2nd NFSU NATIONAL TECHNOLOGICAL MOOT COURT COMPETITION-2024

TC-07

BEFORE THE HON’BLE

HIGH COURT OF ELYSIUM

Original Writ Jurisdiction

PUBLIC INTEREST LITIGATION

W.P.NO._________OF 2023
UNDER ARTICLE 32 OF THE CONSTITUTION OF ELYSIUM

BAGGINS…………………………………………………………….(PETITIONER NO.1)
FORUM FOR NETIZENS’ RIGHTS……………………………...(PETITIONER NO.2)
VERSUS
ALONE HUSK……………………………………………………...(RESPONDENT NO.1)
CENTRAL DRUG AUTHORITY OF ELYSIUM…………….…(RESPONDENT NO.2)

UPON SUBMISSION TO THE HON’BLE CHIEF JUSTICE AND HIS COMPANION

JUSTICES OF THE HIGH COURT OF ELYSIUM

MEMORIAL ON BEHALF OF THE PETITIONERS

TABLE OF CONTENTS

1
TABLE OF CONTENTS
TABLE OF ABBREVIATIONS
LIST OF AUTHORITIES
STATEMENT OF FACTS
ISSUES PRESENTED
SUMMARY OF ARGUMENTS
ARGUMENTS ADVANCED
ISSUE-1
ISSUE-2
ISSUE-3
ISSUE-4
PRAYER

TABLE OF ABBREVIATIONS

2
ABBREVIATION ACTUAL TERM

AI Artificial intelligence

CDA Central Drug Authority

CrPC Criminal Procedure Code

ID Identity Document

EMSRI Elysium Medical Sciences and Research

Institution
FNR Form For Netizens’ Rights

FIR First Information Report

CTR 2021 Cyber Technology Rules, 2021

ECTA, 2019 Elysium Cyber Technology Act, 2019

Dr. Doctor

EPC Elysium Penal Code, 1860

ECPA 1980 Elysium Crimes Procedure Act 1980

& And

AIR All India Reporter

Anr. Another

Art. Article

cl Clause

HC High Court

SC Supreme court

No. Number

Ors. Others

SCC Supreme Court Cases

SCR Supreme Court Reporter

u/a. Under Article

3
 u/s Under Section

V. Versus

UOI Union of India

Pvt. Private

Ltd. Limited

ITA, 2000 Information Technology Act, 2000

Retd. Retired

S. Section

INDEX OF AUTHORITIES

1. Justice K.S. Puttaswamy V. Union of India (2019) 1 SCC 1

4
 2. Smt. Kiran Bedi V. Committee of Enquiry (1988) AIR 2252
3. Umesh Kamath V. State of Andhra Pradesh AIR (2014) SC 1106
4. Lakshmi Kant Pandey V. Union of India (1984) AIR 469
5. R. Rajagopal V. State of Tamil Nadu (1995) SC 264
6. Justice K.S. Puttaswamy V. Union of India (2017) 10 SCC 1
7. Common Cause( A Regd. Society) V. Union of India (2018) 5 SCC 1
8. District Registrar and Collector, Hyderabad V. Canara Bank (2005) 1 SCC 496
9. Shreya Singhal V. Union of India AIR 2015 SC 1523
10. Neeharika Infrastructure Pvt. Ltd. V. State of Maharashtra AIR 2021 SC 191
11. Sanapareddy Maheedhar Seshagiri V. State of Andhra Pradesh (2007) 13 SCC
165
12. State of W.B V. Swapan Guha(1982) 1 SCC 561
13. Zandu Pharmaceutical Works Ltd. V. Mohd. Sharaful Haque (2005) 1 SCC 1

STATEMENT OF JURISDICTION

5
 The Hon’ble High Court of Elysium has the jurisdiction in this matter under Article
32 of the Constitution of Elysium which reads as follows:

“32. Remedies for enforcement of rights conferred by this Part-

(1) The right to move the High Court by appropriate proceedings for the enforcement
of the rights conferred by this Part is guaranteed.
(2) The High Court shall have power to issue directions or orders or writs, including
writs in the nature of habeas corpus, mandamus, prohibition, quo warranto and
certiorari, whichever may be appropriate, for the enforcement of any of the rights
conferred by this Part.”

STATEMENT OF FACTS

1. Republic of Elysium is a developing nation, with one of the largest and growing
populations in the world. In recent times, the nation has witnessed widespread
digital revolution that has opened opportunities particularly for its younger
population, which makes a substantial chunk of overall population. There has

6
 been a robust of growth in entrepreneurial and start-up ecosystem, accompanied
by growth in Fourth Industrial Revolution technologies, with AI and Machine
Learning in particular.
2. One such individual, Mr. Alone Husk, CEO of a popular social media platform
called ‘Chirp’ bought in January 2022, he has been at the forefront of such
technological development in Elysium and has been a proponent of freedom of
speech and has consistently called for self-regulation of social media platforms
and restricted regulatory of the state.
3. Elysium since its Independence has been grappling with several healthcare
challenges due to lack of quality infrastructure, affordability, lack of human
resource in its remote areas and lack of sufficient budgetary allocation towards
public healthcare, research and development.
4. Mr. Husk owns majority of shares in ‘Meditech Futura’ a startup involved in
pursuing research and development in medical science with use of AI. Mr. Husk
in a recent speech said- “the dream of Meditech Futura is to provide accessible,
affordable and timely healthcare to its people. Our aim is to reach the last mile
and we are committed to this vision. The Elysium of our dreams might not be far
and perhaps technology could be our guiding light.”
5. An employee of Meditech Futura developed an AI tool called Dr. Precision in
October 2022, which helps in diagnose ‘rare diseases’ using facial features,
calculates similarities and dissimilarities and automatically links them to the
genetic data of the suspected patients and diverse results.
6. It has been equipped with ‘deep learning’ to enhance its accuracy. A trial, lasting
5 months revealed 95% tool accuracy in diagnosis. It could help diagnose rare
disease among a prominent tribal group named Nirvana which primarily lived in
central Elysium. People of Nirvana tribe since long have endured rare diseases,
resulting in high mortality, reason being unaffordable diagnostics.
7. Anthropologists had been cautioning since long, regarding extinction of groups
like Nirvana, in light of absence of affordable diagnostics and treatment.
8. The tool received approval of the Central Drug Authority of Elysium in April 2023,
despite the apprehensions from severe civil society organizations, if adequate
safety regulations and protocols were taken. Before beginning with the diagnosis
the patients had to sign an agreement which had following clauses, among others-
a The patient shall agree to share the data and information generated herein,
including biometric as well as personal information, not limited to facial information
and personal health ID details, with Meditech Futura, which can be used for
enhancing the efficiency of the software.

7
 b Meditech Futura shall exercise due diligence in safety of the information and shall
be exempt from any liability in event the information or its computer resources are
unduly interfered with or for any circumstances which are beyond its reasonable
care and supervision.
9. The data of Meditech Futura was stored in the same cloud sever infrastructure as
Chirp, hosted in Netherlands, in general there has been absence of regulatory
oversight regarding data storage, use and processing in Elysium due to lack of
legislation. A draft of ‘Elysium Digital Citizens’ Data Protection Bill was recently
published but not has been passed by the Parliament.
10. One such suspected person Mr. Baggins, a part of Nirvana tribe community
is admitted to hospital in august 2023 believed to be suffering from the rare genetic
condition that impacted people of his community, his condition was diagnosed using
Dr. Precision not just for him, but for others from his community.
11. On 7th November, 2023 the social media was taken by a storm. Chirp,
owned by Mr. Husk saw personal details of several patients including Mr. Baggins
who are subjected to Dr. Precision, being released along with their contact numbers
and Personal Health ID details through an anonymous account handle ‘The
Watcher’ who claimed to ‘expose’ the weak data protection regime of Elysium.
Meditech Futura promptly informed its users about the leak and assured that
immediate steps to ensure the safety of their data would be taken by it.
12. Besides the leak of personal details, same Chirp account also uploaded
certain ‘deep fakes’ of the members of Nirvana tribe in Elysium’s widely spoken
language making disparaging remarks against the members of other communities.
It generated hate and backlash against the members of the Nirvana tribe, furthering
stereotypes against them, which aggravated the situation. Several cases of violence
against the members of Nirvana tribe across Elysium.
13. This raised significant questions about the violation of ‘right to privacy’,
while raising questions regarding approval of Dr. Precision by the Central Drug
Authority’.
14. The Government of Elysium ordered an immediate removal of the leaked
data and the content from Chirp under its Cyber Technology Rules, 2021 and S.69
of Elysium Cyber Technology Act,2019. This was promptly complied by Chirp. An
immediate decision was taken to suspend the approval for Dr. Precision.
15. Meanwhile, an investigation by a private technology and civil rights firm
FNR revealed that Meditech Futura lacked basic safety protocols, highlighting a
possibility of data being leaked through Chirp since, its data being is being hosted
on the same server. FNR argued Chirp had ‘active’ role as intermediary.

8
16. Mr. Baggins on 9th November 2023 filed an FIR against Meditech Futura,
Chirp and unknown person u/s. 153(a),(b), 405, 415, 420, 499, 509 of EPC r/w S.
66E, 66D of ECT Act,2019. He argued that
(i) there has been violation of his right to privacy;
(ii) negligence on part of Chirp as an intermediary, imposing liability on harm to his
reputation and emotional damage and Nirvana tribe.
17. Contemporaneously, a petition was also filed before the High Court of
Elysium by FNR on 1st December,2023 against Meditech Futura and Chirp for:
(i) Violating ‘ right to privacy’;
(ii) Not taking ‘consent’ of suspected patients in a fully informed and reasonable way;
(iii) against the Central Drug Authority for hasty approval of Dr. Precision without
ensuring the safeguards.
18. Mr. Husk however claimed:
(i) ‘Safe harbour’ for Chirp u/s. 79 of ECT Act,2019. He has argued that Chirp had
no role in such data leak and has followed all the ‘due diligence’ protocols (ii) the
anonymous account of ‘The Watcher’ was promptly suspended and the sensitive
personal information was taken down from the Chirp (iii) Chirp and Meditech Futura
lack any liability for the data breach and subsequent developments in light of the
prior agreement with the suspected patients. He approached the High Court of
Elysium seeking quashing of FIR against him u/s. 482 of Elysium Crimes Procedure
Act, 1980.
19. Seized of the matter and given the commonality of issues presented, the
High Court of Elysium has decided to club petitions filed by Mr. Alone Husk and
FNR.

ISSUES PRESENTED

ISSUE-1 WHETHER THE LEAK OF PERSONAL DETAILS OF PATIENTS,

INCLUDING MR. BAGGINS, AND THE CIRCULATION OF DEEP FAKES ON THE
SOCIAL MEDIA PLATFORM CHIRP, CONSTITUTE VIOLATION OF RIGHT TO
PRIVACY OR NOT ?

ISSUE -2 WHETHER CONSENT IS TAKEN IN A FULLY INFORMED AND

REASONABLE WAY FROM THE PATIENTS BY MEDITECH FUTURA?

ISSUE-3 WHETHER CHIRP, AS AN INTERMEDIARY, EVADE LIABILITY BY

CLAIMING SAFE HARBOUR UNDER SECTION 79 OF ELYSIUM CYBER
TECHNOLOGY ACT, 2019 AND HE IS ENTITLED TO SEEK FOR QUASHING OF
9
FIR UNDER SECTION 482 OF ELYSIUM CRIMES PROCEDURE ACT,1980 ON
THIS GROUND?

ISSUE-4 WHETHER THE APPROVAL OF CENTRAL DRUG AUTHORITY FOR AI

SOFTWARE GIVEN WITHOUT ENSURING DUE SAFEGUARDS CONSTITUTE
NEGLIGENCE ON THE PART OF THE AUTHORITY?

SUMMARY OF ARGUMENTS

ISSUE 1- WHETHER THE LEAK OF PERSONAL DETAILS OF PATIENTS,

INCLUDING MR.BAGGINS, AND THE CIRCULATION OF DEEP FAKES ON THE
SOCIAL MEDIA PLATFORM CHIRP, CONSTITUTE VIOLATION OF RIGHT
TO PRIVACY OR NOT?
It humbly submitted that the right to privacy of the petitioners is violated when
their personal contact numbers and personal health ID details are leaked
through an anonymous account handle named ‘The Watcher’. The investigations
by a private technology and FNR revealed that Meditech Futura lacked basic
safety protocols and its data being hosted on the same server as Chirp, which
highlights a possibility that data is leaked through Chirp.

ISSUE -2 WHETHER CONSENT IS TAKEN IN A FULLY INFORMED AND

REASONABLE WAY FROM THE PATIENTS BY MEDITECH FUTURA?

10
 It is submitted that the consent of the petitioners is not obtained in a reasonable
way. The agreement does not offer viable alternatives or choices for patients and
isn’t presenting reasonable options or explaining potential consequences.

ISSUE3- WHETHER CHIRP, AS AN INTERMEDIARY, EVADE LIABILITY BY

CLAIMING SAFE HARBOUR UNDER SECTION 79 OF ELYSIUM CYBER
TECHNOLOGY ACT, 2019 AND HE IS ENTITLED TO SEEK FOR QUASHING OF
FIR UNDER SECTION 482 OF ELYSIUM CRIMES PROCEDURE ACT,1980 ON
THIS GROUND?

It is submitted that the respondent Mr. Husk cannot seek for quashing of FIR
u/s.482 of ECP Act, 1980 on the ground that he is not liable for the data breach
due to the prior agreement and cannot claim that he is protected from any
liability as an intermediary as there is an active role of Chirp and negligence on
part of Meditech Futura in the data breach.

ISSUE 4- WHETHER THE APPROVAL OF DR. PRECISION, BY THE CENTRAL

DRUG AUTHORITY WITHOUT ENSURING DUE SAFEGUARDS CONSTITUTE
NEGLIGENCE ON THE PART OF THE AUTHORITY? The Central Drug Authority
of Elysium has approved Dr. Precision despite there being apprehensions by
several civil society organizations, that no adequate safety regulations and
protocols were placed to regulate such an AI software.

ARGUMENTS ADVANCED

ISSUE 1- WHETHER THE LEAK OF PERSONAL DETAILS OF PATIENTS,

INCLUDING MR.BAGGINS, AND THE CIRCULATION OF DEEP FAKES ON
THE SOCIAL MEDIA PLATFORM CHIRP, CONSTITUTE VIOLATION OF
RIGHT TO PRIVACY OR NOT?
1. It humbly submitted that right to privacy of the patients is violated when
their personal details are leaked through an anonymous account, ‘The Watcher’.
The Respondent No.1 had failed to exercise due diligence and have leniently
applied safety protocols.
2. It is submitted in the landmark judgment of Justice K.S. Puttaswamy V.
Union of India and Ors1
446..(m) that privacy has now been treated as part of the fundamental
right…that privacy has always been a natural right which gives an

1 Justice K. S. Puttaswamy V. Union of India (2019) 1 SCC 1

11
 individual freedom to exercise control over his or her personality. The
judgment further affirms three aspects of the fundamental right to
privacy:(i) intrusion with an individual’s physical body;(ii)
informational privacy; (iii) privacy of choice.
3. In the case of Kiran Bedi V. Committee of Inquiry,2 the Supreme Court
held that:
“good reputation was an element of personal security protected by
the Constitution, equally with the right to the enjoyment of life, liberty,
and property. The court affirmed the right to enjoyment of life, liberty,
and property, enjoyment of private reputation was of ancient origin
and was necessary to human society.”
4. The same was held in the cases of Umesh Kumar V. State of Andhra
Pradesh and Anr,3 and Lakshmi Kant Pandey V. Union of India,4
5. Certain deep fake videos of petitioners had been created and circulated
which generated hate and backlash against the members of the Nirvana tribe
across the nation, furthering stereotypes against the community, which had
violated the enjoyment of private reputation of the petitioners guaranteed under
Article 21.
6. In the case of R. Rajagopal V. State of Tamil Nadu 5

“The court held that the “right to privacy” meant a “right to be let
alone”. A citizen has a right to safeguard the privacy of his home, his
family, marriage, procreation, motherhood, child-bearing and
education matters. None can publish anything concerning the above
matters without his consent. If he does so, would be liable in an action
for damages.”
7. It is opined by the Supreme Court in the case of KS Puttaswamy V.
Union of India6

“177. Data such as medical information would be a category to which

a reasonable expectation of privacy attaches. Apart from
safeguarding privacy, data protection regimes seek to protect the
autonomy of the individual.

2 Kiran Bedi V. Committee of Enquiry (1988) AIR 2252

3 Umesh Kumar V. State of A.P AIR (2014) SC 1106
4 Lakshmi Kant Pandey V. Union of India (1984) AIR 469
5 R. Rajagopal V. State of Tamil Nadu AIR (1995) SC 264
6 Justice K. S. Puttaswamy V. Union of India (2017) 10 SCC 1

12
 34. Warren and Brandeis revealed with a sense of
perspicacity the impact of technology on the right to be let
alone:
“…so that solitude and privacy have become more essential
to the individual; but modern enterprise and invention have,
through invasions upon his privacy, subjected him to mental
pain and distress, far greater than could be inflicted by mere
bodily injury.”
The need to protect the privacy of the being is no less when
development and technological change continuously threaten
to place the person into public gaze and portend to submerge
the individual into a seamless web of inter-connected lives.”

ISSUE -2 WHETHER CONSENT IS TAKEN IN A FULLY INFORMED AND

REASONABLE WAY FROM THE PATIENTS BY MEDITECH FUTURA?

8. It is submitted the consent of the Petitioner No.1 is not obtained reasonably.

The agreement does not offer viable alternatives or choices for patients who
might be hesitant about sharing their data. Without presenting reasonable
options or explaining potential consequences.
9. In the case of Common Cause (A Regd. Society) V. Union of India7:
The Supreme Court of India held that informed consent is a
foundational principle of medical ethics and practice. Patients have
the right to be fully informed about the risks and benefits of medical
procedures, including the use and disclosure of their personal data.
Any consent obtained through deception or coercion is deemed invalid.
10. It is submitted that there is no explicit acknowledgment or explanation of
the potential risks involved in sharing sensitive health information. The
petitioner contends that patients were not sufficiently warned about the
likelihood of data breaches & consequences.
11. It is submitted that in the landmark judgment of “Justice KS Puttaswamy
V. Union of India” 8 laid down proportionality analysis:
“240. The Court had made it clear that an individual has the right to
prevent others from using his or her image, name and other aspects of
personal life and identity for commercial purposes without consent..

7 Common Cause (A Regd. Society) V. Union of India (2018) 5 SCC 1

8 Justice K. S. Puttaswamy V. Union of India 2019 (1) SCC 1,889 H.4
13
 The manner in which it is to be used has to be dependent on the consent
of the individual.”
This Court in Puttaswamy emphasized on the centrality of consent
in protection of data privacy:
“307…Apart from safeguarding privacy, data protection regimes seek
to protect the autonomy of the individual. This is evident from EUGDPR
related to the issue of consent is the requirement of transparency
which requires a disclosure by the data recipient of information
pertaining to data transfer and use.”
12. Therefore consent, transparency, control over information on which the
informational privacy stands hence, the consent process was neither transparent
nor reasonably conducted, the respondents failed to explain as to how due
diligence is exercised, respondents have not disclosed as to what measures are
taken to store and safeguard the data. It merely stated that Meditech Futura
shall exercise due diligence in safety of the information, but no mention as to
how it is exercised.
13. In the case of “District Registrar and Collector, Hyderabad V. Canara
Bank” 9 SC recognised:
…that contractual agreements cannot entirely override fundamental
rights.
14. Therefore, respondents cannot claim that they lack any liability in light of
the prior agreement.
15. It is held by the Supreme Court in the case of “KS Puttaswamy V. Union
of India” 10
184…(vi) Disclosure of Information: A data controller shall not
disclose personal information to third parties, except after providing
notice and seeking informed consent from the individual for such
disclosure. Third parties are bound to adhere to relevant and
applicable privacy principles. Disclosure for law enforcement
purposes must be in accordance with the laws in force. Data
controllers shall not publish or in any other way make public personal
information, including personal sensitive information.

9 District Registrar and Collector, Hyderabad V. Canara Bank (2005) 1 SCC 496
10 Justice K. S. Puttaswamy V. Union of India (2017) 10 SCC 1, 259
14
 ISSUE-3 WHETHER CHIRP, AS AN INTERMEDIARY, CAN CLAIM SAFE
HARBOUR UNDER SECTION.79 OF ECT Act, 2019 AND HE IS ENTITLED TO
SEEK FOR QUASHING OF FIR u/s. 482 OF THE ECP ACT,1980 ON THIS
GROUND?
16. It is submitted that the term “Intermediary” is defined under the Elysium
Cyber Technology Act, 2002 as any person, on behalf of another, receive, stores,
transmits, electronic messages, or provides services related to those messages.
This includes Internet Service Providers and websites hosting user-generated
content.
17. It is submitted that Mr. Husk cannot seek for quashing of FIR u/s.482 of
ECPA, 1980 on the ground that he is not liable for the data breach due to the
prior agreement, he cannot claim that he’s protected from any liability as an
intermediary u/s.79 of the ECT Act, 2019 as there is an active role of Chirp and
negligence on part of Meditech Futura.
18. The respondents had failed to exercise due diligence in safeguarding
the information as mentioned in the agreement as they have failed to
observe S. 79(2)(c) of ECT Act which reads as : the intermediary observes
due diligence while discharging his duties under this Act and also observes
such other guidelines as the Central Government may prescribe in this
behalf.”
19. Hence,respondents cannot claim the safe harbour as mentioned
u/s.79 as the immunity provided to intermediaries is not absolute but is
subjected to fulfillment of certain duties.

20. It is opined by the Supreme Court in “Shreya Singhal V. Union of India”11:

“S.79 is applicable only when there is no active role of the

intermediary.”
21. An investigation by a private technology, FNR revealed that Meditech
Futura lacked basic safety protocols, its data being hosted on the same server
as Chirp, highlights possibility that data being leaked through Chirp. It found
basic data encryption norms and safety processes were very leniently applied by
them, therefore Chirp had an ‘active’ role as an intermediary in the process.
22. The respondent is entrusted to exercise due diligence in safeguarding the
personal data of the petitioners as mentioned in the agreement and has failed to
do so, therefore they’ve committed a criminal breach of trust u/s. 405 of EPC
and it is provided u/s. 153A, 153B of the EPC that whosoever promotes enmity

11 Shreya Singhal V. Union of India AIR 2015 SC 1523

15
 between different groups on grounds of religion, race etc., these provisions are
attracted as the deepfake videos that are circulated generated hate, backlash
against the members of Nirvana tribe across the nation and hence cannot seek
for quashing of FIR as there is a prima facie case made out against him.
23. It is opined by the Apex Court in State of Maharashtra V. Ishwar Piraji
Kalpatri 12
“11. The court shouldn’t except in extraordinary circumstances exercise
its jurisdiction u/s. 482 CrPC to quash the prosecution proceedings
after they have been launched. This power should be exercised very
sparingly and with circumspection and that too in the rarest of rare
cases.”
24. In the case of Neeharika Infrastructure Pvt. Ltd. V. State of
Maharashtra13 SC emphasized:
15… caution in interfering with criminal proceedings at their initial
stages. It stressed that the High Court should refrain from hastily
quashing petitions filed immediately after the lodging of an FIR or
complaint, sufficient time should be given to the police to conduct a
thorough investigation, as it is their statutory right and duty under the
provisions of CrPC. This approach ensures that justice is served and
allows the investigative process to unfold without premature
interference.”
25. It is submitted that “Sanapareddy Maheedhar Seshagiri V. State of
Andhra Pradesh” 14 holds:
"32..If the allegations contained in the FIR or complaint disclose the
commission of a crime, then the High Court must refrain from
intervening and allow the investigating agency to complete its
investigation without obstruction.
Similarly, State of W.B. v. Swapan Kumar Guha15 holds:
“…if the FIR, prima facie, discloses the commission of an offence, the
court doesn’t normally stop the investigation, for doing so would
infringe upon the lawful power of the police to investigate cognizable
offences."

12 State of Maharashtra V. Ishwar Piraji Kalpatri (1997) 1 HLR 601

13 Neeharika Infrastructure Pvt. Ltd. V. State of Maharashtra AIR 2021 SC 1918
14 Sanapareddy Maheedhar Seshagiri V. State of Andhra Pradesh (2007) 13 SCC 165
15 State of W.B V. Swapan Kumar Guha (1982) 1 SCC 561

16
 26. In Zandu Pharmaceutical Works Ltd. V. Mohd Sharaful Haque16 this
Court has observed and held as under:

"11. ... the powers possessed by the High Court u/s.482 CrPC are
very wide, the very plenitude of the power requires great caution in
its exercise. The inherent power should not be exercised to stifle a
legitimate prosecution. The High Court, should normally refrain from
giving a prima facie decision."

27. It is submitted that from the above-mentioned cases, Mr. Husk cannot claim
for quashing of FIR, as the investigation is in its initial stage and he cannot
seek that there is an express legal bar from instituting criminal proceedings
against him as there is an active role of Chirp, and the investigation is at a
nascent stage and it cannot be stultified and that this case also does not fall
under rarest of rare cases to invoke jurisdiction u/s. 482 of ECP Act,1980.

ISSUE 4- WHETHER THE APPROVAL OF DR. PRECISION, BY THE CENTRAL

DRUG AUTHORITY WITHOUT ENSURING DUE SAFEGUARDS CONSTITUTE
NEGLIGENCE ON THE PART OF THE AUTHORITY?

28. It is submitted that the CDA approved Dr. Precision despite there being
apprehensions by several civil society organizations, that no adequate safety
regulations, protocols were placed to regulate it.
29. That, an investigation by a private technology and FNR revealed that
Meditech Futura lacked basic safety protocols, its data being hosted on the same
server as Chirp, highlighting a possibility of data leaked through Chirp.
Therefore, basic encryption norms and safety processes were very leniently
applied.
30. It is stated in the landmark judgment of Justice K.S. Puttaswamy V.
Union of India17 that:
“236) An independent and autonomous authority is needed to monitor
the compliance...which infringes the privacy of an individual. A fair
data protection regime requires the establishment of an independent
authority to deal with the contraventions of the data protection
framework as well as to proactively supervise its compliance,

16 Zandu Pharmaceutical Works Ltd. V. Mohd. Sharaful Haque (2005) 1 SCC 122
17 Justice K. S. Puttaswamy V. Union of India (2019) 1 SCC 1
17
 authority must be required to prescribe the standards against which
compliance with the data protection norms is to be measured.”
31. There is an overall absence of regulatory oversight in Elysium concerning
data storage, use, and processing. The approval process should have been
accompanied by a legal framework, considering sensitive nature of healthcare
data. Therefore, regulatory gap contributed to data breach, subsequent
complications.
32. The approval process did not establish adequate accountability measures
for Meditech Futura. The lack of clear consequences for non-compliance or
security lapses leaves room for negligence, as demonstrated by subsequent
dissemination of personal information on Chirp.
33. It is submitted that as per a report published by Business Today, India
ranked third in the world in terms of the number of data breaches, with a total of
86.63 million Indian users breached till November 2021. India showed a 351.6
percent increase in affected accounts compared to last year. In 2020, around 19.18
million Indian users' data was breached. In general, this year was slightly worse
than the last in terms of data breach cases, it said.
34. That apart from India, the countries with the maximum data breaches this
year were USA, Iran, Russia, France are the other countries in the top five as
they accounted for more than half of all leaks of 2021. Some of the biggest data
breaches this year included COMB, Clubhouse, Facebook. The Middle East
particularly stood out among the countries that grew the most year-on-year
breach-wise as Iran, Sudan, UAE, Iraq showed extreme spikes.18
35. That majority of the data breaches have occurred on the social media
platforms accessed by the public at large all over the world. It is evident from the
fact that Dr. Precision functions by diagnosing diseases through 'facial features',
biometric data which means that the personal data of patients will be collected
by using this tool.
36. That CDA should have considered the statistics about data breaches that
occurred in previous years. It approved tool without estimating any
consequences and without there being any legislation, therefore approval lacked
necessary stringency and oversight, exposing individuals to privacy risks.

18 Aparna Benerjee, India ranks third in global data breaches in 2021: Report (Dec. 15, 2021, 09:40

PM) https://www.businesstoday.in/latest/trends/story/india-ranks-third-in-global-data-breaches-
in-2021-report-315750-2021-12- 15?onetap=true
18
 PRAYER

Wherefore, in the light of the issues raised, arguments advanced, reasons

given and authorities cited, it is most humbly prayed before the Hon’ble
High Court of Elysium:
a. To grant an injunction restraining the use of Dr. Precision until privacy
safeguards are implemented.
b. To dismiss the quash petition filed by the respondents.
c. To award compensation to the affected individuals including Mr. Baggins
and others for emotional distress, harm to reputation suffered by them
due to the data breach along with costs.
AND/OR
Pass any other order/direction that the Hon’ble Court may be pleased to
grant in the interest of justice, equity and good conscience, all of which is
respectfully submitted.
And for this act of kindness the Petitioner duty bound shall ever pray.

Date:
(S/d)

Place: High Court of Elysium (Counsel for Petitioners)

19
20