Data Protection Journal of India ..Latest issue is now available


Data has a value as everybody understands. But we need to go further in our discussion on what is the value of data, how it can be computed and how it can be brought into the balance sheet etc.

The latest issue of Data Protection Journal of India discusses these concepts along with the handling of the personal data of the deceased persons.

The journal is available free at



Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

This insane GDPR Fine on Amazon is self defeating


Luxembourg Data Protection Authority (CNPD) has done great disservice to the Privacy Community by administering a fine of $887 million(Rs 6582 crores) on Amazon for using customer data for advertising purpose. The fine has been revealed by Amazon in its SEC filing and requires public confirmation from CNPD. It is possible that CNPD may revise its decision since it is blatantly unrealistic and will create a huge backlash from the business to the sanctity of the administrative fine system.

Details available here

The ruling appears to have been a result of a complaint filed in 2018 by a French privacy rights group La Quadrature du Net representing the interests of 10065 persons. The complaint states that “Amazon is  carrying out certain personal data concerning the persons on whose behalf the this complaint is lodged (2.2) without, however, establishing these treatments on one of the legal bases required by law (2.1), making therefore, they are unlawful (2.3).”

Amazon has rightly pointed out that there is no “Data Breach” and the fine is disproportionate to the alleged violation.

It is important to observe that while CNPD can take pride in claiming that this is a “Record” fine based on the “4% Global Turnover window” provided in the GDPR, the level of fine is unlikely to be accepted by any sane Court.

The prayer in the complaint was

“request that the following measures be imposed on the from Amazon:
• the prohibition of behavioral analysis and targeting treatments advertising described above, pursuant to Article 58,§2(f) GDPR;
• an administrative fine which, because of the massive, lasting nature and manifestly deliberate of the breach found, must be the highest possible, pursuant to Article 83(2) and (5) of the GDPR.”

It is interesting to note that Luxembourg is one of the smallest sovereign states in Europe with a population 6,26,108 and an area of 2585  square Kilometers. It is a rich country but too insignificant because it is  an entity smaller than the State of Goa and a population of some small town in India. The fine will enrich the country by about Rs 1 lakh per citizen.

It is possible that the CNPD thinks that it is upholding the privacy rights of the entire EU population and it is the torchbearer of privacy protection for the entire democratic world.

It is however necessary for such regulators to remember that “Advertising” is an essential ingredient of marketing and cannot be completely eliminated. In the course of developing a targeted advertising of a commercial product, Amazon is being accused of not having a proper consent. The accusation may be partially true. But the punishment envisaged must be reformative and reasonable. The current level of fine will be considered as unreasonable and will actually  create a sympathy for Amazon.

I hope the Indian regulatory authority when it comes into existence would be more reasonable.

It is possible that the report as it happens in most media reports is itself not completely true. It is possible that CNPD might have raised a show cause notice on Amazon on why it cannot be fined Euro 447 million and Amazon might have disclosed it as a “Risk” in its disclosure documents to SEC. In the process, Amazon could have also exaggerated the possible fine without appropriate basis.

Based on the response from Amazon, CNPD may revise the fine downwards to more reasonable levels or a Court may actually squash the order. Hence the criticism may be premature.

However the incident does raise a question on how Privacy has to look at targeted advertising as a commercial marketing tool and whether it needs to be banned completely or regulated to the extent that it is used only for positive uses for the society.

Imagine a situation where all advertising on internet is banned. Then the entire internet industry would become so expensive that people will stop using it and technological development will be seriously affected.

This was not the intention behind GDPR and we should not allow the individual regulatory authorities to redefine the objective of GDPR and convert it into a revenue generating tool for themselves at the cost of business.


Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

Investors in Zomato and Paytm IPOs will eventually blame Narendra Modi

The Zomato public issue of shares to raise Rs 9735 crores of public money to a company which has been consistently making losses and has declared that it will continue to make losses even in the future is a dangerous trend that is infecting the Indian investment scenario like a Virus.

Now PayTM is getting ready with even bigger losses to enter the IPO and other startups like Cred will soon follow suit.

In all these cases, one can see a Ponzi scheme of raising money from public to pay off the investors who had invested in the earlier private placement rounds.

The system of angel investors funding a new risky technology venture at the pilot stage and the Venture Capitalists at the stage when the concept is further developed until it is ready to go public is a great idea which needs to be encouraged for the benefit of genuine entrepreneurs. But in view of the risk involved, such projects cannot be funded out of debt from the Banking institutions but need to be funded by equity investors who can absorb the risk. Hence the private placements by angel investors and venture capitalists are acceptable. But before they want to take their money out by bringing in the public, the company should start earning profits.

Currently, this scheme of funding new ventures is being fraudulently abused by some venture capitalists and their beneficiaries. The game is for a company to first raise some funds at a premium, use the money to advertise and acquire customers offering deep discounts on products and services, and there after raise further money from other venture capitalists, do more advertising, acquire more customers for the service to create a growth narrative.

Most of the customer acquisitions are successful because the products and services are sold below cost and consumers are in a way bribed to become a member. The companies firstly pick up valuable personal data of the subscribers to trade and then show the growth rate as a success story to raise further private equity.

The entire private equity so gained will add to the “Reserves” account in the balance sheet as “Share Premium” and add to the networth for the company. But the funds would be burned out through expenses which will be greater than the earnings. Most such companies make “Marginal loss on every unit sold”.

The following is a list of loss making companies compiled from some available public sources  of which Zomato has now tasted the investor’s blood by its public issue.

Other companies in the list will soon hit the stock markets and try to siphon off public investments.

We must remember that some of these investments may come from Mutual Funds and the public funds in the Banking industry will also be used to fund these IPOs through the mutual fund route. 

This is the Harshad Mehta scam back in the game, this time with the assistance of SEBI.

SEBI was an institution whose basic objective was to protect the interest of the investors. The institution and its predecessor, the Controller of Capital Issues (CCI) always exercised strict control on the pricing of public issues. Until recently it was a pre condition that only profit making companies could go public and raise public money on the basis of the prospectus document which was an honest declaration of the organization about the past financial position of the company, proposed new initiatives for which the money would be raised, the profitability for the next 5 years etc.

Unfortunately SEBI has now abdicated its responsibility for investor protection and started looking at Prospectus as a junk statement which can say (as in the case of Zomato)

“We will continue to make losses….. The project have not been appraised by any financial institution… ” 

Despite such risk disclosures, the Companies want to raise public money with a premium and SEBI is willing to allow.

In the case of Zomato, each share of face value of Rs 1 was sold at Rs 76. It is another fact that the shares were listed at the price of around Rs 116 and is now at around Rs 140. The market capitalization has crossed Rs 1 lakh crores. Some are advocating that these shares are to be brought in even to the nifty basket. It is ironic that ZOMATO kind of companies are having market capitalization higher than other successful manufacturing companies which have created value for the economy.

There have been a lot of trading turnover in Zomato shares the initial days. However how much of the turnover reflect the genuine investor purchases is a moot point. It is well known that the trades are fixed so that broker of a fund A will buy from the broker of fund B and the broker of A will again buy back with each such transaction executed at a higher price. In the process the market price of the share goes up and the brokers make their commission. It is these broker manipulations that some investment counsellors call as “Listing Gains”.

During the traditional public issue shares, the issue price was genuinely lower than the intrinsic worth since SEBI or Controller of Capital Issues was very conservative. Hence public issues were heavily oversubscribed and the shares were listed at higher than the issue price and there was real listing gains. What is now happening is pure speculation which will erode the faith of the investors in the market.

It is certain that there would a stock market recession induced by such issues probably in the next 2 years.

SEBI is expected to control such malpractices but it has become part of this corrupt system of manipulation. The Government is completely under the control of the corrupt system and also has the income from STT to show as its gains.

Thus “Innovative Technology Companies”, “Venture Capitalists”, “SEBI” and the “Government of India” are all involved in this big game of cheating the public.

Our advise to investors is to completely refrain from the IPOs of such issues like Zomato and Paytm etc. Value investors like Mr Rakesh Jhunjhunwala states

Even the most optimistic valuation assuming growth of Indian GDP to the level of China GDP, and assuming that the company will be able to make profits int he next 10 years, maintaining a market share of 40%, experts value the shares at not more than Rs 41

Investors should ignore the manipulations of the brokers and the fraudulent investment advisors and the media which try to sell the idea that “Share price is a derivative of the sentiments of the investors” and there is no relation to profitability. Investment advisors have stopped looking at P/E ratios are are now looking at “Price to turnover” and other parameters to justify why a “Junk Share” should be bought at a high price.

The famous Harshad Mehta whose scam which induced a long time recession in the Indian market in 1992 had a theory that if you create the right sentiment any share can be sold at a higher price. While such speculation is fine with own funds, institutions with public money and organizations like SEBI cannot take a stand to ignore the principles that an “Equity Value” is related to the “Underlying income potential”. If we break this link between “Market Price” and “Income Potential”, we will make all Equity investments, another form of “Crypto shares”.

In the end, when a couple of these companies start failing, people will inevitably blame Mr Narendra Modi who has supported “Start Up” industries and companies like “Paytm” as promoters of Digital India.

Mr Modi will be called the “Mastermind of the scam” and Amnesty International, Wire and Mr Rahul Gandhi will all join hands and disrupt the Parliament while Mamata Banerjee may institute a “Judicial Commission” to probe.

If Mr Modi is wise, he should understand the risk and take effective counter action to ensure that SEBI does not become an instrument for cheating public through such fraudulent IPOs. Otherwise like the failing Cooperative banks being merged with healthy Banks, these “Crypto Companies” which are nothing but hollow accounting creations will have to be taken over by other health companies to save the market.

I therefore suggest that the Government has to immediately direct SEBI that

“No Premium issues should be permitted unless a Company is profitable on PAT basis for atleast two consecutive years or in three out of 5 years before the issue”


Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment

SEBI and Zomato set to kill the Indian Start up industry

The IPO of Zomato which was issued at Rs 76 and got listed at Rs 125 has opened a Pandora’s box in the Indian stock markets.  This is not an information to rejoice. This is actually a serious threat to the Start up eco system and the investment markets in India because Zomato is a loss making company which has been allowed to go public at a premium against the known principles of raising money from the public for caproate activities.

We must remember that Zomato has a huge operating loss in its balance sheet and has so far shown a book value only based on the multiple private placements of the shares with investors at a premium, all of whom have conspired to now get public to invest their hard earned savings to replace the over valued acquisitions of the investors.

The Zomato shares have a face value of Rs 1 each and the issue price was determined on a book building process with the premium of Rs 75. The total issue was for 123.35 crore shares of which the fresh issue was 118 crore shares and Offer of sale from Info_Edge was about 5 crore shares.  The total money raised from public on account of this issue was Rs 9375 crores of which about Rs 9000 crores would come to the company and Rs 375 crores will go to Info edge. The reserves will be boosted by Rs 8880 crores crores will go into the credit of reserves.

The objective of the issue is stated as “Funding organic and inorganic growth initiatives” for which Rs 6750 crores would be invested and “General Corporate Purposes” for which Rs 1978 crores would be invested.

The Balance sheet shows Goodwill of Rs 1247 crores along with other intangible assets of Rs 207 crores. It has consistently made losses and over the last three years recorded losses of Rs 1010 crores, 2385 crores and Rs 816 crores in the last three years 2019, 2020 and 2021.

As an ex-Merchant Banker, the undersigned is intrigued by the financial information pertaining to this IPO.

The prospectus states that the Statutory auditor has not made any “Qualifications” on the report but the Company states

“the degree to which the financial information included in this Prospectus will provide meaningful information is entirely dependent on the reader’s level of familiarity with Indian accounting policies and practices, the Companies Act, Ind AS, and the SEBI ICDR Regulations”

The Risk factors stated include the following statements

” We expect to our costs to increase over time and our losses will continue…If we are unable to generate adequate growth we may continue to incur significant losses in the future”.

“Our funding requirements and the proposed deployment of net proceeds have not been appraised by any Bank or financial institution or any other independent agency and our management will have broad discretion over the use of the Net proceeds”.

“We have entered into and will continue to enter into related party transactions which may potentially involve conflicts of interest”.

“Certain of our corporate records and filings are not traceable or have discrepancies We cannot assure you that regulatory proceedings or actions will not be initiated against us in the future and we will not be subject to any penalty imposed by the competent regulatory authority in this regard”

The prospectus also mentions the risks associated with regulation with specific reference to PDPB 2019, ITA 2000 and the NPD Governance without indicating specific measures taken to mitigate the risks.

A detailed analysis of the prospectus and the reliability of the figures are beyond the scope of this article.

However we need to take a serious objection to the rules of SEBI which is now transferring the shares of this loss making company to the ordinary investors in the market. If SEBI was considered as an organization which takes care of the interests of the public investors, it is clear that it is not evident in the approval of this prospectus.

I would like knowledgeable investment consultants to take up this issue with the Ministry of Finance and ensure that the scheme of “Loss Making Start Up Companies” being allowed to make IPOs at a premium is stopped. It appears that many other loss making start ups may enter the market in the coming days and sooner or later when one of these companies go into liquidation there will be a “Start Up Bubble Burst” in India.

In the early 2000, when Sify bought at Rs 225 crores, it caused a dot com bubble burst and the correction of the sentiments   took several years. Earlier the Harshad Mehta bubble created a long term recession in the stock markets.

Now we can expect that SEBI-ZOMATO fiasco could result in another major crisis in the Indian investment scenario. It is clear that SEBI no longer can be relied upon as a trustee of the investor’s interests.

We have no problem if Start ups raise private equity until they turn profitable and there after raise public equity after they start generating profits.

We also have no problem if a loss making company raises public investment “At par” after proper disclosure.

But the current trend of trapping the gullible investors with an “Hollow Brand Name” requires condemnation.

If one or two such companies collapse, it will be like the failure of Co-operative banks and there will be an investment crisis in which no other start up company can think of going public in the near future. If there is no exit route through IPOs then even the private placements will also dry out and eventually the Start Up eco system would be detroyed.

Will the Ministry of Finance and Ministry of Corporate Affairs explain the logic for such public issues?.


Refer this video:

Venture Capital-Silicon Valley Ponzi Scheme


Print Friendly, PDF & Email
Posted in Cyber Law | 2 Comments

Pegasus controversy is political

Pegasus as a surveillance tool is known for some time. It is also known that “Intelligence” is a part of every Government’s activity not only in India but elsewhere.

Amnesty International and the news agencies like have no credibility to be given serious attention to when they bring out any report against the Indian Government. They are part of the Cyber warfare that we have to tolerate just like the terrorist attacks we need to tolerate from time to time.

According to the latest report, Amnesty International says that the list of phone numbers were “Potential Targets” and they never claimed they were actually targeted. If some body claims that X was in the list of surveillance target and X was targeted because he was anti Government activist, it does not explain why Y was in the target list though he was a pro Government person and why Z was not in the target list though he was a rabid anti India activist.

When a Virus spreads, it spreads through various means and not all virus attacks are targeted attacks. While NSO may claim that Pegasus infection is controlled and it can be used only by authorized Government agencies, there is a possibility that hackers may have a way of stealing the infection code from one authorized entity and use it in another context.


The above screenshot shows that pegasus is a name used for other malware also.  It is possible that we may confuse another clone malware that other private hackers may also be using to what our politicians are referring to. (P.S: Please donot download any software from the site referred since it may infect your computer.)

Pegasus of NSO costs a few crores of Rupees and the Company claims that it will be sold only to Government agencies after some verification. But it is possible that it can be bought by some Government which can leak it to hackers. There are many Governments including the Pakistan and China Governments who may posses this software and may use it against India.

We therefore need to take the controversy with a pinch of salt and consider it as a passing strategy to disturb the Indian Parliament so that the Government function is diverted.

Though there is a Privacy issue involved, the facts are insufficient to conclude that the Government was involved in surveillance on a wide scale as is alleged by the politicians. If there was selective surveillance of some, it has to be weighed with the security concerns and the legitimate right of the Government to gather intelligence.

In responding to the controversy, Mrs Meenakshi Lekhi, the Chair person of the JPC on PDPB2019 has stated that the controversy is a ploy to delay the passage of the Bill.

Though the Bill by itself may not prevent such incidents in the future, if the Data Protection Authority is in place, the fight which is presently going on in the Parliament would shift to the office of the DPA and the Government would be left to do its work. At least for this, let us hope that the Bill will be introduced in its final form during this week.


Also Refer:

Is the Pegasus technology good or evil….Business Today article

Amazon blocks NSO linked accounts

Print Friendly, PDF & Email
Posted in Cyber Law | 1 Comment

Mistaken Identity lands TransUnion in a $40 million class action suit

TransUnion is a well known company in India. This company silently acquired 92% of the shares of CIBIL which was earlier held by many Banks in CIBIL.

The mystery of this acquisition in which a company owned by several public sector banks by a US based private sector company is a matter of case study. No Sucheta Dalal nor Subramanya Swamy got wind of this acquisition and press and media including Mr Arnab Goswami were in the dark.

In the process, TransUnion CIBIL became the controller of sensitive personal data of 1000 million Indians. The sensitive data consisted of demographic data, financial data and profiling data leading to personal credit rating. The personal credit rating is used by many Fintech companies for automated decision making for decisions on lending, fixing of limits on credit cards etc.

The value of such data which continues to grow and bring in revenue to TransUnion CIBIL is worth exploring.

If we take the dark web value index 2021 as a base these data sets are valued not less than $25 per data set to perhaps even $200 and over. Unfortunately the share holders of these Banks (SBI, Union Bank, IOB, etc) represented in the  diagram showing the share holding pattern in 2001,  never came to know of this lucrative buy out and the watch dog SEBI perhaps also missed its duty to ensure that the minority share holders got their dues. All this perhaps was technically well executed within the law since the only organization which was in the know of the things at that time was the RBI and the Finance Ministry during the last days of P Chidambaram and the early days of Arun Jaitely.

Now an interesting case has come to light in USA where a class action suit filed against the Company for damages of around $40 million has reached the Supreme Court.  The suit was prompted by an incident when a dealer of Nissan automobile was checked for his credit rating using TransUnion in which the report noted that the name of the dealer appeared to partially match two names included in the Federal Government list of people barred from conducting business in US because of national security concerns.

The report had wrongly identified the dealer with some terrorist names ( A similar incident had once identified a major fraud in a Balngladesh Central Bank in the SWIFT system). 8184 others had joined with the dealer and launched a class action suit against TransUnion out of which similar data of 1853 had been released by TransUnion earlier.  Indirectly these 1853 persons were flagged as terror suspects.

A lower court had determined a $40 million damage which was on appeal at the Supreme Court.  The Supreme Court (in a 5-4 ruling) appears to be considering lowering of the damage since not all 8185 of the participants of the class action suit had suffered the real damage like the 1853 persons.

See the full judgement here

The final decision of the Supreme Court will determine the “Value of Damage” caused by a wrong profiling of a data subject. It would be interesting for us to watch the final outcome.

This case could provide a guidance to valuation of damage caused by a wrongful handling of personal data profiling and disclosure and could be a precedence that we may all refer from time to time.


Also Refer:

CBI Enquiry is required for finding the truth behind TransUnion taking over CIBIL

Is TransUnion-CIBIL guilty of Accessing Critical Personal Data through surreptitious means?


Print Friendly, PDF & Email
Posted in Cyber Law | Leave a comment