The Madhya Pradesh High Court has directed a petitioner challenging Instagram’s decision to discontinue end-to-end encryption to first approach the Data Protection Board of India, noting that the statutory body under the Digital Personal Data Protection Act, 2023, must hear the matter before the court intervenes.
The core legal issue concerns a Public Interest Litigation (PIL) challenging a notification by Meta-owned Instagram, which states that end-to-end encrypted messaging will no longer be supported after May 8, 2026. The petitioner contends that this policy change violates the fundamental right to privacy under Article 21 of the Constitution of India. However, the High Court was tasked with deciding whether the petitioner must first exhaust the alternative remedy available under the newly enacted Digital Personal Data Protection (DPDP) Act, 2023.
The petition was filed by Parth Sharma, a local lawyer based in Indore. The challenge is directed at a specific Instagram notification informing users: “End-to-end encrypted messaging on Instagram will no longer be supported after May 8, 2026.”
Instagram, an American social networking service owned by Meta Platforms, currently provides encryption that ensures only the sender and recipient can read messages. The petitioner moved the High Court seeking to prevent the discontinuation of this security feature, arguing it is essential for protecting the privacy of citizens.
Petitioner’s Submissions: The petitioner argued that removing end-to-end encryption is a direct infringement on the right to privacy. He submitted that without encryption, private communications are vulnerable to surveillance and unauthorized access, thus violating the protections guaranteed under Article 21 of the Constitution.
Respondent’s (Union of India) Submissions: Appearing for the Centre, Additional Solicitor General Sunil Kumar Jain raised a preliminary objection regarding the maintainability of the petition. He stated, “The present petition does not fall within the scope of PIL.”
Furthermore, the Additional Solicitor General submitted that the petitioner had bypassed the statutory mechanism established by the Parliament. He argued that the petition was filed without first approaching the Data Protection Board of India, which is the specialized authority constituted under the Digital Personal Data Protection Act, 2023.
A division bench comprising Justice Vijay Kumar Shukla and Justice Alok Awasthi at the Indore bench considered the submissions regarding the statutory framework. The court focused on Section 18 of the Digital Personal Data Protection Act, 2023, which provides for the establishment of the Data Protection Board to handle grievances related to data protection and privacy.
The bench observed that since a dedicated statutory board exists to deal with such matters, the petitioner must follow the prescribed legal procedure before seeking extraordinary relief from the High Court.
Without addressing the merits of the petitioner’s arguments regarding the right to privacy, the High Court directed the petitioner to approach the Data Protection Board.
The court’s order stated:
“Considering the aforesaid submissions of senior counsel for the respondent No.1, without adverting to the other contentions of the petitioner, we direct the petitioner to approach the Board constituted under Section 18 of the Act of 2023, within a period of seven days from today.”
The court further mandated a strict timeline for the Board’s decision, given the May 8 deadline:
“If such a representation is filed, the Board shall take a decision, in accordance with law by passing a reasoned and speaking order, after affording opportunity of hearing to the petitioner within the next 15 days before May 6, 2026.”
The petitioner has been directed to file the Board’s final decision before the High Court. The matter has been posted for a further hearing on May 6, 2026.
