top of page
Search

The Digital Gaze: Unpacking the Privacy Risks of the New Income Tax Bill


Introduction

The growing digitalisation of society brought the issue of privacy versus surveillance to its most critical point. The expansion of governmental access to private communications generates essential doubts about whether governments should obtain unrestricted access to private messages. To what extent should public security allow unwanted destruction of encryption features alongside individual privacy? How does a social welfare country which follows the rule of law, be allow itself to infringe on the privacy of people, thus violating their fundamental rights?

The Indian government has recently introduced the Income Tax Bill 2025 to gain access to WhatsApp messages, which created heated controversies surveillance methods and privacy protection alongside government power control the personal space of the citizens.  (Puranik, I. A. 2025, April 1). The government’s rationale behind this announcement made by the Finance Minister Nirmala Sitharaman, decryption of WhatsApp messages revealed financial frauds that helped unearth ₹200 crore in unaccounted money linked to crypto assets. (HT News Desk. 2025, March 26). Previously, tax officials needed separate approvals to access digital data during investigations giving time to criminals to wipe out the. However, the new provisions grant them the authority to bypass lengthy and time consuming legal procedures. Authorities can now retrieve crucial information directly. The proposed Income Tax Bill extends beyond WhatsApp alone—it seeks decryption capabilities for all cloud-based applications, including Telegram, email services, navigation and mapping platforms, and other digital tools embedded in everyday life. (Mittal, M., & Kulkarni, P, 2025, March 5).

The expansion of governmental access to private communications generates essential doubts about whether governments should obtain unrestricted access to private messages. To what extent should public security allow unwanted destruction of encryption features alongside individual privacy? How does a social welfare country which follows the rule of law, be allow itself to infringe on the privacy of people, thus violating their fundamental rights?

The original purpose of encrypted messaging services WhatsApp and Signal involved end-to-end encryption that restricted message access to the sender and receiver alone. These communication platforms are facing increasing pressure from governments to create law enforcement access points, despite the security risks they pose to millions of users. WhatsApp, with its 500 million Indian users, has previously blocked government attempts to break encryption, citing concerns that allowing access to one authority could create vulnerabilities (Karia, T. 2024, April 26). The expansion of digital surveillance is not limited to India; both authoritarian and democratic governments worldwide are intensifying their surveillance efforts. Widespread surveillance systems reduce public free speech activity while deterring political criticism while affecting vulnerable social groups most severely (OHCHR, 2022, September 16). According to experts, the decline of encryption standards for national security purposes would paradoxically increase the exposure of private information to cyber-attacks and autocratic intervention.


Both India and the global community are grappling with these issues as the debate between security priorities and privacy protection intensifies. Where should the line be drawn when it comes to surveillance? What costs are associated with security measures?


The Rising Tide of Digital Surveillance

Surveillance has evolved past physical observation to become a time when digital data tracking combined with artificial intelligence processes while gathering large amounts of information. Wiretaps with CCTV cameras represent the past while modern cybersecurity technology now uses complicated facial recognition alongside AI-based predictive policing systems. The public sector and corporate entities now possess vast amounts of personal information under the rationalization of enhanced security while using data efficiency and economic monitoring standards. The unbridled expansion of digital surveillance systems creates extensive problems for personal privacy as well as freedoms and brings risks of harmful executive behaviour. The Social Credit System operated by China stands as a prime case of state-controlled digital surveillance because it uses financial and social data along with political data to track citizen conduct for scoring individuals (Velocity Global, 2023, October 1). It classifies untrustworthy people who criticize the government or fail to pay debts as facing restricted travel and employment denials and public disgrace. The surveillance-based control systems operate as a gateway through which digital tools transform from protective measures into fundamental freedom infringers.

The United States plays a central role in major digital surveillance controversies which have come to light. Edward Snowden exposed through his 2013 revelations how the NSA operated its mass surveillance program which collected billions of phone records alongside emails and online communications from intelligence agencies (MacAskill, E., & Dance, G. (2013, November 1). The worldwide surveillance operation which officials explained through national security concerns damaged citizen trust and showed why unrestricted state power represents a danger to society. The Aadhaar biometric database of India has led to rising privacy concerns and state surveillance problems throughout the country (Jain, M. (2019, May 9). The government created Aadhaar as a welfare distribution system but this program transformed into India’s default identity system which now connects to banking operations and cell phone networks as well as governmental databases (Dhorajiwala, S., & Wagner, N. 2019, August 23). The critics believe that inadequate data protection legislation creates extensive threats of surveillance activities together with data breaches and exclusion scenarios. The necessity for robust legal protections along with public surveillance and transparent management grows strongly as governments work to build their digital surveillance systems.


India’s Income Tax Bill 2025 and Encrypted Chat Access

Indian citizens are actively debating the terms of the Income Tax Bill 2025 because it grants government officials the power to read encrypted WhatsApp messages. The Finance Minister Nirmala Sitharaman stated that message decryption revealed substantial instances of tax evasion and financial fraud to the authorities (CNBCTV18.com. 2025, March 6). The provision has proved effective in identifying ₹90 crore worth of hidden income through WhatsApp messages which makes it an essential tool to combat economic crimes including crypto-related tax violations. The disagreement about security enforcement versus personal privacy stands as the primary problem in this matter. Government officials state that access to encrypted messages is essential for stopping illegal financial operations and boosting tax compliance practices. These privacy-unfriendly measures face opposition since they would establish a troubling precedent by restricting digital privacy rights along with enabling state surveillance on a wider scope.

This expansion authority creates uncertainties about how agencies use the power since they might employ it beyond tax investigations which might limit public speech while compromising constitutional protections for privacy (Advocate Tanwar. (2025, March 10). The ongoing pursuit of decrypted messages by governments creates an awkward situation for chat service providers WhatsApp and Signal. WhatsApp maintains that its 500 million Indian user base depends on end-to-end encryption for protection which prevents data breaches from cyber threats. The company has fought against government demands for chat access by asserting that encryption and decryption would generate security holes that could be exploited by hackers alongside criminals and authoritarian regimes. Signal warns that governments which force encryption weakness will expose security for every nation because encryption works the same way for everyone (The Economic Times, 2025, March 25). The ongoing examination must assess all the consequences of growing surveillance capabilities in India then evaluate security needs against privacy rights and financial control.

Moreover, potential misuse of data becomes a troubling consequence. Access to private chats can offer insights into market behaviour, such as which cryptocurrencies are gaining popularity (Press Trust of India. (2017, November 26). Such trends, when known to the state in advance, could be leveraged for strategic regulatory interventions or economic advantage, including the timing and taxation of government-backed digital currencies or securities. The absence of an objective and transparent framework opens the door for arbitrary access and unchecked surveillance. Without clarity on who initiates such scrutiny or what content is read, the authority becomes vulnerable to political misuse and systemic overreach. Moreover, the lack of procedural safeguards may lead to the leak or misuse of private chats. This disproportionately affects women, who face distress, embarrassment, and even harassment when personal conversations are exposed or manipulated, especially in the absence of concrete rules about what data will be accessed.


The Global Legal Landscape: Where Do We Stand?

Different legislative approaches regarding digital surveillance combined with data protection exist on a worldwide scale because countries seek to balance different priorities between security and privacy and state control. The worldwide protection of personal data stands at differing levels because some governments maintain detailed surveillance rules at the expense of people’s right to privacy.

India’s Digital Personal Data Protection (“DPDP”) Act – Strengths and Limitations

The DPDA Act of 2023 in India establishes rules for handling personal information which both the state administration and commercial organizations must follow (Union of India. (2023.. The law establishes principles to reduce collected data as well as consent-based guidelines and procedures for complaining about privacy violations. The state can legally access personal data through broad exceptions included in the legislation. The processing of personal data by government entities without user consent remains possible for national security and law enforcement purposes though it creates problems regarding uncontrolled mass surveillance. Many experts point out that the Act needs an independent oversight body to defend personal data from state authorities who might abuse their power.


EU’s GDPR – A Global Benchmark for Privacy?

Representatives worldwide view the General Data Protection Regulation (“GDPR”) as the highest standard when it comes to data protection (European Union. 2016). The GDPR legislation came into effect during 2018 by establishing detailed rules about the process of collecting data and obtaining consent from users while granting the right to delete personal information. GDPR establishes stronger privacy limitations compared to India’s DPDP Act because it requires governments to respect the same privacy standards. GDPR maintains its strength as a powerful privacy protection because it delivers substantial financial penalties to organizations which fail to comply. GDPR faces obstacles in its implementation especially when attempting to enforce rules against large technology companies which discover strategies to circumvent regulations.


The USA’s Patchwork Approach – Patriot Act, FISA, and Section 702

All of the United States lacks a single law that protects data. The United States operates with individual regulations for different sectors while placing national security surveillance needs before any other concerns. The Patriot Act enabled expanded governmental surveillance powers through mass surveillance programs that resulted in the NSA obtaining metadata from millions of people (Financial Crimes Enforcement Network. (n.d.).). Tech companies conducting foreign intelligence surveillance under FISA and Section 702 do not require warrants due to their data collection powers although these practices generate substantial privacy risks and remain almost invisible to the public (National Security Agency. (n.d.). Reforms have tried to control government surveillance however the original mass surveillance methods have not changed.

People across the world must choose between protecting their personal data or permitting unrestricted state control of information. Digital rights depend on the creation of legal systems that balance between security protection and privacy rights alongside democratic oversight.


The Role of Big Tech: Facilitators or Defenders?

The government makes recurring requests for user data from tech companies but these companies maintain their mission to defend digital privacy. Companies divide into two groups regarding state surveillance requests because some accept monitoring demands yet others fight against data disclosure which they say could endanger digital privacy. Multiple controversies have surrounded Meta because of its data-sharing practices with government agencies (Dmitracova, O. (2024, February 29). The company disclosed through reports that it grants law enforcement access to private messages through court orders that remain sealed thus creating serious privacy issues. Apple rebuffs all requests from law enforcement to unlock iPhones because it believes opening one case’s door would harm security for every Apple user. Authorities frequently challenge Apple in legal battles about encrypted devices because the company consistently denies access requests especially during terrorism investigations. Google has encountered criticism because its wide-ranging location tracking activities continue even though users turn off location services. A series of 2022 lawsuits against Google showed it deceived users about their privacy settings thus causing doubts about whether corporations exceed their surveillance boundaries (Zengler, T. 2021, October 19). Businesses continue to face an ongoing question about whether they should accept or refuse government surveillance requests. User privacy suffers when companies grant excessive assistance to law enforcement during investigations while compliance with law enforcement can support criminal investigations. The main issue lies in establishing equilibrium between public security measures and preserving the core rights associated with digital domain.


Ethical and Security Concerns of Mass Surveillance

Mass surveillance creates substantial moral and security issues because it brings doubts about governmental bodies’ capability to handle their expanded surveillance authority properly. State data collection practices which fight crime tend to result in power abuse and excessive control because of inadequate oversight. Modern governments deploy surveillance technology for both safety objectives and they employ it to limit dissent and track political opponents and threaten reporters. The proposed Income Tax Bill 2025 in India has introduced encryption access to WhatsApp messages as a vital method to fight financial fraud. The ability for governments to acquire unrestricted surveillance access tends to cause authorities to construct ever-broader surveillance programs which lead to more extensive infringements of privacy. Some proponents of mass surveillance often state that individuals with no hidden activities should not worry about surveillance. The basic human right of privacy remains unacknowledged when this viewpoint is applied. Law-abiding individuals need protection from continuous surveillance since privacy laws safeguard their democratic rights as well as their private dignity. Additionally, surveillance itself creates vulnerabilities. Government databases containing massive personal information provide hackers with strong incentives to target these databases. The compromise of these systems permits attackers to use stolen sensitive information for identity theft and financial fraud and blackmail operations. The collection of large quantities of personal information by governments reveals vulnerabilities because authorities struggle to prevent unauthorized access or leaks of classified surveillance data which occurs through state-sponsored cyber espionage.


Solutions and Recommendations: Finding the Balance

The expansion of mass surveillance demands immediate protective measures from people and officials and technological businesses for safeguarding digital privacy. Each person needs to implement improved digital habits by using Signal encryption along with periodic social media privacy adjustments and backing organizations that work for enhanced digital liberties. Users need to combine encryption with knowledge about data collection practices from tech companies and they should steer away from services that have proven their ability to compromise privacy. Data protection laws need policymakers to enhance their legal protections which prevent governmental encroachment. All state agencies seeking private communication access require judicial approval while governments must maintain strict requirements of transparency and proportionality and take the necessary measures in surveillance processes. The appointment of an independent data protection authority with mandate to act as a watchdog strengthens the legal framework of enforcement mechanisms. Tech companies sit at a crucial position to fulfill their responsibilities. Companies should advance their encryption systems without limitations while reporting government access records to the public and fighting against all policies that compromise user privacy. The strong stance against surveillance taken by Apple should motivate other companies to join and support user rights protection measures. The struggle to protect privacy rights in the digital realm exceeds its mission of shielding people from state surveillance because it commands the mainstay of democratic systems.


Conclusion

Digital surveillance systems will advance according to how communities react to technological growth in monitoring practices. In the absence of robust safeguards and awareness about state surveillance activities it will expand without limit thus creating a setting where people have no authority over their data. Sovereign powers need to identify the risks of unrestricted surveillance through setting specific rules that define their data access procedures. Users need to monitor invasive policies actively and demand their privacy from corporate entities that defend user rights instead of assisting totalitarian control. The absence of digital surveillance regulation will cause privacy deterioration while it suppresses democratic activity through fear its creation and limits free expression. To move forward we need ethical governance and strict data protection laws together with public dialogue about digital rights that exist in today’s world.


Written By - Anenya

Guided By - Mansi Shukla


REFRENCES:

  1. Income Tax Department. (2025). Income Tax Bill, 2025. https://incometaxindia.gov.in/Documents/income-tax-bill-2025/income-tax-bill-2025.pdf

  2. Economic Times. (2024, April 7). Is the government already reading your WhatsApp chats? Despite the government’s denial, here’s what experts are saying. The Economic Times. https://economictimes.indiatimes.com/wealth/tax/is-the-government-already-reading-your-whatsapp-chats-despite-the-governments-denial-heres-what-experts-are-saying/articleshow/119656223.cms?from=mdr

  3. Hindustan Times. (2024, April 7). WhatsApp messages helped uncover ₹200 crore in tax evasion, Nirmala Sitharaman defends Income Tax Bill. Hindustan Times. https://www.hindustantimes.com/india-news/whatsapp-messages-helped-uncover-rs-200-crore-in-tax-evasion-nirmala-sitharaman-defends-income-tax-bill-101742955272342.html

  4. Moneycontrol. (2024, April 7). New I-T bill allows officials to access emails, WhatsApp chats to unearth undisclosed crypto assets. Moneycontrol. https://www.moneycontrol.com/news/economy-2/new-i-t-bill-allows-officials-to-access-emails-whatsapp-chats-to-unearth-undisclosed-crypto-assets-12956921.html

  5. Business Today. (2024, April 7). WhatsApp threatens to exit India if forced to break message encryption. Business Today. https://www.businesstoday.in/technology/news/story/whatsapp-threatens-to-exit-india-if-forced-to-break-message-encryption-427013-2024-04-26

  6. OHCHR. (2022, September 6). Spyware and surveillance: Threats to privacy and human rights growing, says UN report. Office of the United Nations High Commissioner for Human Rights (OHCHR). https://www.ohchr.org/en/press-releases/2022/09/spyware-and-surveillance-threats-privacy-and-human-rights-growing-un-report

  7. Velocity Global. (2024, April 7). Chinese social credit system. Velocity Global. https://velocityglobal.com/resources/blog/chinese-social-credit-system/

  8. The Guardian. (2013, November 1). Snowden: The NSA files decoded. The Guardian. https://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded

  9. JSIS. (2024, April 7). The Aadhaar Card: Cybersecurity issues with India’s biometric experiment. JSIS. https://jsis.washington.edu/news/the-aadhaar-card-cybersecurity-issues-with-indias-biometric-experiment/

  10. CNBC TV18. (2024, April 7). Finance Minister Nirmala Sitharaman defends officials’ access to digital data, calls it crucial for probing tax evasion. CNBC TV18. https://www.cnbctv18.com/technology/finance-minister-nirmala-sitharaman-defends-officials-access-to-digital-data-calls-it-crucial-for-probing-tax-evasion-19579314.htm

  11. Ideas for India. (2024, April 7). Consent to nothing: Aadhaar-based payment systems in welfare. Ideas for India. https://www.ideasforindia.in/topics/governance/consent-to-nothing-aadhaar-based-payment-systems-in-welfare.html

  12. Advocate Tanwar. (2024, April 7). Privacy concerns regarding the new Income Tax Bill 2025. Advocate Tanwar. https://advocatetanwar.com/privacy-concerns-regarding-the-new-income-tax-bill-2025/?utm_source=chatgpt.com

  13. Economic Times. (2024, April 7). From crime lords to government officials: Why Signal has become the go-to app for encrypted chats on both sides of the law. The Economic Times. https://economictimes.indiatimes.com/news/international/us/from-crime-lords-to-government-officials-why-signal-has-become-the-go-to-app-for-encrypted-chats-on-both-sides-of-the-law-what-makes-it-so-popular-and-controversial/articleshow/119490741.cms?from=mdr

  14. Times of India. (2024, April 7). Market manipulators hook onto dark web, private chats for stock tips. Times of India. https://timesofindia.indiatimes.com/business/india-business/market-manipulators-hook-onto-dark-web-private-chats-for-stock-tips/articleshow/61807831.cms?utm_source=chatgpt.com

  15. Indian Kanoon. (2024, April 7). Indian Kanoon case law: Judgment. https://indiankanoon.org/doc/3510545/

  16. GDPR-Info.eu. (2024, April 7). General Data Protection Regulation (GDPR). GDPR-Info.eu. https://gdpr-info.eu/

  17. FINCEN. (2024, April 7). USA Patriot Act. Financial Crimes Enforcement Network (FINCEN). https://www.fincen.gov/resources/statutes-regulations/usa-patriot-act

  18. NSA. (2024, April 7). Foreign Intelligence Surveillance Act (FISA). National Security Agency (NSA). https://www.nsa.gov/Signals-Intelligence/FISA/

  19. CNN. (2024, February 29). Meta's data processing in Europe under GDPR. CNN. https://edition.cnn.com/2024/02/29/tech/meta-data-processing-europe-gdpr/index.html

  20. Newsweek. (2021, October 19). Google accused of 'constant surveillance,' deceptive methods to maintain access to user data. Newsweek. https://www.newsweek.com/google-accused-constant-surveillance-deceptive-methods-maintain-access-user-data-1672183

 

bottom of page