Authors: Mahwash Fatima
Published: 6th January, 2025 in The Hindu
The proposal to access an individual’s ‘virtual digital space’ raises significant concerns about privacy, overreach, and surveillance.
The Finance Minister recently introduced a proposal in Parliament to allow tax authorities to access, under the Income-Tax Bill, 2025, an individual’s “virtual digital space” during search and seizure operations. The justification is straightforward: as financial activity moves online, so must enforcement. However, this glosses over the far-reaching implications of such a shift, which raises significant concerns about privacy, overreach, and surveillance.
A blurring, open-ended provision
Currently, India’s tax law already provides for search and seizure under Section 132 of the Income-Tax Act, 1961. But those powers are limited to physical space such as a house, office, and locker. Since such operations are based on suspicion of undisclosed income or assets, there is a connection between the objective, which is finding undisclosed income and getting access to physical assets.
The new Bill, however, blurs this link by including an individual’s digital presence which is not only vast but often contains much more than what is relevant to a tax investigation. Without clear limits, such access can lead to disproportionate intrusion. For example, under the existing regime, what could be searched was what concerned only the individual under investigation. In contrast, digital spaces involve multiple stakeholders. Accessing a social media account also exposes friends, family, and professional contacts, through photographs and posts.
The proposed definition of ‘virtual digital space’ includes access to emails, personal cloud drives, social media accounts, digital application platforms, and more. Crucially, the phrase “any other semi-permanent nature” makes the list open-ended, potentially covering a wide range of digital platforms. Additionally, the proposed provision empowers tax authorities to override passwords and encryption to unlock devices or virtual digital spaces. It still remains unclear though how this power will be operationalised in practice particularly in cases involving encrypted messaging apps such as WhatsApp, as explicitly cited by the Finance Minister in Parliament.
The problem becomes even more of a concern when the individual involved is a professional whose work requires confidentiality. For instance, journalists whose devices and emails hold sensitive information, including confidential sources, unpublished material, and protected communications. If a search is conducted on flimsy or overly broad grounds, it not only violates their privacy but also endangers their ability to undertake reporting. Recognising these risks, the Supreme Court of India, in 2023, circulated interim guidelines on the seizure of digital devices and directed the Union Government to contemplate formulating necessary protocols. Moreover, the judicial interpretation of “reason to believe” emphasises the need for tangible material beyond mere suspicion. Even under existing law, courts have construed that the provision ought to be exercised strictly, acknowledging that search and seizure is a serious invasion of privacy.
The proposal to access an individual’s ‘virtual digital space’ raises significant concerns about privacy, overreach, and surveillance
A violation of transparency, accountability
Yet, the proposed provision goes against these principles and is devoid of guardrails, judicial oversight, and suggests a lack of understanding of the stakes. It fails to acknowledge, let alone address, the sheer breadth and layered sensitivity of information stored on electronic devices. In line with the current law, the proposed provision prohibits disclosure of the “reason to believe” — clearly violating principles of transparency and accountability.
Globally, privacy and transparency standards in search and seizure, especially where digital devices are involved, are grounded in statutory protections and procedural safeguards. In Canada, section 8 of the Charter of Rights and Freedoms guarantees the right to be secure “against unreasonable search or seizure”. It is designed to prevent unjustified searches and sets a three-part default standard: prior authorisation; approval by a neutral and impartial judicial authority; and reasonable and probable grounds. In the United States, the Taxpayer Bill of Rights, adopted by the Internal Revenue Service, affirms that taxpayers have the right to expect that any inquiry or enforcement action will be legally compliant and will not be more intrusive than necessary following due process rights, including search and seizure protections. The U.S. Supreme Court’s decision in Riley vs California also necessitated a warrant before accessing digital data, given the deeply personal nature of information stored on phones and devices.
Contradiction of the proportionality test
In contrast, India’s proposed Income Tax provision grants sweeping access to digital personal data without warrants, relevance thresholds, or any distinction between financial and non-financial information. This directly contradicts the proportionality test upheld by the Supreme Court in Justice K.S. Puttaswamy (Retd.) vs Union of India. The Court has held that any restriction to an individual’s privacy must meet a four-fold test, of which proportionality was key, requiring state action to pursue a legitimate aim, satisfy necessity and adopt the least intrusive means available. Allowing unfettered access to personal digital data, in the absence of judicial oversight or guardrails, fails this standard.
The way forward is not to abandon digital search and seizures. Rather, it is to root it firmly in principles of proportionality, legality, and transparency. The right to be free from surveillance must not be eroded under the garb of tax compliance. Unchecked surveillance in the name of compliance is not oversight but overreach. There is hope the Select Committee of Parliament currently reviewing the Bill will re-examine the notion of ‘virtual digital space’, disclose the reasons for such warrants and understand the risks to digital rights — and course correct by establishing mechanisms of redress for aggrieved individuals.
Mahwash Fatima is a Manager, Public Policy at TQH Consulting’s Policy Tech practice in Delhi.
Around half a decade ago, one of the co-authors of this article was invited by then secretary, Department of Disability Affairs, for a vision setting exercise for the department for the next 25 years. The co–author made a strong argument that while the Department continues to function as a nodal agency, disability cannot be limited to just one department. Disability is an intersectional issue and we need disability experts in each ministry.
In an unprecedented move, Australia in its effort to protect children from online harms amended its Online Safety Act to prohibit access to social media platforms for those under the age of 16. Last week, this was a trending topic in many Indian parent communities with some arguing that India should perhaps consider a similar policy. However, it is likely that well-meaning parents have not considered unintended consequences of such a move.
Last month, India’s IT Ministry convened meetings with industry and experts to discuss setting up an AI Safety Institute under the IndiaAI Mission. Curiously, this came on the heels of PM Modi’s visit to the US that was punctuated by the Quad Leaders’ Summit and the UN’s Summit of the Future. AI appeared high on the agenda in the run up to the Summit of the Future, with a high-level UN advisory panel producing a report on Governing AI for Humanity.
The Samarth Initiative by