Admission & Confession in Cyber Crime Cases

Admission & Confession in Cyber Crime (IT Act,2000) Cases

Digital evidence: reliability When one examines the issue of reliability of digital evidence there arises a number of questions. Should forensic software (digital evidence) be entitled to a judicial presumption of reliability? When, if ever, should courts compel non-party forensic software vendors to reveal proprietary source code to party experts in order to assure a fairer trial? And what does reliability mean in the context of digital evidence anyway? 

The term ‘Admission’ means stating something or admitting something other than guilt. So now the question is does confession also meant the same. The answer is no, as there is a very thin life difference between confession and admission. The word ‘confession’ means acknowledgement of guilt made by a person after an offence has been committed.

ADMISSION (Sec. 17-23, 31)

According to sec. 17 of the Indian Evidence Act,

“An admission is a statement, oral or documentary or contained in electronic form, which suggests any inference as to any fact in issue or relevant fact, and which is made by any of the persons, and under the circumstances, as described under Indian Evidence Act.”

Admission is a substantive piece of evidence but not conclusive proof also it waives or dispenses the production of evidence by concealing that the fact asserted by the opponent is true. 

In the case, Raja Pratap Bahadur Singh v. Raja Rajgan Maharaj Jagatjit Singh [1936 Lucknow] it was held that admissions are a very weak kind of evidence and the court may reject the same if it is satisfied from other circumstances that they are untrue. Hence it shifts the onus to the maker on the principle that what a party himself admits to being true may be reasonably presumed to be true so that until the presumption is rebutted the fact admitted must be taken to be true.

In English Law, the term ‘admission’ is used only in civil cases but in Indian laws, it is used in both civil as well as criminal cases. The statement is a genus; admission is the species and confession is the sub-species. Admission will lose its effect if not made voluntarily.

WHO CAN MAKE ADMISSION

Sec. 18 of the Indian Evidence Act allocates classes of person who all can make an admission-

• Party to the proceeding

• Agent authorized by such party [but the statement of agent will be binding only during the term of agency and before proving admission by the agent he has to prove his agency]

• Party suing or sued in a representative character making admission while holding such character [it will include trustees, executors, administrators, managers, etc.]

• Person who have a proprietary or pecuniary interest in the subject matter of the proceeding

• Person from whom parties have derived the interests in the subject matter of the suit

Admission of a fact made by a pleader in the conduct of the suit on his client’s behalf is binding on the client. But a party is not bound by a pleader’s admission in an argument on what is a pure question of law.

An exception to Sec. 18 of IEA

Sec 19 – Admissions by persons whose position must be proved as against party to suit

Sec. 19 states that any third party gives such a statement that proves the liability and right against any party to the suit will be admissible. The object of this section is not to lay down that certain statements are relevant or admissible but merely to add the category of a person by whom a statement made before considered to be an admission within the terms of the act.

Sec. 20- Admissions by persons expressly referred to by party to suit

When the party expressly refers to the third person for some information in reference to the subject matter which is in dispute then the statement made by the third person will be admissible.

Sec. 19 and Sec 20 are exceptions to the rule that statements made by strangers to a proceeding are not admissible within the terms of the act.

It is a general rule that admission cannot be proved on or on behalf of a person who makes it but sec. 21 is an exception to this general rule. Sec. 21 has three clauses which state that-

• Person making the admission was dead and hence his admission made earlier during his lifetime will be admissible (Sec. 32)

• When the statement is about the existence of any state of mind, body, or about the time when such state of mind or body existed and accompanied by the conduct then that statement will be held admissible (sec. 14)

• When the fact is not otherwise relevant to become relevant (Sec11)

ORAL ADMISSION-

Admission can be made either orally, documentary or in electronic form as mentioned in Sec.17. But sec. 22 and Sec. 22 A deals with when oral admission as to contents of document or electronic form will become relevant.

Oral admissions as to the contents of a document are not relevant, unless and until the party proposing to prove them shows that he is entitled to give secondary evidence of the contents of such document under the rules hereinafter contained, or unless the genuineness of a document produced is in question.

For Example- Sunil executed a deed of the mortgage against Sheela. Later Sheela files a suit for possession of the property but during the trial, Sunil denied the existence of any such deed. So, in this case, Sheela Can’t prove by oral evidence that she has before some men admitted that Sunil mortgaged a deed. She has to produce the original deed in a court of law.

ADMISSION IN CIVIL CASES- Sec. 23

In civil cases if it appears to the court that parties to the suit have mutually agreed together that evidence should not be given or made upon an express condition the evidence not to be given then any admission made related to it will be irrelevant. But this section will not discharge any barrister, advocate, attorney, pleader from giving evidence which he is compelled to give u/s 126 of Evidence Act.

This section gives effect to the maxim ‘interest reipublicae ut sit finis litium’ which means it is for the interest of the state that there should be an end to litigation.

ADMISSION ACT AS AN ESTOPPEL

Sec. 31 of the Indian Evidence Act states that Admissions are not conclusive proof but they act as estoppel.

Estoppel has been defined in Sec. 115 of the evidence act. The bare reading of section 115 of the said act is-

“When one person has, by his declaration, act or omission, intentionally caused or permitted another person to believe a thing to be true and to act upon such belief, neither he nor his representative shall be allowed, in any suit or proceeding between himself and such person or his representative, to deny the truth of that thing”

CONFESSION

Confession has not been defined anywhere in the Act. A ‘confession’ is an admission made at any time by a person charged with a crime, stating or suggesting the inference that he committed the crime. It is also said that every confession is an admission but every admission is not a confession. 

The substantive law of confession is contained in Sec. – 24 to 30 of the evidence act and the procedural laws in Sec. 164, 281, 463 of the Criminal Procedure Code. It is presumed that a person will not make an untrue statement against his own interest. 

It has been held in Palvinder Kaur v. State of Punjab[ AIR 1952] that confession must either be accepted or rejected as a whole and the court is not competent to accept only the inculpatory part while rejecting the exculpatory part as incredible. Moving towards the further procedures of confession, let’s see what are the laws related to it.

WHEN CONFESSION WILL BECOME IRRELEVANT (Sec. 24-26)

Sec. 24- Confession caused by inducement, threat or promise, when irrelevant in a criminal proceeding.

Sec. 24 of the Indian Evidence Act states that—A confession made by an accused person will become irrelevant in a criminal proceeding, if it appears to the Court that the confession has been caused by any inducement, threat or promise, having reference to the charge against the accused person and such inducement, threat, promise has proceeded from a person who is in authority and is sufficient, in the opinion of the Court, to give the accused person grounds, which would appear to him reasonable, for supposing that by making it he would gain any advantage or avoid any evil of a temporal nature in reference to the proceedings against him.

Here authority is not merely a police officer or a judicial magistrate but every such person who reasonably holds sway over investigation or trial.

Sec. 28 make this section relevant only if the threat, promise, or inducement is fully removed before recording the confession.

Sec. 25 – Confession to a police officer

A confession made to a police officer shall not be proved against an accused who made it and this confession will be held as inadmissible. The reason behind this is police officers are often regarded as untrustworthy.

But in the case Sita Ram v. State of UP [AIR 1966 SC], a confession was written to a letter and signed by the accused and addressed to a police officer was held to be admissible as the letter was not written in the presence of police officer.

Sec. 162 of CrPC also enacts that no statement made by any person to the police officer in the course of an investigation shall if taken down in writing, be signed by the person making it, then such writing will not be used as evidence.

Sec. 26 – Confession in police custody

A confession made by any person in the custody of police will be held inadmissible unless it shall be recorded in the immediate presence of the Magistrate.

The object of Sec. 25 and 26 is to prevent the practice of torture by the police for the purpose of extracting a confession from the accused person. A confession made by any person in the custody of police is held inadmissible in law because it is against the rule of natural law. The presence of the Magistrate secures the free and voluntary nature of confession.

HOW MUCH OF INFORMATION RECEIVED AGAINST ACCUSED MAY BE PROVED

Sec. 27 of the act states that if the confession of the accused is supported by the discovery of a fact then it may be presumed to be true and not to have been extracted and it comes into operation only if-

• When certain facts are deposed to as discovered in consequence of information received from an accused person in police custody.

• If the information relates distinctly to the fact discovered.

This section is an exception to Sec. 25 and 26. The object of this section is to admit the evidence which is relevant to the matter under inquiry namely the guilt of the accused and not to admit the evidence which is not relevant to that matter. The very first condition to bring sec. 27 into operation is the discovery of a fact in pursuance of information received from the accused. Where the accused made the disclosure statement leading to the discovery of offence then the statement of the accused will be admissible.

CONFESSION OTHERWISE RELEVANT NOT TO BECOME IRRELEVANT

Sec. 29 of the Indian Evidence Act states that, if the confession is made under a promise of secrecy or in consequence of deception which has been practised on the accused, or when he was drunk, or when it was made as an answer for a question which the person making it is not supposed to answer or if he was not warned that he was bound against his confession, for the purpose of obtaining it then such confession will not become irrelevant.

Sec. 164 of CrPC provides the formalities to be undergone by a Magistrate in recording confession. The magistrate has a duty to explain the pros and cons. Of confession to a person making it. But the abovementioned section does not make a confession irrelevant because the accused was not warned that he was not bound to make it.

Sec. 30 of the act states that when more than one person is jointly accused of the same offence and if one of the co-accused makes a confession regarding himself and some other such persons, the court will take that confession into account against the accused and his co-accused. In Kashmira Singh v State of MP (AIR 1952 SC159), the court held that the confession of an accused person against a co-accused will not run evidence as it does not come within the meaning of evidence contained in sec.3 of the evidence act.

CONCLUSION

After all the terms “confession and admission” were coined for evidentiary use, courts have endeavored to draw clear distinctions between them. Conclusively, it can be said that the admission has a vast scope than confession, as the hindmost comes under the ambit of the former. Hence, every confession is an admission, but the reverse is not true.

The major difference between these two is that in the case of confession, the conviction is based on the statement itself, however, in the case of admission, additional evidence is required, to support the conviction.

The distinction between a confession and an admission is not based upon a practical clarification but is based upon the substantive differences of the character of the evidence extrapolated from each. This is to say, a confession is a direct acknowledgment of guilt, on the part of the accused, and by the very definition of it, ostracized an admission which of itself is a statement, oral or documentary, that enables the court to recollect a conclusion as to any relevant fact or fact in issue. It will be meticulously to say that every confession, is an admission but every admission doesn’t necessarily amount to a confession. In other words, a confession is an admission provided that a person charged with a crime, standing or suggesting the inference that he committed the crime, makes it at any time.

WhatsApp Chats as evidence in courts: Case Laws in India

Whatsapp is an instant text messaging application, as of October 2020 it is used by more than 2 billion users in more than 180 countries. Its use has become so prevalent that it has become a primary mode of communication for many individuals. Many parties now use Whatsapp even for business purposes, such as communicating with clients, sending documents or even negotiating contracts.

As a cyber lawyer, one of the questions I get asked frequently is whether Whatsapp messages can be adduced as evidence in court.  Some clients think that because of its “informal” nature, Whatsapp messages would not be admissible as evidence. However, this assumption is inaccurate since there have been many instances where the Indian Courts have allowed Whatsapp messages to be adduced as evidence. 

In January 2021, the Punjab and Haryana High Court had observed that WhatsApp messages will have no evidentiary value unless they are certified as per Section 65B of the Indian Evidence Act (Rakesh Kumar Singla vs Union Of India) .

In State of Haryana Versus Hardik Sikri & Ors, On May 24, 2017 the haryana state trial court recognized WhatsApp chat as evidence and sentenced the three former law students of OP Jindal Global University in Sonepat – 20 years imprisonment to main accused Hardik Sikri and his friend Karan Chhabra for gangraping and blackmailing a junior management student for two years, and seven-year jail term to third accused Vikas Garg. 

“The WhatsApp chats running into pages is so abusive and vulgar that the extracts of the same cannot be explained and put into the judgment and what only can be concluded through the WhatsApp chat is that the prosecutrix (victim) was totally under control and dominance of the accused, Hardik,” additional sessions judge (ASJ) Sunita Grover

In Ambalal Sarabhai Enterprise Ltd v KS Infraspace LLP Limited and Another, the Supreme Court, while hearing a petition challenging an injunction order made a reference to the Whatsapp chats produced as evidence in the case. "The WhatsApp messages which are virtual verbal communications are matters of evidence with regard to their meaning and its contents to be proved during the trial by evidence - in - chief and cross-examination. The emails and WhatsApp messages will have to be read and understood cumulatively to decipher whether there was a concluded contract or not".

There is a recent order of the Gujarat High Court as well, which referred to Whatsapp conversations to form a prima facie opinion regarding grant of bail (Chirag Dipakbhai Sulekha vs State Of Gujarat)

The Delhi High Court in a case has held that a Whatsapp forward message, without an unknown source, cannot be treated as evidence (National Lawyers Campaign for Judicial Transparency and Reforms v Union of India). The Court held that such a forwarded message, without its original, cannot be regarded as a 'document' under the Evidence Act.

In Nivrutti Gaikwad Versus State of Mah. & Pooja Gaikwad (2020(2) Criminal Court Cases 735 (Bombay)

 It was held that Exchange of messages on personal account of two persons, Not public place - However, if messages are posted in Whatsapp Group then it is public place as all members of the group have access to those messages.

SBI Cards & Payments Services Pvt Ltd. Versus Rohidas Jadhav Hon. Justice Patel of Bombay High Court was of opinion that "The Respondent to the Execution Application has been evading service of this Notice under Order XXI Rule 22 of the Code of Civil Procedure 1908. He was served by an authorized officer of the Claimant, Ms Fatema Kalyanwala by sending a PDF and message to his mobile number as a WhatsApp message. For the purposes of service of Notice under Order XXI Rule 22, I will accept this. I do so because the icon indicators clearly show that not only was the message and its attachment delivered to the Respondent’s number but that both were opened." A Bluetick was considered as acknowledgment. 

The NCLAT in the matter of Bhandari Hosiery Exports Ltd. & Ors vs. In-Time Garments Pvt. Ltd., Company Appeal (AT) (Insolvency) No. 143 of 2019, decided on 1 March 2019,  took on record a text message sent over WhatsApp messenger by a corporate debtor to an operational creditor complaining about the quality of goods supplied. On basis of this WhatsApp message, the Court held that there was a ‘pre-existing dispute’ under Section 9 of the Code and accordingly Insolvency Application could not be admitted on account of a pre-existence dispute.

Moreover, Hon. Supreme Court of India, vide Order dated 10.07.2020 in Suo Moto Writ Petition (C) No. 3/2020 in 'Re: Cognizance For Extension of Limitation' had allowed the service of summons via electronic mode including WhatsApp. 

Liability of Group Admin

WhatsApp group admin can’t be held liable for member’s post unless common intention shown held by Bombay High Court :Alleged Crime was under Section 67 of the IT Act, 2000 (related to obscenity)

Kishor v State of Maharashtra [2021] GCtR 787 (Nagpur, Bombay HC) 01/03/2021 in Criminal Application (APL) 573/2016 .

MADRAS High Court Another Judgement 

If the petitioner had played the role of a group administrator alone and nothing else, then while filing final report, the petitioner's name shall be deleted. If some other material is also gathered by the first respondent so as to implicate the petitioner, then of course the petitioner will have to challenge the case only on merits."

R. Rajendran v. The Inspector of Police & Kathirvel

Case No: Crl.O.P.(MD)No.8010 of 2021 & CRL.M.P.(MD)No.4123 of 2021

Forse v Secarma Ltd , Wells and Solari v PNC Global Logistics, Darren Case v Tai Tarian are some of the foreign case laws 

Conclusion :

The general principle is that Whatsapp messages in the form of print outs  or the mobile device showing chats can be admissible as evidence.  This is especially where there is no dispute as to the authenticity of the Whatsapp message, and no dispute as to the identity of the parties to the Whatsapp conversation.  Bearing in mind the findings of the cases above, parties who intend to adduce Whatsapp messages as evidence in their court cases should still ensure that:

• the snapshots of their discussions contain the necessary information to identify the sender/recipient of the messages.
• The owner of the phone or laptop or computer from where the WhatsApp chats are extracted/printed should produce a signed IEA section 65B certificate.
• they don’t wholly rely on Whatsapp messages to build their case, especially when there are other documents available that would be able to conclusively prove the facts in issue.
• If the print out of chat is produced with IEA section 65B certificate it will be considered as secondary evidence, if the phone or laptop or computer is produced it will be considered as primary evidence

Advocate (Dr.) Prashant Mali is a practicing Cyber Lawyer and is considered Authority in Electronic Evidence matters.

Banks should compensate account holder if customer loses money due to online fraud: National Consumer Court

The National Consumer Disputes Redressal Commission (NCDRC) has passed an important ruling in which it states that if hackers fraudulently withdraw money from a person’s bank account, the bank, would be responsible for the loss, not the customer.

The Commission blamed the bank for a mistake within their system while passing the judgment in one of the case in which the victim alleged that the money was withdrawn from her account by a hacker. The victim believed that the hacking was done due to a mistake in the bank’s electronic banking system.

It was observed by the commission that the bank could not present any such evidence, which showed that the credit card of the victim was stolen after which the commission ordered the bank to compensate the victim.

In one of the other cases, Jesna Jose, the complainant who lives abroad, will also receive around Rs 80,000 in interest and compensation. Jose had submitted the complaint before the district consumer forum in 2009. She said she procured the card in 2007 and the fraud took place in 2008. The commission rejected the bank’s claim that the woman had not taken care of the card and hence was liable for the fraud.

According to the RBI advisory, who will bear the loss will be decided by whose fault it is. If there is negligence or mistake on the part of the bank, then the entire loss will be borne by the bank. On the other hand, if the fraud is due to the negligence of the customer, then the customer will have to suffer the loss. In a situation where it is neither the fault of the customer nor the fault of the bank, then if the customer lodges a complaint with the bank within 3 working days of the fraud, then the customer will not be responsible for the fraud.

Loan Apps : How they loot the customers ?

Insta Loan fraud & mobile apps

These Insta Loan applications are developed in such a way that on installing these apps they get access to the contacts, mobile information and other data on the device. These applications collect the Id proofs, PAN card, KYC documents, and bank account details of the customers.

They check the genuineness of the documents and disburse small amounts in the form of a loan to their bank accounts by debiting the processing charges and GST ie, 25-30 per cent in advance. Loans are given for either seven days or 15 days.

After the due date, the company categorises the customers into various buckets - S-0, S-1, S-2, S-3, M2, M3, X etc. The customers in a lower bucket get a decent treatment but as the bucket category goes up the treatment gets harsher. The call centres of the company abuse the customers in filthy language and threaten them with dire consequences. They even go to the extent of accessing the contacts of the customers from their phone and start abusing and threatening the family members, relatives and friends with calls and messages. Using the stolen data, they threaten the customers with dire consequences like rape. In many cases, they created new WhatsApp groups using the victim’s phone book and sent lewd messages to the members.

They also blackmail innocent people by sending fake legal notices. Telecallers also suggest victims make the repayments by taking loans from their other loan applications. The customer falls into their trap by taking loans in the other loan applications as suggested by telecallers and end up paying huge amounts and get stuck in a never-ending cycle.

There are around 500 chinese such Apps, it’s time that India brings in a regulator for such Apps .

To protect yourself from such loan Apps fraud you must:

- use a different secondary mobile phone and instrument if you require a Insta loan .

- Never download any insta loan apps without verifying their licenses issued by government authorities.

- Go through the terms and conditions and verify the licenses of the companies that are offering loan and whether the licenses have been obtained from the concerned authorities like RBI, District Collector.

- Never download any app that asks to give access to the contacts, files, photo gallery, etc.

Criminal Investigation Robotics and Artificial Intelligence

Artificial Intelligence (AI) is the combination of algorithms designed with the purpose of creating devices that present capabilities similar to those of the human being. A type of technology that is beginning to be present in everyday life in the most common applications, even for home use such as Siri and Alexa cell phone assistants, or facial recognition applications such as those used by the Argentine government in systems such as ANSES (National Administration of Social Security “Administración Nacional de la Seguridad Social”) and the AFIP (Federal Administration of Public Revenue “Administración Federal de Ingresos Públicos”).

Authors Stuart Russell and Peter Norvig, two academic classics of Computer Science, defined the “types” of artificial intelligence according to their application in the following categories:

– Systems that “think” like humans (e.g., artificial neural networks).

– Systems that act like humans (e.g., robots).

– Systems that learn and generate new knowledge (e.g., expert systems).

Within the branch of systems that emulate the human way of thinking in the aforementioned categories, we find ourselves with two techniques that are increasingly used: Deep Learning and Machine Learning algorithms.

It can be said that Machine Learning has a side called Deep Learning. While both technologies refer to systems capable of learning on their own, Deep Learning is more complex and sophisticated, and it is also more autonomous, which means that once the system has been programmed, human intervention is minimal.

More dangerous than the famous ‘fake news’, the ‘deepfake’ are videos manipulated using artificial intelligence techniques such as those cited. The result is extremely realistic.

Another example is Deepfakeapp published as an application that allowed any computer novice to manipulate videos, a tool specially designed for those popularly known as ‘revenge porn’ (*), that is, the unauthorized and malicious publication of intimate images.

In 2018, a video in which an alleged Barak Obama called Donald Trump an imbecile circled the world. It was a fake recording in which actor Jordan Peele and Buzzfeed CEO Jonah Peretti were trying to raise awareness of the danger of unverified information and the Deepfake. In any case, one of the first steps when investigating the origin of a video or image is to verify the source: Who sent this? Who signs it? Is it reliable? Tracing the path of the so-called Deepfake, seeing where it was first shared, and who published it are some basic steps to take that don’t require advanced knowledge, just common sense.

In 2019, what was classified as the “first crime committed with artificial intelligence” was discovered in the United Kingdom and brought to justice in that country. In a short article published by The Wall Street Journal, explains the story of a group of cybercriminals who managed to impersonate the voice of the executive director of an energy company and demanded an urgent transfer of 243,000 euros and that worked for them as a deception method. The CEO of the company reportedly thought he was on the phone with the CEO of the parent company, who asked him for the money for a suspected supplier in Hungary. The cybercriminal made the request seem extremely urgent, saying the money needed to be transferred within an hour. The victim, in subsequent statements, said that she even heard her boss’s slight German accent, as well as the tone of her voice.

The predictions about this type of attack are not very encouraging: the voice recordings necessary to train the algorithm in high-profile people are very easy to obtain: in television interviews, radio, social networks, and WhatsApp audios, have enough minutes of recording so that the algorithm is in a position to replace any voice tone with that of the person you want to impersonate.
How will we validate false “confessions” made with these techniques? How will we argue that someone did not say what we are hearing? Will the videos that prove the alleged presence of a person in a place to try to exonerate them be valid from these techniques?

In the framework of a criminal investigation, we must begin to request the technical opinion of experts from the Scientific Police. We can no longer rely solely on the image and the video to consider them, alone, proof. In our prospective analysis, we must include the acquisition of forensic imaging and video tools, in the same way that today practically all investigative agencies are clear that it is necessary to have tools for the analysis of mobile devices.

And what happens when we apply these techniques to Robotics?

How do we deal with the “responsibility” or “attribution” of a crime when the one who commits it is a Robot? A robot is neither more nor less than a machine (hardware) that contains an operating system (software) and that performs operations through different algorithms. Since the first robotic arms used to handle materials, much progress has been made.

One aspect of this area that worries the field of law most is civil liability. That is, the obligation to indemnify a third party that arises from damage caused involuntarily. The problem that arises is that, under current legislation, a robot cannot be responsible for acts or omissions that may cause harm to third parties. Judges judge people, not robots, let alone algorithms.

It seems reasonable that the responsible party is “the manufacturer”, but as observed in different legal discussions on this topic in international settings, producers will be responsible for the damages caused by their products only in the case where they are defective.

Therefore, what happens if the damage caused is not a consequence of a manufacturing defect? What happens if it is damage caused by a rule that the robot learned with Deep Learning and Machine Learning techniques? What happens if someone “teaches” or, as we said above, “trains” the algorithm for unwanted behavior by the manufacturer and causes damage? What if the robot suffers a cyber attack and its learning and inference rules change?

Different options are evaluated in the world when determining what type of “legal status” should be applied to a robot and an algorithm. As an example of these proposals, regarding possible “legal natures” we can cite the opinion made by María José Santos González, coordinator of the Legal Department of the National Institute of Cybersecurity in Spain, which based on existing legislation in Europe she makes a very interesting rundown and analysis of the well-known figures, summarized for the Ibero-American Legal News Review:

a) “(…) Robot as a natural person. This possibility does not seem adequate given that article 30 of the Civil Code determines that live birth is necessary to acquire personality. Therefore, this cannot happen in a robot. “
b) “Robot as a legal person. Nor does it seem appropriate to endow robots with this type of personality because robots can interact directly with the environment and even cause damage, while, in the case of a legal person, it will always be the company’s representatives who make the decisions in the last resort and will therefore be responsible. “
c) “Robot as an animal. The fact that a robot has no biological or genetic basis or the fact that a robot today cannot have feelings makes it impossible to equate a robot to an animal. “
d) “Robot as a thing. For the Civil Code, concretely in article 333, a thing is an inanimate being, devoid of life, characteristics that a robot does not have, given that it can move and interact with the environment (…)”

Given that both a robot and an algorithm do not fit into any of these categories, will a new legal framework be necessary for these issues? Should we rethink the concept of life as some propose?
Let’s imagine for a moment a Robot or an algorithm as a subject of law. What would be the penalty? Who applies it? Where is the data stored to “turn it off”?

The liability problem could supposedly be solved partially; either by introducing a civil law supervisory duty for the owner of the AI or by granting legal personhood for AI’s and thus create AI criminal liability. None of these solutions are sufficiently correcting the liability problem, though. But, a supervisory duty for the owner would be the most suitable solution of these two. It has the possibility to qualify the defendant’s behaviour as wrong when he or she breaches the civil law duty and the AI as a consequence causes (foreseeable) harm. The conclusion could be that criminal law may not be the best branch of law to solve these problems, and the liability problem with AI in criminal law remains yet to be discovered.

 

FIR : All you want to know about in a criminal case

FIR - What is? 

The first information report is a report giving information of the commission of a cognizable crime, 

which may be made by the complainant (the term “Complainant” has been used herein the popular 

sense) or by any other person knowing about the commission of such an offence. It is intended to set 

the criminal law in motion. 

A First Information Report is the most important document and forms the basis of the case for 

prosecution. The word „First Information Report‟ has not been defined in the CrPC. By practice it has 

come to mean the information disclosing commission of a cognizable offence and recorded under Sec. 

154 CrPC.  

The principal object of FIR is only to make a complaint to the police officer to set the criminal law in 

motion while the secondary objective is to obtain early information of an alleged criminal activity and 

to record the circumstances before there is time for such circumstances to be forgotten or embellished.  

FIR:   Its Characteristics: 

¾ It must disclose the commission of a cognizable offence.  

¾ It should be given to the OC of a police station.  

¾ It should be earliest in point of time.  

FIR:  Other Features: 

¾ It may be in writing. 

¾ If given orally, it shall be reduced to writing by the police officer.  

¾ It should be signed by the person giving it.  

¾ A copy of it should be delivered to the informant free of cost.  

¾ It may be made by any person, whether or not he has the first-hand knowledge about the crime 

reported except in certain specified cases. 

¾ Delay, if any, in making the FIR should be explained in the FIR itself.  

¾ Strictly speaking, the Telegrams and telephonic messages cannot be treated as FIR, because 

they are not given in writing duly signed by the informant nor they are reduced to writing by the 

police and read over to the informant. Moreover, there is hardly any guarantee as to their 

genuineness / authenticity. 

¾ Refusal by Informant to sign the FIR is punishable u/s 180 IPC.   

FIR:  Its Basic Objects: 

¾ To set the criminal law in motion through the agency of the police.  

¾ To furnish to the police early information of an alleged criminal activity. 

Value of the FIR: 

¾ It is valuable because it gives the earliest version of the occurrence.  

¾ It is not a substantive piece of evidence.  

¾ It can be used for the purpose of corroboration u/s 157 Indian Evidence Act.  

¾ It can corroborate the maker if he is called as a witness.  

¾ It may be used for contradiction u/s 145 Evidence Act against the author thereof.  

Some Other Uses of the FIR: 

¾ As a conduct u/s 8 I.E. Act, if lodged by the accused. 

¾ As an admission u/s 21 I.E. Act, if lodged by the accused. 

¾ As a dying declaration, if lodged by the deceased whose death is in issue. 

¾ As an entry by a public servant in the discharge of his official duties u/s 35 I.E. Act.  

Refusal by the Police to Record FIR: 

¾ Remedy is provided by Section 154 (3) CrPC. The person aggrieved can send to the 

Superintendent of Police the substance of the information by post. The Superintendent of Police 

of the district may investigate the case himself or direct any officer subordinate to him for 

investigation. 

¾ Further the informant can file petition before Ld. Magistrate who will forward the same to the 

OC of the concerned PS with direction to treat the same as FIR u/s 156(3) CrPC. 

The immediate duty of the Officer-in-Charge of PS on receipt of such information: 

Any information relating to the commission of a cognizable offence (if given orally) is required to be 

reduced to writing by the Officer-in-Charge of police station which has to be signed by the person 

giving it and the substance thereof is required to be entered in a book to be kept by such officer in such 

form as the State Government may prescribe in that behalf. A copy of the FIR is required to be sent 

forthwith to the magistrate empowered to take cognizance of such offence. 

The duty of the Officer-in-Charge of the police station after recording the FIR: 

After recording the FIR, the Officer-in-Charge of the police station is obliged to proceed in person or 

depute one of his subordinate officers not below such rank, as the State Government may, by general 

or special order, prescribe in that behalf, to proceed to the spot to investigate the facts and 

circumstances of the case and if necessary, to take measures for the discovery and arrest of the 

offenders.  

The practice of sending away complainant, who wishes to make an oral report to go and bring a 

written one, should be discouraged. Each report should bear a consecutive number in the order of its 

arrival at the police station. 

It is well settled that a first information report is not an encyclopaedia, which must disclose all facts 

and details relating to the offence reported. It is enough if the police officer on the basis of the 

information given suspects the commission of a cognizable offence and not that he must be convinced 

or satisfied that a cognizable offence has been committed. 

Delay in lodging FIR: 

¾ Delay, in lodging the FIR, if not sufficiently explained, creates suspicion.  

¾ Delay, without any explanation may be fatal to the prosecution.  

¾ Delay in lodging the FIR cannot be used as a realistic formula for doubting the prosecution case 

and discarding the same. Delay in filing FIR in the case of rape does not mitigate the 

circumstance for the accused.  

¾ It cannot be used as a ritualistic formula to discard the prosecution‟s case.  

¾ The court must look for reasons for delay whether offered or not. 

If offered, it should see whether the reasons justify the delay. 

¾ Delay in lodging the FIR in a case of rape of a minor girl, where reputation of a family was 

involved and where her father was called from another place, delays in such cases by family 

members are usual features. 

Delay in lodging – May be Fatal:  

Delay in lodging the FIR often results in embellishment, which is a creature of an 

afterthought. On account of delay, the FIR not only gets bereft of the advantage of spontaneity, danger 

also creeps in the introduction of a coloured version or exaggerated story. 

BUT 

¾ Delay in filing FIR cannot be a ground for suspicion at all instances. 

¾ It can only be said to raise suspicion when the delay is unexplained.  

The following are the ingredients of FIR: 

¾ The information should be first in point of time. 

¾ It should be definite and responsible information and not merely rumour or village gossip or 

hearsay of an indefinite variety. 

¾ It must have been given to an officer-in-charge of a police station. 
¾ It should relate to the commission of a cognizable offence. 
¾ It should be the information which set the police on their investigation. 
¾ It should be given in writing or should be reduced to writing. 
¾ It should have been read over to the person who made it and signed by such person. 
¾ It should be entered in a book kept for the purpose. 

FIR: 11 Ws & 1 H 

1st     W – What information do you want to give?  

2nd    W – What capacity?  

3rd    W – Who committed?  

4th  W – Against whom (victim)? 

5th W – When?   

6th    W – Where?   

7th    W – Why? 

8th    W – What they carried away? 

9th    W – Who witnessed? 

10th  W – What they left? 

11th  W – Why delay? 

12th  H – How? Modus operandi (How they arrived etc.)?  

How to record FIR: 

¾ The FIR should be promptly recorded as any delay leads to suspicion and vitiates the FIR. 

However if there is a delay it should be explained in the FIR. 

¾ The FIR should be recorded in plain and simple words. 

¾ Accuracy is the watchword. It may be detailed but not unnecessarily lengthy. 

¾ Time of occurrence should be noted. 

¾ Modus operandi should be elicited and mentioned in the FIR. 

¾ The FIR should be a truthful account-neither minimized nor exaggerated. 

¾ Do not interpolate or insert anything after the FIR has been written. 

¾ Avoid scoring out what has been written. In unavoidable circumstances a line should be drawn 

across the word/s to be scored out still keeping it legible and the officer recording the FIR 

should initial it. 

¾ Note injuries found on the person of the informant or the witness and mention the same in the 

FIR. 

¾ Value of property stolen or damaged or lost should be mentioned correctly. Do not lessen the 

value to improve your statistics. 

¾ The special identifying marks, if any, on the items stolen or lost, together with their detailed 

description should be clearly noted. 

By intelligent questioning, the identity of the accused, the type or weapon used, if any, the language 

spoken, etc. should be elicited and mentioned in the FIR. The circumstances of identification must be 

clearly brought out, e.g. the condition of light, the line of visibility, the distance from which the 

identification was made etc.  

The names of the suspects, if any or any accused recognized during the occurrence, should be 

specified. If a particular person is suspected, the facts on which the suspicion is based should be 

clearly specified. The informant should be able to distinguish between what he saw, knew and heard.  

The names of known/suspected/unknown accused persons with full particulars should be entered 

serially in the FIR (WBP Form No. 27). The names of the eye witnesses and to those whom the 

complainant or informant reported the names of the accused immediately after the occurrence should 

be obtained and recorded for the purpose of corroboration. If such information though available first 

hand is not noted, the defense may term it as fabrication and afterthought. The original FIR should be 

sent to Magistrate having jurisdiction. (FIR should be sent to court without delay – PRB 246). 

A police officer should not defer drawing up the FIR on the plea of verifying the truth of the 

complaint. If a person gives a deliberate false information in regard to a cognizable offence, the 

informant is liable for prosecution under sec. 182 or 211 IPC. A police officer has power to refuse 

investigation in a cognizable case under provisions of Sec. 157(2) but has no power to refuse the 

registration of a cognizable case under section 154 CrPC.  

Refusal to record FIR on the ground that the place of crime does not fall within the territorial 

jurisdiction of the police station amounts to dereliction of duty. It is the duty to record a case and 

forward the same. (AIR- 1993 SC – 2644: 1993, Cr.LJ – 3684: 1994, SCC (Cri) 734.) 

FIR by the accused: 

If the accused gives information of the offence, the officer-in-charge must record it. Any confession 

which may form part of such an FIR will be inadmissible under section 25 Evidence Act, but those 

facts, which do not amount to a confession and merely go to show the motive, preparation or 

opportunity for the crime or give the information leading to the discovery of a fact, can certainly be 

provided on behalf of prosecution under sec.7, 8 and 27 of the Evidence Act. 

First information: Referred by the Magistrate: 

When a Magistrate directs the Police to investigate a complaint or a cognizable case filed before him 

and in regard to which no previous information has been given to the Police, the written information 

sent by the Magistrate should be treated as the basis of FIR. 

Disposal of FIR: 

An FIR once started, shall on no account be cancelled by the officer in charge, nor it is permissible for 

a Magistrate or any other Police officer to do so. Recording of FIR means starting of an investigation 

of a cognizable case which can only be concluded in any of the following ways: 

¾ By refusing investigation under sec.157 (b) CrPC 

¾ By transferring it to a different police station on question of jurisdiction.  

¾ By submitting a final report after such an investigation or, 

¾ By submitting a charge sheet after an investigation.  

Value of FIR: 

The FIR is not a substantive piece of evidence. It is relevant in judging the veracity of the prosecution 

case and value to be attached to it depends on the facts of each case. It is used either to corroborate or 

to contradict the oral evidence of the maker of the FIR during trial of the case.  

Quashing of FIR: 

FIR drawn up on the basis of information which does not disclose any offence or discloses only non-

cognizable offence can be quashed by the High Court by invoking power under Art. 226 of the 

Constitution of India or under Sec. 482 CrPC. 

Concept of ZERO FIR: 

“There is a concept of “Zero-FIR”. It means that a FIR can be filed in any police station 

(i.e.irrespective of place of incident/jurisdiction) and the same can be later transferred to the 

appropriate Police Station. 

There are two rulings of the Supreme Court in Satvinder Kaur vs Govt. of NCT of Delhi on 5/10/1999 

(AIR 1999, 1031) and in Ramesh Kumari vs Govt. of NCT Delhi on 21/2/2006. In the former case, the 

Court held that at the stage of investigation, the material collected by an investigating officer cannot 

be judicially scrutinized for arriving at a conclusion that the police station officer of particular police 

station would not have territorial jurisdiction. That apart, section 156(2) of the CrPC contains an 

embargo that no proceeding of a police officer shall be challenged on the ground that he has no 

territorial power to investigate the case. In the latter case, the Court held that a police officer is duty 

bound to register the case on the basis of such information disclosing a cognizable offence u/s 154(1) 

of the CrPC. The legal position stated above expects that the police shall register an FIR upon receipt 

of information of the commission of a cognizable offence. Further, if after registration of FIR, upon 

investigation, it is found that the subject matter relates to the jurisdiction of some other police station, 

the FIR may be appropriately transferred to the police station in which the case falls. Moreover, if at 

the time of registration of FIR, it becomes apparent that the crime was committed outside the 

jurisdiction of the police station, the police should be appropriately instructed to register a „Zero‟ FIR, 

ensure that the FIR is transferred to the concerned police station u/s 170 of the CrPC. It should be 

clearly stated that the delay over the determination of the jurisdiction leads to avoidable wastage of 

time which impacts on the victim and also leads to offenders getting an opportunity to slip from the 

clutches of the law. 

Some Important Rulings related to FIR 

1. Criteria for registering First Information Report: 

The condition, which is sine qua non for recording FIR is that there must be an information and 

that information must disclose cognizable offence. It is, therefore, clear that if any information 

disclosing a cognizable offence is laid before officer in charge of a Police Station transpiring the 

requirements of Section 154 (1), the said official has no other option than to enter the substance 

thereof in the prescribed form and register a case on the basis of such information. 

[State of Haryana vs. Bhajan Lal, AIR 1992 SC 604] 

2. Delay in lodging FIR – Criteria for evaluation: 

(i) The deceased is a newly married girl. The maternal uncle of the husband of the deceased 

informed the father of the deceased of the fact of committing suicide by the deceased on June 

25, 1983 at about 5.30 P.M. The father of the deceased immediately rushed to the hospital with 

members of his family where his daughter was brought. He stayed there the whole night with 

his wife and other members of the family near the dead body of his deceased daughter and on 

the next day till the dead body was handed over to him after completion of post mortem in the 

afternoon. The Asstt. Inspector of Police of Ajnala Police Station reached the hospital on the 

next day i.e. on June 26, 1983 and got the statement of father of the deceased recorded there. 

This statement was treated as FIR. In the circumstances, it cannot be said that there has been 

any delay in reporting the incident to the police station. 

[Gurbachan Singh vs. Satpal Singh and others, AIR 1990 SC 209] 

(ii) There was delay of two days in reporting the incident to the police in a case under Section 376 

of IPC. It is held by the Supreme Court that the victims of rape ordinarily consult relatives and 

are hesitant to approach police since it involves the question of morality and chastity of women. 

The woman and her relatives have to struggle with several situations before deciding to 

approach police, more so when the culprit happens to be relative. In such case, the delay is 

understandable and hence merely on that ground the prosecution version cannot be doubted.  

[State of Rajasthan vs. Narayan, AIR 1992 SC 2004] 

3. Delay in lodging FIR – Criteria for rejection: 

Unless there are indications of fabrication, the court cannot reject the prosecution version as give 

in the FIR. Where names of the accused were constantly mentioned throughout, there was absolutely 

no ground to hold that the FIR was brought into existence subsequently during investigation and the 

mere delay in lodging the report by itself cannot give scope for an adverse inference leading to 

rejection of the prosecution case outright. 

[Tara Singh & Others vs. State of Punjab, AIR 1991 SC 63] 

4. FIR for offence committed beyond local jurisdiction of PS: 

The police constable at the police station refused to record the complaint presented to him on the 

ground that the said PS. had no territorial jurisdiction over the place of crime. It is certainly a 

dereliction of duty on the part of the constable, because any law of territorial jurisdiction could not 

have prevented the constable from recording information about the cognizable offence and forwarding 

the same to the PS. having jurisdiction over the area in which the crime was said to have been 

committed.  

[State of AP vs. Punati Ramalu and others, AIR 1993 SC 264] 

5. Delay in transmission of FIR – Effect of: 

(i) Mere delay in Despatch of FIR to magistrate is not a circumstance, which can throw out the 

prosecution case entirely. 

[Pala Singh & vs. State of Punjab, AIR 1992 SC 2679] 

(ii) The delay is not necessarily fatal particularly when it has been recorded without delay and no 

suspicion is attached to its recording. 

[State of MP vs. Gokaran, AIR 1966AIR SC 131] 

(iii) Delay in sending FIR to Magistrate forthwith gives rise to the suspicion that the report was 

recorded much latter than the stated date. Obviously delay needs to be explained satisfactorily.  

[Ishwar Singh vs. State of UP, AIR 1976 SC 2423] 

 

The FIR is not a substantive piece of evidence, it is only relevant in judging the veracity of 

prosecution case and the value to be attached to it depends on the facts of each case. Only the essential 

or broad picture need be stated in the FIR and all minute details need not be mentioned therein. It is 

not a verbatim summary of the prosecution case. It need not contain details of the occurrence as if it 

were an “encyclopedia” of the occurrence. It may not be even necessary to catalogue the over acts 

therein. Non-mentioning of some facts or vague reference to some others are not fatal. We should also 

bear in mind that the FIR was given by an illiterate lady soon after the occurrence, when she should 

have been very emotional and in a disturbed state of mind. In this case, the evidence of the author of 

FIR is substantially in accord with FIR and the Court below was justified in placing reliance on FIR 

and the evidence of the maker of FIR.  

[Baladev Singh vs. State of Punjab, AIR 1996 SC 372] 

Brazilian LGPD & European GDPR Compared

Brazilian LGPD & European GDPR Compared 

Brazilian LGPD & European GDPR Compared Brazilian General Data Protection Law (Lei Geral de Protecao de Dados or LGPD), a law with many similarities to the European Union’s General Data Protection Regulation (the “GDPR”) is now effective.  On April 29 of this year, Brazil’s President issued Provisional Measure 959 that, amongst other things, postponed the effective date of the LGPD, which was originally set to be effective August 2020, to May 3, 2021.  Brazil’s Chamber of Deputies amended the measure so that the LGPD would take effect in December 2020.  The Senate then decided that any postponement was void because the effective date had already been decided by Congress.  The amended measure was sent to the President for his signature, providing him with the date of September 17, 2020 to sign the measure, which would make the law effective as of the original effective date, or veto it.  The President sanctioned the law and the LGPD is now effective.  Although the law has taken effect, the LGPD’s enforcement provisions take effect August 1, 2021 (in Portuguese), and the provisions will be enforced by Brazil’s data protection authority, a Autoridade Nacional de Proteção Dados Pessoais (the “ANPD”), which the President established by decree in August (in Portuguese).  However, the LGPD’s private right of action for violations of data subjects’ rights is effective now.  Businesses should continue to take steps to comply with the statute given its effective date and private right of action and should prepare now for when administrative sanctions become enforceable next year.

Businesses that are GDPR compliant may be well on their way to achieving compliance with the LGPD given the similarities between the legal frameworks.  Yet, businesses should be mindful of several differences that may impact how they adjust their GDPR compliance programs to meet the requirements of the LGPD to the extent that businesses process data applicable to both regimes.

At a glance. This post highlights some of the material provisions of the LGPD and compares them to their equivalents in the GDPR.

Applicability.  Similar to the GDPR, the LGPD applies broadly to a wide range of data processing activities, data subjects, and their information.

• The GDPR applies to the processing of personal data if such data is processed in the EU or if the purpose of the processing is to offer goods or services to or monitor the behavior of EU residents.  Arts. 2 and 3 GDPR.
• The LGPD applies to the processing of personal data if such data is processed in Brazil, the purpose of the processing is to offer or provide goods or services to Brazil residents or the personal data processed belongs to Brazilian residents or was collected in Brazil.  Art. 3 LGPD.

Lawful Processing of Non-Special Categories of Personal Data.  Businesses likely will be able to process data under the same legal bases provided under the LGPD and the GDPR.

• Under the GDPR, the processing is lawful if the data subject has consented or processing is necessary to perform a contract, comply with legal obligations, protect a natural person’s vital interests, act in the public interest, or achieve a legitimate interest of the controller or third party under certain conditions.  Art. 6 GDPR.
• The LGPD includes all of the legal bases for processing listed under the GDPR.  In addition, the LGPD provides that controllers may process personal data specifically to exercise rights in judicial, administrative or arbitration procedures and to protect credit.  Art. 7 LGPD.

Lawful Processing of Special or Sensitive Categories of Personal Data.  Although the LGPD and the GDPR share several legal bases for processing sensitive information, the LGPD does not allow businesses to process such data under the bases identified under GDPR for legitimate activities of nonprofit entities and public data.

• Under the GDPR, the processing of special categories of personal data is prohibited unless (i) the data subject has consented; (ii) data is processed under certain conditions in the course of legitimate activities of nonprofit entities in connection with their purposes; (iii) processing relates to data made public by the data subject; or (iv) processing is necessary to comply with employment, social security or social protection law, to protect the vital interest of natural persons, to exercise or defend legal claims or for public interest reasons, including those related to public health or research purposes.  Art. 9 GDPR.
• The LGDP allows processing of sensitive categories of personal data if the data subject consents or processing is necessary for (i) the controller to comply with a legal obligation; (ii) shared processing of data when necessary by the public administration for the execution of public policies; (iii) research purposes, (iv) exercising rights, including in connection with a contract and in a judicial, administrative and arbitration proceeding, (v) protecting vital interests of a data subject or a third party, including health in a medical procedure, or (vi) preventing fraud and protect the security of the data subject.  Art. 11 LGPD.

Data Subject Rights.  The LGPD provides to data subjects the right to data anonymization in addition to the other rights provided under the GDPR and requires businesses to respond to rights requests within fifteen (15) days.

• Under the GDPR, data subjects have the right to access, rectification, erasure, restriction, data portability, and objection, and the right against automated decision-making.  Chp. 3 GDPR.
• In addition to the rights provided under the GDPR, the LGPD provides data subjects the right to request that their data be anonymized.  Art. 18 LGPD.  However, in response to a request to delete under the GDPR, controllers may anonymize data because, similar to the LGPD, anonymized data is not considered personal data under the GDPR.

Children’s Personal Data.  The LGPD has a broader requirement than the GDPR to obtain consent for processing children’s personal data and extends heightened protection to children whose personal data is processed similar to the GDPR.

• Before collecting personal data of children who are younger than sixteen (16) years of age, the GDPR requires controllers to obtain the consent of a child’s legal guardian subject to certain exceptions.  Any information directed to children should be provided using clear and plain language.  Art. 8 GDPR.
• The LGPD broadly requires controllers to obtain the consent of a legal guardian before processing children’s data.  Information directed towards children needs to be appropriate for the children’s understanding.  Art. 14 LGPD.

International Transfer of Data.  The LGPD provides similar mechanisms to the GDPR for transferring personal data to third countries and international organizations.  Unlike the GDPR, the LGPD does not provide a list of specific derogations but many are covered by the law.

• The GDPR allows the transfer of personal data to a third country or an international organization on the bases of (i) an adequacy decision, (ii) appropriate safeguards such as binding corporate rules, standard contractual clauses, and approved codes of conduct and certification mechanisms, (iii) an international agreement; and (iv) derogations for specific situations, which includes when the transfer is made from a register intended to provide information to the public or by any person on the basis of legitimate interests.  Chp. 5 GDPR.
• The LGPD allows the international transfer of personal data on the bases of (i) an adequacy decision, (ii) compliance with the LGPD as shown through contractual clauses, global corporate rules, and stamps, certificates and codes of conduct, (iii) international agreements and cooperation, (iv) the vital interest of the data subject or a third party; (v) ANPD approval, (vi) public interest; and (vii) data subject consent.  Art. 33 LGPD.  Unlike the GDPR, the LGPD does not provide for international transfers on the basis of a register intending to provide information to the public or legitimate interests as provided under the GDPR.

Controller and Processor Obligations.  Generally, the LGDP has similar controller and processor obligations to the GDPR with differences in data record maintenance, data protection impact assessment, and the appointment of data protection officers.

• Under the GDPR, controllers and processors are required to maintain records of processing data activities; implement appropriate and technical measures, including data protection policies, to protect personal data; conduct data protection impact assessments in certain circumstances; provide notice of data breaches to supervisory authorities and data subjects; and designate a data protection offer under certain conditions.  Chp. 4 GDPR.
• Similarly, the LGPD requires controllers and processors to maintain processing records; adopt security, technical and administrative measures to protect personal data; conduct data protection impact reports upon the ANPD’s request; provide notice of certain security incidents; and appoint a data protection officer.  Chp. IV §§ I and II; Chp. VII §§ I and II; and Art. 41 LGPD.

Security Breach Notifications.  The LGPD has a lower threshold than the GDPR for providing notice of security incidents and a potentially longer timeframe than the GDPR in which to provide notice to regulators.

• Under the GDPR, controllers are required to provide notice (a) to supervisory authorities within seventy-two (72) hours unless the security incident is unlikely to result in a risk to data subjects and (b) to data subjects without undue delay if the security incident is likely to result in a high risk to the data subjects.  Arts. 33 and 34 GDPR.
• The LGPD requires businesses to notify within a reasonable amount of time the ANPD and affected data subjects if the incident may cause harm to data subjects.  Art. 48 LGPD.

Administrative Sanctions.  The LGPD imposes significantly less severe fines than the GDPR since they are based on businesses’ revenue in Brazil as compared to fines based on businesses’ revenue worldwide as provided under the GDPR.

• Under the GDPR, controllers and processors may be subject to a fine of two percent (2%) of worldwide revenue up to 10,000,000 EUR for lower-level violations and four percent (4%) of worldwide revenue up to 20,000,000 EUR for higher-level violations.  Art. 83 GDPR.
• Under the LPGD, controllers and processors may be subject to a fine of up to two percent (2%) of revenues in Brazil up to a total of R$ 50,000,000.  Art. 52 LGPD.

Law enforcement

In the case of Brazilian law, the supervisory authority is referred to as the ANPD (National Data Protection Authority) (Article 55). In the case of GDPR, it's the European Data Protection Board (Article 68).

To Conclude

In practice, if your company is already GDPR compliant, it can easily be LGPD compliant as well; and vice versa. There's a very visible convergence between LGPD and GDPR. But a Privacy Expert Lawyer or Law firm needs to evaluate your legal risk and compliance based on emerging case laws. Also, the fact is that both laws still need time to gain maturity and to be better evaluated. 

For training on LGPD in comparison with GDPR or any privacy or Data Protection Laws with case studies around the World email: info@cyberlawcosulting.com