Legal Requirements for Running a Medical Crowdfunding Platform in India

by

Adv Sudhir Rao
in
Legal Requirements for Running a Medical Crowdfunding Platform in India

If you are stuck in such a situation, here is what to do.

Mr. Sameer, an entrepreneur from Pune, decided to launch a noble initiative called “CareFund Connect.” It is a web-based platform designed to help people within his professional community raise funds for medical emergencies. To ensure transparency and legitimacy, he collects various details from the beneficiaries, including their full name, contact number, a description of their medical condition, hospital bills, and copies of any insurance policies. The platform facilitates direct, peer-to-peer (P2P) transactions between the donor and the beneficiary through a registered payment gateway, “QuickWallet,” ensuring that no money enters CareFund Connect’s business account.

Mr. Sameer has registered CareFund Connect as a partnership firm and has obtained a business bank account and a PAN card. However, he is now concerned about the legalities of his operation. He is unsure if he needs special approvals to collect such sensitive personal and medical data and is questioning the overall compliance requirements for running such a platform in India.

Advice in such cases

Operating a crowdfunding platform, especially for medical purposes, involves navigating a complex web of legal obligations related to data privacy, intermediary liability, and financial regulations. Here is some essential advice:

  • Data Privacy is Paramount: Under the Digital Personal Data Protection Act, 2023 (DPDP Act), you are collecting both Personal Data (name, phone number) and Sensitive Personal Data (medical condition, bills, insurance). You must obtain explicit, clear, and informed consent from every user before collecting their data. This consent must specify exactly what data you are collecting and for what purpose.
  • Create Iron-Clad Policies: You must have a comprehensive and easily accessible Privacy Policy and Terms of Service. These documents should be drafted by a legal professional and should clearly outline what information is collected, how it is used, stored, and protected, and with whom it might be shared (like the payment gateway).
  • Intermediary Due Diligence: Your platform is considered an “intermediary” under the Information Technology Act, 2000. To retain “safe harbour” protection (which shields you from liability for user-generated content), you must comply with the IT Rules, 2021. This includes publishing rules and regulations, a privacy policy, a user agreement, and having a grievance redressal mechanism.
  • Robust Verification Process: To prevent fraud and build trust, establish a stringent and transparent process for verifying the authenticity of each fundraising request. Document this process and apply it consistently. This is your primary defence against allegations of negligence or complicity in fraudulent activities.
  • Financial Compliance: Even though funds are transferred P2P, your platform facilitates the transactions. Ensure your agreement with the payment gateway (“QuickWallet”) is compliant with all Reserve Bank of India (RBI) guidelines and that you have measures in place to prevent money laundering.

Applicable Sections of Law

Several laws are pertinent to operating a crowdfunding platform in India:

  • The Digital Personal Data Protection Act, 2023: This is the primary legislation governing the collection, processing, and storage of personal data. It mandates obtaining user consent and imposes significant penalties for non-compliance.
  • The Information Technology Act, 2000: Particularly Section 79, which provides a “safe harbour” for intermediaries, and the associated Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, which outline the due diligence requirements.
  • The Indian Contract Act, 1872: Your Terms of Service and any agreement between the user and the platform are legally binding contracts governed by this Act.
  • The Bharatiya Nyaya Sanhita, 2023 (BNS): Provisions related to cheating (Section 316) and fraud could be invoked if a campaign on your platform is found to be deceptive.
  • The Payment and Settlement Systems Act, 2007: Regulates the operations of payment gateways and other financial intermediaries involved in the transaction process.

If you are the complainant

If you are the platform owner facing legal questions or potential disputes, here is how you should proceed:

  • Organize Your Documentation: Keep meticulous records of your firm’s registration, PAN, bank account details, user agreements, and every consent form obtained from users.
  • Strengthen Your Policies: Immediately engage a lawyer to review and fortify your Terms of Service, Privacy Policy, and internal verification protocols.
  • Maintain a Grievance Redressal System: Ensure you have a clearly defined process for users to report grievances, as required under the IT Rules, and that you respond to them promptly.
  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think.
Legal Requirements for Running a Medical Crowdfunding Platform in India

If you are the victim

If you are a donor who has been defrauded or a beneficiary whose data has been misused by such a platform, you have recourse:

  • File a Grievance with the Platform: Your first step should be to use the platform’s official grievance redressal channel. Document all communication.
  • Report Data Misuse: If your personal data has been used without your consent or for purposes other than what you agreed to, you can file a complaint with the Data Protection Board of India (once it is operational under the DPDP Act).
  • File a Police Complaint: For cases of fraud or cheating, you can file a First Information Report (FIR) at your local police station, which can initiate a criminal investigation.
  • Consult with Lawyer: The very basic and important step to start is talk to Lawyer / advocate. You should not hesitate in paying his consultation fee i.e. might be in range of Rs. 10,000 to 50,000 depends case to case. He is helping you in this situation of come out. He is expert in the domain and can help you explain the procedure which you might have never explored. A good lawyer can get the issues resolved much faster than you think.

How the police behave in such cases

Police intervention usually occurs in response to allegations of criminal activity, such as fraud, rather than for regulatory compliance checks. If a donor files a complaint alleging that a fundraising campaign was fake, the police will investigate the platform’s role. They will examine whether the platform owners exercised due diligence or were negligent. The investigation will involve seizing records, including the beneficiary’s verification documents, communication logs between the platform and users, and transaction data from the payment gateway. The focus will be on establishing criminal intent under relevant sections of the Bharatiya Nyaya Sanhita, 2023, such as cheating.

FAQs people normally have

Legal Requirements for Running a Medical Crowdfunding Platform in India

What evidence is required?

The evidence required depends on your position:

  • For the Platform Owner: You will need your business registration certificates, PAN, bank records, legally vetted user agreements and privacy policies, digital or physical proof of consent from every user, and detailed records of the verification checks performed for each campaign.
  • For a Victim/User: You should gather screenshots of the fundraising campaign, receipts of your donation, all email or message correspondence with the platform, and any evidence you have that the campaign was fraudulent (e.g., information contradicting the medical claim).

How long will the investigation take?

A police investigation into fraud on a digital platform can be complex. Under the Bharatiya Nagarik Suraksha Sanhita, 2023 (BNSS), the police are required to complete their investigation and file a final report (chargesheet or closure report) in a time-bound manner. However, collecting digital evidence from payment gateways, verifying medical records from hospitals, and recording statements from multiple parties can extend the timeline. For complex cases, it can take several months to over a year to complete the investigation and bring the matter before a court.

Advocate Sudhir Rao, Supreme Court of India

Rate this post