Encrypted But Not Immune: Telegram, The DPDP Act, And The Constitutional Limits of Platform Regulation In India
When the Indian government banned the Telegram messaging application, the government was involved in an exercise that raised various constitutional issues in relation to digital rights and statutory provisions, particularly the doctrine of reasonable restriction. In this article, we will analyse the legality of banning the application with reference to the Information Technology Act 2000, Digital Personal Data Protection Act 2023, and Fundamental Rights under the Constitution of India, especially Articles 19(1)(a), 19(1)(g) and the power of Parliament to impose restrictions on the above-stated articles through 19(2) and 19(6). In this regard, the state enjoys legal power to regulate the intermediary but not unilaterally; the state must pass the test of proportionality as mentioned by the Supreme Court in K.S. Puttaswamy v. UOI.
Telegram is not only a messaging app. With over 950 million users worldwide, it serves as a media platform, a publishing tool, a political organizer, and—as governments throughout the world have recognized with concern—a possible sanctuary for encrypted criminal activities. French police arrested Telegram’s creator Pavel Durov in September 2024, and the arrest quickly rippled throughout regulatory talks in South Asia.
India’s interim ban on Telegram, despite its short operational duration, revealed a larger structural contradiction in Indian digital governance: the state’s desire to control outpaces its constitutional clarity about how far it can go. A platform ban isn’t a surgical strike. It is a brutal instrument that limits free expression, interrupts trade, cuts off professional communications, and, paradoxically, may exacerbate the very evils it attempts to prevent by forcing activity further underground into less regulated regions.
This article does not ask whether the government may prohibit Telegram. Clearly, it can—and the legal framework exists. The question is whether it should, and whether any such restriction satisfies the constitutional requirements incorporated into Part III’s structure by the Supreme Court over seven decades.
The Information Technology Act of 2000 is the primary statutory basis for platform-level restrictions in India. Two provisions are particularly significant.
Section 69A of the IT Act authorizes the Central Government to block public access to any information via any computer resource, including applications and websites, if it is satisfied that such blocking is necessary “in the interest of India’s sovereignty and integrity, defence of India, security of the state, friendly relations with foreign states, public order, or for preventing incitement to the commission of any cognizable offence.” Orders under Section 69A may be issued with the procedural safeguards established by the Information Technology (Procedure and Safeguards for Blocking Access to Information by the Public) Rules, 2009.
In Shreya Singhal v. Union of India (2015) 5 SCC 1, Section 66A was declared unconstitutional by the Supreme Court, but Section 69A was upheld. The court noted that blocking orders under Section 66A were subject to a review committee procedure and that the grounds listed were much more specific than the ambiguous “grossly offensive” standard under the struck-down provision. But in order for the Court to approve Section 69A, its procedural safeguards must be put into practice, not only legally enforced.
Section 79 of the IT Act establishes the intermediary safe harbour: platforms are not liable for third-party content if they exercise due diligence, follow the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and act quickly upon receiving actual knowledge of illegal content. The 2021 Rules impose important obligations, such as a grievance officer, content removal timelines, and traceability requirements for messaging platforms. Telegram’s well-documented resistance to state content-takedown orders put it in a structurally hazardous position in relation to Section 79’s criteria, potentially depriving it of safe harbour protection and providing regulatory grounds for tougher action.
The DPDP Act of 2023 adds a second, separate layer of platform regulation. Telegram, as a “data fiduciary” managing Indian nationals’ personal data, is subject to the Act’s responsibilities, which include purpose limitation, data minimization, and adherence to erasure and correction requests from the owners. The Act empowers India’s Data Protection Board to impose substantial financial penalties for disobedience.
Importantly, Section 37 of the DPDP Act allows the government to exempt any state instrumentality from the Act’s provisions if national security concerns require it, and Section 16 of the Act empowers the central government to restrict the transfer of personal data to nations or territories outside of India. When combined, these guidelines create a legal framework that imposes fines and operational exclusion on platforms that fail to comply with government data access requirements or data localization.
The DPDP Act has a slight yet significant influence on Telegram. The traceability requirements of the 2021 IT Rules are fundamentally incompatible with Telegram’s end-to-end encryption policy, as implemented in the Secret Chats function. It may also conflict with the government’s changing position on permissible interception access. The DPDP Act’s architecture, when combined with the IT Act’s intermediary principles, provides a compliance environment in which Telegram’s design is both regulatory and legal non-conformance.
The Supreme Court has repeatedly held that, under Article 19(1)(a), freedom of speech and expression includes the right to get information, the right to communicate, and, in the digital era, the right to use the internet. In Faheema Shirin v. State of Kerala (2019), the Kerala High Court became India’s first court to declare internet access a fundamental right, arguing that the right to privacy and the right to education were inextricably linked. This rationale was largely supported, at least indirectly, in Anuradha Bhasin v. Union of India (2020) 3 SCC 637.
In Anuradha Bhasin, the Supreme Court ruled that freedom of speech and expression, as well as freedom to practice any profession or carry on any trade, business, or occupation over the internet, are protected by Articles 19(1)(a) and 19(1)(g). The Court also concluded that orders restricting internet access must meet the proportionality test: they must be required, use the least restrictive measures available, and be open to judicial review.
A platform ban is more targeted than an internet restriction, but they are structurally comparable. The proportionality framework must be the same. On its face, an order that forbids Telegram outright without considering whether the harm could be lessened by selective blockage under Section 69A or targeted material removal under Section 79 would fail the proportionality test.
This is where the Telegram ban has the most overlooked constitutional implications. Article 19(1)(g) provides the right to practice any profession or to engage in any occupation, trade, or business. A platform ban is not a communicative inconvenience for a vast ecosystem of Indian users, including journalists using Telegram channels, entrepreneurs running broadcast groups, educators offering paid courses, content creators monetizing subscriber communities, and businesses maintaining customer communication. It directly limits one’s ability to earn a living.
In Excel Wear v. Union of India, AIR 1979 SC 25 and Sodan Singh v. New Delhi Municipal Committee (1989) 4 SCC 155, the Supreme Court recognized that Article 19(1)(g) applies to all individuals who earn a living through genuine commercial activity, not just huge corporations. In constitutional terminology, someone who has established a Telegram-based business is referred to as a trader. The State’s interference with such enterprise via a platform prohibition violates Article 19(1)(g) and must overcome the hurdle of Article 19(6).
It should also be noted that Article 301 of the Constitution, which guarantees freedom of trade, commerce, and intercourse throughout Indian territory, has traditionally been invoked in the context of physical goods—but the judiciary’s evolving interpretation of “trade” in the digital context may make this provision relevant to digital platform commerce in future litigation.
In K.S. Puttaswamy (Privacy-9J.) v. Union of India, (2017) 10 SCC 1, the Supreme Court’s nine-judge bench unanimously ruled that the right to privacy is a basic right under Article 21. The Court specifically recognized informational privacy—individuals’ ability to manage information about themselves—as part of this broader right. The platform on which that communication takes place is, by extension, an area that the State cannot enter without sufficient justification.
In Puttaswamy, Justice D.Y. Chandrachud underlined that any restriction on privacy must meet three criteria: legality (the restriction must be legal), legitimate aim (the aim must be a constitutionally allowed object), and proportionality (the means must be reasonable to the end). A wide platform ban that prevents millions of legitimate, law-abiding users from enjoying their communication rights to combat criminal behaviour that could have been targeted more precisely violates the proportionality limb of the test.
The rights granted by Articles 19(1)(a) and 19(1)(g) are not absolute. Article 19(2) allows the state to impose reasonable restrictions on free speech “in the interests of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order, decency or morality, or in relation to contempt of court, defamation, or incitement to an offence.” Article 19(6) enables restrictions on the right to trade “in the interests of the general public.”
Over decades, the Supreme Court has accumulated a wealth of law on the meaning of “reasonable” in this context. In Chintaman Rao v. State of Madhya Pradesh, AIR 1951 SC 118, the Court ruled that a restriction is appropriate only if it has “a direct and proximate nexus” with the purpose sought to be achieved. In State of Madras v. V.G. Row, AIR 1952 SC 196, the Court noted that reasonableness must be considered both in terms of the nature of the restriction and the mechanism used to impose it. In Modern Dental College and Research Centre v. State of Madhya Pradesh, (2016) 7 SCC 353, the Court reiterated that proportionality is a necessary component of the reasonableness inquiry.
The analysis of the Telegram ban offers mixed results. On the one hand, the state’s interests are justified. Telegram has been used to plan drug trafficking, transmit child sexual abuse material, coordinate terrorist action, and elude discovery due to its encryption design. These concerns are firmly within the “public order” and “security of the state” grounds of Article 19(2). The State’s use of Section 69A on these grounds would not be constitutionally frivolous.
However, the measure of the restriction—a categorical platform-wide prohibition—may not be proportionate. The Blocking Rules require the government to notify the creator of content wherever possible, to investigate if targeted removal is feasible, and to maintain a review committee. A platform ban that skips these specific steps in favour of universal exclusion is not the least intrusive option available.
This is precisely the distinction drawn by the Supreme Court in Anuradha Bhasin: the constitutionality of restriction is based not only on the legitimacy of the goal, but also on the controlled restraint of the means.
It would be intellectually dishonest to develop merely one side of this issue. Simply stated, the government’s stance is defensible—and, in some ways, convincing.
Telegram is not a neutral pipe. Its architectural choices—the refusal to cooperate with law enforcement, the architecture of anonymity, and the hosting of enormous broadcast channels with minimal moderation—are not innocent technical judgments. These are decisions that have demonstrable effects for public safety. When the French authorities arrested Pavel Durov, the charge sheet contained complicity in drug trafficking, child exploitation, and money laundering—not hypothetical regulatory noncompliance, but genuine, horrific harms caused by purposeful platform policy.
The Shreya Singhal case upheld India’s blocking rules under the IT Act, citing procedural safeguards like review panels and government accountability for blocking judgments. If the government takes these actions, issues a reasoned order, temporarily restricts the prohibition while enforcing compliance, and lifts it after Telegram provides sufficient guarantees of regulatory cooperation, the restriction appears to satisfy the requirements for a valid Article 19(2) restriction. It would be brief, adhere to sound procedures, concentrate on a clearly justifiable goal, and not out of proportion to the circumstances.
Furthermore, there is no arbitrary nationalist overreach in the DPDP Act’s requirements for data fiduciaries. Since the Digital Services Act of the EU, the Online Safety Act of the UK, and the Online Safety Act of Australia all impose similar or stricter obligations, they are in step with worldwide regulatory trends. Telegram’s disregard for fundamental regulations is a business tactic focused on regulatory arbitrage rather than a moral defence of digital freedom. A legitimate application of sovereign regulatory authority is the state’s emphasis on conformity, which is backed by a temporary suspension of operations.
Finally, the Telegram ban serves as a case study in digital governance’s constitutional grammar. The state can regulate. The Constitution does not prohibit executive action against harmful platforms. The IT Act supplies the machinery. The DPDP Act establishes the compliance architecture. Articles 19(2) and 19(6) expressly protect the government’s authority to set reasonable limits.
The Supreme Court has repeatedly emphasized that power must be proportionate, as required by the Constitution. A sledgehammer is not equivalent to a scalpel. Telegram is used by millions of journalists, business owners, activists, educators, and ordinary people for completely good reasons; they should not be dismissed as collateral damage. They have rights, and Article 19 preserves their rights.
If the government has specific concerns about Telegram, such as illicit content, encryption-aided crime, or regulatory noncompliance, the solution must be concrete. Targeted channel blocking, designating a grievance officer in India, adhering to takedown dates, and data access regulations for authorized interception are all viable options. A blanket prohibition is the type of overreach that invites a successful constitutional challenge, unless the platform has been offered and rejected less drastic solutions.
The doctrine of reasonable restriction is not a barrier that keeps rights out. It is a gate that the state may open with the right keys and only to the extent necessary. India’s digital governance will be judged not on its willingness to act, but on its adherence to constitutional principles.
The views expressed are personal.
 |
 |
| Abhisikta Nandy, B.A. LL.B. (IPR Hons.) | Advocate Y.Balachander Reddy, LL.M. Intellectual Property Rights, (LL.M. Corporate and Securities Laws), P.G. College of Law, O.U., Basheerbagh. |
****
Author Bio
