Landmark cases handled by Prashant Mali Cyber Lawyer and Data Protection Lawyer  |  (Downloadable)

I as a practicing Lawyer in Criminal and Civil Courts have won many Cases and Bail orders. I have argued as a legal counsel in many High courts, Session Courts, and Lower courts including tribunals and WIPO. I am known for my expert techno legal arguments and excellent legal research which I present before the courts. I argued my matter with my techno legal team to assist. The few cases I won were landmark orders, I am credited with many wins in cases before Adjudication officers (Civil Court for the IT Act, 2000) across the country reported in National News Papers. My cases form a part of law studies in different universities across the country. Complicated Bail and Bail appeals involving Electronic evidence are also my forte. I am also credited with the one of first Writs for "Right to be forgotten" Bombay High Court judgment where I had successfully got the order to remove the name and data from ECourts Website of a lower court acquitted client. I got landmark injunctions in Data Theft cybercrime-related matters in the Bombay High Court under The IT Act, 2000 for Times Group and SVC Bank. 

Cases With Bombay High Court ..

ABC Vs Union of India | Bombay High Court | Petitioner's name and his case data were displayed on the Ecourts Website. The petitioner was acquitted by the magistrate's court. Since the name and court proceedings data were displayed publicly, the petitioner was not able to get a good job as when a search was conducted by background checkers, e-courts data would appear. I drafted and filed the Writ and argued the matter is under the Right to be forgotten which is a part of the Right to Privacy and successfully convinced the court to pass an order to remove the data from Ecourts website. He later perceived the matter with the lower court administration to get the data removed from Ecourts website and mobile app. This was a first-of-its-kind landmark order.

Bennett Coleman and Co. Ltd. vs. Abdul Aleem Sayed and ors. | Bombay High Court | Petitioner's (Times Pro a Times of India company involved in EDTech business) business data was stolen allegedly by their ex-employee and employee in connivance with a competitor company Jaro Education whom the ex-employees had joined. The data allegedly stolen by forwarding data from corporate email-id to personal email-id was causing continuous loss the petitioner. An ad interim injunction was argued to stop the data theft and propagation of data that was stolen. I argued for Bennett Coleman and the argument leading to the restraining order was passed in the first hearing barring defendants from using the data illegally accessed, downloaded, and extracted by the defendants. 

SVC Co-operative Bank Ltd. Vs. Shaktil Neelkanth Kubal & Ors. | Bombay High Court | Petitioner's (India's second biggest cooperative bank ) suffered a certain customer data theft at the hands of their own employee and union leader. A suit for compensation and damages under the IT Act, 2000, I argued for the bank for an ad interim injunction to bar the defendant from accessing, downloading forwarding, sharing, or transmitting in any manner the data in his custody.  Arguing this case was preceded by filing a criminal complaint in the police station for data theft under Section 43(b) r/w section 66 of The IT Act, 2000.

Shapoorji Pallonji Pvt. Ltd. Vs. State of Maharashtra, Mhada, NIC & Ors : A very technical and complicated case of e-tender amounting to Rs. 11000 Crores and India's Biggest Redevelopment Project of BDD Chawls in Mumbai was argued. I appeared as a Techno Legal expert counsel along With Sr. Counsel Iqbal Chagla and Ravi Kadam. After a full length of arguments for 8 days completely on the technology of e-tendering and storage in servers etc., a landmark order was passed in my client's favour, This was the first case of its kind when it comes to e-tendering in India.


Bails in the Lower Court, Appeals in Session Court, and Various High Courts

Santosh Bhikaji Agare Vs. State of Maharastra | Sessions Court Appeal In this criminal case despite a case of data theft, police had applied sections of IPC like Section 379 and Section 420. I represented the accused and argued with properly researched case laws that when sections of special Acts are applied there is no scope of application for sections of general act like IPC. Police have merely made a bailable offence to be non-bailable by adding the sections of the IPC so that custody of the accused can be taken and hence the bail was rejected in the lower court. My arguments were held valid and Bail was granted by the sessions court.

State Vs. J. Sudhakar Reddy and ors. | MM Court This was the very infamous LOAN APP Criminal case and had Eighteen accused members. This was a complete technology-based case filed by Cyber Police Station, My client was accused No. 18 and he was CEO of Mahagram Payments Private Limited a fintech company. All the lawyers representing other accused as respect asked me to argue first so they could base their arguments on my moot points and legal research. I successfully argued with relevant case laws that my client was an intermediary within the definition under the IT Act, 2000 and the safe harbor provision was applicable. My arguments with case laws were accepted by the lower court and bail was granted, a first landmark order of its kind.

State Vs OmPrakash Munna Prasad| MM Court 

State Vs Greenwell and Ors | MM Court (African Students Case) This is the case of a Job Fraud Scam where 5 African students were accused and I had to argue on merits for bail, in this case despite the Indian visas of the student's expired, I could get a favorable bail order. These clients had come to me a little late after they were given judicial custody 

Akshay Shripad Rao v/s. The State of Maharashtra (As intervenor in Bombay HC)

Prasad Rajappan Vs State of Maharashtra |Sessions Court Data Theft ABA Case 2014 - This was one of the earlier cases of Data Theft and my client was the CEO of a well-known startup, his name was taken as accused coz unknowingly he had hired a lady on whom a data theft FIR was filed by her previous employer and she was not attending before the police as she had got just married and traveled to her home town. Police implicated my client as an accomplice to the first accused, we had to get an anticipatory bail order and we got it on one single date when the argument was heard on the same date. This was my first case at Dindoshi Sessions Court.


Cases With Adjudication Officer and TDSAT (Civil & Appeal Court under The IT Act, 2000)

Sanjay Dhande vs. ICICI Bank and Vodafone This is the landmark case that I handled pro bono where the complainant and my client was Professor Dr. Sanjay Dhande Ex-Director of IIT Kanpur and Padmashree awardee who lost over rupees nineteen lakhs and this was his retirement money. Here the SIM was exchanged with forged documents of Mr. Dyanidhi Maran (Hon. IT Minister for India). So brazen was the fraud that fake KYC documents were used to procure a new SIM card under the name of Ms. Megha Dhande (wife of Sanjay Dhande as the bank account was jointly held) the forged passport copy was submitted with a photo of Dyanidhi Maran and sex below written as male, as if the fraudster wanted to tease the Government. I had successfully argued this case to point out the lacuna in Icici Bank and Vodafone not following reasonable security practices and an order was passed to compensate my client. ICICI Bank and Vodafone went in for a BIG appeal before TDSAT, the TDSAT order in favor is below.

ICICI Bank and  Vodafone vs Sanjay Dhande | TDSAT - Two separate appeals filed by ICICI Bank and Vodafone were clubbed together at TDSAT, Delhi, A full array of lawyers and senior counsels was hired to defend the appeal, one-hour presentation was made by ICICI Bank managers showcasing their good security practices on a specially arranged LCD Screen in the courtroom. Lengthy arguments and papers were submitted. The argument spilled to the next day, I had to stay at the IIT Delhi guest house on campus with no clothes to change, and I purchased a fresh white shirt to wear for arguments the next day. During arguments, I had to read out FIR and statements of police in Marathi and convert them into English in real-time for the Hon. Bench at TDSAT to understand. All the years of hard work of dedication had paid off and we got an order in our favour with ICICI bank and Vodafone told to pay Rs. One lakh in cost. On the last date when the order was pronounced, I didn't attend Mr. Natrajan attended as it was only the pronouncing of the order and we wanted to avoid Delhi flight costs. My name wasn't mentioned in the order, so again we petitioned the bench and a correction order at the end of the order you can see where my name and the names of all counsels of ICICI Bank and Vodafone were included.


Rohit Maheshwari Vs. Vodafone India Petitioner's mobile phone bill was shared online with his estranged business partner without the permission of the petitioner. I had argued that CDR may be interpreted as sensitive personal data because call logs reveal calls to doctors and depending on which specialist doctor you call can reveal certain medical conditions like pregnancy, mental health, cancer, AIDS etc. My argument has held that call logs are personal sensitive data under The IT Act, 2000. Vodafone was asked to pay a token fine of Rs.10000/-. Thus this case became the first landmark case holding Privacy and CDR as sensitive Personal Data. 

Vodafone India Vs. Rohit Maheswari| TDSAT - Vodafone preferred an appeal from the order of the Adjudication officer, I was about to reach the TDSAT but the Hon. Bench showing strictness against Vodafone asked Vodafone to deposit Rs.50000/- with the court, Vodafone preferred to withdraw the appeal and informed the bench that they have paid Rs.10000/- thus following the Adjudication officers order and holding my all arguments of CDR being a sensitive personal data.


Swapnil Prakash Patni Vs. Deepak Fatechand Oswal [DATA Theft Case under S43(b) of The IT Act, 2000]  Petitioner was the owner of private well know coaching classes in Pune for Chartered Accountant students. The defendant used to work for the petitioner, who left by taking material, Notes, and Demo Notes, and joined the competitor CA classes in the same building which caused the petitioner financial losses. I had argued based on chat evidence found in the defendant's mobile which was held and a small compensation of Rs.33000 was granted in the event of the defendant being a young salaried boy and lack of copyright registration with the petitioner. There was no appeal filed with TDSAT to the lower court's order.


Chander Kalani and Smt. Romi Kalani Vs. SBI and Ors. Here the complainants are Senior Citizens and Non Resident Indians having business in Lagos, Nigeria, West Africa. Complainants hold Joint NRE Account with SBI Respondent No. 1 as well as Fixed Deposits Receipts (FDR). While visiting Respondent No. 1 to update their passbook and to collect one of the original FDRs, he came to know that their FD was fraudulently transferred to some other account without his knowledge or his authorization to a bank account in London. I argued that the complainant did transactions with the bank only via e-mails. Mechanisms like alternate e-mail, SMS alerts, etc. were not used. The court held both the parties partly responsible because the complainant did not inform the bank about his defunct mobile number and ordered to pay to the complainant Rs. 40,00,000/-. 

State Bank of India vs. Shri Chander Kalani & Ors. | TDSAT - The appellant, SBI, has preferred this appeal raising two concerns. One, they were not provided with an alternate mobile number and second, questioning the 40 lakh compensation to be just and proper. I argued that the complainant claimed 1 crore as compensation so 40 lakh is justifiable and second that the bank did not bring anything on record to show that it implemented and maintained reasonable security practices to protect such information from unauthorized use. I further argued that his mobile number not functioning should have worked in his favour as the bank should have rejected the request for transfer of funds through e-mail on the valid ground that there was no confirmation available through the registered mobile number and moreover the use of scanned signature on A-2 form received through e-mail was illegal and unauthorized use of the same. The court dismissed the appeal. 


Daffodils Furnishing and Ceramic Traders vs. Idea Cellular Ltd., RBL Bank Ltd., ICICI Bank Ltd. and Ors. Here the Complainant’s mobile number SIM was blocked by unknown persons and a SIM swap fraud was committed by producing forged KYC documents. It was argued that Idea Cellular failed to follow reasonable security practices as mentioned under section 43A of The IT Act, 2000  before issuing a duplicate SIM card which led to this, and thus had to pay compensation. of Rupees Eight Lakhs Fifty Thousand to the complainant. Hon. Adjudication while appreciating the role of banks and its practices ordered Idea Cellular to pay Rs.8,50,000/- within one month and failing to do so a compound interest of 12% chargeable.


Cases handled at WIPO [Domain Name Disputes]

Safe Securities Inc., Formerly Lucideus Inc, Vs. Tmotius Michael | Case No. D2021-3236 The Complainant is a company registered under the law of the State of Delaware, United States. The Complainant changed its name from Lucideus Inc. to its present name on December 28, 2020. According to the restated certificate of incorporation, the Complainant was originally incorporated under the name of Lucideus Inc. on December 23, 2016. The Complainant provides cyber security services through a portal at “”, in other words, a configuration of the disputed domain name, and claims that said portal became successful in a short space of time, with 5,651 hits per month, a Global Alexa Rank of 418,134 for the month of January, 2021, and a base of 228,351 users built over the last three years. The disputed domain name was registered on April 28, 2012. The Complainant demonstrates that it is the original registrant of the disputed domain name by way of the registration invoice and multiple annual renewal invoices, each addressed to the Complainant’s Chief Executive Officer. The last of these is dated

May 4, 2018, and provides that the disputed domain name was to be renewed for three years. The disputed domain name’s expiration date would therefore have been April 28, 2021. The Complainant is the owner of a variety of registered trademarks for the word mark and stylized device/word mark LUCIDEUS, including for example, United States Registered Trademark No. 5811886, for the word mark LUCIDEUS, registered on July 23, 2019, in classes 41 and 42, and Indian Registered Trademark No. 4030888 for the word mark LUCIDEUS, registered as of December 18, 2018, in class 42. The Panel passed the order that the disputed domain name <> be transferred to the Complainant.

Technoarete Research and Development Association, Institute for Engineering Research & Publication Vs. Technoarete International and IFERP World | Case No. D2022-0937 The Complainants, Technoarete Research and Development Association and Institute for Engineering Research & Publication, are Chennai based entities engaged in conference management and publishing research papers. The First Complainant owns Indian trademark registrations for TECHNOARETE (figurative mark), in Class 41, with registration number 3069379, date of application October 1, 2015, and date of use from July 22, 2014, and for trademark IFERP (figurative mark), in Class 41, registration number 3241340, date of application April 24, 2016, and date of use from March 23, 2014.

The Respondents are Technoarete International and IFERP World, located in Odisha, India. The Respondents registered the disputed domain names <> and <> on October 24, 2014, and on January 25, 2016 respectively. The disputed domain names are being used and operated by the Respondents in connection with their business of conference hosting and publication of papers. The registration record for the disputed domain name <> shows the registrant location is Chennai, India, with an unserviceable address, or a non-existent, incomplete address. For the disputed domain name <>, the Respondents used the privacy services of “Domains by Proxy LLC” to mask registrant information. The panel passed the orders that, the disputed domain names <> and <> be transferred to the First Complainant.