[Answered] Examine how the proliferation of ‘digital breadcrumbs’—from OTPs to food orders—is reshaping modern policing in India. Evaluate the tension between investigative efficiency and the Right to Privacy, in light of the Digital Personal Data Protection (DPDP) Act, 2023.

Introduction

With over 1.2 billion mobile connections and cybercrime cases doubling between 2022–24 (MHA data), India’s policing increasingly relies on digital footprints, raising critical questions of efficiency, legality and privacy.

Digital Breadcrumbs: Meaning and Scope

1. Electronic Residue: OTPs, FASTag logs, delivery app data, e-commerce histories, GPS metadata.
2. Always-On Surveillance Effect: Nearly every transaction creates a data exhaust usable for investigation.
3. From Physical to Data-Driven Policing: Shift from stakeouts to algorithmic triangulation and met adata analysis.

How Digital Breadcrumbs Are Reshaping Policing

1. Enhanced Investigative Efficiency: Faster criminal tracing, BlueChip Group fraud; food delivery data led to arrest after year-long evasion. Network mapping, OTPs and app usage helped unravel ₹5,300-crore GST fraud across states. Movement reconstruction, FASTag toll data tracks vehicular mobility in real time. Cross-Border cybercrime detection, WhatsApp metadata and app logs exposed Malaysia-based fraud syndicates.
2. Evidence-Based Prosecution: Corroborative digital evidence as it supports circumstantial chains under Section 65B of the Indian Evidence Act. Reduced reliance on confessions and limits custodial excesses, aligns with procedural fairness.
3. Regulatory and Institutional Enablers: Telecommunication Cybersecurity Amendment Rules, 2025, introduced Telecommunication Identifier User Entity (TIUE). SIM-to-Device binding, strengthens identity verification, reduces SIM-based anonymity. Platform cooperation, privacy policies permit lawful data sharing with enforcement agencies.
4. Tension with the Right to Privacy: Constitutional Concerns like Puttaswamy Judgment (2017); privacy recognised as a fundamental right under Article 21. Test of proportionality, any intrusion must satisfy legality, necessity, and least-restrictive means.
5. Risks of Overreach: Function creep such as data collected for convenience repurposed for surveillance. Chilling effect, continuous tracking may deter free expression and association. Opacity in data requests, Lack of transparency on volume, scope, and oversight of police data access.

DPDP Act, 2023: Safeguard or Facilitator?

1. Protective Features: Purpose limitation & data minimisation, consent-based processing, data fiduciary accountability and penalties for data breaches.
2. Grey Areas:

• Broad ‘Lawful Purpose’ Exemptions: State agencies exempted for law enforcement and national security.
• Absence of Judicial Pre-Authorization: Executive discretion dominates access mechanisms.
• Weak Independent Oversight: Data Protection Board lacks strong autonomy.

Comparative and Global Perspective

1. EU GDPR: Stronger safeguards, judicial oversight, and transparency reports.
2. US Policing: Courts increasingly scrutinise digital dragnet searches.
3. India’s Challenge: Balancing digital sovereignty with civil liberties in a scale-heavy ecosystem.

Way Forward

1. Judicial Warrant Requirement: For access to granular personal data.
2. Clear Data Retention Limits.
3. Transparency Reports by Platforms.
4. Capacity Building in Cyber Forensics.
5. Privacy-by-Design Policing Framework.

Conclusion

As Justice D.Y. Chandrachud warned, technology must empower, not enslave citizens. Digital breadcrumbs can strengthen policing, but only a rights-based, proportionate framework can preserve India’s constitutional soul.