SC Asks MeitY To Examine Plea On Stolen Citizen Data And Cyber Misuse

The Supreme Court of India on Tuesday asked the Ministry of Electronics and Information Technology to treat a Public Interest Litigation (PIL) as a formal representation seeking a comprehensive framework to recover or destroy stolen personal data of Indian citizens allegedly stored on foreign servers.

A bench comprising Chief Justice Surya Kant and Justices Joymalya Bagchi and Vipul M Pancholi was hearing a PIL filed by cyber security consultant Nitish Kumar. The plea urged the Court to ensure effective implementation of the Digital Personal Data Protection (DPDP) Act, 2023 , and sought stronger safeguards to curb rising incidents of “digital arrests” and extortion linked to large-scale data breaches .

The petitioner submitted that sensitive personal information of Indian citizens, including fingerprints and other identifiers , has allegedly been stolen and is being stored across servers in at least five foreign countries. He argued that such data is being weaponised by cybercriminal networks to commit transnational offences, including fraud and intimidation of victims through digital impersonation and coercion.

Kumar further sought directions for the constitution of a Special Investigation Team (SIT) to monitor and investigate cases of data theft, along with a structured mechanism to either retrieve or permanently destroy compromised data held abroad. He contended that without decisive action, the misuse of such data would continue to pose a serious threat to national cyber security.

However, the bench declined to entertain the PIL on merits, observing that the issues raised were “highly technical in nature” and required administrative and technological expertise rather than judicial intervention at this stage. The Court noted that such matters are better addressed by the executive.

“It appears appropriate that the petitioner approach the Ministry of Electronics and IT. Let this plea be treated as a supplementary representation. They shall consider it,” the bench observed.

The Court also remarked on the limitations of cross-border enforcement, noting that in the absence of extradition mechanisms, bringing offenders to justice becomes difficult. While disposing of the petition, the bench granted liberty to the petitioner to submit his grievances afresh before MeitY, which has been asked to examine the broader concerns relating to data protection, recovery mechanisms, and prevention of misuse of stolen digital information .