It has become a practice for organizations to send marketing e-mails with “Donot Reply” address. Today I came across the following email from Newsletter@indianexpressonline.org but the reply set to a non existent email address of firstname.lastname@example.org. Obviously the “Reply to” message bounced.
The Email was delivered through the AWS service namely Amazon Simple Email Service
Consequent to the DPDPA being a law in India, we need to debate the ethical and legal aspect of such emails.
Does this email of Indian Express constitute a communication without an appropriate notice and Consent? May be Indian Express may today say that the date of effectiveness of the provision of Section 5 of DPDPA is not yet announced.
But, could this also be considered as “Impersonation” and an attempted Section 66C -ITA 2000 offence? ..which is a cognizable offence with 3 year’s imprisonment?
To me it appears to be so.
Next, what is the role of Amazon SES which is the instrument of this crime? Is it to be considered as a “Data Processor” and an “Agent” so that the liability for impersonation and attempted impersonation lies only with Indian Express and not Amazon? or is Amazon a joint Data Fiduciary and has a liability under DPDPA while escaping liability under ITA 2000 where it is an undisclosed agent?
My view is that both Indian Express and Amazon are guilty of Section 66C offence of ITA 2000 which is effective today and also liable under Section 5 of DPDPA for which a penalty of upto Rs 250 crores could be imposed? …if DPB had been in existence?
Comments are welcome