Establishing guidelines for electronic record seizures

In an era marked by rapid digitisation, individuals increasingly depend on electronic devices to store and recall information, blurring the lines between personal memory and digital records. In this process, our mobile phones, laptops and other digital devices operate as an interconnected vault holding all our personal and professional information.

Isn’t the thought of someone possessing unfettered access to our entire digital existence intimidating? Yet, law enforcement agencies have on multiple occasions in the past, and continue to, demand and seize our entire digital vault (consisting of personal and business data), irrespective of whether it bears any relevance to their investigations.

Agencies including the Central Bureau of Investigation (CBI), the Enforcement Directorate (ED), the Income Tax Department etc have powers to conduct search and seizure operations or raids, when they have reason to believe that the alleged persons or entities are concealing something or are about to tamper with records (in the form of physical or electronic/digital records). This power is crucial for effective investigations and allows agencies to uncover vital materials. However, in the absence of explicit legal provisions and guidelines on the search procedures pertaining to digital records/devices, the current legislative framework is questionable, particularly regarding comprehensive cloning of electronic devices, handling of encrypted data and unfettered access to cross-border data. Unlike a simple cabinet containing physical records and materials, handling our data vaults holding personal data demands a much higher level of intricacy and safeguarding, even during investigations.

Yet, law enforcement agencies continue to demand and seize entire ecosystems of data, even beyond what is directly relevant to the investigation. And during such search/seizure operations, companies are more often than not compelled to adhere to all requests in the interest of cooperating and not coming across as obstructing the investigation, which has separate consequences under criminal law.

At the forefront of this issue is the right to privacy. While complying with investigations, individuals and companies are worried about how their personal data will be safeguarded and segregated from other data sets that may be relevant for the purposes of the investigation. The ability of investigative agencies to gain unfettered access to entire digital ecosystems that also contain personal data risks violating the fundamental right to privacy.

In December 2024, the Supreme Court restrained the ED from copying and accessing information found on the electronic devices of Santiago Martin (also known as the ‘Lottery King’) and his relatives, in the context of an investigation under the Prevention of Money Laundering Act. The petitioners had claimed that access to personal digital devices infringed on their fundamental right to privacy, as these devices contained deeply personal and sensitive information.

The petition filed by the Foundation for Media Professionals (FMP) in October 2022 highlights a critical gap in the legal framework for such investigations when it comes to privacy. It emphasises that digital devices hold deeply personal information, ranging from private communications to financial and health data. Therefore, the search and seizure of such devices without clear legal safeguards represents a significant intrusion into individual autonomy and privacy. The Supreme Court acknowledged the importance of this issue and, in November 2023, directed the Union government to consider formulating guidelines for digital device searches.

Importantly, the Supreme Court’s judgement in Puttaswamy unequivocally established privacy, including informational privacy, as a fundamental right under Article 21 of the Constitution. The efforts towards protection of personal data also resound in the Digital Personal Data Protection Act, 2023 (DPDPA). While the DPDPA does not directly govern the procedures of search and seizure by law enforcement agencies, its underlying principles of protecting individual data rights and ensuring responsible data handling underscore the need for similar safeguards when accessing and processing personal data during investigations.

In 2022, the investigative arm of the CCI raided the premises of Appario Retail and cloned the phones of three Samsung employees present at the raid, allegedly seizing confidential company information, including pricing strategies, inventory details and product launch plans. More recently in 2025, they raided the premises of various individuals and entities in the advertising industry and cloned mobile phones and laptops, suspecting collusion. While these individuals were employees of the entities under investigation, the reported scale of cloning raises questions about access to personal and unrelated data on employee devices.

These instances reveal that the ground reality of what plays out during such search and seizure operations is not guided by explicit legal provisions and guidelines, creating potential for abuse and undermining due process. To prevent this, standardised operating procedures for digital searches are crucial.

It is critical that the legal framework governing search and seizure of electronic records provide people and companies with the confidence of viewing electronic devices as sophisticated data vaults, and not inescapable data coffins that hold every aspect of our personal, professional and business lives within their digital grasp.

The FMP v. Union of India case represents a pivotal moment in India’s legal and constitutional landscape. As India navigates the challenges of the digital age, the Supreme Court has the opportunity to set a precedent by formulating clear guidelines that balance privacy and law enforcement needs. This case underscores the importance of transparency, accountability and proportionality in digital searches and it is anticipated that the judgment will result in clear guidelines for the search and seizure of digital devices. 

Shivam Jha is a Counsel and Aarathi Menon is an Associate at Axiom5 Law Chambers, LLP.

Views are personal.