Symbi Petitioners1

TEAM CODE: 531
5th SYMBIOSIS LAW SCHOOL, HYDERABAD, NATIONAL MOOT
COURT COMPETITION – 2021
Before
THE HONOURABLE SUPREME COURT OF ZINDIA
WRIT PETITION NO: 2020 /2021
FILED UNDER ARTICLE 32 OF THE CONSTITUTION OF ZINDIA, 1950
BODY OF INDIVIDUALS…………………………………………….........…PETITIONER
Versus
UNION OF ZINDIA & Ors……………………………………………….….RESPONDENTS
MEMORANDUM for PETITIONER
1
TABLE OF CONTENTS
1. LIST OF ABBREVIATIONS...............................................................................................IV
2. INDEX OF AUTHORITIES..................................................................................................V
3. STATEMENT OF JURISDICTION.....................................................................................VII
4. STATEMENT OF FACTS..................................................................................................VIII
5. ISSUES RAISED..................................................................................................................IX
6. SUMMARY OF ARGUMENTS.............................................................................................X
7. ARGUMENTS ADVANCED.................................................................................................XI
A. WHETHER THE NOTIFICATION LACKS FORCE OF LAW AND IS UNFAIR AND

UNREASONABLE AND FAILS TO SATISFY THE TEST FOR IMPOSING A VALID
RESTRICTION ON THE FUNDAMENTAL RIGHT TO PRIVACY.
a. THE NOTIFICATION IS UNREASONABLE & ARBITRARY ACTION OF THE STATE.
b. THE STATE’S ACTION INFRINGES UPON THE FUNDAMENTAL RIGHT TO PRIVACY
OF THE CITIZENS.
B. WHETHER COBALT SHARING THE PERSONAL DATA SETS WITH THE

GOVERNMENT AND THE GOVERNMENT SHARING THE PERSONAL DATA SETS
WITH FREEPUBLIC, WAS IN BREACH OF THE TERMS BASED ON WHICH
CONSENT WAS GIVEN BY THE USERS AND ALSO IN VIOLATION OF THE TERMS
OF THE PRIVACY POLICY.
a. COBALT IS A DATA FIDUCIARY WITHIN THE MEANING OF THE ACT.
b. BREACH OF CONSENT OF USERS BY COBALT.
c. VIOLATION OF THE PRIVACY POLICY BY COBALT.
d. DISCLOSURE OF IDENTITY BY THE GOVERNMENT.
e. MALA FIDE USE OF THE ACT TO JUSTIFY ITS CAUSE.
C. WHETHER STORAGE OF THE SENSITIVE PERSONAL DATA (AS DEFINED UNDER

THE ACT) OUTSIDE THE TERRITORIAL BOUNDARIES OF ZINDIA BY COBALT AND
ITS FAILURE TO MAINTAIN SECURITY SAFEGUARDS AS PER THE PROVISIONS OF
THE ACT, WHICH RESULTED IN THE BREACH OF PERSONAL DATA SETS, IS IN
VIOLATION OF THE PROVISIONS OF THE ACT.
2
a. STORAGE OF PERSONAL DATA OUTSIDE THE TERRITORY OF ZINDIA IS IN THE
VIOLATION OF THE ACT.
b. WRONGFUL LOSS TO THE INDIVIDUALS DUE TO FAILURE TO MAINTAIN
SECURITY SAFEGUARDS.
c. FM AND DISCHARGE OF OBLIGATIONS OF COBALT.
D. WHETHER THERE IS LACK OF SEPARATION OF POWER WITHIN THE

AUTHORITY FORMED UNDER THE ACT, AS THE ADJUDICATING OFFICER IS
APPOINTED BY THE SAME AUTHORITY WHICH APPOINTS THE INQUIRY
OFFICER (AS PER THE PROVISIONS OF THE ACT).
E. WHETHER THE POWER TO PERFORM ADJUDICATORY FUNCTIONS BEING

VESTED IN AN ADJUDICATING OFFICER, WHO IS NOT A MEMBER OF ANY
JUDICIAL BODY, HAS LED TO USURPATION OF JUDICIAL POWER AND
CONFERMENT OF THE SAME ON SUCH NON-JUDICIAL BODY OF THE
ADJUDICATING OFFICER.
8. PRAYER........................................................................................................................XXXIII
3
LIST OF ABBREVIATIONS
Hon’ble Honourable
§ Section
¶ Paragraph
ICCPR International Covenant of Civil and Political Rights
ACT. Personal Data Protection Act 2019
Notification Notification issued by Government through the Ministry of Home Affairs
under Section 35 of the Act dated 30 March 2020.
FM Force Majeure
FTC Federal Trade Commission
App medicine delivery app
PDPA Personal Data Protection Act (Singapore)
SPDI Sensitive personal data or information
Government Government of Zindia
GDPR General Data Protection Rules
Art. Article
Anr. Another
Ors. Others
Approx. Approximately
INDEX OF AUTHORITIES
A. CASES
1. Thirumalai vs Union Of India (Uoi) & Ors.
2. Mohd. Anwar Allai vs. State of J. & K ( AIR 1967 J. & K. 32)
3. A.K Kraipak vs. Union of India (AIR 173/175 of 1967 SC)
4. Gobind vs. State of M.P.
5. Kranti Associates Pvt. Ltd. vs. Masood Ahmed Khan 2011(273) ELT 345 (SC)
6. Munn vs. Illinois, 1876 SCC OnLine US SC 4: 24 L Ed 77 : 94 US 113 (1877) (Per Field, J.) as cited
in Kharak Singh, (1964) 1 SCR 332 at pp. 347-48
7. Kharak Singh vs. The State of U.P
8. Raju Sebastian & Ors. vs. Union of India & Ors MANU/KE/3533/2019
9. Sanjay Gupta vs. State of Uttar Pradesh MANU/SC/0639/2014
10. Nilabati Behera vs. State of Orissa (24.03.1993 - SC) : MANU/SC/0307/1993
11. Bihar Public Service Commission vs. Saiyed Hussain Abbas Rizwi (13.12.2012 - SC) :
12. MANU/SC/1103/2012
13. Union of India vs. Central Information Commission & Shri P.D Khandelwal, Writ Petition Civil No.
8396 of 2009
14. Treesa Irish w/o Milton Lopez vs. Central Information Commission & Ors,
4
15. Central Board of secondary Education & Anr. vs. Aditya Bandopadhyay & Ors (13.11.2019 - SC) :
MANU/SC/1561/2019
16. Naihati Jute Mills Ltd. vs. Hyaliram Jagannath MANU/SC/0348/1967
17. Tsakiroglou & Co. Ltd. vs. Noblee Thorl GmbH (1961) 2 All ER 179
18. M/s Alopi Parshad & Sons Ltd. vs. Union of India (20.01.1960 - SC) : MANU/SC/0057/1960
19. Ananda Chandra Behera vs. Chairman, Orissa State Electricity Board (05.11.1996 - ORIHC)
20. : MANU/OR/0369/1996
21. Ram Jawaya Kapur vs. State of Punjab
22. Indira Nehru Gandhi vs. Raj Narain (19.12.1975 - SC) : MANU/SC/0303/1975
23. Madhu Holmagi vs. Union of India,
24. Kesavananda Bharati vs. State of Kerela, (1973) 4 SCC 225
25. Ram Krishna Dalmia vs. Justice Tendolkar reported in AIR 1958 S.C. 538
26. Jayanti Lal Amrit Lal vs. S.M. Ram, AIR 1964 SC 649.
27. Bruhm dutt vs. union of Zindia. (20.01.2005 - SC) : MANU/SC/0054/2005
28. Chandra Mohan vs. State of U.P. (19.04.1976 - SC) : MANU/SC/0434/1976
29. Dimes vs. Junction Canal (1852) 3 H.L. 759
30. Asif Hameed vs. State of J & K AIR 1989 SC 1899
31. FTC vs. Frostwire
32. Lab MD vs. FTC
33. UIAI vs. CBI
34. New Horizons Limited vs. Union of India, 1995 (1) SCC 478
35. Balu Goplalakrishnan vs. State of Kerala, represented by Principal Secretary, department of
electronics & information technology W.P.(C). Temp. NO.84 OF 2020
36. I.R. Coelho vs. State of Tamil Nadu, MANU/SC/0595/2007
37. Delhi Development Authority vs. M/s UEE Electricals Engg. Pvt. Ltd (19.03.2004 - SC)
: MANU/SC/0257/2004
38. S.C. Advocates-on-Record Association vs. Union of India, AIR 1994 SC 268
39. State of Gujarat v. Utility Users Welfare Association 2018 (6) SCC 21
40. Madras Bar Association v Union of India & Anr (2014) 10 SCC 1
B. BOOKS AND JOURNALS

1. The whistleblower behind the NSA surveillance revelations
2. Jack M Balkin, Information Fiduciaries & the First Amendment, 49(4) UC Davis Law Review (2016)
3. Takwani, C.K; Lectures on Administrative Law (Eastern Book Company 4th edition)
4. Singer, Sutherland Statutory Construction, Volume I, § 3:2
5. Frankel Fiduciary Law. Oxford University Press.
5
6. Sitkoff, Robert H (2014). “An Economic Theory of Fiduciary Law”.
7. In: Philosophical Foundations of Fiduciary Law. Ed. by Andrew S Gold & Paul B Miller. Oxford:
Oxford University Press
8. Manon Ostveen & Kristina Irion, ‘The Golden Age of Personal Data: How to Regulate an Enabling
Fundamental Right?’ 2016 Amsterdam Law School (Legal Studies Research Paper No 68)
9. Reputation as Property, and its relation to privacy’ by Joseph S. Fuma
C. STATUTES
1. The constitution of Zindia, 1950
2. The zindian penal code,
3. The zindian contract Act, 1872
4. Federal Trade Commission Act
5. SPDI (Sensitive Personal Data or Information)
6. Personal Data Protection Act (Singapore)
7. General Data Protection Regulation (European Union)
8. The Protection of Data Act, 2019
9. IT Act, 2000
D. SOURCES
1. Manupatra
2. SCC ONLINE
6
STATEMENT OF JURISDICTION
The present petition has been filed before the Hon’ble Supreme Court of Zindia under Art. 32 of the
Constitution of Zindia, 1950, which empowers the Supreme Court to issue directions or orders or writs,
including writs in the nature of habeas corpus, mandamus, prohibition, quo warranto and certiorari,
whichever may be appropriate, for the enforcement of any of the rights conferred under part III of the
Constitution of Zindia.
This memorandum sets forth the facts, contentions and arguments to the present case.
7
STATEMENT OF FACTS
1. The Country of Republic of Zindia is the second largest populated country of the world. Problem arose
when there was an unprecedented outbreak of a pandemic in February 2020 affecting both healthcare
and infrastructure of densely populated countries like Zindia.
2. The Government notified and enacted the Personal Data Protection Act 2019, immediately which laid
the foundation for the ability of the Government to tap Zindia’s data resources, by restricting the flow of
Sensitive Personal Data of its citizens outside its territorial boundaries.
3. In an effort to tackle the COVID-19 situation, a number of notifications were issued in the form of
executive orders from the respective offices of various ministries of the Government.
4. The Government introduced a medicine delivery app in tie-up with a Cobalt for doorstep delivery of flu
related drugs, masks, and sanitizers. Also, the App helped a user to avoid coming in contact with any
person who has tested positive for or is possibly infected with COVID-19.
5. The Personal Data Sets which were collected from the users were transferred on a real time basis to and
kept in the servers of a third-party cloud service provider having their servers outside Zindia, so that the
data can be easily accessed anytime and from anywhere. However, a back- up copy of the Personal Data
Sets was also stored by Cobalt in servers located within the territorial boundaries of Zindia, in order to
comply with the Act
6. The Privacy Policy of the app provided that the data to be kept in an anonymised form and to be used on
for the purpose for which consent was obtained from the users. However, it can transferred to the
government for necessary medical and administrative interventions, the privacy policy also emphasised a
FM clause to exempt parties from performing their obligations. A force majeure event was not defined in
the Privacy Policy.
7. During the initial phase of the lockdown in Zindia, certain posts were circulated on various media
platforms, targeting a minority community for reason for the spread of virus. This led to lynching of
certain individuals from that community in various parts of the country. The Government issued a
notification under Section 35 of the Act which required Cobalt to transfer personal data sets to the
government.
8. Due to the nationwide lockdown, employees of Cobalt were asked to work from home. As the transition
was done quickly to maintain continuity of service, proper security safeguards were not used at the time
of transition. This resulted in a data breach from the device of 3 (three) employees of Cobalt working
from their respective homes in the neighbouring country Xina. Personal Data Sets of approximately
50,000 users were breached. The Personal Data Sets of such users resurfaced in social media in the form
of trolls and memes, which resulted in such users facing social stigma and mob lynching.
9. Government in an effort to create awareness and in a desperate attempt to curtail the situation, in
association with a news channel called Freepublic released an online yellow book, containing the names,
location and health data of people who tested COVID-19 positive and also a list of such people those
8
who were likely to be infected with COVID-19. Resultantly, many individuals faced social stigma, some
were outcast, and some were even asked to move out of their houses by their landlords/ housing
societies.
10. BOI approached the Authority, the matter was heard by the Adjudicating Officer, upon hearing both
sides, held that the neither the Government nor Cobalt have violated any provisions of the Act nor liable
to pay any penalty or compensation under the Act.
11. Aggrieved by the order of the Adjudicating Officer, BOI filed a Writ Petition before this Hon’ble Court
to hear the matter.
ISSUES RAISED
A. Whether the Notification lacks force of law and is unfair and unreasonable and fails to satisfy the test
for imposing a valid restriction on the fundamental right to privacy.
B. Whether Cobalt sharing the Personal Data Sets with the Government and the Government sharing the
Personal Data Sets with Freepublic, was in breach of the terms based on which consent was given by
the users and also in violation of the terms of the Privacy Policy.
C. Whether storage of the Sensitive Personal Data (as defined under the Act) outside the territorial
boundaries of Zindia by Cobalt and its failure to maintain Security safeguards as per the provisions of
the Act, which resulted in the breach of Personal Data Sets, is in violation of the provisions of the Act.
D. Whether there is lack of separation of power within the Authority formed under the Act, as the
Adjudicating Officer is appointed by the same Authority which appoints the Inquiry Officer (as per the
provisions of the Act).
E. Whether the power to perform adjudicatory functions being vested in an Adjudicating Officer, who is
not a member of any judicial body, has led to usurpation of judicial power and conferment of the same
on such non-judicial body of the Adjudicating Officer.
SUMMARY OF ARGUMENTS
A. Whether the Notification lacks force of law and is unfair and unreasonable and fails to satisfy the
test for imposing a valid restriction on the fundamental right to privacy.
The Notification can be observed as an arbitrary action of the State which lacks reasonable nexus for
the issuance of Notification. Further the act encroaches upon the Fundamental Right to privacy, which
though a qualified right is recognised to be essential to a life of an individual and cannot be violated
how much laudable is the State’s goal, to protect its interest.
9
B. Whether Cobalt sharing the Personal Data Sets with the Government and the Government
sharing the Personal Data Sets with Freepublic, was in breach of the terms based on which
consent was given by the users and also in violation of the terms of the Privacy Policy.
Cobalt committed breach of consent so obtained from the users by transferring the data to government
without any plausible and necessary intervention. As a data fiduciary Cobalt has breached the trust of
data principals which is the very hallmark of the existence of such relationship. Further the
Government’s haste action in order to cope with the situation so resulted from personal data breach
which further aggravated the cause, resulting in wrongful loss to the citizens.
boundaries of Zindia by Cobalt and its failure to maintain Security safeguards as per the
provisions of the Act, which resulted in the breach of Personal Data Sets, is in violation of the
provisions of the Act.
The storage of personal data sets by cobalt in third party server is in contravention of the act which is
the prominent reason behind the personal data breach. Further the invocation of the FM clause is a
mala fide use of such consent to discharge the obligation of Cobalt towards such aggrieved users as an
excuse for its negligent conduct.
Adjudicating Officer is appointed by the same Authority which appoints the Inquiry Officer (as
per the provisions of the Act).
The lack of separation of power amongst the functions performed by the officers has led to replication
of role of officers in the regulatory body thereby undermining its purpose and hindering smooth
functioning of law and its development.
E. Whether the power to perform adjudicatory functions being vested in an Adjudicating Officer,
who is not a member of any judicial body, has led to usurpation of judicial power and
conferment of the same on such non-judicial body of the Adjudicating Officer.
The power to perform adjudicatory function being vested in the adjudicating officer, who is non-
judicial body, has led to usurpation of judicial power. The conferment of such function on an officer
who is under the influence of the Central government has scrapped out its independence and made it
merely an awarding body fulfilling its duty only for the sake of performance of obligation under the
Act.
10
ARGUMENTS ADVANCED
A. Whether the Notification lacks force of law & is unfair & unreasonable & fails to satisfy the test
for imposing a valid restriction on the Fundamental Right to Privacy?
1. It is humbly submitted to this Hon’ble court that the present writ petition is preferred by the Petitioners
under Art. 32, herein since the Petitioners are aggrieved by the Notification1 issued by the Government
through the Ministry of Home Affairs dated 30.03.2020, which in the opinion of the Counsel on behalf
of the petitioners can be observed as an arbitrary action of the state, encroaching upon the Fundamental
Rights of the citizens as bestowed under part III of the Constitution & thereby seeking the intervention
of this Hon’ble Court to set aside the Notification for it being unconstitutional.2
2. While dealing with "Consequences if a statute is void", this Hon’ble court observed that, "When a statute
is adjudged to be unconstitutional, it is as if it had never been..... & what is true of an act void into to be
true also as to any part of an act which is found to be unconstitutional & which consequently is to be
regarded as having never, at any time, been possessed of any legal force."3 The effect of Art.13 is that
Fundamental Rights cannot be infringed by the government either by enacting a law or through
administrative action.4 It is humbly submitted that the Notification issued by the government is inclusive
of the meaning of law by virtue of Art.13 clause (2).
a. The Notification is Unreasonable & Arbitrary action of the State.

3. It is humbly submitted that the said Notification encroaches upon the principle of Natural justice
governed by reasoned decision which though does not supplant the law of the land but only supplement
it. It is now firmly established that in the absence of express provisions in any statute dispensing with the
observance of the principles of natural justice, such principles will have to be observed in all judicial,
quasi-judicial & administrative proceedings which involve civil consequences to the parties.5
4. The counsel rests its contention on the fact that that the said Notification is issued in observance of § 35
of the Act6 which states that the government or its agencies are exempted from the application of the Act
1
§ 3(25); "notification" means a notification published in the Official Gazette & the expression "notify" shall be construed
accordingly
2
Art. 13 of the Constitution if Zindia, 1950
3
Cited, Coolye in his "Constitutional Limitations" 8th Edition, Vol. I at page 832 in the case of ¶ 24 Thirumalai vs Union Of
India (Uoi) & Ors.
4
Mohd. Anwar Allai vs. State of J. & K ( AIR 1967 J. & K. 32)
5
A.K Kraipak vs. Union of India (AIR 173/175 of 1967 SC)
6
§ 35; Where the Central Government is satisfied that it is necessary or expedient,— (i) In the interest of sovereignty & integrity
of India, the security of the State, Friendly relations with foreign States, public order; or (ii) For preventing incitement to the
commission of any cognizable offence relating to sovereignty & integrity of Zindia, the security of the State, friendly relations
with foreign States, public order, it may, by order, for reasons to be recorded in writing, direct that all or any of the provisions of
this Act shall not apply to any agency of the Government in respect of processing of such personal data, as may be specified in the
order subject to such procedure, safeguards & oversight mechanism to be followed by the agency, as may be prescribed.
11
only on reasons to be recorded in writing7 to protect the interest of the State, however, no such reason
has been recorded in the instant case, further the notification was a result of Social Media post.8
5. In a Constitutional Bench decision of Hon‘ble Supreme Court in Shri Swamiji of Shri Admar Mutt etc. v.
The Commissioner, Hindu Religious & Charitable Endowments Dept. & Ors.9while giving the majority
judgment Chief Justice Y.V. Chandrachud referred to Broom‘s Legal Maxims (1939 Edition, page 97),
where the principle in Latin runs as “Ces-sante Ratione Legis Cessat Ipsa Lex”; The English version
of the said principle given by the Chief Justice was that, “Reason is the soul of the law, & when the
reason of any particular law ceases, so does the Law itself.”
6. It is argued by the Counsel that a reasonable nexus has to be established while looking into the merits of
the legislation so passed. “Recording of reasons also operates as a valid restraint on any possible
arbitrary exercise of judicial & quasi-judicial or even administrative power. Reasons in support of
decisions must be cogent, clear & succinct. A pretence of reasons or rubber-stamp reasons is not to be
equated with a valid decision making process.”10
b. The State’s action infringes upon the Fundamental Right to Privacy of the citizens.
7. It is further submitted that the Notification encroaches upon the Natural Right to privacy implied in
fundamental rights under Art. 19(1) read with Art. 21.11 The right to privacy can be restricted by
procedure established by law & this procedure would have to be just, fair & reasonable.12 Privacy can be
seen as a part & parcel of Right to life which this Court has endorsed the view that “life” must mean
“something more than mere animal existence”.13
8. Privacy has always been a natural right. The correct position in this behalf has been established by a number
14
of judgments starting from Gobind v. State of M.P. & Puttaswamy, 15various opinions conclude that:
privacy is a concomitant of the right of the individual to exercise control over his or her personality. (b)
Privacy is the necessary condition precedent to the enjoyment of any of the guarantees in Part III. (c)
The fundamental right to privacy would cover at least three aspects – (i) intrusion with an individual’s
physical body, (ii) informational privacy, & (iii) privacy of choice. (d) One aspect of privacy is the right
to control the dissemination of personal information & that every individual should have a right to be
Explanation.—for the purposes of this §,— (i) the term "cognizable offence" means the offence as defined in clause (c) of § 2 of
the Code of Criminal Procedure, 1973; (ii) the expression "processing of such personal data" includes sharing by or sharing with
such agency of the Government by any data fiduciary, data processor or data principal.”
7
§ 3(23) "in writing" includes any communication in electronic format as defined in 3clause (r) of sub- § (1) of § 2 of the
Information Technology Act, 2000
8
Fact sheet ¶ 5, page 3
9
AIR 1980 SC 1
10
Kranti Associates Pvt. Ltd. vs. Masood Ahmed Khan 2011(273) ELT 345 (SC)
11
The Constitution Of India, 1950
12
Maneka Gandhi vs. Union of India (AIR 1978 S.C.597).
13
Munn vs. Illinois, 1876 SCC OnLine US SC 4 : 24 L Ed 77 : 94 US 113 (1877) (Per Field, J.) as cited in Kharak Singh, (1964)
1 SCR 332 at pp. 347-48
14
AIR 1975 SC 1378, 1975 CriLJ 1111, (1975) 2 SCC 148, 1975 3 SCR 946
15
(2017) 10 SSC 1
12
able to control exercise over his/her own life & image as portrayed in the world & to control commercial
use of his/her identity.
9. In the case of Puttaswamy,16 Dr. D.Y. Chandrachud, J. Observed the four parameters to be observed &
proposed that “ Right to privacy cannot be impinged without a just, fair & reasonable law: It has to fulfil
the test of proportionality i.e. (i) existence of a law; (ii) must serve a legitimate State aim; & (iii)
proportionality.
10. Further he went on to explain the same as follows: “....These three requirements apply to all restraints
on privacy (not just informational privacy). They emanate from the procedural & content-based mandate
of Article 21. The first requirement that there must be a law in existence to justify an encroachment on
privacy is an express requirement of Article 21. For, no person can be deprived of his life or personal
liberty except in accordance with the procedure established by law. Second, the requirement of a need,
in terms of a legitimate State aim, ensures that the nature & content of the law which imposes the
restriction falls within the zone of reasonableness mandated by Article 14, which is a guarantee against
arbitrary State action. The pursuit of a legitimate State aim ensures that the law does not suffer from
manifest arbitrariness......The third requirement ensures that the means which are adopted by the
legislature are proportional to the object & needs sought to be fulfilled by the law. Proportionality is an
essential facet of the guarantee against arbitrary State action because it ensures that the nature &
quality of the encroachment on the right is not disproportionate to the purpose of the law. Hence, the
threefold requirement for a valid law arises out of the mutual interdependence between the fundamental
guarantees against arbitrariness on the one hand & the protection of life & personal liberty, on the
other. The right to privacy, which is an intrinsic part of the right to life & liberty, & the freedoms
embodied in Part III is subject to the same restraints which apply to those freedoms.”
11. It is humbly submitted to this Hon’ble Court that when the rights of the individuals are recognised, there
are some things that the State cannot do to them no matter how laudable the goal, there may well be a net
loss of efficiency & because there are other values that exist apart from security, law & order, &
efficiency in plugging leaks in welfare programmes. In his book about the Snowden revelations, Glenn
Greenwald17 puts the point perfectly, when he writes about privacy with reference to the fourth
amendment in the US Constitution: “Nations & individuals constantly make choices that place the
values of privacy &, implicitly, freedom above other objectives, such as physical safety....... If the police
were able to barge into any home without a warrant, murderers, rapists, & kidnappers might be more
easily apprehended. If the state were permitted to place monitors in our homes, crime would probably
fall significantly. If the FBI were permitted to listen to our conversations & seize our communications, a
wide array of crime could conceivably be prevented & solved. But the Constitution was written to
16
Ibid, 15 , ¶ 310
17 The whistleblower behind the NSA surveillance revelations
13
prevent such suspicion less invasions by the state.............pursuing absolute physical safety has never
been our single overarching societal priority. Above even our physical well-being, a central value is
keeping the state out of the private realm – our “persons, houses, papers, & effects”, as the Fourth
Amendment puts it.....For the individual, safety first means a life of paralysis & fear, never entering a
car or an airplane, never engaging in an activity that entails risk, never weighing the quality of life over
quantity, & paying any price to avoid danger.”
12. The right to privacy is recognised even by the regional & international conventions worldwide, for
instance, the Universal Declarations of Human Rights under Art. 1218. The same is also highlighted in
Art.1719 & Art.820of the regional conventions as well.
13. Considering the restrictions on privacy & its matters, in Kharak Singh vs. The State of U.P,21 held that
surveillance by 'domiciliary visits at night' was held to be violative of Article 21.The word ‘life’ & the
expression ‘personal liberty’ in Article 21 were elaborately considered .Although the majority found that
the Constitution contained no explicit guarantee of a ‘right to privacy’, it read the right to personal
liberty expansively to include a right to dignity. It held that "an unauthorised intrusion into a person's
home & the disturbance caused to him thereby is as it were the violation of a common law right of a man
an ultimate essential of ordered liberty, if not of the very concept of civilization."
14. In a recent case, the High Court of Kerala has held that an individual’s banking related information,
being personal/private in nature, was held by the bank in its fiduciary capacity. The bank would
therefore have to maintain the secrecy of such information, unless disclosure was required by law.22
15. The Supreme Court in Sanjay Gupta v. State of Uttar Pradesh,23cited with approval the observation
in Nilabati Behera v. State of Orissa ,24that a relief for monetary compensation under Article 32 or 226
of the Constitution is a ‘remedy available in public law and is based on the strict liability for
contravention of the guaranteed basic and indefeasible rights of the citizen’, to penalise the wrongdoer
and fix liability ‘for the public wrong on the State which has failed in its public duty to protect the
18
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, or to attacks upon his
honour & reputation. Everyone has the right to the protection of the law against such interference or attacks.”
19
ICCPR
20
The European Convention Of human Rights
21
1 SCR 332 (In a minority judgment in this case, Justice Subba Rao held that "the right to personal liberty takes is not only a
right to be free from restrictions placed on his movements, but also free from encroachments on his private life. It is true our
Constitution does not expressly declare a right to privacy as a fundamental right but the said right is an essential ingredient of
personal liberty. Every democratic country sanctifies domestic life; it is expected to give him rest, physical happiness, peace of
mind & security. In the last resort, a person's house, where he lives with his family, is his 'castle' it is his rampart against
encroachment on his personal liberty.”)
22
The court was examining the validity of notifications issued by state owned petroleum suppliers, who had asked distributors to
provide bank account details & income tax information to enable them to check benami holdings. It was argued on behalf of the
suppliers that banking information was already available with banks, & therefore no right to privacy should apply to such data.
Holding that the right to privacy is not lost as a result of confidential information being parted with by a customer to a bank, the
court observed that the relationship between a bank & its client was fiduciary in nature. The court ultimately found that no law
authorised the suppliers to demand personal information, & therefore struck down the relevant notifications as violating the
fundamental right to privacy (Raju Sebastian & Ors. vs. Union of India & Ors. 2019).
23 WRIT PETITION (CIVIL) NO. 338 OF 2006
24
1993 AIR 1960, 1993 SCR (2) 581
14
fundamental rights of the citizen. Right to privacy is now recognised to be inclusive of Right to life
which cannot be encroached upon by the state in an unreasonable & arbitrary manner and if the law or
an enactment encroaches upon the same the legislature is said to be committing a Constitutional tort.
B. Whether Cobalt sharing the Personal Data Sets with the Government & the Government sharing
the Personal Data Sets with Freepublic, was in breach of the terms based on which consent was
given by the users & also in violation of the terms of the Privacy Policy ?
1. It is humbly submitted to this Hon’ble Court that, Cobalt sharing the Personal Data Sets with the
Government & the Government sharing the Personal Data Sets with Freepublic, was in breach of the
terms based on which consent was given by the users & also in violation of the terms of the Privacy
Policy. The counsel submits to this Hon’ble Court the fact that the consent from the users was the result
of privacy policy as emphasized in clause 2.25
a. Cobalt is a data fiduciary within the meaning of the act.

2. It is humbly submitted to this Hon’ble Court that Cobalt is a data fiduciary26 within the meaning of this
act. Hence, is obligated to be responsible for complying with the provisions of this Act in respect of any
processing undertaken by it or on its behalf.27 The need for imposing the obligations of fiduciary on
these entities that collect personal data arises because of the following. Firstly, there is a significant gap
between the knowledge & information possessed by the companies & the users. Secondly, it is difficult
for the users to verify the claims of these entities about data collection, security, use & dissemination.
Thirdly, it is complicated for the users to understand what the entities do with their data & how data
analysis & use affects their interests. Fourthly, even if users understand these practices, it would be
almost impossible for the users to monitor entities.28
3. Fairness pertains to developing a regulatory framework where the rights of the individual with respect to
her personal data are respected & the existing inequality in bargaining power between individuals &
entities that process such personal data is mitigated. In such a framework, the individual must be the data
principal since it is the focal actor in the digital economy. The relationship between the individual &
25
Clause 2 of the privacy policy; “The Personal Data Sets collected will be used only by Cobalt & its users. The Personal Data
Sets which is processed by Cobalt will be used for the purpose of informing the users or those people with whom the user has
come in contact with, of possible infection, in an anonymized form, without disclosing the identity of the infected person. In case
any user has tested COVID-19 positive, his/her Personal Data Sets may be shared by Cobalt with such necessary & relevant
Governmental authority or Government appointed healthcare facility, as may be required, in order to carry out necessary medical
& administrative interventions. The Personal Data Sets collected will not be used for any purpose other than those mentioned in
this Clause, unless otherwise is required by an order of the Government for a lawful purpose.”
26
§ 3(13); "data fiduciary" means any person, including the State, a company, any juristic entity or any individual who alone or in
conjunction with others determines the purpose & means of processing of personal data.
27
§ 10 of the Act.
28
Jack M Balkin, Information Fiduciaries & the First Amendment, 49(4) UC Davis Law Review (2016) at pg. 1227
15
entities with which the individual shares her personal data is one that is based on a fundamental
expectation of trust. Notwithstanding any contractual relationship, an individual expects that her
personal data will be used fairly, in a manner that fulfils her interest & is reasonably foreseeable. This is
the hallmark of a fiduciary relationship.29 In the digital economy, depending on the nature of data that is
shared, the purpose of such sharing & the entities with which sharing happens data principals expect
varying levels of trust & loyalty.30 For entities, this translates to a duty of care to deal with such data
fairly & responsibly for purposes reasonably expected by the principals. This makes such entities data
fiduciaries.31
4. It is highlighted by the Counsel that the nation was under complete lockdown,32 leaving the users with
no alternative but to provide their often sensitive data to online services in order to use or access these
services. This places users in a position where their trust may be abused. A fiduciary relationship casts a
positive obligation & demands that the fiduciary should protect the beneficiary & not promote personal
self interest.33
b. Breach of consent of users by Cobalt.

5. It is humbly submitted by the petitioners that, the data principal i.e. the users of the App were required
to consent to the collection & processing34 of these Personal Data Sets as per Clause 2 of the Privacy
Policy.35 Wherein Consent is governed by § 1136 of the act.
6. Not only consent is a prior requirement for data processing but also it has to be an informed consent
meeting the requirements under § 737 of the act wherein the clause (a) of subsection (1) puts an
obligation on “ Every data fiduciary to give to the data principal a notice, at the time of collection of the
personal data, or if the data is not collected from the data principal, as soon as reasonably practicable,
29
Tamar Frankel, Fiduciary Law, 71(3) California Law Review (1983) at p. 795.
30
The Hon’ble Supreme Court of India in Bihar Public Service Commission vs. Saiyed Hussain Abbas Rizwi, held that “fiduciary
refers to a person having duty to act for benefit of another ... While a data principal is sharing his information with a data
fiduciary, he places complete trust & confidence in the data fiduciary to act in good faith & in the interest of the data fiduciary.
Therefore, the relationship between a data fiduciary & a data principal is a fiduciary relationship.”
31
This is taken from the view expressed by Jack M. Balkin, Jack M Balkin, Information Fiduciaries & the First Amendment,
49(4) UC Davis Law Review (2016) at p.1183.
32
¶ 3 page 2 of the fact sheet.
33
Union of India v. Central Information Commission & Shri P.D Khandelwal, Writ Petition Civil No. 8396 of 2009
34
§ 3(31); "processing" in relation to personal data, means an operation or set of operations performed on personal data, and may
include operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, use, alignment
or combination, indexing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or
destruction.
35
¶ 4(a), page 2 of the fact sheet.
36
§ 11; (1) The personal data shall not be processed, except on the consent given by the data principal at the commencement of
its processing. (2) The consent of the data principal shall not be valid, unless such consent is— (a) free, having regard to whether
it complies with the standard specified under § 14 of the Indian Contract Act, 1872; (b) informed, having regard to whether the
data principal has been provided with the information required under § 7;(c) specific, having regard to whether the data principal
can determine the scope of consent in respect of the purpose of processing; (d) clear, having regard to whether it is indicated
through an affirmative action that is meaningful in a given context; and (e) capable of being withdrawn, having regard to whether
the ease of such withdrawal is comparable to the ease with which consent may be given.
37
§ 11(2) clause (b)
16
containing the following information, namely:—(a) the purposes for which the personal data is to be
processed.”
7. The duty is placed on fiduciary to reasonably benefit the data principal & to protect its interest, notably,
in Treesa Irish w/o Milton Lopez v. Central Information Commission & Ors,38 the court pointed out that
a fiduciary relationship could be said to exist where confidence was reposed on one side & there was a
resulting superiority & influence on the other. The vulnerable party must “expect to be protected or
benefited by the action of the fiduciary”.39
8. The chapter II of the Act labelled as the ‘Obligations of Data fiduciary’ highlights the significance of fair
& reasonable processing of data ensuring the privacy of the data principal under §5.40 It also suggests the
limit to be imposed on data processing only to the purpose for which consent was so obtained & that
could reasonably be expected by the data principal. The two most important duties in a fiduciary
relationship are the duty of loyalty & the duty of care.41Though the fiduciary may obtain the
beneficiary’s consent to act in conflict, this, if permitted will usually be subject to defined safeguards
such as requirements of substantive & specific information disclosure.42
9. Further it is submitted that an explicit consent for processing of sensitive personal data is a requisite.43 It
is submitted to the Court that the data so collected from the data principals (Users of the App) is
inclusive of sensitive personal data.44However, in the instant case no such opportunity of separate
consent for the sensitive personal data was offered to the data principals giving them the opportunity to
reasonably foreseen the use of the data so processed causing significant harm to the users. Similar
provisions are laid in other statues prioritising, the consent of the party concerned to such information &
its disclosure.45
38
ILR 2010 (3) Kerala892
39
Central Board of Secondary Education & Anr. vs. Aditya Bandopadhyay & Ors
40
§5; Limitation on purpose of processing of personal data.; Every person processing personal data of a data principal shall
process such personal data—(a) in a fair & reasonable manner & ensure the privacy of the data principal; & (b) for the purpose
consented to by the data principal or which is incidental to or connected with such purpose, & which the data principal would
reasonably expect that such personal data shall be used for, having regard to the purpose, & in the context & circumstances in
which the personal data was collected.
41
Frankel Fiduciary Law. Oxford University Press.
42
Sitkoff, Robert H (2014). “An Economic Theory of Fiduciary Law”. In: Philosophical Foundations of Fiduciary Law. Ed. by
Andrew S Gold & Paul B Miller. Oxford: Oxford University Press.
43
§ 11(3) of the Act
44
§ 3(36) of the Act
45
§72A of the IT Act; a service provider who has secured access to any material containing personal information about a person,
discloses such information without the consent of the person concerned, or in breach of a lawful contract, with the intent to cause
or knowing that he is likely to cause wrongful loss or wrongful gain, shall be punished with imprisonment for a term may extend
to three years, or with a fine which may extend to five lakh rupees, or with both. Sensitive Personal Data Rules also provide for
protection of personal information by imposing certain obligations on the entities that collect information, similar to the Bill.
17
10. Cobalt not only failed to perform its obligations but also breached the Consent of the users so obtained.
And, therefore, is liable to pay compensation under the Act, for its contravention of Chapter II and III of
the Act.46
c. Violation of the privacy policy by Cobalt.

11. Further it is submitted to this Hon’ble Court that the Personal Data Sets collected will not be used for
any purpose other than those mentioned in this Clause, unless otherwise is required by an order of the
Government for a lawful purpose. The order itself i.e. the notification itself lacks force of law as
discussed in the aforesaid issue. Further it is expressed by the Counsel that a there should be prohibition
on violation of its own privacy policy by Cobalt & should be embodied as one of its functioning
principles. The principle involves the need for the company to follow to its own privacy policy since this
is the basis on which user expectation is created
12. that it has immunity under the aforesaid Notification issued by the Ministry
of Home Affairs. However, it is pertinent to note that §35 empower government to exempt itself or its
agencies from the application of provision of the act. The counsel contends that Cobalt is not an agency
of the government. Constitution nowhere defines governmental agencies, however it mentions instances
where and which authority is inclusive of the meaning of State within the meaning of Art. 12. 48 The
Government introduced a medicine delivery app (“App”) in tie-up with a foreign medicine company
“Cobalt” for doorstep delivery of flu related drugs, masks, & sanitizers.49
13. The privacy policy of Cobalt is unfair. The FTC alleged that certain data privacy or data security
practices may be “unfair.” Specifically, the FTC has maintained that it is unfair for a company to
46
§ 57; (1) Where the data fiduciary contravenes any of the following provisions,—(a) obligation to take prompt and appropriate
action in response to a data security breach under section 25;(b) failure to register with the Authority under sub-section (2) of
section 26, (c) obligation to undertake a data protection impact assessment by a significant data fiduciary under section 27; (d)
obligation to conduct a data audit by a significant data fiduciary under section 29;(e) appointment of a data protection officer by a
significant data fiduciary under section 30, it shall be liable to a penalty which may extend to five crore rupees or two per cent. of
its total worldwide turnover of the preceding financial year, whichever is higher; (2) Where a data fiduciary contravenes any of
the following provisions,— (a) processing of personal data in violation of the provisions of Chapter II or Chapter III; (b)
processing of personal data of children in violation of the provisions of Chapter IV; (c) failure to adhere to security
safeguards as per section 24; or (d) transfer of personal data outside India in violation of the provisions of Chapter VII, it
shall be liable to a penalty which may extend to fifteen crore rupees or four percent of its total worldwide turnover of the
preceding financial year, whichever is higher. (3) For the purposes of this section,— (a) the expression "total worldwide
turnover" means the gross amount of revenue recognised in the profit and loss account or any other equivalent statement, as
applicable, from the sale, supply or distribution of goods or services or on account of services rendered, or both, and where such
revenue is generated within India and outside India. (b) it is hereby clarified that total worldwide turnover in relation to a data
fiduciary is the total worldwide turnover of the data fiduciary and the total worldwide turnover of any group entity of the data
fiduciary where such turnover of a group entity arises as a result of the processing activities of the data fiduciary, having regard to
factors, including—(i) the alignment of the overall economic interests of the data fiduciary and the group entity; (ii) the
relationship between the data fiduciary and the group entity specifically in relation to the processing activity undertaken by the
data fiduciary; and (iii) the degree of control exercised by the group entity over the data fiduciary or vice versa, as the case may
be. (c) where of any provisions referred to in this section has been contravened by the State, the maximum penalty shall
not exceed five crore rupees under sub-section (1), and fifteen crore rupees under sub-section (2), respectively.
47
Dobkin, Ariel (2018). Information Fiduciaries in Practice: Data Privacy & User Expectations. URL:
http://btlj.org/data/articles2018/vol33/33_1/Dobkin_Web.pdf.
48
The Constitution Of Zindia, 1950
49
¶ 4 (a) page 2 of fact sheet
18
retroactively apply a materially revised privacy policy to personal data that it collected under a previous
policy.50 The FTC has also taken the position that certain default privacy settings are unfair. In the case
FTC v. Frostwire, for example, the FTC alleged that a peer-to-peer file sharing application had unfair
privacy settings because, immediately upon installation, the application would share the personal files
stored on users’ devices unless the users went through a burdensome process of unchecking many pre-
checked boxes.51 Recently in U.S. Court of Appeals for the Eleventh Circuit52 case, Lab MD v. FTC,
suggests that any FTC cease and desist order based on a company’s “unfair” data security measures
must allege specific data failures and specific remedies.
d. Disclosure of identity by the government.

14. It is humbly submitted to this Hon’ble Court that Government in association with a news channel called
Freepublic released an online yellow book, containing the names, location & health data of people who
tested COVID-19 positive & also a list of such people those who were likely to be infected with
COVID-19. As it is highlighted & emphasized in the privacy policy the purpose to be served for the
collection of the personal data set was to inform the users or to make them aware of the risk of possible
infection, when in close radius of the infected person without disclosing the identity of the person
infected, or in other words in an anonymized form. The Act defines the same under subsection 2&3 of §
3.53
15. However the same was not observed by the government resulting into many individuals facing social
stigma, some were outcast, & some were even asked to move out of their houses by their landlords/
housing societies.54
55
16. The right to privacy includes the right to respect for digital communications &if the Government (or
any other entity) infringes the right of privacy, the injury spreads far beyond the particular citizens
50
Complaint at 9, In the Matter of Facebook, FTC File No. 0923184 (F.T.C. Nov. 9, 2011) (alleging that Facebook acted unfairly
by materially changing its privacy policy regarding what information users could keep private and retroactively applying these
changes to previously collected information ); Complaint at 5, In re Gateway Learning Corp., FTC File No. 0423047 (F.T.C. Sept.
17, 2004) (alleging that Gateway Learning acted unfairly by changing its privacy policy to allow it to share personal information
with third parties and retroactively applying this new policy to previously collected data).
51
Complaint, Fed. Trade Comm’n vs. Frostwire LLC, No. 1:11-cv-23643 (S.D. Fla. Oct. 7, 2011), available at
https://www.ftc.gov/sites/default/files/documents/cases/2011/10/111011frostwirecmpt.pdf.
With respect to data security, the FTC has more recently maintained that a company’s failure to safeguard personal data may be
“unfair,” even if the company did not contradict its privacy policy or other statements Complaint at 8, United States vs. Rental
Research Services, Inc., No. 0:09-cv-00524-PJS-JJK (D. Minn. Mar. 5, 2009), available at
https://www.ftc.gov/sites/default/files/documents/cases/2009/03/090305rrscmpt.pdf (alleging that defendant’s failure to employ
reasonable and appropriate security measures to protect consumers’ personal information was an unfair act or practice).
52
318 894 F.3d 1221.
Also see, 316 Fed. Trade Comm’n vs. Wyndham, 10 F. Supp. 3d 602 (D.N.J. 2014) (declining to dismiss the FTC’s action
alleging that defendant violated both the unfairness and deceptiveness prongs of § 5(a) of the FTC Act by failing to maintain
reasonable and appropriate data §urity for consumers’ personal information), aff’d, 799 F.3d 236 (3d Cir. 2015).
53
§ 3(2); "anonymisation" in relation to personal data, means such irreversible process of transforming or converting personal data
to a form in which a data principal cannot be identified, which meets the standards of irreversibility specified by the Authority;
(3) "anonymised data" means data which has undergone the process of anonymisation.
54
¶ 6, page 4 of the fact sheet.
19
targeted, it intimidates many more. Collection as well as retention of the communication/content along
with the meta-data or other ‘physical’ links is an infringement of the right to privacy, regardless of
whether it is utilized for a purpose of not. Additionally, the right to a conducive environment for
development is also infringed, because people may alter their behaviour if they are under surveillance.
The factum of collection of data can cause an individual to self-censor & affect an individual's right to
freely seek & impart information.56
17. The government’s prompt action in order to cope with the situation further aggravated the same causing
harm57 to individuals. And is thereby liable to pay compensation to such aggrieved individuals.58
e. Mala fide use of the act to justify its cause.

18. Further it is argued that the government has immunity under the Act to do away the requirement of
obtaining consent if they have to take any measures during an epidemic, outbreak of disease, at the time
of threat to public health, disaster or any breakdown of public order. While the same was discussed by
the J. Srikrishana Committee which was of view that, “while processing personal data under this
ground, the State should not collect more personal data than what is necessary for any stated purpose
..... Processing of personal data should, in no case, take the form of a coercive measure to collect more
information than is necessary for any legitimate purpose associated with the provision of such benefit.
Any such processing would fail to meet the requirement of fair & reasonable processing under the law.”
Further discussing the obligation on the state while processing of such data the committee was of the
opinion that,” it is the strict application of data protection obligations which will ensure that the
personal data of citizens & other data principals are not misused even where such processing is non-
consensual.....The state should provide clear notice of purpose when it collects data from citizens &
processing must be confined to the stated purposes & must be carried out in a transparent manner.
Given the higher standards of accountability expected of the state, it is only such fair & reasonable
processing that will enable citizens & other data principals to trust the state with their personal
data.”59Even in matters of contract, the State is expected to be fair & cannot act like a private body.60
19. Not only are such lists released without the consent of the named individuals, thereby violating their
reasonable expectation of privacy, it also leads to unnecessary stigma & harassment. In fact, recently, a
55
See G.A. Res. 68/167 (Dec. 18, 2013); Rep. of the Special Rapporteur on the promotion & protection of human rights &
fundamental freedoms while countering terrorism, 16-18, U.N. Doc. A/69/397 (Sept. 23, 2014); see also Copland v. United
Kingdom, 45 Eur. Ct. H.R. 37 (2007); Weber & Saravia v. Germany, 46 Eur. Ct. H.R. 47, 77 (2006).
56
Manon Ostveen & Kristina Irion, ‘The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right?’ 2016
Amsterdam Law School (Legal Studies Research Paper No 68)
57
§3 (20); "harm" includes—(i) bodily or mental injury; (ii) loss, distortion or theft of identity; (iii) financial loss or loss of
property; (iv) loss of reputation or humiliation; (v) loss of employment; (vi) any discriminatory treatment; (vii) any subjection to
blackmail or extortion; (viii) any denial or withdrawal of a service, benefit or good resulting from an evaluative decision about the
data principal;(ix) any restriction placed or suffered directly or indirectly on speech, movement or any other action arising out of a
fear of being observed or surveilled; or (x) any observation or surveillance that is not reasonably expected by the data principal
58
§ 57(3) Ibid 46, page 18 of the Memorandum.
59
Committee report page 101
60
New Horizons Limited vs. Union of India, 1995 (1) SCC 478
20
petition was filed before the High Court of Madras, seeking to reveal the identity of COVID-19 affected
persons, wherein the Court, without delving upon the privacy aspects, held that there would definitely be
social stigma & aspersions pursuant to such revelation & the petition was accordingly dismissed.61 In the
case of UIAI vs. CBI, 62
this Hon’ble Court in an interim order held that UIAI should not transfer any
biometric information of any person who has been who has been allotted Aadhar number to any other
agency without the written consent of that person.
20. Social Stigma Associated with COVID-19 Public health emergencies during outbreak of communicable
diseases may cause fear & anxiety leading to prejudices against people & communities, social isolation
& stigma. Such behaviour may culminate into increased hostility, chaos & unnecessary social
disruptions. Cases have been reported of people affected with COVID-19 as well as healthcare workers,
sanitary workers & police, who are in the frontline for management of the outbreak, facing
discrimination on account of heightened fear & misinformation about infection. There is an urgent need
to counter such prejudices & to rise as a community that is empowered with health literacy & responds
appropriately in the face of this adversity. Accordingly, all responsible citizens are advised to understand
& follow the guidelines. 63
21. The Kerala High Court passed an order, allowing the continued use of the software in a manner that
would not jeopardise the right to privacy. The court specifically directed the state government to
anonymise the collected data, to inform citizens that their data would likely be accessed by third parties,
& to obtain their specific consent to that effect. The Kerala HC itself in its ruling on Sprinklr held that
citizens should be informed & their consent was taken before collecting & distributing their personal
information.64
22. As pointed out by Deborah Brown, a senior digital-rights researcher at Human Rights Watch,
“surveillance measures should come with a legal basis, be narrowly tailored to meet a legitimate public
health goal, & contain safeguards against abuse.”
23. Rule 5 of the SPDI Rules spell out some guidelines to be followed by persons collecting personal data:
(A) Legal Necessity – Sensitive personal data can only be collected for a lawful purpose connected with
the functioning of the body corporate or its representative & that such collection is necessary for its
purpose; (B) Citizens should be Informed – The data principal should be aware of the collection of the
information, the intended purpose of the information, the intended recipients of the information & the
name & address of the agencies collecting & retaining the information; (C) Obtain Consent – The body
corporate or its representative must obtain consent from the provider of the sensitive information;
61
Order dated April 21, 2020 in Writ Petition No. 7494 of 2020 before the High Court of Madras.
62
Special Leave to Appeal (Criminal) No. 2524 Of 2014
63
The Ministry of Health & Family Welfare, Government of India, had issued a detailed instructions, as to COVID-19 virus, the
table of contents are numbering 92 in number. It is relevant to extract the source No.1, which speaks about the Social Stigma
Associated with COVID-19
64
Balu Goplalakrishnan vs. State of Kerala, represented by Principal secretary, department of electronics & information
technology W.P.(C). Temp. NO.84 OF 2020
21
&(D)Protection against Misuse – The body corporate holding this sensitive data should use it for the
intended purpose only, & should not retain the data for longer than is required for the intended lawful
purpose. However benevolent the State may be in doing so, the right to privacy cannot be compromised.
Rule 5(1) of the SPDI Rules explicitly requires consent as a precondition for collecting data. While
looking at the instant case it is to be observed that the users of the app have diminishing ability to withhold consent
when threatened with being deprived of the services. The present instant calls for data breach of the citizens by the
government as well as the data fiduciary i.e. Cobalt.
boundaries of Zindia by Cobalt and its failure to maintain Security safeguards as per the provisions of
the Act, which resulted in the breach of Personal Data Sets, is in violation of the provisions of the Act.
1. It is humbly submitted to this Hon’ble Court that Cobalt had stored the Sensitive Personal Data (as defined
under the Act) outside the territorial boundaries of India in violation of the provisions of the Act and also
failed to maintain security safeguards as mentioned under the Act, which resulted in the breach of Personal
Data Sets of the users of the App. Wherein subsection (36) of § 3 defines the same as follows; "sensitive
personal data" means such personal data, which may, reveal, be related to, or constitute; (i) financial
data; (ii) health data; (iii) official identifier; (iv) sex life; (v) sexual orientation; (vi) biometric data; (vii)
genetic data; (viii) transgender status; (ix) intersex status; (x) caste or tribe;(xi) religious or political
belief or affiliation; or (xii) any other data categorised as sensitive personal data under §15.
a. Storage of personal data outside the territory of Zindia is the Violation of the act.
2. It is humbly submitted that the main purpose behind the enactment of the data protection Act was to lay
the foundation for the ability of the Government to tap Zindia’s data resources, by restricting the flow of
Sensitive Personal Data (as defined under the Act) of its citizens outside its territorial boundaries.65
However, the same information carrying personal data sets of the users inclusive of the sensitive
personal data was breached (approx. 50,000 users) from the Cloud server outside Zindia in the
neighbouring country of Xina.66
3. It is submitted to this Hon’ble Court that the Personal Data Sets which are collected from the users are
transferred on a real time basis to and were kept in the servers of a third-party cloud service provider
(having their servers outside India), so that the data can be easily accessed anytime and from anywhere.67
It is further submitted by the Counsel that the sensitive personal data may be transferred outside India,
65
¶ 2, page 1 of the fact sheet.
66
67
22
but such sensitive personal data shall continue to be stored in India.68It is contended before the Hon’ble
court that the sensitive data can only be transferred for the purpose of processing to a foreign territory
however the same has to be stored in Zindia in compliance of § 3469 Of the act.
b. Wrongful loss to the individuals due to failure to maintain Security safeguards.

4. It is humbly submitted that as the transition was done quickly to maintain continuity of service, proper
security safeguards were not used at the time of transition. This resulted in a data breach from the device
of 3 (three) employees of Cobalt working from their respective homes in the neighbouring country Xina.
Such employees were accessing the Personal Data Sets from the cloud server located outside India. It
was reported that Personal Data Sets of approximately 50,000 (fifty thousand) users were breached.70
The Personal Data Sets of such users resurfaced in social media in the form of trolls and memes, which
71
resulted in such users facing social stigma and mob lynching. It is contended that the said breach
resulted in harm72 in terms of loss of reputation or humiliation.
5. The personal data breach led resulted in wrongful loss of the users, § 43A in the Information Technology
Act, 2000 that requires proof of wrongful loss or gain to seek damages for a data breach. The harm
contemplated is not the mere data breach in itself, but harm would have to be shown in the form of
financial loss or loss of property, loss of reputation, or humiliation, loss of employment, any
discriminatory treatment, loss, distortion or theft of identity, bodily or mental injury. However nowhere
in the act wrongful loss or gain has been defined for which the counsel relied on § 23 of the Zindian
68
§ 33. (1) Subject to the conditions in sub- § (1) of §34, the sensitive personal data may be transferred outside India, but such
sensitive personal data shall continue to be stored in India.(2) The critical personal data shall only be processed in India.
Explanation.—For the purposes of sub- §tion (2), the expression "critical personal data" means such personal data as may be
notified by the Central Government to be the critical personal data.
69
§34; (1) The sensitive personal data may only be transferred outside India for the purpose of processing, when explicit consent
is given by the data principal for such transfer, and where—(a) the transfer is made pursuant to a contract or intra-group scheme
approved by the Authority: Provided that such contract or intra-group scheme shall not be approved, unless it makes the
provisions for—(i) effective protection of the rights of the data principal under this Act, including in relation to further transfer to
any other person; and (ii) liability of the data fiduciary for harm caused due to non-compliance of the provisions of such contract
or intra-group scheme by such transfer; or (b) the Central Government, after consultation with the Authority, has allowed the
transfer to a country or, such entity or class of entity in a country or, an international organisation on the basis of its finding that—
(i) such sensitive personal data shall be subject to an adequate level of protection, having regard to the applicable laws and
international agreements (ii) such transfer shall not prejudicially affect the enforcement of relevant laws by authorities with
appropriate jurisdiction: Provided that any finding under this clause shall be reviewed periodically in such manner as may be
prescribed; (c) the Authority has allowed transfer of any sensitive personal data or class of sensitive personal data necessary for
any specific purpose.(2) Notwithstanding anything contained in sub- § (2) of § 33, any critical personal data may be transferred
outside India, only where such transfer is— (a) to a person or entity engaged in the provision of health services or emergency
services where such transfer is necessary for prompt action under § 12; or (b) to a country or, any entity or class of entity in a
country or, to an international organisation, where the Central Government has deemed such transfer to be permissible under
clause (b) of sub- § (1) and where such transfer in the opinion of the Central Government does not prejudicially affect the security
and strategic interest of the State. (3) Any transfer under clause (a) of sub- § (2) shall be notified to the Authority within such
period as may be specified by regulations.
70
Page 4 of the fact sheet.
71
§ 3(20) Ibid 57
72
§3 (29); "personal data breach" means any unauthorised or accidental disclosure, acquisition, sharing, use, alteration,
destruction of or loss of access to, personal data that compromises the confidentiality, integrity or availability of personal data to a
data principal;
23
penal code, 1960.73 Further reputation is considered as property of an individual, while drawing an analogy
on the sale and alienation property it was observed that, a bad call in sale or gift of reputational value can
indeed result in diminution or even alienation of one’s reputation although likely to be less alienable.74
6. Every data fiduciary is to take is obligated to take appropriate security safeguards with regards to the
nature of the processing and significant harm involved in processing of the data information and to take
such steps necessary to prevent misuse, unauthorised access to, modification, disclosure or destruction of
personal data. Further every data fiduciary and data processor shall undertake a review of its security
safeguards periodically in such manner as may be specified by regulations and take appropriate measures
accordingly.75
7. The same is highlighted in Personal Data Protection Act 2012 (PDPA).76 The PDPA states that an
organisation shall protect personal data in its possession or under its control by making reasonable
security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification,
disposal or similar risks. As per the notification the reason as stated by the government ‘Certain terrorist
organisation sponsored by a neighbouring state ‘Xina’ are exploiting the COVID-19 situation to cause panic
and riot in Zindia.’77 And the inefficient security safeguards led to data breach from the device of 3
(three) employees of Cobalt working from their respective homes in the neighbouring country Xina.
Considering the current situation and the Notification much care should have been taken in order to
prevent such breach. Clause 57(2)(c) of the Act suggests massive penalties for non-adherence to such
security safeguards, and Clause 63(4)(c) states that while determining whether a penalty should be
imposed and computing the same, the fact of the violation being negligent or intentional in character
shall be considered.
e. FM and Discharge of obligations of Cobalt.

8. It is contended by the Counsel that the privacy policy asserted discharge of the obligations of data
fiduciary i.e., Cobalt only on the event of FM. However, a ‘FM event’ was not defined in the Privacy
73
“Wrongful gain” is gain by unlawful means of property to which the person gaining is not legally entitled. “Wrongful loss” is
the loss by unlawful means of property to which the person losing it is legally entitled. A person is said to gain wrongfully when
such person retains wrongfully, as well as when such person acquires wrongfully. A person is said to lose wrongfully when such
person is wrongfully kept out of any property, as well as when such person is wrongfully deprived of property.
74
‘Reputation as Property, and its relation to privacy’ by Joseph S. Fuma
75
§24;(1) Every data fiduciary and the data processor shall, having regard to the nature, scope and purpose of processing
personal data, the risks associated with such processing, and the likelihood and severity of the harm that may result from such
processing, implement necessary security safeguards, including—(a) use of methods such as de-identification and encryption;
(b) Steps necessary to protect the integrity of personal data; and (c) steps necessary to prevent misuse, unauthorised access to,
modification, disclosure or destruction of personal data. (2) Every data fiduciary and data processor shall undertake a review of its
security safeguards periodically in such manner as may be specified by regulations and take appropriate measures accordingly.
76
§24 of PDPA, 2012 (Singapore).
77
Page 3of the fact sheet.
24
78
Policy. The counsel therefore relied on the order dated 19.02. 2020 issued by Ministry of Finance for
event of FM in the Covid-19, 79 which defined the same as follows;
9. The notification makes it clear and succinct that a FM event includes natural disaster beyond control of
mankind but not including negligence or wrong-doing, predictable/seasonal rain and any other events
specifically excluded in the clause. Further, the firm has to give notice of FM as soon as it occurs and it
cannot be claimed ex-post facto. It is contended by the Counsel that the event of data breach is the result
of negligence of Cobalt to maintain proper and efficient security safeguards which was under its control.
Not only it lacked in maintaining the security safeguards but also declared the Covid-10 crisis to
discharge its obligations, ex-post facto the Breach. FM is not intended to excuse negligence or other
malfeasance of a party, as where non-performance is caused by the usual and natural consequences of
external forces, or where the intervening circumstances are specifically contemplated.
10. While FM has neither been defined nor specifically dealt with, in Indian statutes, some reference can be
found in § 56 of the Contract Act (which deals with agreements between the parties to do an impossible
act) can be applied to such contract so as to discharge the parties from their contractual obligations.
80
In M/s Alopi Parshad & Sons Ltd. v. Union of India, the Supreme Court, after setting out § 56 of the
Contract Act, held that “the statute does not enable a party to a contract to ignore the express covenants
thereof and to claim payment of consideration, for performance of the contract at rates different from
the stipulated rates, on a vague plea of equity. Parties to an executable contract are often faced, in the
course of carrying it out, with a turn of events which they did not at all anticipate, for example, a wholly
abnormal rise or fall in prices which is an unexpected obstacle to execution. This does not in itself get
78
Clause 7 of the Privacy Policy; “The parties shall be exempted from performing their obligations in the case of a FM event.”
79
A FM means extraordinary events or circumstances beyond human control such as an event described as an act of God (like a
natural calamity) or events such as a war, strikes, riots, crimes (but not including negligence or wrong-doing, predictable/seasonal
rain and any other events specifically excluded in the clause). An FM clause in the contract frees both parties from contractual
liability or obligation when prevented by such events from fulfilling their obligations under the contract. This clause does not
excuse a party’s non-performance entirely, but only suspends it for the duration of the FM. The firm has to give notice of FM as
soon as it occurs and it cannot be claimed ex-post facto. There may be a FM situation affecting the purchasing organisation only.
In such a situation, the purchasing organisation is to communicate with the supplier along similar lines as above for further
necessary action. If the performance in whole or in part or any obligation under this contract is prevented or delayed by any reason
of FM for a period exceeding 90 (ninety) days, either party may, at its option, terminate the contract without any financial
repercussion on either sides. Notwithstanding the punitive provisions contained in the contract for delay or breach of contract, the
supplier would not be liable for imposition of any such sanction so long as the delay and/ or failure of the supplier in fulfilling its
obligations under the contract is the result of an event covered in the FM clause.
80
(1960 (2) SCR 793), similarly, in Naihati Jute Mills Ltd. vs. Hyaliram Jagannath, (1968 (1) SCR 821) the Supreme Court went
into the English law on frustration in some, the Court concluded that a contract is not frustrated merely because the circumstances
in which it was made are altered. The Courts have no general power to absolve a party from the performance of its part of the
contract merely because its performance has become onerous on account of an unforeseen turn of events.
In an English judgment namely, Tsakiroglou & Co. Ltd. vs. Noblee Thorl GmbH,( 1961 (2) All ER 179) despite the closure of the
Suez canal and despite the fact that the customary route for shipping the goods was only through the Suez canal, it was held that
the contract of sale of groundnuts in that case was not frustrated, even though it would have to be performed by an alternative
mode of performance which was much more expensive, namely, that the ship would now have to go around the Cape of Good
Hope, which is three times the distance from Hamburg to Port Sudan. The freight for such journey was also double. Despite this,
the House of Lords held that even though the contract had become more onerous to perform, it was not fundamentally altered.
Where performance is otherwise possible, it is clear that a mere rise in freight price would not allow one of the parties to say that
the contract was discharged by impossibility of performance.
25
rid of the bargain they have made. It is only when a consideration of the terms of the contract, in the
light of the circumstances existing when it was made, showed that they never agreed to be bound in a
fundamentally different situation which had unexpectedly emerged, that the contract ceases to bind. It
was further held that the performance of a contract is never discharged merely because it may become
onerous to one of the parties.”
11. There should be casual link between the FM and consequence of discharge of performance as upheld by
the Orissa High Court in, Sri Ananda Chandra Behera v. Chairman, Orissa State Electricity Board.81
The use of the FM clause to discharge the liability is absurd owing to the fact that Cobalt offered its
services whilst lockdown and promised to deliver in midst the same. The FM did not create any
hindrance in performance of obligations of Cobalt but rather its omission to maintain duty of care and
caution.
Adjudicating Officer is appointed by the same Authority which appoints the Inquiry Officer (as
per the provisions of the Act).
1. It is humbly submitted in this Hon’ble Court that the Authority formed under the act appoints the
adjudicating officer as well as the inquiry officer82 to deal with the offences so committed under the act.
If legislative, executive and judicial functions were given to one man, there was an end of personal
liberty.83
2. The first modern formulation of the doctrine was that of the French writer Montesquieu in 1748, where
he wrote that: “When the legislative and the executive powers are united in the same person or in the
same body of magistrates, there can be no liberty, because apprehensions may arise, lest the same
monarch or senate should exact tyrannical laws, to execute them in a tyrannical manner. Again there is
no liberty if the judicial power be not separated from the legislative and the executive. Where it joined
with the legislative, the life and the liberty of the subject would be exposed to arbitrary control; for the
judge would be then a legislator. Where it joined to the executive power, the judge might behave with
violence and oppression. There would be an end of everything, where the same man or the same body,
81
1997 I OLR 390
82
§48. (1) The Authority may appoint such officers, other employees, consultants and experts as it may consider necessary for
effectively discharging of its functions under this Act.(2) Any remuneration, salary or allowances, and other terms and conditions
of service of such officers, employees, consultants and experts shall be such as may be specified by regulations.
83
In his book ‘Commentaries on the Laws of England’, published in 1765, Blackstone
26
whether of nobles or of the people, to exercise those three powers, that of enacting laws, that of
executing the public resolutions and of trying the causes of individuals.”84
3. The conception that each wing performs unique and identifiable functions that are appropriate to each;
and the limitation of the personnel of each wing to that wing, so that no one person or group should be
able to serve in more than one branch simultaneously. Instead, the security against concentration of
powers consists in giving to those who administer each department the necessary constitutional means
and personal motives to resist encroachments of the others.
4. The Supreme Court in Ram Jawaya Kapur v. State of Punjab,85 held: “Indian Constitution has not
indeed recognized the doctrine of separation of powers in its absolute rigidity but the functions of
the different parts or branches of the government have been sufficiently differentiated and
consequently it can be very well said that our Constitution does not contemplate assumption by one
organ or part of the State of functions that essentially belong to another.
5. It is contended by the Counsel that the same authority appointing the executive as well as adjudicating
wing leads to intermixture as well as concentration of power in the same hands i.e. the authority so
established. Drawing an analogy of separation of power amongst the organs of the government, namely
the executive and judiciary, the role of inquiry officer is to conduct search as an executive in order to
execute the smooth functioning of law by inquiring about any conduct detrimental to data principals to
protect their interest which is the main object of the act. The duty of the adjudicating officer is analogous
to judiciary thereby awarding sanctions. The Adjudicating Officers shall have the power to conduct an
enquiry86 and adjudicate any dispute arising between data fiduciaries and data principals, including
availing any compensation. Further, the Adjudicating Officer may also impose monetary penalties where
the data fiduciary has contravened the provisions of the law.87
6. It is contended by the Counsel that the authority appoints an inquiry officer to inquire the cause on
receiving a complaint on reasonable grounds in case of contravention of the provisions of the act by the
data fiduciary. The inquiry officer is also vested with power of civil court under the civil code procedure
to summon and inquire the cases.88 The role as played by the adjudicating wing is the replication of the
authority as vested with inquiry officer whereby the latter is further vested right to search and seizure89,
the former adjudicate matters for commission of offences and determines penalties under the act which
the authority itself settles and look into under §54 on receiving report from the inquiry officer the
84
Montesquieu in De l’esprit des lois (1748); The constituent Assembly Of France in 1789 was of the view that “there would be
nothing like a Constitution in the country where the doctrine of separation of power is not accepted.”
85
Also see, Ram Krishna Dalmia vs. Justice Tendolkar reported in AIR 1958 S.C. 538 at p. 546, Jayanti Lal Amrit Lal vs. S.M.
Ram, AIR 1964 SC 649.
86
§ 93; (1) The Central Government may, by notification, make rules to carry out the provisions of this Act. (2) In particular, and
without prejudice to the generality of the foregoing power, such rules may provide for all or any of the following matters,
namely:— (o) the manner in which the Adjudicating Officer shall conduct an inquiry under sub- § (1) of § 63;
87
§ 62 of the Act.
88
§ 53 of the Act.
89
§ 55 of the Act.
27
authority takes step accordingly even the authority can reprimand the data fiduciary, 90 thereby
undermining the need to establish the adjudicating authority.
7. Similarly, in Indira Nehru Gandhi v. Raj Narain91, Ray C.J.also observed that in the Indian
Constitution there is separation of powers in a broad sense only. A rigid separation of powers as
under the American Constitution or under the Australian Constitution does not apply to India.
However, the Court held that though the constituent power is independent of the doctrine of
separation of powers to implant the story of basic structure as developed in the case of Kesavananda
Bharati v. State of Kerela,92 on the ordinary legislative powers will be an encroachment on the
theory of separation of powers. Nevertheless, Beg, J. added that separation of powers is a part of the
basic structure of the Constitution. None of the three separate organs of the Republic can take over
the functions assigned to the other. This scheme of the Constitution cannot be changed even by
resorting to Article 368 of the Constitution.
8. It is humbly submitted in this Hon’ble court that a system of check and balance couldn’t operate in a
system that lacks separation of power. The Constitution nowhere contains an express injunction to
preserve the boundaries of the three broad powers it grants, nor does it expressly enjoin maintenance of a
system of checks and balances. Yet, it does grant to three separate branches the powers to legislate, to
execute, and to adjudicate, and it provides throughout the document the means by which each of the
branches could resist the blandishments and incursions of the others. The Framers drew up our basic
charter against a background rich in the theorizing of scholars and statesmen regarding the proper
ordering in a system of government of conferring sufficient power to govern while withholding the
ability to abridge the liberties of the governed.
9. The philosophical underpinning of separation of powers doctrine is rooted in an inherent distrust of
concentrated governmental power. The separation of the powers of government, then, is a mode of
political organization intended to safeguard liberty by preventing the concentration of too much power in
the same hands and by establishing a system of checks and balances between the respective branches of
government.93
10. The roles being intermixed of the officers and being regulated by the same authority there is no
reasonable expectation of maintaining of check and balance. For instance in case of usurpation of power
by the executive the judiciary maintains its position thereby maintains check and balance of power and
vice versa. In Madhu Holmagi v. Union of India,94 wherein one advocate filed a public interest litigation
90
§54 of the Act.
91
1975 AIR 2299 = 1976 (2) SCR 347 = 1975 Suppl. SCC 1 Civil Appeals Nos. 887 and 909 of 1975
92
In I.R. Coelho vs. State of Tamil Nadu, S.C. took the opinion opined by the Supreme court in Kesavananda Bharati case
pertaining to the doctrine of basic structure and held that the Ninth Schedule is violative of the above-said doctrine and hence
from now on the Ninth Schedule will be amenable to judicial review which also forms part of the basic structure theory.
93
Singer, Sutherland Statutory Construction, Volume I, § 3:2
94
Public Interest Litigation No.22 of 2008 Along With Civil Application No.35 of 2008
28
challenging the “Agreement 123” i.e. Indo-US nuclear treaty proposed to be entered by the Indian
government, petitioner contended that court must have to scrutinize the all documents relating to the
agreement 123 and must have to prevent the Indian government from entering in to the nuclear deal. In
this case, court dismissed the petition because the question raised by the petitioner is a question of policy
decision, which is to be decided by the parliament and not by the judiciary.
11. A recent case, Delhi Development Authority v M/s UEE Electricals Engg. Pvt. Ltd,95 where the Supreme
Court ruling has sought to clarify the meaning and objective of judicial review as a protection and not an
instrument for undue interference in executive functions. The Supreme Court made the observation that,
“One can conveniently classify under three heads the grounds on which administrative action is subject
to control by judicial review. The first ground is “illegality”, the second “irrationality” and the third
“procedural impropriety”.
12. The accumulation of all powers, legislative, executive and judicial, in the same hands whether of one, a
few, or many and whether hereditary, self-appointed or elective, may justly be pronounced the very
definition of tyranny.96
E. Whether the power to perform adjudicatory functions being vested in an Adjudicating Officer,
who is not a member of any judicial body, has led to usurpation of judicial power and conferment
of the same on such non-judicial body of the Adjudicating Officer.
1. It is humbly submitted to this Hon’ble Court that the adjudicatory functions being vested in an
adjudicating officer, a non-judicial body has led to usurpation of judicial power.
2. It is contended by the Counsel on behalf of the petitioners that when such a body is established
regulating and upholding the rights and interest of the individuals, an officer with a judicial blanket is
prerequisite for performing such function and to exercise judicial power. The adjudicating officer is
working as a judicial body which questions the legalistic nature of the separation of power as envisaged
in the constitution of Zindia.
3. The judiciary is independent and separate wing of the Government. The executive or legislature has no
concern with the day to day functioning of the judiciary. In terms of Biblical apologue, Francis Bacon in
his “Essay of Judicature” showing the importance of, Temple of Justice‟ has expressed thus: “Solomon’s
Throne was supported by lions on both sides; Let them be lions, but yet lions under the throne; being
circumspect that they do not check or oppose any points of sovereignty.”97
95
2004(3) SCR 286
96
Takwani, C.K; Lectures on Administrative Law (Eastern Book Company 4 th edition)
97
Quoted in S.C. Advocates-on-Record Association vs. Union of India, AIR 1994 SC 268 at p. 301
29
4. It is argued that when rights of individual are encroached upon due to the act of other party leading to
detrimental interest of the individual, a body having adjudicatory power is presupposed to be having
some judicial background. For instance for any commission established in Zindia the right to appoint
judicial members rests in the Chief justice of Zindia or his nominee and further the chairman of the
commission is required to be CJI of Supreme court or the judge of High court. The contention is that a
person associated with such nature of job should not be a bureaucrat or a person appointed by the
executive without reference to the head of judiciary or any member holding the shadow of judiciary is
expected.98
5. It is contended by the Counsel that the adjudicating officer although vested with the power to exercise
judicial function however is shadowed by the parliament or the regulations of Central government. The
adjudicating officer is appointed by the authority99, which is established by the Central government of
Zindia.100
6. It is intended that justice thrives in a democracy where an independent judiciary is established free from
executive as well as legislative control. The Zindian constitution emphasize on the independence of
judiciary, wherein art. 50 obligate the state to take necessary step to separate the judiciary from the
executive in public service. Further the salaries and allowances of the chief justice and judges of the
Supreme as well as High Courts cannot be diminished during their term to their disadvantage thereby
further strengthening the independence of judiciary.
7. While considering the independence of adjudicating officer from the authority it is contended that
remuneration of officers is determined by the authority and the authority is also empowered to make
regulations thereby on such matters.101 Further the authority itself carries the blanket of legislative nature
owing to the fact that the funding of authority is rested on wishes of central government.102
8. In State of Gujarat vs. Utility Users Welfare Association 103where the Supreme Court held that it is
mandatory that a person of law to be a member of a primarily regulatory body performing some judicial
function and further that the presence of a judge in an appellate body cannot cure the defect of not
having a judicial member in original adjudicatory proceedings.
9. While discussing the separation of functions of judiciary and executive, in Chandra Mohan v. State of
U.P., 104Supreme Court held: “The Indian Constitution, though it does not accept the strict doctrine of
98
Bruhm dutt vs. Union of India.
99
§ 62 of the act.
100
§ 41. (1) The Central Government shall, by notification, establish, for the purposes of this Act, an Authority to be called the
Data Protection Authority of India. (2) The Authority referred to in sub-section (1) shall be a body corporate by the name
aforesaid, having perpetual succession and a common seal, with power, subject to the provisions of this Act, to acquire, hold and
dispose of property, both movable and immovable, and to contract and shall, by the said name, sue or be sued. (3) The head office
of the Authority shall be at such place as may be prescribed. (4) The Authority may, with the prior approval of the Central
Government, establish its offices at other places in India.
101
§78of the Act
102
§ 48 of the Act.
103
2018 (6) SCC 21
104
AIR 1966 SC 1987 at p. 1993
30
separation of powers, provides for an independent judiciary in the States....... But at the time the direct
control of the executive. Indeed it is common knowledge that in pre-independence India there was a
strong agitation that the judiciary should be separated from the executive and that the agitation that the
judiciary should be separated from the executive and that the agitation was based upon the assumption
that unless they were separated, the independence of the judiciary at the power levels would be a
mockery.”
10. In Madras Bar Association vs. Union of India & Anr105to say that separation of powers and
independence of the judiciary are inalienable and non-derogable guarantees to the citizens of India.
Observations to the effect that independent judicial tribunals for determination of the rights of citizens
are necessary are relied on. It was held that, “for adjudication of the disputes and complaints of the
citizens is a necessary concomitant of the rule of law. The rule of law has several facets, one of which is
that disputes of citizens will be decided by Judges who are independent and impartial; and that disputes
as to legality of acts of the Government will he decided by Judges who are independent of the executive.
Another facet of the rule of law is equality before law. The essence of the equality is that it must be
capable of being enforced and adjudicated by an independent judicial forum. Judicial independence and
separation of judicial power from the executive are part of the common law traditions implicit in a
Constitution like ours which is based on the Westminster model.”
11. While the authority is entrusted with the power to appoint adjudicating officer, the central government
determines the manner, term, number of officers and other such requirements as well as rules106 of the
said wing.
12. It is contended by the Counsel that where conferment of judicial power is on such a non judicial body
which is under the indirect as well direct control of the central government or the legislature is tend to be
biased while awarding the sanctions to the authority regulating its pecuniary business.
13. Pecuniary bias arises when the adjudicator has monetary or financial interest in the dispute thereby
disqualifying him to adjudicate the same. In Jeejeebhoy vs. Collector,107 CJI reconstituted the bench
when it was found that one of the members of the bench was a member of the cooperative society for
which the land had been acquitted.
14. Similarly in, Dimes vs. Junction Canal,108 a Public limited company filed a suit against a land owner in
matter largely involving the interest of the company. The Lord Chancellor who was a shareholder in the
company decided the case and gave relief to the company. His decision was quashed by the House of
Lords because there was a pecuniary interest in the Lord Chancellor in the company.
105
2014) 10 SCC 1
106
§62 of the act
107
1965 AIR 1096, 1965 SCR (1) 636
108
(1852) 3 HL Cas 759
31
15. While considering the question of usurpation of power by organs, in Asif Hameed vs. State of J & K,109
the court held that, “Although the doctrine of separation of powers has not been recognised under the
constitution makers have meticulously defined the functions of various organs of the State. Legislative,
executive and judiciary have to function within their respective spheres demarcated under the
constitution. No organ can usurp the functions assigned to another. Judiciary has no power over sword
or purse. Nonetheless it has power to ensure that the aforesaid main organs of the state function within
the constitutional limits. It is the sentinel of democracy.”
16. In England, Sir H. H. Cozens-Hardy, Master of the Rolls, is quoted as saying in a speech at the annual
dinner of the Fishmongers Company to the Bench and Bar that government by departments by
administrative action was "a very bad symptom . . . attended with very great danger"; that it had been
and he hoped it always would be the duty of the courts of justice to see as far as possible that the powers
entrusted to the other departments of government should be exercised reasonably and to offer the
extremist resistance in their power to encroachment by the executive. 110
109
AIR 1989 SC 1899
110
THE LAW TIMES, 22, May 6,1911
32
PRAYER
WHEREFORE IN THE LIGHT OF ARGUMENTS ADVANCED, AUTHORITIES CITED AND FACTS

MENTIONED THE HONOURABLE COURT MAY BE PLEASED TO ADJUDICATE THAT:
1. To issue the writ of certiorari or any other appropriate writ, this Court thinks fit, thereby declaring the
Notification as unconstitutional, being manifestly arbitrary, illegal and violative of Articles 19 and 21
and consequently striking down the impugned Notification;
2. To order the state and Cobalt in pursuance of section 57(3) of the Act to pay compensation of Rs 5
Crore to individual who suffered social stigma due to government’s conduct of releasing the personal
data sets by the State ; and to grant compensation of Fifteen crore rupees to the individuals personal
data for contravening with the provisions of the act which resulted in data breach of approx. 50,000 users
by Cobalt;
3. To issue the writ in the nature of manadamus or any other writ directing the respondents to consider
setting up a judicial body for the purpose of adjudication.
And any other relief that this Hon’ble court may be pleased to grant in the interest of justice, equity and
good conscience
All of which is most humbly prayed
Sd-
Counsel of Petitioner
33

Symbi Petitioners1

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Symbi Petitioners1

Uploaded by

Copyright:

Available Formats

TEAM CODE: 531

5th SYMBIOSIS LAW SCHOOL, HYDERABAD, NATIONAL MOOT

COURT COMPETITION – 2021

THE HONOURABLE SUPREME COURT OF ZINDIA

WRIT PETITION NO: 2020 /2021

FILED UNDER ARTICLE 32 OF THE CONSTITUTION OF ZINDIA, 1950

UNION OF ZINDIA & Ors……………………………………………….….RESPONDENTS

MEMORANDUM for PETITIONER

A. WHETHER THE NOTIFICATION LACKS FORCE OF LAW AND IS UNFAIR AND

B. WHETHER COBALT SHARING THE PERSONAL DATA SETS WITH THE

C. WHETHER STORAGE OF THE SENSITIVE PERSONAL DATA (AS DEFINED UNDER

D. WHETHER THERE IS LACK OF SEPARATION OF POWER WITHIN THE

E. WHETHER THE POWER TO PERFORM ADJUDICATORY FUNCTIONS BEING

B. BOOKS AND JOURNALS

a. The Notification is Unreasonable & Arbitrary action of the State.

a. Cobalt is a data fiduciary within the meaning of the act.

b. Breach of consent of users by Cobalt.

c. Violation of the privacy policy by Cobalt.

d. Disclosure of identity by the government.

e. Mala fide use of the act to justify its cause.

b. Wrongful loss to the individuals due to failure to maintain Security safeguards.

e. FM and Discharge of obligations of Cobalt.

WHEREFORE IN THE LIGHT OF ARGUMENTS ADVANCED, AUTHORITIES CITED AND FACTS

All of which is most humbly prayed

You might also like