Data Privacy

Privacy Compliance for School and University Student Records: From Collection to Expunction

September 25, 2025

Introduction In an administrative framework, student records once served as an instrument in facilitating and ensuring institutional formalities. In contrast, they have now become a crucial part of institutional governance. Hence, their management and protection under the Digital Personal Data Protection Act (“DPDP Act”), 2023, as well as under the existing framework of the Information…

Consent-Or-Pay Model: Choice Or Coercion?

September 24, 2025

Introduction In recent years, a new monetization strategy has emerged in digital services: the “consent-or-pay” model. Under this approach, users of a platform are given a binary choice: either agree to pervasive data collection and personalized advertising (consent) or pay a fee for an ad-free experience. One recent example of this model is Meta’s “pay-or-consent”…

Building Audit-Ready Consent Systems for Healthcare

September 23, 2025

INTRODUCTION Consent in healthcare is no longer a matter of routine paperwork. It has become a statutory and governance obligation under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the National Digital Health Mission (“NDHM”), and the oversight of ethical guidelines in medical practice. Hospitals and clinics are data fiduciaries. They carry a direct…

Data Privacy Safeguards for Manufacturing Sector Post-DPDPA

September 17, 2025

Introduction The rapid integration of the Internet of Things (“IoT”) into India’s manufacturing sector has transformed supply chain operations. IoT-enabled sensors, Radio-Frequency Identification (“RFID”) tags, and connected logistics systems now support real-time inventory management, predictive maintenance, and optimised delivery processes. This digital infrastructure has enhanced efficiency and competitiveness, but it has also introduced significant vulnerabilities…

E- Commerce’s Privacy Hurdles: From Fraud to Trust Deficit

September 16, 2025

INTRODUCTION India’s e-commerce industry is undergoing rapid and significant expansion. With widespread internet access and the normalisation of digital payments, online retail has evolved from a mere convenience to an essential service. The sector is expected to cross USD 350 billion by 2030, establishing it as a central pillar of the nation’s digital economy. However, this…

AI and Child Protection: Addressing the Privacy Risks

September 3, 2025

INTRODUCTION Artificial Intelligence (“AI“) chatbots are becoming integral to our everyday lives as educational resources and even psychological aides. Their design and conversational mechanisms attract the young and adolescent demographic, who are looking for help and communication in the digital world. The recent lawsuit filed by the parents of a teenager against OpenAI, alleging that…

The “Negative List” Revolution: How India Turned Global Data Protection Logic Upside Down

September 2, 2025

The Paradigm Shatter: Understanding India’s Negative List Breakthrough Every major data protection framework from GDPR to China’s Cybersecurity Law operates on a restrictive foundation. Likewise, under the Digital Personal Data Protection Act,2023(DPDPA), the data of “Data Principal”( Subject Data in GDPR) cannot cross borders unless specific conditions are met. The European Union’s “adequacy decisions”…

Privacy & Data Localization: Impact On MNCs and Cloud Services

August 27, 2025

INTRODUCTION In the modern-day economy, data is no longer an afterthought of a business, it has become an invaluable resource. It is the currency that drives commerce, innovation, and consumer confidence. In this regard, the question of where data should reside is polarizing governments, businesses, and consumer trust. The increasing number of cyber threats, evolving…

DPDP Act: Challenges and Business Impact for SMEs and Startups

August 20, 2025

INTRODUCTION In the digital era, the term data has evolved for businesses spread across various economic sectors. The rise of e-commerce, fintech, and digital startups has led to massive personal data collection, making privacy a central concern. In a landmark step and paramount legislation, Indian legislators have passed the Digital Personal Data Protection Act (hereinafter…

PhonePe Ruling: Data Privacy Boundaries in Fintech

August 13, 2025

In the case of PhonePe Private Limited v. State of Karnataka & Ors. (W.P. No. 3757 of 2023), (GM-Police), pronounced on 29 April 2025, the Hon’ble Karnataka High Court (“HC”) was confronted with a critical question at the intersection of fintech regulation, privacy, and police investigative powers. BACKGROUND: THE REGULATORY FLASHPOINT PhonePe Private Limited…

Consent At Scale: How FinTechs Can Survive DPDP Act’s Per Transaction Requirement

August 8, 2025

Introduction The Digital Personal Data Protection Act (hereinafter referred to as the “DPDPA” or “the Act”) 2023, alters how India looks at data privacy and compliance frameworks. One of the most talked about provisions of the Act is per-transaction, or granular, consent, which requires that a user must provide explicit consent for each and every…

Workplace Surveillance in a Digital Age

August 6, 2025

INTRODUCTION The digitalization of workplaces has been one of the most profound advancements of the 21st century. As remote work, cloud infrastructure, instant messaging platforms, and employee productivity tools gain popularity, organizations now operate in highly networked environments. While this digitization enhances flexibility and scalability, it has also enabled extensive workplace surveillance. Increasingly, employers are…

The Cost of a Data Breach: A Wake-Up Call for Businesses – IBM Report 2025

August 5, 2025

As legal professionals, we are often at the forefront of advising businesses on risk mitigation, compliance, and crisis management. The latest IBM Cost of a Data Breach Report 2025 has revealed alarming trends that demand immediate attention from organizations across industries. These findings are not just numbers, but they are a stark reminder of the…

Are ‘Record of Processing Activities’ Mandatory for Indian Companies?

July 30, 2025

INTRODUCTION As data privacy regulations tighten across the globe, businesses are under growing pressure to keep clear, organized records of how they handle personal data. One such tool widely used internationally is the ‘Record of Processing Activities’, commonly referred to as ROPA. Mandated under the European Union’s (hereinafter referred to as “EU”) General Data Protection…