The Karnataka High Court has dismissed a petition filed by digital payment intermediary PhonePe, challenging a police notice under Section 91 of the Criminal Procedure Code (CrPC). The notice sought transaction details and full account credentials of PhonePe users and merchants in connection with a criminal investigation involving losses through cricket betting applications.

Justice M. Nagaprasanna, delivering the judgment, emphasized the necessity of balancing data protection with the public interest in criminal investigations. He stated, “The protection of consumer privacy cannot eclipse the lawful imperative of investigating officers to secure evidence and take the investigation to its logical conclusion.” The court noted that in the digital age, cyber crimes require swift and effective responses, and the police must be empowered to access digital information to uncover evidence.

PhonePe had argued that as an intermediary under Section 79 of the Information Technology Act, it was not responsible for the transactions leading to the filing of the FIR. The company also cited the Payment and Settlement Systems Act, 2007, and the Bankers Books Evidence Act, 1891, to assert that customer data could not be shared without a court order. However, the court found that the provisions of Section 91 CrPC and central government guidelines under Section 87 of the IT Act override such statutory protections in the context of criminal investigations.

This ruling underscores the judiciary’s stance on the need for digital platforms to cooperate with law enforcement in the investigation of cyber crimes, even when it involves sharing sensitive user information.

Sources