Introduction India, a country which has become more and more digitalized over the years, faces critical issues like data security and privacy, especially with such a large population. The security of the data on mobile phones is more crucial than ever since they are becoming an essential part of both our personal and professional lives….
Evidence Based Compliance: The New Currency Under DPDPA The Digital Personal Data Protection Act, 2023 marks a decisive turn in how organisations will be evaluated. The future standard is clear: Compliance will be judged by evidence, not paperwork. Policies, notices, and contracts matter but they no longer determine regulatory outcomes. What matters is the organisation’s…
The Digital Personal Data Protection Act, 2023 (DPDPA) requires organisations that process digital personal data in India to provide a clear, accessible privacy notice before or at the time of collection. The form and manner are set by the Act and will be supplemented by rules under the Act. Earlier government communications indicated that formal…
OLD: Consent is a static checkbox exercise, sufficient for legal ‘satisfaction’. VIBE: Consent is a provable, real-time user journey, where every interaction is logged as irrefutable evidence of informed choice and ongoing intent. OLD: Compliance is an IT department’s operational burden, handled by technical staff. VIBE: Compliance is a C-Suite imperative, where proactive logging of…
How to Align Your Contracts for DPDPA Compliance? The implementation of Digital Personal Data Protection Act, 2023 (DPDPA) requires organisations to adopt structured contractual safeguards with all third-parties who process personal data. Updating contracts is one of the fastest and most effective ways to strengthen compliance and reduce risk exposure. 1. Identify All Data Handling…
Introduction The implementation of the Digital Personal Data Protection (hereinafter referred to as “DPDP”) Act, 2023, will be significantly transforming the landscape of data governance for Indian organizations, with a particular focus on safeguarding personal data in compliance with global standards. For procurement and legal teams, vendor due diligence has emerged as a strategic priority,…
INTRODUCTION The Digital Personal Data Protection (hereinafter referred to as “DPDP”) Act, 2023, marks a transformative shift in how Indian banks manage personal data, particularly within the context of correspondent banking, where cross-border data flows are an operational necessity. Correspondent banking where banks facilitate financial services for other banks, often in different jurisdictions relies heavily…
When I look back at the last three decades of regulatory transitions in India from excise to GST implementation, from IT Act amendments to sectoral cybersecurity standards, then one lesson has remained unchanged: Those who wait for the deadline always lose the advantage. Not legally, but operationally. The DPDPA is no different. On paper, the…
The Digital Personal Data Protection Act, 2023, and its accompanying Rules have fundamentally altered the compliance landscape for India’s healthcare sector. For hospitals, diagnostic centers, and telemedicine platforms processing patient data, the stakes have never been higher. With penalties reaching up to ₹250 crore for serious contraventions and regulatory enforcement now operational, the time for…
INTRODUCTION The price, output, and quality are three primary parameters that competition law has traditionally focused on. The advent of zero price digital services, however, has changed this classical framework. Consumers in the digital economy do not use money to obtain anything, but rather their personal data, which serves as the business model for online…
The Digital Personal Data Protection Rules, 2025 were notified in the Gazette on 13 November 2025 (G.S.R. 846(E)). Some provisions are already in force, while the core compliance obligations kick in over the next 12–18 months: Rules 1, 2 and 17–21 apply from publication; Rule 4 (Consent Managers’ registration) starts one year after publication; Rules…
13 November 2025 will be remembered as the day India crossed into a new digital era, a Privacy Singularity. For the first time, the rights of the Indian citizen are codified, actionable, and backed by statutory duties on every Data Fiduciary and Processor. This is bigger than compliance. It is a redistribution of digital power….
Introduction One of the rapidly expanding sectors of the digital economy, the online real-money gaming (hereinafter referred to as “RMG”) industry in India has been a matter of a severe legal reckoning in the state of Tamil Nadu. In a landmark case in Play Games 24×7 Private Limited and Ors. v. State of Tamil Nadu…
Introduction In today’s digital economy, cross-border data transfers are a key part of global trade. For Indian businesses, this is a day-to-day operational reality, but it is also a trigger for multifaceted challenges because of the range of disparate and often conflicting data protection laws in different countries. The disequilibrium of legal regulations is not…
Introduction India’s new era of digital accountability has begun with the introduction of Digital Personal Data Protection Act, 2023 (hereinafter referred to as “DPDPA“) which is expected to be implemented in the near future. The legislation establishes a comprehensive framework on the collection, use, storage, and transfer of an individual’s personal data. For some organizations,…
INTRODUCTION In recent years, cloud service providers and telecommunications companies have increasingly become prime targets of cyber-attacks due to the extensive amounts of sensitive data they store and manage. These sectors hold critical customer information, business secrets, and infrastructure details that are highly valued by cybercriminals. The frequency and scale of data breaches in cloud…
INTRODUCTION In the era of digital transformation, multinational corporations increasingly rely on integrated HR platforms, shared service centers, and global cloud-based tools to manage their workforce. India, with its immense and skilled talent pool, frequently serves as a key hub for employment, making the mapping and management of India-based employee data a business and legal…
INTRODUCTION In today’s interconnected digital economy, organizations collaborate with a complex network of vendors, ranging from IT service providers and cloud platforms to payment processors and outsourced HR and marketing firms. These vendors often handle vast volumes of personal and sensitive data, making vendor due diligence and robust data protection contractual safeguards essential for legal…
INTRODUCTION In 2025, due to the increasing number of unwanted promotional messages and increasing consumer complaints about data misuse, the Telecom Regulatory Authority of India (hereafter referred to as “TRAI“) and the Reserve Bank of India (hereinafter referred to as “RBI”) established the pilot project, Digital Consent Management (hereinafter referred to as “DCM”). Whereas this…
Introduction Loyalty programs form the bedrock of customer retention and promotion strategies in Indian retail and e-commerce. They help in understanding and predicting customer behaviour. Loyalty programs also collect and analyze vast troves of personal data. This includes mobile numbers, transaction histories, geolocation, and behaviour insights. The Digital Personal Data Protection Act, 2023 (“DPDPA”), has…
INTRODUCTION The Digital Personal Data Protection (hereinafter referred to as “DPDP”) Act, 2023, represents a landmark statutory framework aimed at safeguarding the privacy of individuals’ digital personal data in India. Enacted on August 11, 2023, and expected to be operationalized in phases by 2025, this is India’s first comprehensive data protection law, superseding previous patchwork…
Introduction In an administrative framework, student records once served as an instrument in facilitating and ensuring institutional formalities. In contrast, they have now become a crucial part of institutional governance. Hence, their management and protection under the Digital Personal Data Protection Act (“DPDP Act”), 2023, as well as under the existing framework of the Information…
Introduction In recent years, a new monetization strategy has emerged in digital services: the “consent-or-pay” model. Under this approach, users of a platform are given a binary choice: either agree to pervasive data collection and personalized advertising (consent) or pay a fee for an ad-free experience. One recent example of this model is Meta’s “pay-or-consent”…
INTRODUCTION Consent in healthcare is no longer a matter of routine paperwork. It has become a statutory and governance obligation under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the National Digital Health Mission (“NDHM”), and the oversight of ethical guidelines in medical practice. Hospitals and clinics are data fiduciaries. They carry a direct…
Introduction The rapid integration of the Internet of Things (“IoT”) into India’s manufacturing sector has transformed supply chain operations. IoT-enabled sensors, Radio-Frequency Identification (“RFID”) tags, and connected logistics systems now support real-time inventory management, predictive maintenance, and optimised delivery processes. This digital infrastructure has enhanced efficiency and competitiveness, but it has also introduced significant vulnerabilities…
INTRODUCTION India’s e-commerce industry is undergoing rapid and significant expansion. With widespread internet access and the normalisation of digital payments, online retail has evolved from a mere convenience to an essential service. The sector is expected to cross USD 350 billion by 2030, establishing it as a central pillar of the nation’s digital economy. However, this…
INTRODUCTION Artificial Intelligence (“AI“) chatbots are becoming integral to our everyday lives as educational resources and even psychological aides. Their design and conversational mechanisms attract the young and adolescent demographic, who are looking for help and communication in the digital world. The recent lawsuit filed by the parents of a teenager against OpenAI, alleging that…
The Paradigm Shatter: Understanding India’s Negative List Breakthrough Every major data protection framework from GDPR to China’s Cybersecurity Law operates on a restrictive foundation. Likewise, under the Digital Personal Data Protection Act,2023(DPDPA), the data of “Data Principal”( Subject Data in GDPR) cannot cross borders unless specific conditions are met. The European Union’s “adequacy decisions”…
INTRODUCTION In the modern-day economy, data is no longer an afterthought of a business, it has become an invaluable resource. It is the currency that drives commerce, innovation, and consumer confidence. In this regard, the question of where data should reside is polarizing governments, businesses, and consumer trust. The increasing number of cyber threats, evolving…
INTRODUCTION In the digital era, the term data has evolved for businesses spread across various economic sectors. The rise of e-commerce, fintech, and digital startups has led to massive personal data collection, making privacy a central concern. In a landmark step and paramount legislation, Indian legislators have passed the Digital Personal Data Protection Act (hereinafter…
Disclaimer & Confirmation
As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
However, the user is advised to confirm the veracity of the same from independent and expert sources.