Written by: Arushi Bansal (Intern)
Edited by: Anubhav Yadav (Content Head & Developer)
Lacking law for data protection resulted in large scale breach petitioners argue that in the absence of a data protection statute, victims have no legal redress. The Delhi High Court is getting asked to order the CERT-in to look into large-scale data theft at BigBasket, Domino’s, and Air India. Justice Rekha Palli granted time to the Central Government Standing Counsel to get instructions in the matter.
The complaint, filed by Advocates Prasanth Sugathan, Prasanna S, Yuvraj Singh Rathore, alleges that the data assembled by these companies from mobile or online web applications have stemmed from data breaches. They compromised the sensitive personal and financial information of millions of users of these services.
The general secretary of Free Software Movement of India Yarlagadda Kiran Chandra filed a petition. In his petition, he stated that in spite of repeated request to CERT-In to look into the suspected data breaches, nothing had been done so far. Since 2004, CERT-In has served as the nodal entity for reacting to computer security problems as they arise. The petitioners urged for an investigation because India lacks a data protection law that would provide victims of data breaches with a legal remedy. The petitioner asked the court to order CERT-In to react to his statement requesting an inquiry into data breaches at Domino’s, Mobiquick, Air India, and Big Basket.
The petitioner has asked the court to grant CERT-In with relevant warrants, orders, or instructions so that they can comply with the Citizen’s Charter and react to the petitioner’s resentment. Nothing formative against cyber security breaches and data breaches perpetrated by different entities by respondents. The CERT-In received the letter on November 11, 2020, March 30, 2021, April 2, 2021, and May 22, 2021. Section 70B of the Information Technology Act, 2000 requires India to have CERT-In rules. The CERT-In Citizen’s Charter acknowledges CERT-receipt of complaints and requires a fair address within one month of receipt. Petitioner’s emails and letters, however, received no reply or approval.
According to the petition, data breaches in these companies contain personal details of millions of users involving their phone numbers, addresses, passwords, bank details, passport information, credit and debit card details, and KYC details which in consequence impact the privacy of the users in addition to their financial information and personal addresses. “India lacks of proper data protection laws” was also highlighted. In light of this, the petitioner has indicated that CERT-In is taking no action in response to cyber security breaches and has requested that the authority follow its citizen’s charter and respond to the petitioner’s grievances. ‘An investigation by CERT-In about the data breaches at a large scale is necessary to protect users’ privacy,’ they claimed.
It’s gotten a lot of attention that Mr. Chandra went on to say that there are roughly a 180 million order details and one million credit card details of Domino’s users have been compromised. It was also mentioned in the plea that in a breach at Air India, about 4.5million passengers’ data was leaked. Leaked information contains name, credit card details and so on. The petition by Yarlagadda Kiran Chandra, General Secretary of the Free Software Movement of India was listed after Justice Rekha Palli allowed time to the Centre’s Counsel to seek advice.