Home » Statutes

Statutes

When a “Visiting Gynaecologist” Isn’t One: Delhi Consumer Commission on Medical Negligence, Vicarious Liability, Misrepresentation & Proximate Cause (Samreen v. Dr. Kuljit Kaur Gill & Anr.)

by

A recent order of the Delhi District Consumer Disputes Redressal Commission (Central) in Samreen v. Dr. Kuljit Kaur Gill & Anr. (Consumer Complaint No. DC/77/CC/148/2023) is a textbook consumer-law medical negligence decision; because it ties together four issues that often decide outcomes in real litigation: (i) medical negligence in a high-risk obstetric setting, (ii) vicarious liability of a nursing home for a “visiting doctor”, (iii) professional misrepresentation of qualifications, and (iv) proximate cause between delay and irreversible harm (infertility).

The Commission ultimately held both the doctor and the nursing home liable, and awarded ₹20,00,000 compensation (with interest), while giving the nursing home liberty to recover from the doctor in accordance with law.

The factual spine: timeline + missed red flags

The complainant tested positive for pregnancy and visited a nursing home/clinic where the treating doctor repeatedly addressed abdominal pain and bleeding with symptomatic medicines and reassurances, but without timely diagnostic work-up (notably ultrasound/testing) across multiple visits. When pain became unbearable, she was taken elsewhere; tests revealed a dead embryo, she was shifted to hospital, and emergency surgery was performed—one fallopian tube was removed, and she was informed this led to permanent loss of reproductive capacity. samreen-vs-dr-kuljit-kaur gynaec medical neligence

What made the case sharper was the “context”: the complainant had a high-risk obstetric history, making timely investigation even more crucial, as the Commission noted while analysing the duty of care.

1) Medical Negligence: breach of duty in a high-risk pregnancy is judged more strictly

(A) The core legal frame: duty → breach → damage

Consumer fora typically evaluate medical negligence through the familiar structure:

  1. Duty of care (doctor–patient relationship)
  2. Breach (acts/omissions below reasonable standard)
  3. Causation & damage (harm flowing from the breach)

Here, the Commission treated the case as classic omission-based negligence: repeated symptoms + high-risk context demanded investigation, monitoring, and diagnosis before continuing treatment. The order specifically discusses the doctor’s failure to properly investigate and record a diagnosis across visits, and the resulting substandard care.

(B) Why obstetrics changes the “standard”

Obstetric care is not evaluated in a vacuum—time sensitivity is the whole point. The Commission’s reasoning makes an implicit but powerful point: when warning signs (pain + bleeding) persist, and risk factors exist, the acceptable range of “watchful waiting” narrows sharply. In this case, the Commission read the conduct as “casual” treatment where caution and monitoring were mandatory.

(C) Bolam is not a shelter for illogical omissions

Even where a doctor invokes clinical judgment, consumer fora increasingly test it on logic and defensibility (often described through the Bolam/Bolitho lens). The Commission’s analysis treats a prolonged failure to investigate in the face of repeated red flags as not logically defensible, therefore not protected merely because “some doctor could have done it”.

2) Misrepresentation: projecting a qualification you don’t legally hold can itself be actionable negligence

One of the most important parts of this order is that the Commission treats misrepresentation of medical qualifications not as a “side issue”, but as part of the negligence matrix.

The Commission noted that the doctor was qualified as MBBS, yet used “M.S./M.D.” style suffix/representation and projected herself as a specialist gynaecologist without the requisite recognised qualification—amounting to professional misrepresentation.

Why this matters legally

Misrepresentation of qualification strengthens a complainant’s case in three ways:

  1. Standard of care rises: If you hold yourself out as a specialist, you are judged closer to a specialist’s standard.
  2. Consent becomes tainted: The patient’s choice of provider is influenced by the representation.
  3. Negligence per se logic: Courts/fora have repeatedly treated practice without requisite qualification as inherently negligent because it violates professional norms and patient trust.

Practice pointer for clinics: If your letterhead, signage, prescriptions, or online listings show a qualification, it must be recognised and legally usable in India. Don’t let marketing outrun compliance.

3) Vicarious Liability: the nursing home cannot escape by calling the doctor “visiting”

A recurring defence in consumer litigation is: “She was only a visiting consultant; hospital isn’t liable.” The Commission rejected that logic and held the nursing home vicariously liable for the doctor’s acts/omissions—especially because the institution failed to verify qualifications and ensure proper supervision/standards of care.

The consumer-law rationale (why this is consistent)

From a patient’s perspective, the “service” is offered under the clinic/hospital’s umbrella. The institution:

  • attracts patient trust via its name/reputation,
  • provides infrastructure,
  • controls who is permitted to treat inside the facility,
  • and is expected to ensure competent staff and systems.

So, the Commission’s reasoning aligns with a consistent line of principle: hospitals/nursing homes must answer for negligence of doctors engaged by them—even if the internal contract calls them “consultants” or “visiting”.

Compliance takeaway for nursing homes: Credential verification is not optional paperwork; it is risk control. If you can’t prove due diligence on credentials, you practically invite vicarious liability.

4) Proximate Cause: the “delay → emergency surgery → infertility” chain was treated as direct and foreseeable

Causation is where many medical negligence cases collapse. Here, the Commission clearly framed delayed diagnosis as the proximate cause of the emergency surgical intervention and the resulting irreversible harm.

The order connects the dots: repeated omission to investigate and rule out serious pregnancy complications led to a deterioration requiring emergency surgery, resulting in removal of the fallopian tube and consequent loss of reproductive capacity. In other words, the harm was not a remote possibility; it was a foreseeable consequence of ignoring the red flags. samreen-vs-dr-kuljit-kaur gynaec medical neligence

Why this proximate-cause finding is powerful

Because it answers the classic defence: “Complications can happen anyway.”

Yes, complications can happen—but proximate cause asks: Did the breach materially contribute to the harm in a legally significant way? The Commission’s answer was effectively: the delay converted a treatable/containable situation into an emergency with permanent consequences.

Litigation takeaway: The strongest causation proof is often a timeline + medical records + what should have been done at the earlier visit. This case shows how delay itself becomes the causative engine.

Compensation and outcome: consumer fora treat reproductive harm as serious, not symbolic

After fixing negligence and institutional liability, the Commission awarded ₹20 lakh as compensation (covering medical expenses, mental agony, etc.) and permitted the nursing home to recover from the doctor as per law. The complaint against the government department was dismissed for lack of deficiency material against it.

The Rise and Retreat of India’s “Mandatory App State”: A Legal Analysis of the Sanchar Saathi Pre-Installation Mandate and Its Rapid Rollback

by

I. Introduction: A Day-Long Policy Experiment with Constitutional Stakes

On 28 November 2025, the Department of Telecommunications (DoT), invoking powers under the Telecommunications (Telecom Cyber Security) Rules, 2024, issued a sweeping direction requiring mandatory pre-installation of the Government’s Sanchar Saathi app on all mobile phones manufactured or imported into India.

Within 24 hours of severe public backlash—privacy concerns, industry resistance (including Apple’s reported refusal), constitutional objections, and political criticism—the Government withdrew the mandate, clarifying that Sanchar Saathi would remain voluntary.

This short-lived order has, however, left behind profound constitutional questions:

  • Can the executive compel software installation on every personal device through delegated legislation?
  • Where is the outer limit of State power over digital ecosystems?
  • Does mandatory cybersecurity-driven software risk creating tools of surveillance?
  • Are subordinate rules being stretched beyond legislative intent?
  • What does this mean for future health-tech, pharma-regulatory, and digital governance apps?

This commentary examines the mandate—and its reversal—through India’s current legal architecture, judicial precedents, and constitutional doctrine.

II. Legal Basis Claimed by the Government: Rule 8 and Rule 5 of the Cyber Security Rules

The withdrawn direction relies on:

1. Rule 8(3), 8(4) and 8(8) of the Telecom Cyber Security Rules, 2024

  • Rule 8(3): prohibits tampering with telecom identifiers (e.g., IMEI).
  • Rule 8(4): allows the Centre to issue directions to manufacturers/importers to assist in preventing IMEI tampering.
  • Rule 8(8): obligates compliance with such directions.

2. Rule 5

Empowers the Government to establish security mechanisms to prevent acts that may endanger telecom cybersecurity.

But the key question:

Do these rules contemplate—explicitly or implicitly—the power to require compulsory pre-loading of a government application on every mobile device sold in India?

The answer, in constitutional terms: highly doubtful.

Delegated legislation must remain within the boundaries of the parent Act. The Telecommunications Act, 2023 nowhere authorises the State to mandate installation of government-controlled software on personal devices.

The Government relied on broad phrasing, but broadness cannot substitute for specific legislative mandate, particularly where fundamental rights are implicated.

III. Ultra Vires Concerns: When Delegated Legislation Overreaches

Indian constitutional jurisprudence is clear:

1. Subordinate legislation cannot extend or enlarge the scope of the parent Act.

Refer:

  • Bimal Chandra Banerjee v. State of M.P. (1970) – Rules cannot widen statutory scope.
  • General Officer Commanding-in-Chief v. Dr. Subhash Chandra Yadav (1988) – Delegated legislation must remain within “four corners” of parent Act.

Applying this doctrine:

A rule meant to prevent IMEI tampering cannot be used to justify embedding government software in every citizen’s device, because such a mandate is not “necessary” for fulfilling the statutory purpose.

Thus, the order arguably suffered from excessive delegation and colourable exercise of power.

IV. Constitutional Scrutiny — The Puttaswamy Privacy Doctrine

The Puttaswamy (2017) nine-judge bench decision created the Four-Fold Proportionality Test for all State actions impinging privacy:

  1. Legality — must have a valid law
  2. Legitimate Aim — cyber-fraud prevention is valid
  3. Rational Nexus — linking IMEI fraud to Sanchar Saathi is arguable
  4. Necessity & Least Restrictive Means — this is where the direction collapses

Why it fails necessity:

  • Fraud and IMEI-cloning prevention can be addressed by network-side solutions, CEIR back-end strengthening, audits, and voluntary app usage.
  • No empirical basis was shown that mandatory pre-installation enhances protection beyond voluntary adoption.
  • No Privacy Impact Assessment was published.
  • Less intrusive alternatives exist.

Therefore, the mandate cannot survive Puttaswamy scrutiny.

V. Device Autonomy and Digital Freedom Under Articles 19 & 21

India’s Constitution, though written in 1950, has evolved to protect digital personhood.

1. Article 19(1)(a): Informational autonomy

Compulsory presence of a government app interferes with one’s right to control the informational environment of one’s device.

2. Article 19(1)(g): Business autonomy of manufacturers

Manufacturers (Apple, Google, OEMs) design ecosystems with security and privacy philosophies. Mandated apps violate platform integrity.

3. Article 21: Liberty, dignity and digital privacy

Courts have repeatedly held that personal liberty includes autonomy over one’s personal electronic devices.

Cases reinforcing this include:

  • PUCL v. Union of India (1996) – surveillance requires strict legality.
  • Anuradha Bhasin v. Union of India (2020) – digital access and freedom integral to liberty.
  • K.S. Puttaswamy (Aadhaar-II) (2018) – State cannot intrude into devices without statutory safeguards.

A government app pre-loaded on every phone—especially one dealing with identifiers (IMEI)—touches the most sensitive element of digital autonomy.

VI. Consent and the DPDP Act, 2023: A Silent Conflict

India’s Digital Personal Data Protection Act, 2023 (DPDP Act) requires:

  • Free, informed, specific consent for personal data processing
  • Purpose limitation and data minimisation
  • User control over data

A pre-installed app creates structural coercion.
Even if the user “can uninstall”, the default setting is State-mandated presence—which contradicts the spirit of free consent.

Mandatory installation may be justified only by:

  • Section 7 legitimate use (for State functions),
    but only if backed by a clear, specific, narrowly-tailored law—not merely a direction under cyber rules.

The Government’s withdrawal implicitly acknowledges that DPDP compliance was questionable.

VII. The Surveillance Risk Argument: Why Concerns Were Not Paranoia

Digital rights groups had labelled the mandate a “backdoor to surveillance”.

This fear is grounded in:

  • Sanchar Saathi’s access to IMEI—one of the strongest device-tracking identifiers.
  • Future updates could expand functionality without user awareness.
  • India does not have a comprehensive surveillance oversight law (unlike EU/UK).
  • Past examples such as:
    • Aarogya Setu (opacity around source code & data flows)
    • FACIAL RECOGNITION used by law enforcement without parliamentary debate
    • Delhi Police’s AI-enabled profiling systems

Even if the current version of the app does nothing sinister, constitutional law examines potential misuse, not only present conduct (see PUCL).

VIII. Comparative Jurisprudence — How Democracies Handle Mandatory Apps

1. EU (GDPR, ePrivacy Directive)

Mandatory installation of State software without explicit legislation would be unlawful.

2. US

The Supreme Court in Riley v. California (2014) emphasised deep privacy interests in smartphones; compulsory app installation would require Congressional authorization.

3. German Federal Constitutional Court

Extremely sensitive about “state trojans” and any software embedded by the State in personal devices.

India’s withdrawn order was an outlier in democracies, reinforcing why the rollback was necessary.

IX. The Positive Angle — The Government’s Immediate Rollback Is Constitutionally Significant

The speed of withdrawal shows:

  • Public accountability works
  • The executive recognized the proportionality issue
  • India’s digital policy environment is maturing
  • Civil society, privacy advocates, and courts have shaped constitutional expectations

This is reminiscent of:

  • The rollback of the IT Rules 2011 Intermediary Guidelines draft,
  • The modification of Aarogya Setu usage mandates,
  • Government rescinding certain facial-recognition mandates in airports after public pressure.

X. Broader Implications for Future “Regulatory Apps” in Health, Pharma & Medicine

Our focus is particularly on health sector.

Once the government uses delegated legislation to mandate apps for cybersecurity, similar logic could be applied to:

  • e-prescription apps
  • Pharmacovigilance apps
  • Digital health monitoring apps
  • NDPS enforcement tools
  • Telemedicine compliance apps

The Sanchar Saathi episode acts as a precedent in principle—even without a judgment:

The State cannot compel installation of regulatory apps on personal devices without explicit legislation, strong safeguards, and demonstrable necessity.

This is crucial for future health-tech governance.

**XI. Conclusion:

India Must Resist the Temptation of “App-Driven Governance” Without Constitutional Guardrails**

The Sanchar Saathi mandate was a constitutional misadventure, but its rollback was a constitutional triumph.

It marks a reaffirmation of:

  • Privacy as a fundamental right
  • Device autonomy as part of personal liberty
  • Limits on delegated legislation
  • A maturing digital constitutionalism in India

As India expands into national digital infrastructures—Digital Health Mission, DPDP Act implementation, AI regulation, telecom reform—it must avoid shortcuts like compulsory apps.

The path forward is clear:

  • If the State wants a nation-wide security tool, it must enact a specific law,
  • justify its necessity,
  • conduct privacy-impact assessments,
  • build technological safeguards, and
  • uphold autonomy.

Our smartphones belong to us, not to the State.
The Constitution demands nothing less.

Evolving Regime of Information Technology & Cyber Law: Insights from Dr. Mahendra Limaye’s Webinar at BASL Nagpur

by

Introduction

On November 8, 2025, Dr. Babasaheb Ambedkar School of Law (BASL), Nagpur, under Rashtrasant Tukadoji Maharaj Nagpur University (RTMNU), hosted a webinar on “Evolving Regime of Information Technology & Cyber Law” featuring Dr. Mahendra Limaye, Advocate and techno-law specialist. The session was organized under the guidance of Smt. Rutunja Bhelave and Shri. Ankit A. Shripatwar, Program Coordinators, BASL.

The webinar aimed to introduce law students to the growing importance of cyber law in a digital society increasingly dependent on technology and data.

Key Highlights from the Session

  1. Understanding the IT Act, 2000
    Dr. Limaye traced the origin of India’s Information Technology Act, 2000 — one of the earliest legislations based on the UNCITRAL Model Law on E-Commerce. Initially enacted to support e-commerce and online communication, it has evolved to cover cybercrimes, digital signatures, and data protection.

  2. Core Definitions and Concepts
    He emphasized key terms under Section 2, including computer, computer network, computer system, and intermediary, explaining their crucial role in understanding liabilities under cyber law.

  3. Digital Signatures and Hash Functions (Sections 3–42)
    Explaining encryption and decryption using public–private key mechanisms, he compared it to a bank locker system, helping students visualize how digital signatures authenticate and secure electronic communication.

  4. Civil and Criminal Liabilities (Sections 43 & 66)
    The webinar clarified how Section 43 deals with civil wrongs like unauthorized access, data theft, or introducing viruses, while Section 66 criminalizes the same acts when done dishonestly or fraudulently.

  5. Repeal of Section 66A
    Dr. Limaye discussed the landmark Shreya Singhal v. Union of India case, which struck down Section 66A as unconstitutional for violating free speech.

  6. Adjudicating Authorities and Jurisdiction (Section 46)
    Civil disputes under the IT Act are adjudicated by designated IT Secretaries of each State, not regular civil courts. Appeals lie before TDSAT, then High Courts, and finally the Supreme Court.

  7. Emerging Relevance of the Digital Personal Data Protection Act, 2023
    With the repeal of Section 43A, the new Data Protection Act introduces a comprehensive legal framework for safeguarding personal data and user consent — a vital area for future legal professionals.

  8. Cyber Crimes & Offenses (Sections 65–67F)
    He explained cybercrimes such as source code tampering, identity theft, cyber terrorism, and online obscenity, citing the severity of punishments ranging from 3 years to life imprisonment.

  9. Advice for Law Students
    Dr. Limaye urged students to treat cyber law as an emerging and high-demand field, combining legal knowledge with technological awareness. He advised building early familiarity with current judgments, NCRB data, and RBI’s Zero Liability Circular for digital frauds.

Conclusion

The session concluded with an interactive Q&A, where Dr. Limaye answered questions on digital signatures, data privacy, and cybercrime reporting through helpline 1930. His practical insights bridged the gap between statutory law and real-world application, inspiring students to explore techno-law as a professional path.

About the sepaker

Adv. (Dr.) Mahendra Limaye is a techno-legal cyber law expert (Ph.D.) and FDPPI-certified data privacy professional. He heads the Cyber Awareness Organisation, advises government and private bodies on IT Act, DPDP 2023, GDPR/CCPA compliance, and appears before Adjudicating Officers, district courts, and High Courts in cyber and IPR matters.