Data Privacy - Part 2

The “Negative List” Revolution: How India Turned Global Data Protection Logic Upside Down

2025-09-02

The Paradigm Shatter: Understanding India’s Negative List Breakthrough Every major data protection framework from GDPR to China’s Cybersecurity Law operates on a restrictive foundation. Likewise, under the Digital Personal Data Protection Act,2023(DPDPA), the data of “Data Principal”( Subject Data in GDPR) cannot cross borders unless specific conditions are met. The European Union’s “adequacy decisions”…

Privacy & Data Localization: Impact On MNCs and Cloud Services

2025-08-27

INTRODUCTION In the modern-day economy, data is no longer an afterthought of a business, it has become an invaluable resource. It is the currency that drives commerce, innovation, and consumer confidence. In this regard, the question of where data should reside is polarizing governments, businesses, and consumer trust. The increasing number of cyber threats, evolving…

DPDP Act: Challenges and Business Impact for SMEs and Startups

2025-08-20

INTRODUCTION In the digital era, the term data has evolved for businesses spread across various economic sectors. The rise of e-commerce, fintech, and digital startups has led to massive personal data collection, making privacy a central concern. In a landmark step and paramount legislation, Indian legislators have passed the Digital Personal Data Protection Act (hereinafter…

PhonePe Ruling: Data Privacy Boundaries in Fintech

2025-08-13

In the case of PhonePe Private Limited v. State of Karnataka & Ors. (W.P. No. 3757 of 2023), (GM-Police), pronounced on 29 April 2025, the Hon’ble Karnataka High Court (“HC”) was confronted with a critical question at the intersection of fintech regulation, privacy, and police investigative powers. BACKGROUND: THE REGULATORY FLASHPOINT PhonePe Private Limited…

Consent At Scale: How FinTechs Can Survive DPDP Act’s Per Transaction Requirement

2025-08-08

Introduction The Digital Personal Data Protection Act (hereinafter referred to as the “DPDPA” or “the Act”) 2023, alters how India looks at data privacy and compliance frameworks. One of the most talked about provisions of the Act is per-transaction, or granular, consent, which requires that a user must provide explicit consent for each and every…

Workplace Surveillance in a Digital Age

2025-08-06

INTRODUCTION The digitalization of workplaces has been one of the most profound advancements of the 21st century. As remote work, cloud infrastructure, instant messaging platforms, and employee productivity tools gain popularity, organizations now operate in highly networked environments. While this digitization enhances flexibility and scalability, it has also enabled extensive workplace surveillance. Increasingly, employers are…

The Cost of a Data Breach: A Wake-Up Call for Businesses – IBM Report 2025

2025-08-05

As legal professionals, we are often at the forefront of advising businesses on risk mitigation, compliance, and crisis management. The latest IBM Cost of a Data Breach Report 2025 has revealed alarming trends that demand immediate attention from organizations across industries. These findings are not just numbers, but they are a stark reminder of the…

Are ‘Record of Processing Activities’ Mandatory for Indian Companies?

2025-07-30

INTRODUCTION As data privacy regulations tighten across the globe, businesses are under growing pressure to keep clear, organized records of how they handle personal data. One such tool widely used internationally is the ‘Record of Processing Activities’, commonly referred to as ROPA. Mandated under the European Union’s (hereinafter referred to as “EU”) General Data Protection…