Data Protection

Guide to Privacy for Web, App & HR under DPDPA

2025-12-01

The Digital Personal Data Protection Act, 2023 (DPDPA) requires organisations that process digital personal data in India to provide a clear, accessible privacy notice before or at the time of collection. The form and manner are set by the Act and will be supplemented by rules under the Act. Earlier government communications indicated that formal…

Privacy as a “Non-Price Factor” – Decoding the NCLAT’s Findings in the WhatsApp Case

2025-11-19

INTRODUCTION The price, output, and quality are three primary parameters that competition law has traditionally focused on. The advent of zero price digital services, however, has changed this classical framework. Consumers in the digital economy do not use money to obtain anything, but rather their personal data, which serves as the business model for online…

DPDP Rules Notified – Immediate Actions

2025-11-19

The Digital Personal Data Protection Rules, 2025 were notified in the Gazette on 13 November 2025 (G.S.R. 846(E)). Some provisions are already in force, while the core compliance obligations kick in over the next 12–18 months: Rules 1, 2 and 17–21 apply from publication; Rule 4 (Consent Managers’ registration) starts one year after publication; Rules…