Photo of Arjun Goswami

Director and head of the Public Policy Practice, at Cyril Amarchand Mangaldas. He has a rich experience in advising public sector and private sector clients on policy issues related to ESG, Infrastructure, Technology and Finance. He can be reached at arjun.goswami@cyrilshroff.com

Background

The European Court of Justice (“CJEU”) in mid-2023 passed a landmark judgment in Meta Platforms Inc. v. Bundeskartellamt[1], by imposing strict restrictions on social media entities using personal data of consumer’s for targeting them with personalised advertisements through their platforms. This ruling struck at the core revenue model of many big technology organisations.   Continue Reading The Great Reset: What Lies in Store for Targeted Advertising?  

Children and consent under the
Data Protection Act: A Study in Evolution

The Digital Personal Data Protection Act, 2023[1] (“Act”) has, at long last, been past before both houses of Parliament and been published in the official Gazette upon receiving Presidential assent.

The Act is intended to provide legislative expression to the contours of the right to privacy as outlined by the Supreme Court of India in the Puttaswamy Judgements[2] and since then, by other constitutional Courts. The principle, which now stands more or less crystallized, is that the autonomy of a person is inalienably linked to their autonomy over their personal data. Therefore, in a regime which continues to be firmly consent based, the questions of who is a child, who can consent to allowing their personal data to be collected, as well as what can and cannot be done with it, are key to their status as ‘Digital Nagariks’ in years to come.Continue Reading Children and Consent under the Data Protection Act: A Study in Evolution

Of Consent and Lawful Uses:
Where the Rubber meets the Road

While the concept of consent, in consonance with the current consent based regime under the Information Technology Act, 2000 (“IT Act”)[1] as well as the constitutional primacy of consent and autonomy under various court decisions dealing with the right to information privacy has remained firmly entrenched as the primary basis for collection and processing of personal data under the various drafts of general personal data protection legislation in India over the years,[2] the newly notified Digital Personal Data Protection Act, 2023 (“Act”)[3]also provides for “legitimate use” as key additional basis available to Data Fiduciaries[4] for collection and processing of personal data[5].Continue Reading Of Consent and Lawful Uses:Where the Rubber meets the Road

A Fine Balance:
The DPDA and Data Localization

On November 18, 2022, when the Ministry of Electronics and Information Technology (“MEITY”) tabled an entirely new draft Digital Personal Data Protection Bill, 2022 (“Draft”)[1], the concerns around one section, namely Section 17 dealing with cross-border data transfers, were perhaps more pronounced than the shock which accompanied the withdrawal of a long debated previous draft.Continue Reading A Fine Balance:The DPDA and Data Localization

Preparing for the DPDA

PREPARING FOR THE DPDA

In the culmination of a decade long process,[1] the Digital Personal Data Protection Bill, 2023 (“Bill”)[2] was passed before the Lok Sabha on August 7, 2023.

While the important subject matter of the Bill, its long legislative history, and the widely publicised dissents in the Parliamentary Standing Committee[3] portend that it may not pass unchanged, its enactment seems likely within the next few weeks or months.

Further, given its relatively concise nature and, the limited rulemaking and regulatory framework that is needed to enable it, it seems likely that while the Bill will be brought into force in a phased manner,[4] operative portions of it may come into effect relatively quickly.Continue Reading Preparing for the DPDA

Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023 (“Bill”)[1] tabled before Parliament on August 3, 2023 is the culmination of a decade long process for evolving general data protection regime for India.

By withdrawing an elaborate, prescriptive draft which was under consideration by Parliament until 2021, to introducing a new, lean, principles based draft for consultation on November 18, 2022 (“Draft”),[2] and then engaging an extensive consultation process which reportedly involved in excess of 20,000 submissions,[3] and several dozen discussions involving personal participation at the highest levels of the Ministry, the Ministry of Electronics and Information Technology has set the stage for the evolution and adoption of a customized and Indian legislation that seeks to find a balance between enabling ease of doing business, and protecting sovereign imperatives and citizens’ rights, which has proved elusive globally.[4] Continue Reading The DPDP Bill Overview: A New Dawn for Data Protection in India

Financial institutions have invested heavily into artificial intelligence (“AI”) and machine learning (“ML”) techniques globally, and in India, over the past decade. There are estimates that AI technologies could potentially contribute towards US$ 1 trillion in additional value for the global banking sector, and a World Economic Forum survey indicated that seventy seven per cent of all respondents (151 fintechs and financial institutions from thirty three countries) anticipated AI to possess a high or a very high overall importance in their businesses in the near future. Tangible use-cases in the financial sector have resultantly sprung, benefitting both customers and investors through robo advisors, portfolio optimisation, and algorithmic trading bots. Financial institutions on their part have benefitted greatly through chat bots handling consumer interactions and grievances, identity verification (including video KYC), predictive analytics to mitigate and minimise frauds, etc.Continue Reading FIG Paper (No. 19 – Series 1)- AI/ ML, ChatGPT: Legal and regulatory considerations for financial service use-cases

RBI guidance on loading of PPIs through credit lines

On June 20, 2022, the Reserve Bank of India (RBI) clarified to authorised non-bank prepaid payment instrument (PPI) issuers that PPIs may not be loaded from credit lines, and any such practice should be stopped immediately.Continue Reading FIG Paper (No. 13) – RBI guidance on loading of PPIs through credit lines

Fintech Hubs in IFSC

The International Financial Services Centres Authority (IFSCA) had notified its Fintech Incentive Scheme on February 2, 2022 (Scheme), setting up a framework to provide six grants to eligible applicants. The six grants, thematically, are for ESG financing (Green FinTech Grant), meant to provide early-stage capital for scaling up (FinTech Start-up Grant, Proof-of-Concept Grant, Sandbox Grant, Listing Support Grant), and aimed at supporting third-party incubation (Accelerator Grant), with the common thread among all being an intent to facilitate market access.Continue Reading Policy support for fintech hubs in IFSCs

GIFT City

Introduction

 In the 2022-23 Union Budget announcements on February 1, 2022 (“Budget”), the Finance Minister introduced a proposal to allow the entry of world-class foreign universities and institutions in Gujarat International Financial Tec-City IFSC (“GIFT IFSC”), to offer courses in subjects pertaining to financial management, fintech, science, technology, engineering, and mathematics, to facilitate the availability of skilled human capital for financial services and technology[1]. The announcement is seen as a progressive step, giving further impetus to promoting GIFT IFSC as the preferred International Financial Services Centre (IFSC) globally.Continue Reading GIFT City Opens Doors for Entry of Foreign Universities in India