market” the commission will look
at the factors under Sections 2(r), (s) and 2(t). It is submitted that the
CCUK has incorrectly determined the relevant market as “market
for OTT messaging apps through smartphones in Kennedy”, by
taking a narrow one-sided perspective in ignorance of the multisided
nature of Acanti.
43. It is submitted that Acanti operates in a much broader
market- that it operates simultaneously in multiple inter-
connected markets. Acanti provides different services or
functionalities, such as social networking (profile creation, status
updates, etc) messaging, gaming, content viewing and sharing (of
-----------------------------------------------------------------------------------------------------------------------------------------------------------
photos, videos and music), payments, most are freely provided. It is

submitted that the relevant market taking into consideration demand
side substitutes and consumer perspective be defined as “personal
social media networks”. This definition is neither too narrow
(including only messaging platforms) nor too broad (including apps
users consume creator-driven content like Youtube or Tiktok).
44. Irrespective, it is submitted further that Acanti does not enjoy a
dominant position in either market proposed above or even in the
narrow market delineated by the CCUK. The simple updation of terms
and conditions and the users consenting or non-consenting does not
amount to an abuse of dominant position in the relevant market where
Acanti is operating as one of the service providers when multiple
competitors are available in the alternative. This claim is illustrated and
substantiated by the fact that competing apps in the same relevant
market witnessed a surge in downloads after the policy announcement
by Acanti and has also resulted in significant loss of users.
45. In Meru Cabs29 , while assessing the dominance of Ola, the CCI
observed that dominance must not be decided on an over-reliance on
market share but must take into account factors such as strength of
network effect, entry barriers and assessment of strategies adopted by
the players to analyse dominance. The CCI analysed the role of
“network effects” in two-sided markets and concluded that Ola did not
hold the position of dominance in the relevant market for ‘radio taxi
services in Bengaluru’ as it was not able to act independent of the
competitive forces in the market.
46. Very importantly, it was noted that “network effects may
enable a large platform/network to become dominant and insulate itself
from potential competition as entrants may find it difficult to challenge
a large incumbent. However… there can be certain countervailing
market forces that reduce the ability of even a very large
platform to insulate itself from competition… And that the radio
taxi apps are offered for free and can be easily multi-homing was found
to be possible for both drivers and riders.”
47. The case of Acanti is comparable to the above instance of abuse
of dominance of Ola; inasmuch as Acanti enjoying a certain level of
“network effects”, it is not strong enough to create entry barriers or
deter rapid expansion of other big competitors; especially when the
relevant market of ‘personal social media networks’ has many
competitors. It must also be noted that almost all these platforms are
offered for free and it is evident that multi-homing is a stronger
possibility, especially when apparently smaller networks rely on product
differentiation from Whatsapp. Thus, there is no infringement of Sec. 4
(i)(a), CA 2002.
PRAYER
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Wherefore, in light of the issues raised, authorities cited and

arguments advanced, the Hon'ble Supreme Court of Kennedy be
pleased to adjudge and declare:
1. That, Sections 8, 18, 19 and 22 of the Digital Personal Data
Protection Act, 2022 is violative of Articles 14, 19 and 21 of the
Kennedian Constitution
2. That, the Government of Kennedy violated Articles 14, 19 and 21
of the Kennedian Constitution by employing the Unicorn Software
3. That, Bluetick need not have made available an opt-out of sharing
data with the parent company without having to leave the
platform
4. That, the terms and conditions of the recent update by Bluetick do
not violate the provisions of the Competition Act, 2002
AND/OR
Pass any other order it may deem fit, in the interest of Justice,
Equity and Good Conscience.
All of which is most humbly and respectfully submitted.
BENCH MEMORIAL FOR RESPONDENT
SUMMARY OF ARGUMENTS
˜Issue 1˜
Sections 8, 18, 19 and 22 of the Digital Personal Data Protection Act,
2022 are not violative of Fundamental Rights enshrined in the
Constitution of Union of Kennedy. Sec. 8 of the DPA, 2022 providing for
deemed consent integrates and qualifies the collection and use of
personal data with the standard of reasonableness, public interest or
public order. The reasonableness standard is similar to the international
standard set out in EU GDPR's “legitimate interests test” for processing
data without consent. Exemptions to State and its instrumentalities
under Sec. 18 are circumscribed by reasonable restrictions such as
state sovereignty and integrity and maintenance of public order which
are reasonable grounds for restrictions, differential treatment,
necessary and proportionate to achieve the State's legitimate aims.
Judicial precedent concludes that the potential of abuse and the mere
absence of legislative guidance or policy relating to the composition of a
Tribunal does not make it per se unconstitutional, thus Sec. 19 is valid.
Further, the ouster of jurisdiction of the Civil Courts under Sec. 22 is in
keeping with the Supreme Courts guidelines in Dhulabai.
˜Issue 2˜
It is firstly argued that the allegation of the government's use of
Unicorn spyware is based solely on media reports which are mere
unsubstantiated conjectures and uncorroborated theories. However, in
arguendo the employment of a spyware such as the Unicorn software or
-----------------------------------------------------------------------------------------------------------------------------------------------------------
similar tools is not peculiar to Kennedy and are acceptable within

constitutionally and legally permitted limits of the IT Act and the TA,
1885. The use of such advanced technology is permissible under the
Constitution in consideration of national security concerns and the
commitment of the State in protecting informational privacy of its
citizen is evident in the robust DPA, 2022.
˜Issues 3 & 4˜
Section 4 of the Competition Act, 2002 proscribes abuse of
dominance by an entity commanding dominant position in the relevant
market. It is argued that Acanti is abusing its dominant position in the
relevant market- “market for OTT messaging apps through
smartphones in Kennedy” by introducing a “take it or leave it” model of
privacy policy which compels its users to share their personal
information with (its parent) Bluetick companies. Firstly, the users
(data principals) do not have a choice to opt out of their personal
information being shared with Bluetick except by deleting one's Acanti
account. Secondly, Acanti enjoys a strong network effect and lock in
effect, in Kennedy, wherein, for a user to meaningfully switch to a
different app requires all their contacts to also switch- high switching
costs. Thus, Acanti is legally obligated to provide for an “opt out” option
and contravenes Section 4 of the Competition Act, 2002 by imposing
unfair conditions on the consumers.
ISSUE 1
SECTIONS 8, 18, 19, AND 22 OF THE DIGITAL PERSONAL DATA
PROTECTION ACT, 2022 IS NOT VIOLATIVE OF FUNDAMENTAL
RIGHTS ENSHRINED IN THE CONSTITUTION OF UNION OF
KENNEDY
1.1. SECTIONS 8 AND 18 OF THE ACT IS NOT VIOLATIVE OF ARTICLES
14 AND 21 OF THE CONSTITUTION
7. Free, informed, specific consent of the data principal and the
obligation of a notice specifying the terms of consent underlies the
framework of the DPA, 2022. This is in recognition of the sanctity of the
autonomy and privacy of the data principal and for the protection of the
fundamental right to privacy as upheld in Puttaswamy. While this is
the ordinary standard for consent in data processing- a ‘one size fits all’
approach must be avoided. In several situations, seeking consent of the
Data Principal is impractical or inadvisable due to pressing concerns.
Large amounts of personal data may be collected and processed on a
regular basis to maintain databases and for other instances of routine
processing. In a limited set of such instances, implied consent may be
sufficient.
8. The deemed consent provision provides for clearly defined
situations wherein insisting on consent would be counterproductive.
Deemed consent also applies only to voluntarily provided data and
-----------------------------------------------------------------------------------------------------------------------------------------------------------
where it can be reasonably expected or assumed that a data principal

would provide such data.30 This provision strikes a balance between the
“legitimate interests” of data fiduciaries, the government's public
order/national security concerns and the adverse effect on users. The
standard of reasonableness, public interest or public order
qualifies the indiscriminate collection and use of personal data under
Section 8. This test is similar to international standards set out in EU
GDPR's “legitimate interests test”.31
9. The primary advantage of having the reasonable purpose
standard as a ground for processing is the necessary flexibility it
affords to data fiduciaries (including the government). This ground is
applicable in situations where data fiduciaries may need to carry out
processing for prevention and detection of unlawful activities including
fraud, whistleblowing, network and information security, where it may
not be possible to take consent in all situations. Resorting to consent in
such situations, as a ground for processing may prove burdensome and
may raise concerns of consent fatigue among data principals.
10. In the specific instance of deemed consent for credit scoring,
proceeding under reasonable purpose rather than consent is more
appropriate if the credit score of individuals is needed to determine
creditworthiness and there is an absence of real choice for the data
principals to refuse disclosure. Where the data fiduciary is a public
authority or an employer undertaking the necessary processing of
employee data, consent is inappropriate since such processing is either
for the ‘performance of a public task’ by the employee or
legitimate interests of the State.
11. In accordance with the recommendations of the Justice
Srikrishna Committee Report, welfare functions of the state have
been recognised as a separate ground for non consensual processing.
This is in recognition of the inherent difference between State and
private entities. Processing activities carried out by the State (bodies
covered under Art. 12) under law will be covered under this ground,
ensuring that it is in furtherance of public interest and governance.
Thus, the availability of this ground is restricted to certain entities as
per the judicial interpretation of Art. 12 State entities and to certain
welfare functions where processing under consent would involve
disproportionate effort on part of the State.
12. In Justice K.S. Puttaswamy v. Union of India32 , the SC
considered the question of whether Aadhaar creates a surveillance
state, it was held that- the State obtains the minimal possible amount
of data demographic and biometric from Aadhaar holders and that,
further, there are enough safeguards in place to protect the data of
Aadhaar holders, such as encryption. This applies to instances under
the DPA, 2022 as well. Further, not unlike the purpose of Aadhaar, such
-----------------------------------------------------------------------------------------------------------------------------------------------------------
data processing is an “empowering” tool as it facilitates disbursal of

benefits such as subsidies, etc to the citizens and specifically the
disadvantaged sections of society.
13. The exemption to State and its instrumentalities from the
general duties of notification, etc under Sec. 18 are on the basis of
reasonable restrictions such as ‘the interests of sovereignty and
integrity, security of the State, friendly relations with foreign States,
maintenance of public order or preventing incitement to any cognizable
offence relating to any of these’. In the Aadhaar case, it has been
clearly stated that fundamental rights are not absolute and that the
Constitution itself permits the State to impose reasonable restrictions
on the right to privacy under certain circumstances. These restrictions
need not satisfy the test of “strict scrutiny” but only the test of
reasonableness as per Puttaswamy.
14. For the reasons stated above (statutory inclusion of the test of
reasonableness, valid classification between State and non State
entities and legitimate State interest), it is submitted that the provision
does not violate “procedure established by law” under Art. 21,
reasonable classification and arbitrariness under Art. 14 and is also in
keeping with the proportionality test laid down in Puttaswamy.
1.2. SECTIONS 19 & 22 OF THE ACT ARE NOT VIOLATIVE OF ARTICLES
14 AND 21
15. A combined reading of Ss. 19, 21 & 22 shows that the Data
Protection Board shall function as an independent body. Most
importantly, the DPB is primarily an adjudicatory body whose role
begins upon a breach of data protection under the DPA, 2022. The
independence and the desired separation between the DPB and the
government is evident in Sec. 22(2) which states that- “An appeal
against any order of the Board shall lie to the High Court. Every
appeal made under this section shall be preferred within a period of
sixty days from the date of the order appealed against.”
16. The DPB's own powers are co-extensive with that of a civil court
as is evident from the enumerated powers under Sec. 21- Process to be
followed by the Board to ensure compliance with the provisions of the
Act and specifically Sec. 21(13) which lays down that- “Every order
made by the Board shall be enforced by it as if it were a decree made
by a Civil Court [and] for the purpose of this sub-section, the Board
shall have all the powers of a Civil Court as provided in the Civil
Procedure Code, 1908.”
17. On the question of whether this ouster of jurisdiction of civil
courts is constitutional, it must be noted that the Supreme Court in
Dhulabhai v. State of Madhya Pradesh33 while discussing Section 9 of
CPC laid down the test to be applied to rule on ouster clauses, as
-----------------------------------------------------------------------------------------------------------------------------------------------------------
under : (i) Where the statute gives a finality to the orders of the special
tribunals the Civil Court's jurisdiction must be held to be excluded if
there is adequate remedy to do what the Civil Courts would normally do
in a suit and (ii) Where there is an express bar of the jurisdiction of the
court, an examination of 6 the scheme of the particular Act to find the
adequacy or the sufficiency of the remedies provided may be relevant
but is not decisive to sustain the jurisdiction of the civil court.
18. It is stated that the DPA, 2022 satisfies the test in Dhulabhai.
Firstly, The DPB is obligated to uphold the principles of natural justice
at every stage in a proceeding; Secondly, Voluntary undertaking34 has
been included as a measure to encourage timely admission and
rectification of lapses. Alternative dispute resolution is also available as
a remedy upon the direction of the Board. Thirdly, Financial penalties
have been prescribed as the deterrent for non-compliance.35 This would
go a long way in establishing clear focus on enabling and facilitating
compliance rather than penalizing noncompliance.
19. The challenge of excessive executive deference is vitiated in as
much as the Supreme court in Madras Bar Association36 , while
deciding on a question regarding when tribunals can include technical
non-judicial members, stated that if a tribunal is intended to serve an
area which requires specialized knowledge or expertise, technical
members should be allowed.
20. The Supreme Court in Rojer Mathew37 has held that the failure
of the legislature to lay down the policy for the Members, Chairpersons,
Chairman, etc although important, are not per se functionally un-
delegatable. The Court traced the ratio in RK Jain38 , L Chandrakumar39
and Madras Bar Association40 all of which laid down the standards for
qualification, appointments and service conditions of tribunals and
concluded that, since policy and guidelines already exist in terms of the
above judicial decisions, the mere failure of the legislature in specifying
appointment and service conditions does not render the provision
unconstitutional.
21. It is also submitted that, “a discretionary power is not
necessarily a discriminatory power and that abuse of power is not to be
easily assumed where the discretion is vested in the Government and
not in a minor official.”41
22. The rules of statutory interpretation provide for the presumption
of constitutionality - that the constitutional soundness of a legislation or
policy is presumed given the plenary power of lawmaking vested with
the Legislature.42 The principle recognises ‘an attribute of the respect
which the judiciary, the unelected branch of government, accords to the
acts of the elected representatives of the people’.43 A Constitution
Bench of this Court in Union of India v. Elphinstone Spinning and
Weaving Co. Ltd.44 observed that the presumption is always that the
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Legislature will not exceed its jurisdiction and the burden to prove
otherwise is on the person challenging the constitutionality.
23. This principle was further substantiated in Anwar Ali Sarkar45
thus-
“Whether a law conferring discretionary powers on an
administrative authority is constitutionally valid or not,
should not be determined on the assumption that such
authority will act in an arbitrary manner in exercising the
discretion committed to it. It is improper to start with such an
assumption and decide the legality of an Act on that basis. Abuse of
power given by law sometimes occurs; but the validity of the law
cannot be contested because of such an apprehension.”
ISSUE 2
THE GOVERNMENT HAS NOT VIOLATED THE FUNDAMENTAL
RIGHTS LAID DOWNINTHE CONSTITUTION OF UNION OF
KENNEDY BYEMPLOYING THE UNICORN SOFTWARE
24. It is submitted that the allegation of the government's use of
Unicorn spyware is based solely on media reports which are mere
unsubstantiated conjectures and uncorroborated theories. Further,
mere mention of a particular number in the list of the leaked database
did not confirm whether the same was infected by Unicorn or not and is
not sufficient cause for invoking the writ jurisdiction of this Hon'ble
court.
25. Here, it is pertinent to note that judicial interference by way of
PIL is available if there is injury to the public because of dereliction of
constitutional or statutory obligations on the part of the Government.
Recently, the Kerala High Court in P.D. Joseph v. State of Kerala46 while
ruling that writ petitions based on mere newspaper reports is not
maintainable, appreciatively referred to the Hon'ble Supreme Court's
decision in S.P. Anand v. H.D. Deve Gowda47 , wherein it was held that
waiver of the locus standi rule may be allowed by the Court only if it is
satisfied that the person approaching the Court is doing so for general
public interest and not for any personal motives.
26. Additionally the Supreme court in K.D. Sharma v. Steel
Authority of India Limited48 has held that the writ jurisdiction under
Article 32 and 226 is discretionary and extraordinary.
27. The petitioners being the opposition party are politically
motivated to discredit the governance of the government and seek to
abuse the process of the Court, On the other hand the Respondents
have shown clear intention and commitment to protecting the
fundamental rights of the citizens by legislating the Digital Personal
Data Protection Act, 2022.
28. Further in arguendo, the employment of a spyware such as the
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Unicorn software or similar tools are not peculiar to Kennedy and are
acceptable within constitutionally permitted limits. In Puttaswamy
and Aadhaar cases this Court has stated that fundamental rights,
including the right to privacy is not absolute and are subject to
reasonable restrictions.49 It is urged that the Court take cognizance of
the State's interest to ensure that life and liberty is preserved and that
there be a balance with the State's duties. For instance, in today's
world, information gathered by intelligence agencies through
surveillance is essential for the fight against violence and terror, a need
may arise to interfere with the right to privacy of an individual, with the
only qualification that use of such advanced spyware technology
adheres to the proportionality standard as laid down in Puttaswamy;
that such use must be only when it is absolutely necessary for
protecting national security/interest.
29. Art. 21 of the Constitution necessitates infringement of
fundamental rights only on procedure established by law. Towards this
end, the IT Act and the TA, 188550 provide for interception, monitoring
and decryption of data in the interest of national security, public order,
countering terrorism and other similar motivations. It is submitted that
it is necessary for the State to employ such advanced technology within
the legal framework of Kennedy for the legitimate aim of National
Security, public order and safety. Finally, it is humbly requested that
the Hon'ble Court may direct for an investigation into the veracity of
the claims of the petitioner before disposing the current petition.
ISSUE 3
BLUETICK SHOULD HAVE MADE AVAILABLE AN OPT-OUT OF
SHARING DATA WITH THE PARENT COMPANY OPTION WITHOUT
HAVING USERS LET GO OF THEIR SERVICE
3.1. COLLECTION OF INFORMATION WITHOUT CONSENT OF THE USERS
AMOUNTS TO VIOLATION OF RIGHT TO PRIVACY
41. Right to privacy is an intrinsic part of Article 21.51 There exists
only three situations wherein the right may be interfered with : (1)
existence of law, (2) legitimate aim and (3) proportionality.52 In the
present situation, none of the restrictions may be imposed. One of the
primary terms and conditions of Bluetick is that it cannot access the
information shared across over its platform. The opt-out policy in the
present instance unilaterally changes this policy to the disadvantage of
the users.
42. As per the Puttaswamy case, the Apex Court observed that
technology in the present age fosters violation of privacy without
physically entering the space, by both the State and non-State
entities.53 Access to personal information falls under ambit of privacy
and consent is paramount when it comes to sharing such information.
Unauthorised transfer and access of sensitive information to private
-----------------------------------------------------------------------------------------------------------------------------------------------------------
parties violate a person's control over his body and mind.

3.2. BLUETICK VIOLATES THE IT ACT , 2000 AND THE IT RULES
43. By going forward with this policy Bluetick is in direct
contravention of Section 43A of the IT Act. This provision requires
entities who ‘receive, possesses, stores, deals or handles’ any sensitive
personal data to maintain reasonable security practices.
44. Bluetick is bound to follow the provisions laid down in the
Information Technology (Reasonable Security Practices and Procedures
and Sensitive Personal Data or Information) Rules, 2011. Section 4 of
the Rules provides guidelines for the privacy policy by body corporates
and mandates that such a policy must contain:
a. clear and easily accessible statements of its practices and policies;
b. type of personal and sensitive personal data or information
collected by it;
c. purpose of collection and usage of such information;
d. disclosure of information including sensitive personal data or
information collected;
e. reasonable security practices and procedures adopted by it.
This provision requires that any transfer or sharing of data through
policy change must be wholly communicated to the users. The effect of
such a policy and extent the and kind of data shared be wholly
disclosed.
45. Rule 6 provides that, disclosure of sensitive personal data or
information by a body corporate to any third party shall require prior
permission from the provider of such information. Thus, the IT Rule,
2011 protects sensitive personal information from unlawful disclosures.
This means the privacy of the information must be protected by the
body corporates and cannot be shared in just by initiating an update
and rolling out an opt out policy.
ISSUE 4
THE TERMS AND CONDITIONS OF THE RECENT UPDATE BY
BLUETICK VIOLATE THE PROVISIONS OF THE COMPETITION ACT,
2002
30. Acanti's privacy policy which provides users with information
about how Acanti collects, uses and shares data states that user's
information is shared with third-party service providers and other
Bluetick Companies (parent company) to help Acanti operate, provide,
improve, understand, customize, support and market services including
Bluetick company products. This also includes, enhancing user
experience by making suggestions (for example, of friends or group
connections, or of interesting content), personalizing features and
content, helping user's complete purchases and transactions, showing
relevant offers and ads across the Bluetick Company Products and
-----------------------------------------------------------------------------------------------------------------------------------------------------------
providing integrations which enable the user to connect Acanti

experiences with other Bluetick Company Products. This implies that
data of users, including that of those who are not users of any other
service within the Bluetick family of companies, will now be shared
across all companies.
31. A reading of paragraphs 2, 5 and 6 of the Privacy Policy reveals
that the policy envisages expansive and disproportionate data
collection, collecting sensitive information including that relating to
transactions and payments data; ISP, area codes and time zone,
location information of the user even if the user does not use location
related features; in addition to how a user interacts with others
(including businesses) when using Acanti services. These powers read
with the residuary clause under Sec. 8 threatens data security of the
individual.
4.1. NECESSITY OF AN “OPT-OUT” OPTION
32. Section 4 of the CA, 2002 proscribes abuse of dominance by an
entity commanding dominant position in the relevant market. Before
establishing abuse of dominance it is pertinent to determine the
‘relevant market’. Acanti is primarily an Over-The-Top (OTT) messaging
App, linked to a smartphone device and mobile number, which has
features of communicating personally, both one-to-one or group. It
uses the internet to send and receive text messages, images, audio or
video content, sharing of location etc. from one user to another as
opposed to the mobile network used for traditional texting/SMSing. The
relevant geographic market is the Union of Kennedy. Accordingly, the
relevant market is “market for OTT messaging apps through
smartphones in Kennedy”.
33. It is argued that Acanti is abusing its dominant position in the
relevant market- “market for OTT messaging apps through
smartphones in Kennedy” by introducing a “take it or leave it” model of
privacy policy which compels its users to share their personal
information with Bluetick companies. Under Section 4 (1)(a)(i) abuse of
dominant position refers to abuse of dominant position by an enterprise
or a group by directly or indirectly, imposing unfair or discriminatory
conditions in purchase or sale of goods or services.
34. The existence of ‘user choice’ is a test to determine unfairness,
here, determining whether Acanti's updated policy amounted to the
imposition of unfair terms or conditions on the user. The test of user
choice consists of two elements : An ‘explicit’ element and an ‘implicit’
element. The explicit element of the test, posits that user choice
would exist insofar as the user is explicitly provided with the choice to
opt out of a company's new practices or policies without limiting
their ability to access the service or goods that the company
provides. Thus, a window to opt out of data sharing between Acanti and
-----------------------------------------------------------------------------------------------------------------------------------------------------------
Bluetick is necessary to prove that Acanti's privacy policy did not

amount to abuse of dominance. The Updated policy fails the ‘user
choice’ test and as such clearly amounts to the setting of unfair terms
or conditions on the user and is a violation of Section 4(2)(i)(a) of the
CA, 2002.
35. According to the CCI in Meru Cabs54 , while assessing abuse of
dominance, factors such as strength of network effect, entry barriers
and assessment of strategies adopted by the players must be employed
in addition to market share.
4.2. ACANTI ENJOYS STRONG “NETWORK EFFECTS”
36. Acanti is noticeably the most widely used app for instant
messaging in Kennedy. The OTT messaging platforms are not
interoperable and communication between two users is enabled only
when both are registered on the same network or app. Therefore, they
become more valuable as more users join it, ‘benefiting from
‘network effects’. Meaning, the value of a messaging app
increases for users with an increasing number of their friends
and acquaintances joining the network.
37. In Fast Track Call Cab Pvt. v. Ani Technologies Pvt. Ltd.55 , the
CCI held that network effects may enable a large platform/network to
become dominant and insulate itself from potential competition as
entrants may find it difficult to challenge the large incumbent. The
strength of network effects thus becomes a key factor in the
determination of dominance in such a market.
38. In Kennedy, the network effects of Acanti have become deeply
entrenched to the extent that in spite of user's downloading other
functionally similar, competing instant messaging apps like Hetecom
and Quingle, because of a strong lock-in effect for Acanti users,
switching to another platform becomes difficult and meaningless
until all or most of their social contacts also switch to the same other
platform.
4.3. VERTICAL INTEGRATION
39. It is submitted that Bluetick's primary strategy is one of vertical
integration, where it acquires its market competitions, as in the case of
Acanti. Finally, it may be of persuasive value to note that while market
share and substitutability alone cannot conclusively determine abuse of
dominance, may be of persuasive value to note that in the similar case
of Facebook, the (German) Federal Court of Justice held Facebook guilty
of abusing its dominant position by sharing data across platforms
without their users' consent.56
40. Acanti is legally obligated to provide for an “opt out” option,
failing which its updated privacy policy contravenes Section 4 of the
Competition Act, 2002 by imposing unfair conditions on the consumers,
-----------------------------------------------------------------------------------------------------------------------------------------------------------
thus, abusing its dominant position in the market for OTT messaging
apps through smartphones in Kennedy.
PRAYER
Wherefore, in light of the issues raised, authorities cited and
arguments advanced, the Hon'ble Supreme Court of Kennedy be
pleased to adjudge and declare:
1. That, Sections 8, 18, 19 and 22 of the Digital Personal Data
Protection Act, 2022 are not violative of Articles 14, 19 and 21 of
the Kennedian Constitution
2. That, the Government of Kennedy are not violative of Articles 14,
19 and 21 of the Kennedian Constitution by employing the
Unicorn Software
3. That, Bluetick should have made available an opt-out of sharing
data with the parent company without having to leave the
platform
4. That, the terms and conditions of the recent update by Bluetick
violate the provisions of the Competition Act, 2002
AND/OR
Pass any other order it may deem fit, in the interest of Justice,
Equity and Good Conscience.
All of which is most humbly and respectfully submitted.
———
1
Explanatory Note to Digital Personal Data Protection Bill, 2022, MINISTRY OF ELECTRONICS
AND INFORMATION TECHNOLOGY OFFICIAL WEBSITE (Feb. 07, 2023, 11 : 18 AM),
https://www.meity.gov.in/content/explanatory-note- digital-personal-data-protection-bill-
2022.
2 Budhan Chaudhary v. State of Bihar, AIR 1955 SC 191 (India).
3
The Digital Personal Data Protection Bill, 2022, §2(18), (November 18, 2022)(India).
4
The Digital Personal Data Protection Bill, 2022, §8(7), (November 18, 2022)(India).
5 Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 : AIR 2017 SC 4161.
6 Anuradha Bhasin v. Union of India, (2020) 3 SCC 637.
7
Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 : AIR 2017 SC 4161.
8 The Digital Personal Data Protection Bill, 2022, §6, (November 18, 2022)(India).
9 The Personal Data Protection Act, 2012, §8, The Statutes of the Republic of Singapore.
10
The Digital Personal Data Protection Bill, 2022, §9, (November 18, 2022)(India).
11 The Digital Personal Data Protection Bill, 2022, §18(1)(c), (November 18, 2022)(India).
12 The Digital Personal Data Protection Bill, 2022, §6 & 9(6), (November 18, 2022)(India).
-----------------------------------------------------------------------------------------------------------------------------------------------------------
13
Vasunathan v. Registrar General, HIGH Court of Karnataka, W.P. No. 62038 of 2016; Dr.
Krishna Menon v. High Court of Kerala, WP (C) No. 7642 of 2020.
14 Justice K.S. Puttaswamy v. Union of India (II), (2019) 1 SCC 1.
15 Shayara Bano v. Union of India, (2017) 9 SCC 1.
16
Maneka Gandhi v. Union of India, (1970) 1 SCR 457.
17 B. Rajagopala Naidu v. State Transport Appellate Tribunal, AIR 1964 SC 1573.
18 Indira Gandhi v. Raj Narain, (1975) 4 SCC 428 : AIR 1975 SC 865; Kesavananda Bharati v.
State of Kerala, (1973) 4 SCC 225.
19
In Re : The Delhi Laws Act, (1951) 2 SCR 747.
20
Ajoy Kumar Bannerjee v. Union of India, (1984) 3 SCC 127.
21 Agricultural Market Committee v. Shalimar Chemical Works, (1997) 5 SCC 516.
22
Union of India, R. Gandhi, President, Madras Bar Association, (2010) 11 SCC 1.
23 People's Union for Civil Liberties v. Union of India, (1997) 1 SCC 301.
24 Shreya Singhal v. Union of India, (2013) 12 SCC 73.
25
Romesh Thappar v. State of Madras, AIR 1950 SC 124.
26 Indian Express Newspapers v. Union of India, (1985) 1 SCC 641 : AIR 1986 SC 515.
28
Gobind v. State of Madhya Pradesh, (1975) 2 SCC 148 : AIR 1975 SC 1378.
29 Meru Travel Solutions Pvt. Ltd. v. M/s Uber India Systems Pvt. Ltd., Case No. 25-28 of
2017.
30 The Digital Personal Data Protection Bill, 2022, §8(1), (November 18, 2022)(India).
31 Guidance on the Use of Legitimate Interests under the EU General Data Protection
Regulation, DATA PROTECTION NETWORK (Feb. 07, 2023, 13 : 20 PM),
https://iapp.org/media/pdf/resource_center/DPN-Guidance-A4-Publication.pdf.
32 Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.
33 Dhulabhai v. State of Madhya Pradesh, AIR 1969 SC 78.
36 Union of India, R. Gandhi, President, Madras Bar Association, (2010) 11 SCC 1.
37 Rojer Mathew v. South Indian Bank Ltd., (2020) 6 SCC 1.

-----------------------------------------------------------------------------------------------------------------------------------------------------------
38 R.K. Jain v. Union of India, (1993) 4 SCC 119 : AIR 1993 SC 1769.
39 L Chandrakumar v. Union of India, (1990) 4 SCC 501 : AIR 1990 SC 2263.
40 Union of India, R. Gandhi, President, Madras Bar Association, (2010) 11 SCC 1.
41 Shri Ram Krishna Dalmia v. Shri Justice S.R. Tendolkar, AIR 1958 SC 538 : 1959 SCR 279.
42
George Mathew v. T.A.M. Pookkoya Thankgal, W.A. No. 125 of 2020.
43 Attorney-General v. Australian National Airlines Commission, (1976) 138 CLR 492.
44 Union of India v. Elphinstone Spinning and Weaving Co. Ltd., (2001) 4 SCC 139 : AIR 2001
SC 724.
45 Anwar Ali Sarkar v. State of West Bengal, AIR 1952 SC 75.
46 P.D. Joseph v. State of Kerala, W.P. (C) No. 17381 of 2016.
47 S.P. Anand v. H. D. Deve Gowda, (1996) 6 SCC 734.
48 K.D. Sharma v. Steel Authority of India Ltd., (2008) 12 SCC 481.
49 Minerva Mills Ltd. v. Union of India, (1980) 2 SCC 591 : AIR 1980 SC 1789.
50 The Digital Personal Data Protection Bill, 2022, §59 & 5(2), (November 18, 2022)(India).
52
Justice K.S. Puttaswamy (Retd.) v. Union of India, (2017) 10 SCC 1 : AIR 2017 SC 4161.
54
Meru Travel Solutions Pvt. Ltd. v. M/s Uber India Systems Pvt. Ltd., Case No. 25-28 of
2017.
55
Fast Track Call Cab Pvt. Ltd. v. Ani Technologies Pvt. Ltd., Case No. 6 & 74 of 2015.
56 The Federal Court of Justice Provisionally Confirms the Allegation of Abuse of a Dominant
Market Position by Facebook, FEDERAL COURT OF JUSTICE (Feb. 07, 2023, 13 : 58 PM),
https://www.bundesgerichtshof.de/SharedDocs/Pressemitteilungen/DE/2020/2020080.html.
Disclaimer: While every effort is made to avoid any mistake or omission, this casenote/ headnote/ judgment/ act/ rule/
regulation/ circular/ notification is being circulated on the condition and understanding that the publisher would not be
liable in any manner by reason of any mistake or omission or for any action taken or omitted to be taken or advice
rendered or accepted on the basis of this casenote/ headnote/ judgment/ act/ rule/ regulation/ circular/ notification. All
disputes will be subject exclusively to jurisdiction of courts, tribunals and forums at Lucknow only. The authenticity of
this text must be verified from the original source.

Bench Memorial Slcu National Moot 13 2023 BM

Uploaded by

Copyright:

Available Formats

Bench Memorial Slcu National Moot 13 2023 BM

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bench Memorial Slcu National Moot 13 2023 BM

Uploaded by

Copyright:

Available Formats

SCC Online Web Edition, © 2024 EBC Publishing Pvt. Ltd.

Page 1 Monday, January 22, 2024

13th SLCU National Moot, 2023

In the Supreme Court of Kennedy

1. Section 7 of the Digital Personal Data Protection Act, 2022 (the

must be founded on intelligible differentia and that, (2) there must be

reasonable or tenable connection with public interest; rather these

fiduciaries in processing data for reasonable and fair purpose while

be allowed to determine a new path and thus, they should not be

legislation would be manifestly arbitrary.”.

regulations for carrying the enactment into operation and effect, it

2.1. THE USE OF THE UNICORN SOFTWARE VIOLATES ARTICLE 21 OF THE

HAVING USERS TO LET GO OF THEIR SERVICES

transaction-related information as sensitive personal data. There

photos, videos and music), payments, most are freely provided. It is

Wherefore, in light of the issues raised, authorities cited and

similar tools is not peculiar to Kennedy and are acceptable within

where it can be reasonably expected or assumed that a data principal

data processing is an “empowering” tool as it facilitates disbursal of

parties violate a person's control over his body and mind.

providing integrations which enable the user to connect Acanti

Bluetick is necessary to prove that Acanti's privacy policy did not

2 Budhan Chaudhary v. State of Bihar, AIR 1955 SC 191 (India).

6 Anuradha Bhasin v. Union of India, (2020) 3 SCC 637.

14 Justice K.S. Puttaswamy v. Union of India (II), (2019) 1 SCC 1.

15 Shayara Bano v. Union of India, (2017) 9 SCC 1.

17 B. Rajagopala Naidu v. State Transport Appellate Tribunal, AIR 1964 SC 1573.

21 Agricultural Market Committee v. Shalimar Chemical Works, (1997) 5 SCC 516.

24 Shreya Singhal v. Union of India, (2013) 12 SCC 73.

32 Justice K.S. Puttaswamy v. Union of India, (2017) 10 SCC 1.

33 Dhulabhai v. State of Madhya Pradesh, AIR 1969 SC 78.

36 Union of India, R. Gandhi, President, Madras Bar Association, (2010) 11 SCC 1.

37 Rojer Mathew v. South Indian Bank Ltd., (2020) 6 SCC 1.

39 L Chandrakumar v. Union of India, (1990) 4 SCC 501 : AIR 1990 SC 2263.

40 Union of India, R. Gandhi, President, Madras Bar Association, (2010) 11 SCC 1.

43 Attorney-General v. Australian National Airlines Commission, (1976) 138 CLR 492.

45 Anwar Ali Sarkar v. State of West Bengal, AIR 1952 SC 75.

46 P.D. Joseph v. State of Kerala, W.P. (C) No. 17381 of 2016.

47 S.P. Anand v. H. D. Deve Gowda, (1996) 6 SCC 734.

48 K.D. Sharma v. Steel Authority of India Ltd., (2008) 12 SCC 481.

You might also like