The Digital Personal Data Protection Rules, 2025 were notified in the Gazette on 13 November 2025 (G.S.R. 846(E)). Some provisions are already in force, while the core compliance obligations kick in over the next 12–18 months: Rules 1, 2 and 17–21 apply from publication; Rule 4 (Consent Managers’ registration) starts one year after publication; Rules…
13 November 2025 will be remembered as the day India crossed into a new digital era, a Privacy Singularity. For the first time, the rights of the Indian citizen are codified, actionable, and backed by statutory duties on every Data Fiduciary and Processor. This is bigger than compliance. It is a redistribution of digital power….
Introduction One of the rapidly expanding sectors of the digital economy, the online real-money gaming (hereinafter referred to as “RMG”) industry in India has been a matter of a severe legal reckoning in the state of Tamil Nadu. In a landmark case in Play Games 24×7 Private Limited and Ors. v. State of Tamil Nadu…
Most of your employees are using unauthorized AI tools right now. Are you the 67% of organizations with zero visibility? Your Organisation The global AI narrative is fractured. On one side, boards celebrate approved innovation. On the other, an unmanaged crisis of Shadow AI, is silently exposing proprietary data and attracting fierce regulatory scrutiny. The…
Introduction India’s new era of digital accountability has begun with the introduction of Digital Personal Data Protection Act, 2023 (hereinafter referred to as “DPDPA“) which is expected to be implemented in the near future. The legislation establishes a comprehensive framework on the collection, use, storage, and transfer of an individual’s personal data. For some organizations,…
INTRODUCTION In recent years, cloud service providers and telecommunications companies have increasingly become prime targets of cyber-attacks due to the extensive amounts of sensitive data they store and manage. These sectors hold critical customer information, business secrets, and infrastructure details that are highly valued by cybercriminals. The frequency and scale of data breaches in cloud…
INTRODUCTION In the era of digital transformation, multinational corporations increasingly rely on integrated HR platforms, shared service centers, and global cloud-based tools to manage their workforce. India, with its immense and skilled talent pool, frequently serves as a key hub for employment, making the mapping and management of India-based employee data a business and legal…
It’s October 2025, and the Indian digital ecosystem feels like it’s on the edge of its seat. The passing of the much anticipated date of September 28, 2025, for the DPDP Rules, though initially a melody to ears, means the waiting continues as all eyes remain on the door for the final rules to arrive….
INTRODUCTION In today’s interconnected digital economy, organizations collaborate with a complex network of vendors, ranging from IT service providers and cloud platforms to payment processors and outsourced HR and marketing firms. These vendors often handle vast volumes of personal and sensitive data, making vendor due diligence and robust data protection contractual safeguards essential for legal…
Introduction Loyalty programs form the bedrock of customer retention and promotion strategies in Indian retail and e-commerce. They help in understanding and predicting customer behaviour. Loyalty programs also collect and analyze vast troves of personal data. This includes mobile numbers, transaction histories, geolocation, and behaviour insights. The Digital Personal Data Protection Act, 2023 (“DPDPA”), has…
INTRODUCTION The Digital Personal Data Protection (hereinafter referred to as “DPDP”) Act, 2023, represents a landmark statutory framework aimed at safeguarding the privacy of individuals’ digital personal data in India. Enacted on August 11, 2023, and expected to be operationalized in phases by 2025, this is India’s first comprehensive data protection law, superseding previous patchwork…
Introduction In recent years, a new monetization strategy has emerged in digital services: the “consent-or-pay” model. Under this approach, users of a platform are given a binary choice: either agree to pervasive data collection and personalized advertising (consent) or pay a fee for an ad-free experience. One recent example of this model is Meta’s “pay-or-consent”…
INTRODUCTION Consent in healthcare is no longer a matter of routine paperwork. It has become a statutory and governance obligation under India’s Digital Personal Data Protection Act, 2023 (“DPDP Act”), the National Digital Health Mission (“NDHM”), and the oversight of ethical guidelines in medical practice. Hospitals and clinics are data fiduciaries. They carry a direct…
INTRODUCTION India’s e-commerce industry is undergoing rapid and significant expansion. With widespread internet access and the normalisation of digital payments, online retail has evolved from a mere convenience to an essential service. The sector is expected to cross USD 350 billion by 2030, establishing it as a central pillar of the nation’s digital economy. However, this…
INTRODUCTION Artificial Intelligence (“AI“) chatbots are becoming integral to our everyday lives as educational resources and even psychological aides. Their design and conversational mechanisms attract the young and adolescent demographic, who are looking for help and communication in the digital world. The recent lawsuit filed by the parents of a teenager against OpenAI, alleging that…
The Paradigm Shatter: Understanding India’s Negative List Breakthrough Every major data protection framework from GDPR to China’s Cybersecurity Law operates on a restrictive foundation. Likewise, under the Digital Personal Data Protection Act,2023(DPDPA), the data of “Data Principal”( Subject Data in GDPR) cannot cross borders unless specific conditions are met. The European Union’s “adequacy decisions”…
INTRODUCTION In the modern-day economy, data is no longer an afterthought of a business, it has become an invaluable resource. It is the currency that drives commerce, innovation, and consumer confidence. In this regard, the question of where data should reside is polarizing governments, businesses, and consumer trust. The increasing number of cyber threats, evolving…
INTRODUCTION In the digital era, the term data has evolved for businesses spread across various economic sectors. The rise of e-commerce, fintech, and digital startups has led to massive personal data collection, making privacy a central concern. In a landmark step and paramount legislation, Indian legislators have passed the Digital Personal Data Protection Act (hereinafter…
In the case of PhonePe Private Limited v. State of Karnataka & Ors. (W.P. No. 3757 of 2023), (GM-Police), pronounced on 29 April 2025, the Hon’ble Karnataka High Court (“HC”) was confronted with a critical question at the intersection of fintech regulation, privacy, and police investigative powers. BACKGROUND: THE REGULATORY FLASHPOINT PhonePe Private Limited…
INTRODUCTION The digitalization of workplaces has been one of the most profound advancements of the 21st century. As remote work, cloud infrastructure, instant messaging platforms, and employee productivity tools gain popularity, organizations now operate in highly networked environments. While this digitization enhances flexibility and scalability, it has also enabled extensive workplace surveillance. Increasingly, employers are…
Disclaimer & Confirmation
As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
However, the user is advised to confirm the veracity of the same from independent and expert sources.
