Listen to this post
Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.

Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws
Listen to this post
INDIA SEMICONDUCTOR MOMENT

The Indian semiconductor market is expected to reach USD 55 billion by 2026, more than 60% of which is driven by three industries: smartphones & wearables, automotive components, and computing & data storage.[1] Currently, majority of the demand in the Indian semiconductor market is met by imports. In order to reduce the dependency on imports of semiconductors and to fill the semiconductor supply chain gap caused due to COVID-19 and the strained relations between United States and China, the Government of India has approved the Semicon India Programme with an initial financial outlay of INR 76,000 crore (USD 9.13 billion approx.) for the development of a sustainable semiconductor and display ecosystem in India.[2] While inaugurating the Semicon India 2023, a national-level conference focusing on the semiconductor industry, in Gandhinagar, Gujarat,  PM Modi said that India is becoming a grand conductor for investments in the semiconductor sector.[3]

Continue Reading India’s Semiconductor Moment
Listen to this post
India's New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?

On August 11, 2023, India’s long-awaited general personal data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) was finally enacted.

Governing the world’s fifth largest economy and one of its fastest growing digital markets, the DPDPA will be of importance to a large number of international businesses that operate in India, rely on Indian service providers/group service companies for their operations, or are looking to enter Indian markets.

Continue Reading India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?
Listen to this post
A Fine Balance:
The DPDA and Data Localization

On November 18, 2022, when the Ministry of Electronics and Information Technology (“MEITY”) tabled an entirely new draft Digital Personal Data Protection Bill, 2022 (“Draft”)[1], the concerns around one section, namely Section 17 dealing with cross-border data transfers, were perhaps more pronounced than the shock which accompanied the withdrawal of a long debated previous draft.

Continue Reading A Fine Balance:The DPDA and Data Localization
Listen to this post
Preparing for the DPDA

PREPARING FOR THE DPDA

In the culmination of a decade long process,[1] the Digital Personal Data Protection Bill, 2023 (“Bill”)[2] was passed before the Lok Sabha on August 7, 2023.

While the important subject matter of the Bill, its long legislative history, and the widely publicised dissents in the Parliamentary Standing Committee[3] portend that it may not pass unchanged, its enactment seems likely within the next few weeks or months.

Further, given its relatively concise nature and, the limited rulemaking and regulatory framework that is needed to enable it, it seems likely that while the Bill will be brought into force in a phased manner,[4] operative portions of it may come into effect relatively quickly.

Continue Reading Preparing for the DPDA
Listen to this post
Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023 (“Bill”)[1] tabled before Parliament on August 3, 2023 is the culmination of a decade long process for evolving general data protection regime for India.

By withdrawing an elaborate, prescriptive draft which was under consideration by Parliament until 2021, to introducing a new, lean, principles based draft for consultation on November 18, 2022 (“Draft”),[2] and then engaging an extensive consultation process which reportedly involved in excess of 20,000 submissions,[3] and several dozen discussions involving personal participation at the highest levels of the Ministry, the Ministry of Electronics and Information Technology has set the stage for the evolution and adoption of a customized and Indian legislation that seeks to find a balance between enabling ease of doing business, and protecting sovereign imperatives and citizens’ rights, which has proved elusive globally.[4]

Continue Reading The DPDP Bill Overview: A New Dawn for Data Protection in India
Listen to this post

The immunity granted under Section 79(1) of the Information Technology Act, 2000 (“the Act”) to intermediaries, commonly referred to a ‘safe harbour provision’, is not absolute.  Non-compliance with an order under Section 69A is one such instance when the immunity erodes[1].

Section 69A empowers the government to issue directions to government agencies or intermediaries to block public access to any information generated, transmitted, received, stored or hosted in any computer resource, if it falls under any of the grounds of concern mentioned in Section 69A itself (discussed below in detail).

Continue Reading The Twitter Verdict: Examining The Efficacy Of Section 69a In The Background Of Karnataka High Court’s Latest Decision
Listen to this post

The last few years have seen an unprecedented rise in digital payment transactions via Payment Aggregators (“PA”), Payment Gateways (“PG”), and Unified Payments Interface (“UPI”), via third-party application providers (TPAPs), with PAs undergoing licensing by the Reserve Bank of India (“RBI”), under the March 17, 2020, RBI PA/PG Guidelines. Retail payments historically would flow via NEFT/ RTGS/ IMPS, etc. However, UPI has now become the preferred payment mode for online payments, constituting a significant volume of small ticket retail payments in India, which is mostly via PAs. The payment architecture, which was earlier ‘card network’ driven via entities licensed under the Payment and Settlement Systems Act, 2007 (as a ‘payment system operator’), is increasingly moving towards PA/PGs, including for digital asset exchanges, online shopping, check-out financing and digital lending (where significant changes have been implemented by the RBI recently, including via the September 2022 Digital Lending Guidelines).

Continue Reading FIG Paper (No. 18 – Series 1)- Technology/ Financial Services – Recent Law Enforcement Trends

The Cert-In Cyber Security Directions More Questions Than Answers

On April 28, 2022, the Indian Computer Emergency Response Team (“CERT-In”) under the Ministry of Electronics and Information Technology issued extensive directions to service providers, intermediaries, companies, firms, and government organisations (collectively, “Entities”, and each an “Entity”) specifying various ‘cyber security directions’ that they are required to follow (“Directions”)[1].

Continue Reading The Cert-In Cyber Security Directions: More Questions Than Answers?