📜 Definition of "Service" Under CPA 2019
Section 2(42) — "Service"
Service means service of any description which is made available to potential users and includes, but not limited to, the provision of facilities in connection with banking, financing, insurance, transport, processing, supply of electrical or other energy, telecom, boarding or lodging or both, housing construction, entertainment, amusement or the purveying of news or other information.
Key Inclusions for Cyber Context
- Banking: Internet banking, mobile banking, UPI, ATM services
- Financing: FinTech lending, digital loans, BNPL services
- Telecom: Internet services, broadband, mobile data
- Information: Online news, streaming, digital content delivery
🏦 Digital Banking as "Service"
| Digital Service | Consumer Protection Angle |
|---|---|
| Internet Banking | Security of login, unauthorized access protection |
| Mobile Banking App | App security, transaction protection |
| UPI Services | Fraud prevention, reversal mechanisms |
| ATM Services | Skimming protection, timely card blocking |
| Debit/Credit Cards | Fraud protection, chargeback processing |
Hare Ram Singh v. RBI & SBI
Delhi HC, November 2024
Bank's failure to detect unusual login, prevent 2FA breach, and initiate chargeback = "deficiency in service". SBI directed to compensate ₹2.6 Lakhs.
📱 Online Platforms as Service Providers
EdTech Platforms
Manu Solanki v. Vinayak Mission University
NCDRC
Coaching classes and online learning platforms are "service providers" under CPA — NOT educational institutions. EdTech subject to consumer jurisdiction.
What Qualifies as Service?
- E-commerce marketplaces facilitating transactions
- OTT platforms (entertainment services)
- Cloud storage providers
- SaaS applications
- Online gaming platforms
🔐 Data Security as Service Obligation
ShopEase Data Breach Case
Delhi District Commission, 2023
Data leak = "deficiency in service" under Section 2(11). ₹30,000 compensation per affected consumer. First recognition of data breach as consumer law violation.
⚠️ Section 2(47)(ix) — Privacy Violations
"Disclosure of personal information given in confidence" is explicitly an unfair trade practice. Data breaches actionable both as deficiency AND unfair trade practice.
📡 Telecom & ISP Services
Internet Service Providers fall squarely under "telecom" in Section 2(42):
- Broadband connectivity quality
- Promised vs actual speeds
- Network downtime
- Billing disputes
- Wrongful disconnection
Reliance Jio — Chandigarh Case
District Commission, 2024
Installing wireless instead of promised fiber-optic connection = deficiency in service and unfair trade practice. Compensation awarded.
⚖️ What is "Deficiency"? (Section 2(11))
Section 2(11) — Deficiency
Any fault, imperfection, shortcoming or inadequacy in the quality, nature and manner of performance which is required to be maintained by or under any law for the time being in force or has been undertaken to be performed by a person in pursuance of a contract or otherwise in relation to any service.
Cyber Deficiency Examples
| Cyber Issue | How It's "Deficiency" |
|---|---|
| Bank fraud due to security lapse | Shortcoming in security obligation |
| Data breach exposing user info | Inadequacy in data protection |
| Platform downtime causing loss | Fault in service delivery |
| Failure to block stolen card promptly | Imperfection in response system |
| Non-delivery of digital product | Non-performance of contract |
| EdTech not providing promised course | Shortcoming in educational service |
✅ Establishing Deficiency — Checklist
Elements to Prove
- Consumer Relationship: You availed service for consideration
- Service Standard: Expected standard (contractual or statutory)
- Shortfall: Actual performance fell short of standard
- Causation: Deficiency caused loss/harm
- Damages: Quantifiable harm suffered
Evidence for Cyber Deficiency
- Bank statements showing unauthorized transactions
- Screenshots of platform promises vs delivery
- Communication records with customer care
- FIR/complaint copies
- RBI guidelines showing bank obligation
- Terms of service breached
📝 Part 9.3 Quiz
Q1: "Deficiency" under Section 2(11) means:
Q2: EdTech platforms are subject to consumer jurisdiction because:
Q3: Data breach by platform is recognized as:
Q4: In ShopEase data breach case, compensation awarded was:
Q5: Which case established coaching classes are "services"?
Q6: Section 2(42) phrase "service of any description" creates:
Q7: To prove deficiency, consumer must show:
Q8: ISP falls under which category in Section 2(42)?
Q9: OTT platforms (Netflix, Hotstar) fall under:
Q10: Data security obligation is now considered: