The European Court of Justice (“CJEU”) in mid-2023 passed a landmark judgment in Meta Platforms Inc. v. Bundeskartellamt[1], by imposing strict restrictions on social media entities using personal data of consumer’s for targeting them with personalised advertisements through their platforms. This ruling struck at the core revenue model of many big technology organisations.
Continue Reading The Great Reset: What Lies in Store for Targeted Advertising?
Indian regulators in recent times have shown a keen interest in monitoring the intersection between data, information technology, and cybersecurity with regulated entities—more so in relation to Non-Banking Financial Companies (“NBFCs”) and ‘fintechs’. With the expected enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and the promulgation of its rules, it becomes imperative for NBFCs and fintechs to map their journey of compliance from legal and regulatory perspectives.
Continue Reading FIG Paper (No. 34 – Data Law Series 5) Balancing Sectoral Regulation and DPDP Act Compliance by NBFCs & Fintechs![FIG Paper No. [29], Data Law Series [3]: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India](https://corporate.cyrilamarchandblogs.com/wp-content/uploads/sites/857/2024/01/Blog-Image-8-655x374.png)
The Digital Personal Data Protection Act, 2023 (“DPDP Act”) is India’s foray into the global regulatory movement on personal data rights. In designing the DPDP Act, there has been a strong focus on simplicity, brevity, and standardisation. We note a marked effort to align with data regulation across the world, most significantly, the European Union’s General Data Protection Regulation (“GDPR”). While principally similar, the Indian regime has peculiarities for which financial services entities will have to prepare themselves.
Continue Reading FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India
Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.
Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws
On September 14, 2023, the Insurance Regulatory and Development Authority of India (“IRDAI”) set up an inter-disciplinary standing committee on cyber security, tasked with regularly reviewing the threats inherent in the existing or emerging technologies and suggest appropriate changes to the IRDAI Information and Cyber Security framework to further strengthen the insurance industry’s cyber security posture and resilience.[1] This is in furtherance to the IRDAI having notified the Information and Cyber Security Guidelines on April 24, 2023 (“CS Guidelines 2023”).
Continue Reading Primer on IRDAI Information and Cyber Security Guidelines 2023
In the current landscape, Indian banks are bound by data protection obligations under the provisions and rules of the Information Technology Act, 2000, the Prevention of Money Laundering Act, 2002 and relevant directives of the Reserve Bank of India (“RBI”). As we await the enforcement of the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the publishing of its rules (“DPDP Rules”), there will be a paradigm shift in the data processing protocols of banks amongst other financial entities.
Continue Reading FIG Paper No. 28, Data Law Series 2: Implications of Digital Personal Data Protection Act, 2023 on Indian Banks
The Reserve Bank of India (“RBI”) has allowed certain non-banks to operate in the financial ecosystem for payment processing under the Payment and Settlement Systems Act, 2007 (“PSS Act”), in addition to banks. These non-banks are typically operate Cross Border Money Transfer (“MTSS”); Prepaid Payment Instruments (“PPI”); Bharat Bill Payment Operating Units (“BBPOU”); White Label ATM Operators (“WLAO”), etc.
Continue Reading FIG Paper (No. 27 – Data Law Series 1): Implications of Digital Personal Data Protection Act, 2023, on Payment Service Providers
On August 11, 2023, India’s long-awaited general personal data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) was finally enacted.
Governing the world’s fifth largest economy and one of its fastest growing digital markets, the DPDPA will be of importance to a large number of international businesses that operate in India, rely on Indian service providers/group service companies for their operations, or are looking to enter Indian markets.
Continue Reading India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?
The new draft guidelines titled ‘Guidelines for Prevention and Regulation of Dark Patterns, 2023’[1] (“Draft Dark Pattern Guidelines”), released by the Department of Consumer Affairs in September 2023, define dark patterns as “any practices or deceptive design patterns using UI/UX (user interface/user experience) interactions on any platform; designed to mislead or trick users to do something they originally did not intend or want to do; by subverting or impairing the consumer autonomy, decision making or choice; amounting to misleading advertisement or unfair trade practice or violation of consumer rights”.
Continue Reading FIG Paper (No. 25 – Series 2): Shedding Light on Dark Patterns in FinTech: Impact of DPDP Act