Privacy At Risk? Warrantless Access To 'Virtual Digital Space' Under Income Tax Bill 2025
Imagine tax authorities accessing your emails, WhatsApp chats, or cloud storage without a notice, summon, or even a warrant, simply because they have “reason to believe” that you might evade taxes. Would you still feel free?
This concern has gained relevance in the light of the Income Tax Bill, 2025 ('Bill') which was introduced in the Lok Sabha on 13th February, 2025, and it seeks to replace the existing Income Tax Act, 1961 ('1961 Act'). The Bill, prima facie, retains most provisions of the 1961 Act, and interestingly, it seeks to simplify the existing provisions by reducing the section count, word count, and by making the language simpler.
Regardless, the Bill has ignited debates and controversy due to certain provisions that allow the tax authorities to gain access to your “virtual digital space” during search and seizure. Essentially, overriding passwords and bypassing encryption of emails, social media, cloud storage, etc. without any notice, summon, or warrant.
This article critically analyses the provisions of the Bill relating to digital search and seizure. It explores the historical development of search powers under the Indian tax regime, examines the Bill's move into the “virtual digital space”, and highlights in brief the constitutional, legal, and privacy issues involved in such intrusion. The Author concludes by making recommendations to ensure that tax enforcement respects individual rights in the digital era.
Legislative History Of Search And Seizure Under Indian Income Tax Regime
During the colonial era, the tax law was primarily concerned with the collection of revenue on the basis of self-assessment and some voluntary disclosure under the Indian Income Tax Act, 1860. There was no formal provision for search or seizure, and state intervention was limited as far as taxpayer compliance went.
Subsequently, there came the Income Tax Act 1922, but the genesis of investigative powers in Indian income tax regime can be traced to the Taxation on Income (Investigation Commission) Act, 1947, which established the foundational framework for investigating tax evasion matters. Although there was no explicit search and seizure provisions, it empowered the Income-tax Investigation Commission, under Sections 6 and 7, to function like a Civil Court, compelling document production, examining accounts, and summoning witnesses.
This was further built upon by the 1961 Act, which marked the first legal codification of search and seizure powers in the Indian tax regime. Search and seizure operations remain primarily governed by Section 132 today. Under this section, competent officers are empowered to enter premises, force open lockers, seize assets, and question persons on oath if there was “reason to believe” that income or some record was being concealed.
However, there was a major turning point with the Finance Act, 2017, wherein it inserted Explanation to Sections 132(1) and 132(1A) of the 1961 Bill, which stated that the “reason to believe” or “reason to suspect” for the exercise of such powers shall not be disclosed to any person, authority, or even the Income Tax Appellate Tribunal. This was viewed as compromising transparency and judicial oversight.
The Bill aims to takes these powers deeper into the digital domain.
What Is New In The Bill Vis-À-Vis Search And Seizure?
Perhaps the most significant change introduced in the Bill is the recognition of “virtual digital space” under Section 261(i). This is a very broad term, describing anything from e-mails and social media accounts to cloud servers, online banking, or an online trading platform. Essentially, any digital platform that stores user data or facilitates communication and transactions falls within this scope.
Under the existing legal framework, search and seizure actions under Section 132 of the 1961 Act were mostly limited to physical premises, records, and tangible property. The Bill represents a major change by extending these powers into the digital realm, and empowering authorities to access virtual spaces without notice or warrant. Under Section 247(1)(b) of the Bill, the competent tax authority is empowered to conduct search and seizure operations when there is “reason to believe” that a person possesses undisclosed income or assets, whether in India or abroad. Such powers also involve the right to enter and search any premises, vessel, vehicle, or aircraft likely to contain such undisclosed assets or information. Furthermore, it empowers officers to require persons who are in possession or in control of electronic records or data to provide technical assistance where required, including access codes, to facilitate further inspection.
If such access or entry is not voluntarily provided, Section 247(1)(b)(iii) of the Bill explicitly grants the competent officer the powers to forcibly access any premises or storage units such as doors, safes, lockers, cabinets, or similar containers. This includes the power to break open physical locks or override/bypass digital security mechanisms, such as passwords or access codes, in order to gain entry to buildings, locations, computer systems, or virtual digital space (emails, chats, cloud storage, etc.) where relevant information or assets are believed or suspected to be kept.
Another concern is that the Section 247(7) of the Bill expands the scope of the presumption under Section 132(4A) of the 1961 Act by incorporating digital elements. Under the Act and Bill both, if something is found with someone during the search: (i) it is presumed to belong to them; (ii) the contents are assumed to be true; and (iii) signatures/handwriting are assumed to be authentic. However, the Bill, under Section 247(7)(b), introduces a presumption regarding electronic data and communication exchanges. Essentially, the data or communication found on any computer system or virtual digital space (emails, social media chats, etc.) are assumed to be true and exchanged between the parties involved.
This could have serious implications. For example, an old, playful WhatsApp chat stating “I earned 50 lakhs trading crypto”. Under the Bill, this communication, when found during search & seizure, could be presumed to be true. The burden will then lie with the individual to prove that the said words were made in jest does not reflect real earnings. It invites unjust inferences based on colloquial language, which is particularly ill-suited for an era in which digital communication tends to be casual, ironic, or hyperbolic.
Conflict With The DPDP Act?
At first glance, the provisions of the Bill, particularly Section 247(1)(b)(iii), which empowers tax officers to bypass consent and passwords or encryption for accessing digital accounts like emails, social media, cloud storage, appear to be in contravention of the Digital Personal Data Protection Act, 2023 ('DPDP Act'). Most particularly Sections 4, 5 and 6 of the DPDP Act which state that data must be processed in a lawful manner and only with consent, and only for the purpose for which consent was provided.
However, this seeming contradiction is resolved within the DPDP Act itself. Section 7(c) and 7(d) have the exemptions made to enable the State or its instrumentalities to process personal data without consent, when such processing is necessary for the performance of a legal function or for the discharge of an obligation in accordance with any law in force.
Hence, if the Bill becomes law it would not inherently conflict with the DPDP Act. However, the legal allowance under the DPDP Act does not automatically address or resolve the questions of necessity, proportionality, or potential abuse of power. The actual challenge is to ensure that the extraordinary access granted to tax authorities is exercised with adequate checks and balances. Without strong safeguards, there is a risk that these exemptions could be misused, potentially hampering the very spirit of privacy protection envisioned by the DPDP Act. Thus, while there may not be a direct legal conflict, the ethical and constitutional concerns are still there to debate.
Issues And Challenges
The constitutional validity of search and seizure provisions under the 1961 Act was upheld in the landmark case of Pooran Mal v. Director of Inspection (Investigation) of Income Tax [Writ Petition (Civil) No. 446 of 1971] ('Pooran Mal'), where the Apex Court relied on its previous ruling in M.P. Sharma v. Satish Chandra [Writ Petition (Civil) No. 372 of 1953], and reiterated that such intrusive powers serve legitimate state interest, maintain economic and social order, and are exercised within the ambit of law.
While Pooran Mal's core holding on search and seizure under Section 132 of the 1961 Act still stands un-overruled, the Section 247(1)(b)(iii) of the Bill, allowing tax officers to bypass consent and passwords or encryption without notice, summons, or warrant, raises grave constitutional issues and invites judicial scrutiny, especially in the light of Justice K.S. Puttaswamy v. Union of India [Writ Petition (Civil) No. 494 of 2012] ('Puttaswamy') verdict, where the Apex Court held that the right to privacy is a fundamental right under Article 21 of Constitution. It would be interesting to see how these provisions of the Bill, after becoming the law, satisfies the four-fold test of proportionality laid down in Puttaswamy judgment.
Besides constitutional issues, there are also other concerns. One of the most pressing concern is the uncertainty surrounding how information obtained from searches may be used. Unlike the 'fruit of the poisonous tree' doctrine in USA which exclude illegally obtained evidence, there is no such absolute exclusion under the Indian Evidence Act. Moreover, Courts in India have time and again held that evidence is admissible based on relevancy even if it is illegally or improperly obtained. In fact, judgments by the Apex Court such as Pooran Mal and State of M.P. v. Paltan Mallah [Criminal Appeal No. 98 of 1999] confirm this stance, thus giving rise to serious privacy issues.
Additionally, there is a growing perception that the tax machinery is being used as a weapon or a tool for intimidation and surveillance, particularly when enforcement action seems selectively targeted on political lines. Such misuse hampers public trust and destroys the credibility of the tax system.
Furthermore, all this may cause a chilling effect on businesses. Companies may resort to informal, off-record arrangements for tax planning and consultancy, encouraging opacity rather than transparency. Thus, resulting in shadier alternative avenues of tax planning and consultancy.
Recommendations And The Way Forward
Firstly, strong judicial oversight should be introduced. Bypassing or overriding security passwords or encryption, without any notice or summon, must require prior approval from a magistrate. In urgent situations where there is a risk of destruction of evidence, authorities may proceed without prior approval but must obtain ex-post judicial sanction within 48 hours.
Such approach would also align with established international models. In United Kingdom, under Schedule 36 of the Finance Act 2008, tax officer has the authority to request information from taxpayers through formal information notices to ensure tax compliance. However, the taxpayer has a right to appeal to the tribunal against the notice or any requirement in the notice. When tax authority suspects deliberate tax fraud, they need to obtain a judicial warrant under Section 20C of the Taxes Management Act 1970 before conducting the entry and seizure. In a similar way, in the United States, the Title 18 of the United States Code, particularly Section 2703, mandatorily demands a warrant issued by court to compel the service provider to disclose the digital data. Moreover, in 2018, the famous case of Carpenter v. United States [585 US 296 (2018)] has reiterated that warrants are mandatory for accessing personal digital data.
In addition, there is a need to ensure that the “reasons” for any search or seizure is conveyed to the individual, preferably in written form, on the same day or within 24 hours. Such disclosures not only align with the principles of natural justice but also gives the individual or assessee the knowledge of the basis on which privacy and property are intruded upon, and enables them to frame an appropriate legal remedy or defence if called for. On top of that, such disclosure will also act as a deterrent against arbitrary or mala fide searches, requiring tax authorities to exercise their powers responsibly and with due diligence. In a digital era where searches may involve access to highly sensitive personal and business data, this right assumes even greater significance.
As India moves towards modernizing tax enforcement through this Bill, we, as stakeholders, should strive to ensure that this technological efficiency does not sacrifice the privacy of individuals. Lawmakers should learn from global best practices to craft a balanced legal framework that would respect privacy, ensure accountability, as well as promotes public confidence in the tax system.
Author is Law Student at School of Law, CHRIST (Deemed to be University), Bangalore. Views are personal.