Cybersecurity – Supreme Court Urges Government to Review Indian Data Theft Concerns

Cybersecurity –  The Supreme Court on Tuesday advised the Ministry of Electronics and Information Technology to examine a public interest plea demanding stronger safeguards for the recovery or destruction of sensitive personal information of Indian citizens allegedly stored on overseas servers without consent.

The matter came before a bench headed by Chief Justice Surya Kant along with Justices Joymalya Bagchi and Vipul M. Pancholi. The petition had been filed by cybersecurity consultant Nitish Kumar, who raised concerns over the growing risks linked to large-scale data breaches and the handling of citizens’ private information outside India.

Court Suggests Government-Level Examination

During the hearing, the apex court observed that the issues highlighted in the petition were largely technical in nature and better suited for examination by the concerned ministry and domain experts. While the bench chose not to directly entertain the plea as a judicial proceeding, it instructed the petitioner to place the concerns before the Union government for appropriate consideration.

The court indicated that the matter involved policy implementation and technical mechanisms that may require administrative action rather than immediate judicial intervention. The direction effectively allows the government to assess whether additional measures are necessary to deal with sensitive personal data allegedly compromised in cyber incidents.

Focus on Digital Personal Data Protection Law

The petition also sought steps for the effective implementation of the Digital Personal Data Protection Act, 2023, which was introduced to strengthen the country’s legal framework governing digital privacy and data handling practices.

According to the plea, a more reliable system is needed to trace, retrieve, erase, or neutralize stolen personal information that may have been transferred to servers located outside the country. Concerns were raised over the possible misuse of such data, especially when it remains beyond the reach of domestic regulatory authorities.

The petitioner argued that Indian citizens require stronger protection mechanisms in an era where cyberattacks, online fraud, and unauthorized data access have become increasingly common across digital platforms.

Rising Concerns Over Data Security

The issue of data protection has gained significant attention in recent years as several cybersecurity incidents involving personal information have surfaced globally. Experts have repeatedly warned about the risks associated with storing sensitive data on foreign servers without adequate legal and technological safeguards.

The Digital Personal Data Protection Act, passed in 2023, aims to establish rules for the collection, storage, and processing of digital personal information. It also outlines responsibilities for organizations handling user data and introduces penalties for violations.

However, implementation challenges and concerns over cross-border data transfers continue to remain part of the broader policy discussion. Cybersecurity professionals and privacy advocates have often called for stronger enforcement systems and greater accountability in handling user information.

Government Expected to Review Concerns

With the Supreme Court directing the petitioner to approach the Ministry of Electronics and Information Technology, the matter is now expected to move into the administrative domain. The ministry may examine whether existing legal and technical frameworks are sufficient to address cases involving stolen personal data hosted outside India.

The development comes at a time when digital privacy, cybersecurity, and data governance remain key issues in India’s rapidly expanding online ecosystem. The government has been working on strengthening regulatory mechanisms to improve trust and security in digital services used by millions of citizens.