National Urban Learning Platform launched as urban arm of iGOT-Mission Karmayogi (See 'Corp Brief') CSIR-NIScPR Organized Skill Training Programme on Basics of Koha Software (See 'Corp Brief') PMLA- Forfeiture unsustainable where nexus between property and illegally acquired income not established: SAFEMA (See 'Legal Desk') The Income Tax Act, 2025: Privacy, Power, and Constitutional Scrutiny (See CORP EINSICHT ) India has made Remarkable Progress Against Leprosy: Govt (See 'Corp Brief') Agra, Chennai, Kanpur among Key Footwear Clusters to benefit from QCI-FDDI Partnership (See 'Corp Brief') Bharat Innovates reinforces vision of NEP 2020: Pradhan (See 'Corp Brief') Indo–French Partnership to advance Global Deep Tech, Innovation, and Start-up Ecosystems (See 'Corp Brief') Discussions between MoS and DG, ILO underline rapid expansion in India's social security coverage (See 'Corp Brief') Ministry of Coal holds Successful Roadshow on Coal and Lignite Gasification Projects (See 'Corp Brief') Textile Sector witnesses unprecedented growth and transformation: Giriraj Singh (See 'Corp Brief') 'Oilseeds Kisaan Mitra' - India's First Nationwide WhatsApp AI Advisory for Oilseed Farmers (See 'Corp Brief') IBC - If application for withdrawal of CIRP u/s 12A is supported by duly submitted Form FA, accompanied by required bank guarantee, and placed before CoC within prescribed time, AA may permit withdrawal of CIRP: NCLT (See 'Legal Desk') IPC strengthens Industry Preparedness for IP 2026 (See 'Corp Brief') Vaishnaw inaugurates 20 kW Akashvani FM Transmitter at Ramgarh, Jaisalmer (See 'Corp Brief') Goyal to visit Switzerland to promote India-EFTA trade deal (See 'Corp Brief') MoS calls upon Industry to scale up Investments in India's Space Sector (See 'Corp Brief') IBC - Incorrect disclosure in Form B does not by itself extinguish statutory charge, particularly where RP otherwise had notice of lien and statutory basis claimed by tax authority: NCLAT (See 'Legal Desk') SAPLING Dialogue 2026 Concludes with Call for holistic development of food processing Sector (See 'Corp Brief') Measures activated to shield Domestic Fertilizer Supply from Global Geo-Political Disruptions: Govt (See 'Corp Brief') CCI approves acquisition of certain shareholding in PUMA SE by Ancat Holding (See 'Corp Brief') IBC - Write-off of inventory may be held fraudulent u/s 66(1) if surrounding facts show non-maintenance and withholding of stock records, inconsistency between inventory figures and operational trends: NCLT (See 'Legal Desk') CCI approves acquisition of equity in Shriram Life Insurance by Sanlam Emerging Markets (See 'Corp Brief') Ministry of Coal to organize Roadshow on Coal and Lignite Gasification Projects in Hyderabad (See 'Corp Brief') MoS leads delegation at 114th International Labour Conference in Geneva (See 'Corp Brief') No ban on Import of Indian Mangoes by Nepal (See 'Corp Brief') IBC - Advance paid to corporate debtor for supply of goods or services, where claim has nexus with provision of goods or services, constitutes operational debt within meaning of Sec 5(21): NCLT (See 'Legal Desk') TRAI issues amended 'Rating Manual 2026' for assessment of Digital Connectivity (See 'Corp Brief') Zojila Tunnel to establish All-Weather Connectivity Between J&K and Ladakh (See 'Corp Brief') IPR - Foreign FRAND rate-setting action filed by implementer may be treated as relevant material at pro tem stage in assessing prima facie essentiality / need for licensing: HC (See 'Legal Desk') Ministry of MSME Promoting Inclusive Entrepreneurship through National SC-ST Hub Scheme (See 'Corp Brief') GeM Boosts MSE Inclusion: Registered Units Rise to 11.9 Lakh (See 'Corp Brief') Strong, transparent and modern cooperative institutions will energise rural economy: Bhutani (See 'Corp Brief') Trade Marks - CALPOL & CALPOL FAST medicines granted status of well-known trademark as material demonstrates strong consumer association of mark with Plaintiff & its distinctiveness in pharma sector: HC (See 'Legal Desk') SAIL sharpens strategic priorities for FY27, reinforces market position (See 'Corp Brief') Railways sanctions upgradation of Electric Traction System on Bengaluru-Tumkur Section (See 'Corp Brief') IBC - Once resolution plan was approved by CoC, successful resolution applicant is bound by it and cannot seek to evade implementation by raising objections to LoI stipulations that are inherent in process: SC (See 'Legal Desk') Railways sanctions upgradation of Electric Traction System on Mahbubnagar-Secunderabad Section (See 'Corp Brief') Capital Market - Finding of 'fraud' under SEBI PFUTP Regulations, 2003, cannot be sustained, if Securities Appellate Tribunal had committed 'egregious error' in affirming SEBI's conclusions on manipulation & fraudulent intent: SC (See 'Legal Desk') MoS inaugurates Self-ticketing Kiosks at National Zoological Park (See 'Corp Brief') Ministry of Panchayati Raj to organise outreach workshop on Atmanirbhar Panchayat Program (See 'Corp Brief') Mandaviya leads nationwide World Bicycle Day celebrations with actor Vikrant Massey (See 'Corp Brief') IPR - Nature of enquiry u/s 57, being one for cancellation or rectification of register, is founded upon appreciation of statutory parameters such as distinctiveness, prior use and likelihood of confusion: HC (See 'Legal Desk') MoS inaugurates Daycare Facility for Children of MSDE Employees at Kaushal Bhawan (See 'Corp Brief') National Biodiversity Authority Celebrates World Environment Day 2026 (See 'Corp Brief') AI-enabled Sayuj App & Open Challenge Program 1.0 launched to strengthen Startup Ecosystem: MoS (See 'Corp Brief') Over 6,000 youth from across country to celebrate innovation & leadership (See 'Corp Brief') IBC - Land leased by statutory authority cannot be excluded from Corporate Debtor's assets on ground that development rights were transferred without consent: NCLT (See 'Legal Desk') IBC's Primacy Over the Electricity Act and the Extinguishment of Pre-CIRP Claims (See CORP EINSICHT)

Print

The Income Tax Act, 2025: Privacy, Power, and Constitutional Scrutiny

Published: Jun 15, 2026

 

By Lav Kush & Siddhi Rupa

Abstract

THE Income Tax Act, 2025 marks a sweeping overhaul of India's tax administration framework, introducing expanded powers of digital search and seizure under Sections 247 and 261. This article critically examines how these provisions, particularly the broad definitions of "virtual digital space" and "computer system," vest tax authorities with far-reaching powers to access private digital environments with minimal procedural safeguards. Drawing on constitutional jurisprudence, including the landmark ruling in Justice K.S. Puttaswamy v. Union of India (2017) = 2017-TIOL-311-SC-MISC-CB, the article argues that Section 247's authority to compel statements from "any person present on the premises" risks violating the fundamental right to privacy under Article 21 of the Constitution of India. The article further analyses the Act's tension with the Digital Personal Data Protection Act, 2023, highlighting concerns around data minimisation, purpose limitation, and the absence of oversight mechanisms. Adopting a comparative lens, the article examines privacy-compliant tax enforcement models in Denmark, Germany, and France, which combine robust revenue collection with judicial oversight and statutory data protections. The article concludes with concrete legislative recommendations, including the introduction of a rigorous judicial authorisation threshold, statutory data minimisation protocols, independent oversight bodies, and mandatory transparency measures, so as to bring the Act in conformity with constitutional guarantees and emerging global standards of digital rights protection.

Introduction

The Income Tax Act, 20251, has come in to effect on 1 st April 2026, the Act was passed by the Parliament last year and it represents a comprehensive overhaul of India's tax administration framework. The Act aims to consolidate and amend the laws relating to the income tax. Several changes have been introduced, including the use of simplified language and the removal of archaic, time-consuming processes.

Among its most striking provisions are Sections 247 and 261, together they vastly expand the government's ability to access and seize information from "virtual spaces" and "computer systems." While these measures are justified as tools for combating tax evasion in a digitized economy, they also raise significant concerns for digital privacy, constitutional rights, and the proportionality of state intrusion.

Section 261(j) introduces an expansive definition of "virtual digital space," covering email servers, social media accounts, trading platforms, cloud storage, and other online environments.2 This definition transforms the scope of tax enforcement, shifting its focus from the physical to the digital realm. Coupled with the broadened meaning of "computer system" under Section 247, which includes any device, network, or electronic storage medium, empower tax authorities to access "any information stored in electronic media or computer system" with minimal procedural friction3. The result is a legal environment in which almost every aspect of an individual's or business's digital footprint becomes potentially accessible to the tax department.

Constitutional Concern

Section 247 of the Act has faced sharp criticism for being overly broad, arbitrary, and devoid of adequate safeguards. The primary concern is its infringement on the fundamental right to privacy and the absence of clear protective measures. In Pooran Mal vs. Directorate of Inspection4, the Hon'ble Supreme Court, while examining the validity and constitutionality of search powers under Section 132 of the IT Act, had observed that such searches inherently invade privacy. The Court had emphasised that safeguards and restrictions are essential to limit and guide the exercise of such authority. It had further cautioned that such wide powers must be exercised with strict adherence to checks and balances, as their unsupervised use could result in harassment of taxpayers.

The provision in question is susceptible to challenge on the grounds of the right to privacy, in light of Justice K.S. Puttaswamy v. Union of India5, where the Supreme Court had recognised privacy as an intrinsic element of the right to life under Article 21 of the Constitution. In its current form, the provision empowers authorised officers, representing the State machinery to intrude into an individual's personal sphere without adequate safeguards, accountability, or justification for such intrusion. Effectively, it grants sweeping powers to conduct coercive questioning without sufficient checks and balances.

Another issue relates to the presence of "any person on the premises." Under Section 247(6), the authority of the authorised officer to record statements on oath during search proceedings has been broadened to include "any person present on the premises" where a search is being conducted. This marks a significant departure from the existing power under Section 132(4) of the erstwhile Income Tax Act, which limits such questioning to individuals "found to be in possession or control of any books of account, documents, money, bullion, jewellery, or other valuable article or thing.". The term "any person'' is ambiguously broad, and can include unrelated third parties, such as domestic help, visiting guests, minors, or employees, lawyers, advisers, etc., to name a few, all of whom can be subjected to questioning under oath, in an intimidating environment. The lack of procedural safeguards creates a scope for misuse, coercion, and psychological pressure, potentially amounting to harassment.

There is no compelling public interest or revenue gain served by allowing tax authorities such unbridled powers to examine individuals present in the searched premises without even establishing any necessity for the same. It dilutes the legitimacy of search operations by enabling speculative and fishing inquiries, while at the same time, consuming resources which may be otherwise utilized for revenue gain. Further, it conflicts with the proportionality requirements outlined by the Supreme Court in K.S. Puttaswamy v. Union of India, where privacy was affirmed as a fundamental right.

Data Privacy Concern

The operational implications of these powers are equally troubling. Tax officers can compel individuals to provide passwords, decrypt data, and grant access to encrypted communications. Once accessed, there are no strong legal safeguards to prevent the retention or secondary use of personal data irrelevant to the investigation. Such open-ended authority erodes core principles of data minimisation and purpose limitation, both enshrined in India's Digital Personal Data Protection Act, 2023. In practice, these measures could lead to the collection of sensitive non-financial information, such as personal correspondence or health records, with no clear mechanism for its protection or eventual erasure.

The expansion of the term "computer system" also raises risks of technological overreach. By including any interconnected device or network, the Act allows authorities to enter private networks or third-party platforms simply because they host or transmit relevant information. This could, inadvertently, extend enforcement reach into systems operated by unrelated parties, such as service providers or business partners, creating collateral privacy harms and deterring innovation in cloud computing and digital service provision. In a recent ruling, the High Court of Delhi underscored the violation of privacy arising from the dissemination or use of family-related CCTV footage by the GST authorities. The Court held that such access infringes the privacy rights of family members and accordingly issued specific directions. It was ruled that CCTV footage from the residential premises of a taxpayer shall not be accessed by the Revenue Department except in the presence of at least one family member and an authorised representative. Further, only data relevant to the investigation may be copied, and the remaining footage must be returned.6

If enacted without strong checks, the Act may have broader socio-economic consequences. Businesses operating in India could face increased compliance costs, particularly in securing systems against unannounced data seizures or ensuring the segregation of sensitive client data. For individuals, the knowledge that the government can penetrate personal devices based on a relatively low suspicion threshold may lead to self-censorship in digital communications, a phenomenon well-documented in surveillance studies. Over time, such effects could erode trust in both tax institutions and the broader governance framework.

International Standpoint

Internationally, high-tax jurisdictions demonstrate that strong enforcement need not compromise privacy to this extent. Denmark, for example, achieves compliance through structured digital reporting requirements such as the Standard Audit File for Tax (SAF-T)7, coupled with GDPR8-anchored oversight and a robust data protection authority9. Similarly, in Germany and France, tax authorities must obtain judicial warrants before accessing private digital accounts, and access is limited to clearly defined data categories. These systems illustrate that it is possible to combine effective tax collection with strong procedural safeguards, independent oversight, and technological standards that prevent excessive intrusion.

Conclusion and Suggestions

While the Select Committee concluded that the clauses were adequate and consistent with the corresponding section of the 1961 Act, and accepted it without changes, the Act raises serious concerns regarding potential erosion of individual privacy and may be open to constitutional challenge. In its current form, the Income Tax Act, 2025 reflects an enforcement-centric vision of tax governance that risks undermining the very rights it should respect and protect. India has the opportunity to draw from international best practices to design a framework that is both efficient and rights-compliant. Without such recalibration, the Act's digital provisions could set a precedent for intrusive state access to virtual spaces that extends well beyond the domain of tax enforcement, reshaping the balance between state power and individual privacy in the digital age.

For India, adopting the right safeguards is essential, if the Act is to be both effective and constitutionally sound. Firstly, "reason to suspect" should be replaced with a more rigorous and reviewable threshold, adopting a least invasive method, ideally requiring independent judicial authorization for digital searches. Secondly, clear data-minimization protocols should be legislated, including limits on retention and mandatory deletion of irrelevant data, explicitly excluding login credentials of email or social media accounts. Thirdly, independent oversight, whether through a strengthened role for the Data Protection Board or a specialized tribunal should be integrated into the enforcement process to ensure accountability. Fourthly, if the provision is retained, embedding statutory safeguards similar to Section 94 of the Bharatiya Nagarik Suraksha Sanhita, 2023, which requires courts to issue summons for producing documents or electronic communications likely to contain relevant evidence, should be mandatory. Finally, transparency measures, such as audit logs and annual reports on digital searches should be maintained, to build public trust.

[The authors are students of Chanakya National Law University, Patna and the views expressed are strictly personal.]

______________________

1 The Income-Tax Act, 2025, No. 30 of 2025. Retrieved from https://egazette.gov.in/WriteReadData/2025/265620.pdf

2 The Income Tax Act, 2025, § 261(j).

3 The Income Tax Act, 2025, § 247(1)(b).

4 Pooran Mal v. Directorate of Inspection, 2002-TIOL-221-SC-IT-LB

5 Justice K.S. Puttaswamy v. Union of India, 2017-TIOL-311-SC-MISC-CB

6 Genesis Enterprises v. Principal Commissioner, CGST, W.P.(C) 13821/2025 & CM APPL. 56711/2025 (Delhi High Court, 2025). 2025-TIOL-1586-HC-DEL-GST

7 Danish Bookkeeping Act (Bogføringsloven), Act No. 700 of May 24, 2022 (Den.).

8 General Data Protection Regulation, Regulation (EU) 2016/679, 2016 O.J. (L 119) 1 (EU). Retrieved from https://gdpr-info.eu

9 Datatilsynet [Danish Data Protection Agency]. (2023). Annual report 2022. Retrieved from https://www.datatilsynet.dk

 

TIOL CORP SEARCH

TIOL GROUP WEBSITES

taxindiaonline
taxindiainternational
tioltube
TKF
TIOLawards
A TIOL Website. Copyright © 2025 TIOLcorplaws.com All rights reserved.