The legal framework surrounding fair comment, influence-peddling, defamation and fraud in social media interactions is still evolving. As always, those exploiting social media’s vast reach for business gains are ahead of regulators tasked with preventing abuse. The situation is further complicated by artificial intelligence (AI), as its role in distorting information remains unclear, along with the long-term consequences of machine learning through data aggregation.
A few weeks ago, the Securities & Exchange Board of India (SEBI), once again, wrote to the government seeking powers to access call and message data records through digital platforms and social media chats on platforms, such as WhatsApp and Telegram, to aid its investigation of market abuse and unauthorised financial advice. While enforcement and tax agencies already possess such powers, financial regulators do not.
According to a Reutersreport, SEBI has sought powers to "take down any messages, information, links and groups on social media channels if the content violated the securities regulations.” However, social media companies often deny SEBI’s requests for information, citing compliance with the Information Technology Act, 2000 (IT Act), or technical limitations due to end-to-end encryption. This means SEBI can access metadata—such as who contacted whom and when—but not the actual content of calls or messages, making it difficult to establish fraudulent activity. Nonetheless, SEBI has previously obtained WhatsApp messages from individuals under investigation, as evidenced in the Ketan Parekh case earlier this year (Front-running, Dabba Trades & Angadias: Ketan Parekh’s New Scam Exposes Systemic Weaknesses).
SEBI’s Demand for Access
According to Reuters, neither the US nor European regulators have direct authority to remove social media posts, but they can penalise individuals for fraud or misleading advertising. Is SEBI’s demand for access justified, given the lucrative nature of fake WhatsApp and Telegram groups, fraudulent financial trainers and deceptive influencers?
SEBI has been lobbying for access to call data records (CDRs) and the power to intercept/ tap calls, for over a decade. It first sought access to CDRs in 2012, when it was promised access on a case-by-case basis (Read: Steps to protect investors against stock crash soon: SEBI).
In 2014 (and earlier through the 2013 ordinance), an amendment to the SEBI Act gave it powers to access CDRs relevant to its investigations, but strictly in accordance with the checks & balances prescribed by law and not for fishing inquiries or call interception, based on pure suspicion.
In 2018, based on the recommendation of the high-powered committee on fair market conduct, SEBI again sought powers to intercept calls and electronic records. After initially considering its request positively, the government decided that SEBI would not be allowed to tap phones but will be given access to CDRs through authorised agencies under the Indian Telegraph Act (Read: SEBI to get call data records in specific cases: Chidambaram)
In 2022 and again in 2024, SEBI renewed its demand to access encrypted messages and calls, particularly to combat fraudulent financial influencers (finfluencers) since (https://www.reuters.com/world/india/indias-sebi-seeks-greater-access-social-media-records-say-source-memo-2025-02-13/) social media platforms offer complete privacy to fraudsters. However, legal frameworks still restrict SEBI from seeking information through specific channels, governed by the privacy protections of the IT Act.
The Scale of the Problem
The scale of financial fraud is, indeed, significant. So, SEBI’s demand for access to call records and social media data appears valid and necessary to combat unregistered financial advisers and influencers. It has already taken steps to curb finfluencers by framing rules barring unauthorised individuals from offering stock tips or making misleading claims. Violators face penalties, debarment and suspension. Registered investment advisers must now report their social media activities biannually and SEBI has begun monitoring social media and launched a crackdown in specific cases, based on investor complaints.
For instance, in February this year, SEBI impounded as much as Rs53.67 crore of the Rs104 crore earned through alleged illegal investment advisory services run by Asmita Jitesh Patel, who ran the much-hyped Asmita Patel Global School of Trading Pvt Ltd. Its success owed to the fact that it was offering buy-sell recommendations via Telegram channels under the guise of running training programmes. In December, it called a halt to the influence-peddling of Nasiruddin Ansari who went under the name Baap of Chart.
Global Context
But the problem is not unique to India. A recent study, by www.zerobounce.net, of online fraud around the world showed that the US is worst affected by online fraud. Even rich but tiny countries such as Ireland, France, Malta and Austria report very high online fraud rates and losses. Consequently, regulators worldwide are tightening oversight. And yet, none of the top regulators has real-time, unrestricted access to call data or private social media groups. They must adhere to privacy laws and due process to prevent regulatory overreach and safeguard individual rights.
The US Securities Exchange Commission (SEC) has no direct access to CDRs but it can issue civil investigative demands (CIDs) requesting communication records for specific investigations through legal process. However, it requires basic evidence of wrongdoing before it can seek access to private messages or group chats. In 2022, SEC charged eight influencers in a US$114mn (million) pump-and-dump scheme that had used platforms such as Twitter (now X) and Discord. Initial evidence came from public posts after which private messages were accessed through a legal process; but it has no real-time access.
The Financial Conduct Authority (FCA) of the United Kingdom (UK) can access data under the Financial Services and Markets Act 2000 but only in case of a specific probe with adequate justification and a court order to ensure that privacy rights of individuals are balanced with the need for enforcement powers to ensure investor protection. FCA scrapes public posts on social media to monitor activity that raises red flags. It initiated 20,000 actions on misleading financial promotions in 2024.
European Securities and Markets Authority (ESMA) has no direct enforcement powers or authority to access call data or social media directly; it can only operate through national regulators of individual countries. It has still cracked down on misleading statements by financial advisers leading to increased financial penalties.
Clearly, no regulator has automatic, real-time access to call data or private social media groups. They have to rely on their investigative powers and work under court orders, with privacy laws keeping them on a leash. Such legal safeguards are necessary to prevent excessive or random intrusion by regulators into individual privacy and abuse of powers.
While SEBI’s demand appears justified, given the scale of financial frauds, it must align with global best practices. Instead of seeking blanket access, SEBI should enhance its AI-driven monitoring tools to identify red flags on social media. Metadata analysis—identifying patterns in communication—can still provide crucial leads for investigations without directly accessing private content.
Ultimately, regulatory authorities must strike a balance between investor protection and privacy rights. SEBI's approach must evolve with technological advancements and legal frameworks to ensure effective oversight without infringing on fundamental freedoms.
It is Tuhin Kanta Pandey’s first day as chairman of the Securities & Exchange Board of India (SEBI) as I write this column and he is already facing a storm. His predecessor, Madhabi Puri Buch, and three whole-time members (WTMs) are...
This is not a Valentine Day gift that depositors of New India Cooperative Bank (NICB), founded by the late firebrand socialist leader and later defence minister, George Fernandes, had expected. On 14th February, they found themselves...
When aiming to protect investors by eliminating fraudsters, what approach should one take? Should the focus be on pursuing the crooks, or imposing additional regulations and tracking requirements on legal, registered intermediaries...
After staunchly defending Madhabi Puri Buch, chairperson of the Securities & Exchange Board of India (SEBI), to the extent that its board and the finance ministry refused to even examine charges against her or call for an explanation,...
Fiercely independent and pro-consumer information on personal finance.
1-year online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
30-day online access to the magazine articles published during the subscription period.
Access is given for all articles published during the week (starting Monday) your subscription starts. For example, if you subscribe on Wednesday, you will have access to articles uploaded from Monday of that week.
This means access to other articles (outside the subscription period) are not included.
Articles outside the subscription period can be bought separately for a small price per article.
Fiercely independent and pro-consumer information on personal finance.
Complete access to Moneylife archives since inception ( till the date of your subscription )
