07 P 1
07 P 1
07 P 1
TC-07
W.P.NO._________OF 2023
UNDER ARTICLE 32 OF THE CONSTITUTION OF ELYSIUM
BAGGINS…………………………………………………………….(PETITIONER NO.1)
FORUM FOR NETIZENS’ RIGHTS……………………………...(PETITIONER NO.2)
VERSUS
ALONE HUSK……………………………………………………...(RESPONDENT NO.1)
CENTRAL DRUG AUTHORITY OF ELYSIUM…………….…(RESPONDENT NO.2)
TABLE OF CONTENTS
1
TABLE OF CONTENTS
TABLE OF ABBREVIATIONS
LIST OF AUTHORITIES
STATEMENT OF FACTS
ISSUES PRESENTED
SUMMARY OF ARGUMENTS
ARGUMENTS ADVANCED
ISSUE-1
ISSUE-2
ISSUE-3
ISSUE-4
PRAYER
TABLE OF ABBREVIATIONS
2
ABBREVIATION ACTUAL TERM
AI Artificial intelligence
ID Identity Document
Dr. Doctor
& And
Anr. Another
Art. Article
cl Clause
HC High Court
SC Supreme court
No. Number
Ors. Others
3
u/s Under Section
V. Versus
Pvt. Private
Ltd. Limited
Retd. Retired
S. Section
INDEX OF AUTHORITIES
STATEMENT OF JURISDICTION
5
The Hon’ble High Court of Elysium has the jurisdiction in this matter under Article
32 of the Constitution of Elysium which reads as follows:
(1) The right to move the High Court by appropriate proceedings for the enforcement
of the rights conferred by this Part is guaranteed.
(2) The High Court shall have power to issue directions or orders or writs, including
writs in the nature of habeas corpus, mandamus, prohibition, quo warranto and
certiorari, whichever may be appropriate, for the enforcement of any of the rights
conferred by this Part.”
STATEMENT OF FACTS
1. Republic of Elysium is a developing nation, with one of the largest and growing
populations in the world. In recent times, the nation has witnessed widespread
digital revolution that has opened opportunities particularly for its younger
population, which makes a substantial chunk of overall population. There has
6
been a robust of growth in entrepreneurial and start-up ecosystem, accompanied
by growth in Fourth Industrial Revolution technologies, with AI and Machine
Learning in particular.
2. One such individual, Mr. Alone Husk, CEO of a popular social media platform
called ‘Chirp’ bought in January 2022, he has been at the forefront of such
technological development in Elysium and has been a proponent of freedom of
speech and has consistently called for self-regulation of social media platforms
and restricted regulatory of the state.
3. Elysium since its Independence has been grappling with several healthcare
challenges due to lack of quality infrastructure, affordability, lack of human
resource in its remote areas and lack of sufficient budgetary allocation towards
public healthcare, research and development.
4. Mr. Husk owns majority of shares in ‘Meditech Futura’ a startup involved in
pursuing research and development in medical science with use of AI. Mr. Husk
in a recent speech said- “the dream of Meditech Futura is to provide accessible,
affordable and timely healthcare to its people. Our aim is to reach the last mile
and we are committed to this vision. The Elysium of our dreams might not be far
and perhaps technology could be our guiding light.”
5. An employee of Meditech Futura developed an AI tool called Dr. Precision in
October 2022, which helps in diagnose ‘rare diseases’ using facial features,
calculates similarities and dissimilarities and automatically links them to the
genetic data of the suspected patients and diverse results.
6. It has been equipped with ‘deep learning’ to enhance its accuracy. A trial, lasting
5 months revealed 95% tool accuracy in diagnosis. It could help diagnose rare
disease among a prominent tribal group named Nirvana which primarily lived in
central Elysium. People of Nirvana tribe since long have endured rare diseases,
resulting in high mortality, reason being unaffordable diagnostics.
7. Anthropologists had been cautioning since long, regarding extinction of groups
like Nirvana, in light of absence of affordable diagnostics and treatment.
8. The tool received approval of the Central Drug Authority of Elysium in April 2023,
despite the apprehensions from severe civil society organizations, if adequate
safety regulations and protocols were taken. Before beginning with the diagnosis
the patients had to sign an agreement which had following clauses, among others-
a The patient shall agree to share the data and information generated herein,
including biometric as well as personal information, not limited to facial information
and personal health ID details, with Meditech Futura, which can be used for
enhancing the efficiency of the software.
7
b Meditech Futura shall exercise due diligence in safety of the information and shall
be exempt from any liability in event the information or its computer resources are
unduly interfered with or for any circumstances which are beyond its reasonable
care and supervision.
9. The data of Meditech Futura was stored in the same cloud sever infrastructure as
Chirp, hosted in Netherlands, in general there has been absence of regulatory
oversight regarding data storage, use and processing in Elysium due to lack of
legislation. A draft of ‘Elysium Digital Citizens’ Data Protection Bill was recently
published but not has been passed by the Parliament.
10. One such suspected person Mr. Baggins, a part of Nirvana tribe community
is admitted to hospital in august 2023 believed to be suffering from the rare genetic
condition that impacted people of his community, his condition was diagnosed using
Dr. Precision not just for him, but for others from his community.
11. On 7th November, 2023 the social media was taken by a storm. Chirp,
owned by Mr. Husk saw personal details of several patients including Mr. Baggins
who are subjected to Dr. Precision, being released along with their contact numbers
and Personal Health ID details through an anonymous account handle ‘The
Watcher’ who claimed to ‘expose’ the weak data protection regime of Elysium.
Meditech Futura promptly informed its users about the leak and assured that
immediate steps to ensure the safety of their data would be taken by it.
12. Besides the leak of personal details, same Chirp account also uploaded
certain ‘deep fakes’ of the members of Nirvana tribe in Elysium’s widely spoken
language making disparaging remarks against the members of other communities.
It generated hate and backlash against the members of the Nirvana tribe, furthering
stereotypes against them, which aggravated the situation. Several cases of violence
against the members of Nirvana tribe across Elysium.
13. This raised significant questions about the violation of ‘right to privacy’,
while raising questions regarding approval of Dr. Precision by the Central Drug
Authority’.
14. The Government of Elysium ordered an immediate removal of the leaked
data and the content from Chirp under its Cyber Technology Rules, 2021 and S.69
of Elysium Cyber Technology Act,2019. This was promptly complied by Chirp. An
immediate decision was taken to suspend the approval for Dr. Precision.
15. Meanwhile, an investigation by a private technology and civil rights firm
FNR revealed that Meditech Futura lacked basic safety protocols, highlighting a
possibility of data being leaked through Chirp since, its data being is being hosted
on the same server. FNR argued Chirp had ‘active’ role as intermediary.
8
16. Mr. Baggins on 9th November 2023 filed an FIR against Meditech Futura,
Chirp and unknown person u/s. 153(a),(b), 405, 415, 420, 499, 509 of EPC r/w S.
66E, 66D of ECT Act,2019. He argued that
(i) there has been violation of his right to privacy;
(ii) negligence on part of Chirp as an intermediary, imposing liability on harm to his
reputation and emotional damage and Nirvana tribe.
17. Contemporaneously, a petition was also filed before the High Court of
Elysium by FNR on 1st December,2023 against Meditech Futura and Chirp for:
(i) Violating ‘ right to privacy’;
(ii) Not taking ‘consent’ of suspected patients in a fully informed and reasonable way;
(iii) against the Central Drug Authority for hasty approval of Dr. Precision without
ensuring the safeguards.
18. Mr. Husk however claimed:
(i) ‘Safe harbour’ for Chirp u/s. 79 of ECT Act,2019. He has argued that Chirp had
no role in such data leak and has followed all the ‘due diligence’ protocols (ii) the
anonymous account of ‘The Watcher’ was promptly suspended and the sensitive
personal information was taken down from the Chirp (iii) Chirp and Meditech Futura
lack any liability for the data breach and subsequent developments in light of the
prior agreement with the suspected patients. He approached the High Court of
Elysium seeking quashing of FIR against him u/s. 482 of Elysium Crimes Procedure
Act, 1980.
19. Seized of the matter and given the commonality of issues presented, the
High Court of Elysium has decided to club petitions filed by Mr. Alone Husk and
FNR.
ISSUES PRESENTED
SUMMARY OF ARGUMENTS
10
It is submitted that the consent of the petitioners is not obtained in a reasonable
way. The agreement does not offer viable alternatives or choices for patients and
isn’t presenting reasonable options or explaining potential consequences.
It is submitted that the respondent Mr. Husk cannot seek for quashing of FIR
u/s.482 of ECP Act, 1980 on the ground that he is not liable for the data breach
due to the prior agreement and cannot claim that he is protected from any
liability as an intermediary as there is an active role of Chirp and negligence on
part of Meditech Futura in the data breach.
ARGUMENTS ADVANCED
“The court held that the “right to privacy” meant a “right to be let
alone”. A citizen has a right to safeguard the privacy of his home, his
family, marriage, procreation, motherhood, child-bearing and
education matters. None can publish anything concerning the above
matters without his consent. If he does so, would be liable in an action
for damages.”
7. It is opined by the Supreme Court in the case of KS Puttaswamy V.
Union of India6
12
34. Warren and Brandeis revealed with a sense of
perspicacity the impact of technology on the right to be let
alone:
“…so that solitude and privacy have become more essential
to the individual; but modern enterprise and invention have,
through invasions upon his privacy, subjected him to mental
pain and distress, far greater than could be inflicted by mere
bodily injury.”
The need to protect the privacy of the being is no less when
development and technological change continuously threaten
to place the person into public gaze and portend to submerge
the individual into a seamless web of inter-connected lives.”
9 District Registrar and Collector, Hyderabad V. Canara Bank (2005) 1 SCC 496
10 Justice K. S. Puttaswamy V. Union of India (2017) 10 SCC 1, 259
14
ISSUE-3 WHETHER CHIRP, AS AN INTERMEDIARY, CAN CLAIM SAFE
HARBOUR UNDER SECTION.79 OF ECT Act, 2019 AND HE IS ENTITLED TO
SEEK FOR QUASHING OF FIR u/s. 482 OF THE ECP ACT,1980 ON THIS
GROUND?
16. It is submitted that the term “Intermediary” is defined under the Elysium
Cyber Technology Act, 2002 as any person, on behalf of another, receive, stores,
transmits, electronic messages, or provides services related to those messages.
This includes Internet Service Providers and websites hosting user-generated
content.
17. It is submitted that Mr. Husk cannot seek for quashing of FIR u/s.482 of
ECPA, 1980 on the ground that he is not liable for the data breach due to the
prior agreement, he cannot claim that he’s protected from any liability as an
intermediary u/s.79 of the ECT Act, 2019 as there is an active role of Chirp and
negligence on part of Meditech Futura.
18. The respondents had failed to exercise due diligence in safeguarding
the information as mentioned in the agreement as they have failed to
observe S. 79(2)(c) of ECT Act which reads as : the intermediary observes
due diligence while discharging his duties under this Act and also observes
such other guidelines as the Central Government may prescribe in this
behalf.”
19. Hence,respondents cannot claim the safe harbour as mentioned
u/s.79 as the immunity provided to intermediaries is not absolute but is
subjected to fulfillment of certain duties.
16
26. In Zandu Pharmaceutical Works Ltd. V. Mohd Sharaful Haque16 this
Court has observed and held as under:
"11. ... the powers possessed by the High Court u/s.482 CrPC are
very wide, the very plenitude of the power requires great caution in
its exercise. The inherent power should not be exercised to stifle a
legitimate prosecution. The High Court, should normally refrain from
giving a prima facie decision."
27. It is submitted that from the above-mentioned cases, Mr. Husk cannot claim
for quashing of FIR, as the investigation is in its initial stage and he cannot
seek that there is an express legal bar from instituting criminal proceedings
against him as there is an active role of Chirp, and the investigation is at a
nascent stage and it cannot be stultified and that this case also does not fall
under rarest of rare cases to invoke jurisdiction u/s. 482 of ECP Act,1980.
28. It is submitted that the CDA approved Dr. Precision despite there being
apprehensions by several civil society organizations, that no adequate safety
regulations, protocols were placed to regulate it.
29. That, an investigation by a private technology and FNR revealed that
Meditech Futura lacked basic safety protocols, its data being hosted on the same
server as Chirp, highlighting a possibility of data leaked through Chirp.
Therefore, basic encryption norms and safety processes were very leniently
applied.
30. It is stated in the landmark judgment of Justice K.S. Puttaswamy V.
Union of India17 that:
“236) An independent and autonomous authority is needed to monitor
the compliance...which infringes the privacy of an individual. A fair
data protection regime requires the establishment of an independent
authority to deal with the contraventions of the data protection
framework as well as to proactively supervise its compliance,
16 Zandu Pharmaceutical Works Ltd. V. Mohd. Sharaful Haque (2005) 1 SCC 122
17 Justice K. S. Puttaswamy V. Union of India (2019) 1 SCC 1
17
authority must be required to prescribe the standards against which
compliance with the data protection norms is to be measured.”
31. There is an overall absence of regulatory oversight in Elysium concerning
data storage, use, and processing. The approval process should have been
accompanied by a legal framework, considering sensitive nature of healthcare
data. Therefore, regulatory gap contributed to data breach, subsequent
complications.
32. The approval process did not establish adequate accountability measures
for Meditech Futura. The lack of clear consequences for non-compliance or
security lapses leaves room for negligence, as demonstrated by subsequent
dissemination of personal information on Chirp.
33. It is submitted that as per a report published by Business Today, India
ranked third in the world in terms of the number of data breaches, with a total of
86.63 million Indian users breached till November 2021. India showed a 351.6
percent increase in affected accounts compared to last year. In 2020, around 19.18
million Indian users' data was breached. In general, this year was slightly worse
than the last in terms of data breach cases, it said.
34. That apart from India, the countries with the maximum data breaches this
year were USA, Iran, Russia, France are the other countries in the top five as
they accounted for more than half of all leaks of 2021. Some of the biggest data
breaches this year included COMB, Clubhouse, Facebook. The Middle East
particularly stood out among the countries that grew the most year-on-year
breach-wise as Iran, Sudan, UAE, Iraq showed extreme spikes.18
35. That majority of the data breaches have occurred on the social media
platforms accessed by the public at large all over the world. It is evident from the
fact that Dr. Precision functions by diagnosing diseases through 'facial features',
biometric data which means that the personal data of patients will be collected
by using this tool.
36. That CDA should have considered the statistics about data breaches that
occurred in previous years. It approved tool without estimating any
consequences and without there being any legislation, therefore approval lacked
necessary stringency and oversight, exposing individuals to privacy risks.
18 Aparna Benerjee, India ranks third in global data breaches in 2021: Report (Dec. 15, 2021, 09:40
PM) https://www.businesstoday.in/latest/trends/story/india-ranks-third-in-global-data-breaches-
in-2021-report-315750-2021-12- 15?onetap=true
18
PRAYER
Date:
(S/d)
19
20