Photo of Anirban Mohapatra

Partner in the General Corporate Practice at the Bengaluru office of Cyril Amarchand Mangaldas, and is part of the Technology, Media and Telecommunications practice of the Firm.

Anirban regularly advises clients across diverse sectors including healthcare, manufacturing, banking, information technology, automobile, financial services media and broadcasting on transactional as well as advisory matters. Anirban supports transactions by handling the entire documentation process for large scale technology transactions and advice on emerging trends in the data protection and privacy space. Anirban works with the business teams of clients closely to ideate and evolve legal documentation, policies and best practices based on commercial requirements of clients and interactions with regulators such as the Telecom Regulatory Authority of India (“TRAI”).

He graduated from West Bengal National University of Juridical Sciences, and first joined the firm in 2012. He can be reached at anirban.mohapatra@cyrilshroff.com.

Children and consent under the
Data Protection Act: A Study in Evolution

The Digital Personal Data Protection Act, 2023[1] (“Act”) has, at long last, been past before both houses of Parliament and been published in the official Gazette upon receiving Presidential assent.

The Act is intended to provide legislative expression to the contours of the right to privacy as outlined by the Supreme Court of India in the Puttaswamy Judgements[2] and since then, by other constitutional Courts. The principle, which now stands more or less crystallized, is that the autonomy of a person is inalienably linked to their autonomy over their personal data. Therefore, in a regime which continues to be firmly consent based, the questions of who is a child, who can consent to allowing their personal data to be collected, as well as what can and cannot be done with it, are key to their status as ‘Digital Nagariks’ in years to come.Continue Reading Children and Consent under the Data Protection Act: A Study in Evolution

Of Consent and Lawful Uses:
Where the Rubber meets the Road

While the concept of consent, in consonance with the current consent based regime under the Information Technology Act, 2000 (“IT Act”)[1] as well as the constitutional primacy of consent and autonomy under various court decisions dealing with the right to information privacy has remained firmly entrenched as the primary basis for collection and processing of personal data under the various drafts of general personal data protection legislation in India over the years,[2] the newly notified Digital Personal Data Protection Act, 2023 (“Act”)[3]also provides for “legitimate use” as key additional basis available to Data Fiduciaries[4] for collection and processing of personal data[5].Continue Reading Of Consent and Lawful Uses:Where the Rubber meets the Road

A Fine Balance:
The DPDA and Data Localization

On November 18, 2022, when the Ministry of Electronics and Information Technology (“MEITY”) tabled an entirely new draft Digital Personal Data Protection Bill, 2022 (“Draft”)[1], the concerns around one section, namely Section 17 dealing with cross-border data transfers, were perhaps more pronounced than the shock which accompanied the withdrawal of a long debated previous draft.Continue Reading A Fine Balance:The DPDA and Data Localization

Preparing for the DPDA

PREPARING FOR THE DPDA

In the culmination of a decade long process,[1] the Digital Personal Data Protection Bill, 2023 (“Bill”)[2] was passed before the Lok Sabha on August 7, 2023.

While the important subject matter of the Bill, its long legislative history, and the widely publicised dissents in the Parliamentary Standing Committee[3] portend that it may not pass unchanged, its enactment seems likely within the next few weeks or months.

Further, given its relatively concise nature and, the limited rulemaking and regulatory framework that is needed to enable it, it seems likely that while the Bill will be brought into force in a phased manner,[4] operative portions of it may come into effect relatively quickly.Continue Reading Preparing for the DPDA

Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023 (“Bill”)[1] tabled before Parliament on August 3, 2023 is the culmination of a decade long process for evolving general data protection regime for India.

By withdrawing an elaborate, prescriptive draft which was under consideration by Parliament until 2021, to introducing a new, lean, principles based draft for consultation on November 18, 2022 (“Draft”),[2] and then engaging an extensive consultation process which reportedly involved in excess of 20,000 submissions,[3] and several dozen discussions involving personal participation at the highest levels of the Ministry, the Ministry of Electronics and Information Technology has set the stage for the evolution and adoption of a customized and Indian legislation that seeks to find a balance between enabling ease of doing business, and protecting sovereign imperatives and citizens’ rights, which has proved elusive globally.[4] Continue Reading The DPDP Bill Overview: A New Dawn for Data Protection in India

On April 6, 2023, India introduced a new legal regime for operators of online games by introducing  amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”) (amendments are referred to as “Gaming Amendments”).Continue Reading The Online Gaming Intermediaries Regulations: What is New?

Gaming Law

The Ministry of Finance has issued a notification dated March 07, 2023 (“Notification”), classifying entities that engage in specific activities (see below) related to Virtual Digital Assets (“VDA(s)”) in the course of business, as “persons carrying on designated business or profession” Therefore, such entities are now considered “Reporting Entities” under the Prevention of Money Laundering Act, 2002 and the corresponding rules (“PMLA”).Continue Reading PMLA Concerns for the Skill Gaming Sector?

Gaming Rules

Days after “online gaming” was formally brought under the purview of the Ministry of Electronics and Information Technology (“MEITY”) through the Government of India (Allocation of Business) Rules, 1961[1], MEITY has proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“2021 Rules”), to create a novel co-regulatory framework to govern the operations of online gaming intermediaries (“Draft Gaming Rules”). The Ministry has invited public comments on the Draft Gaming Rules till January 17, 2023.[2]Continue Reading Draft Rules for Online Gaming: The Beginning of an Enabling Framework?

Data Protection Bill 2022

The Ministry of Electronics and Information Technology (“MEITY”) has released a draft of the Digital Personal Data Protection Bill, 2022 (“The Bill”) for public consultations along with an explanatory note for each provision and the underlying principles that guide the drafting[1]. The public consultations are open till December 17, 2022[2].  This is Part II of our analysis on the Bill.  Click here to read Part I of this postContinue Reading The Digital Personal Data Protection Bill, 2022 – Part II