Photo of Arun Prabhu

Arun Prabhu

Subscribe to Arun Prabhu's Posts

Partner in the General Corporate Practice at the Bengaluru office of Cyril Amarchand Mangaldas. Arun is part of the Technology, Media and Telecommunications (TMT) group and has special expertise in advising clients in the electronics, information technology enabled services, outsourcing and information technology sectors. He was also a member of the Government of India’s working group on the legal enablement of information and communication technology systems.Arun was described as a “very effective and highly knowledgeable” lawyer by Chambers and Partners in 2011. He can be reached at arun.prabhu@cyrilshroff.com

Follow: Read more about Arun Prabhu

The RBI’s Digital Lending Recommendations A Sign of the Road Ahead

The journey to a new general data protection law in India is more than a decade long and has seen several milestones ranging from the reports of Committees headed by Justice A.P. Shah[1], Justice B.N. Srikrishna[2], and a Joint Parliamentary Committee (“JPC”) to draft legislation in 2018[3], 2019 (“PDP Bill”)[4] and 2021 (“DPB”)[5].

While the recent withdrawal of the PDP Bill[6] is seen as a sign of a long and twisted road ahead, regulators in sectors such as banking, financial services and insurance have not had the luxury of taking the scenic route.

Continue Reading The RBI’s Digital Lending Recommendations: A Sign of the Road Ahead?

Of Gambling and Gaming

India’s Ministry of Information and Broadcasting (“MIB”), on June 13, 2022, issued an advisory (“Gambling Advisory”)1 to the media, including newspapers, private satellite television channels and publishers of news and current affairs on digital media, which has been the subject of much discussion and reporting.

Continue Reading Of Gambling and Gaming: A Tale of two Advisories

The Cert-In Cyber Security Directions More Questions Than Answers

On April 28, 2022, the Indian Computer Emergency Response Team (“CERT-In”) under the Ministry of Electronics and Information Technology issued extensive directions to service providers, intermediaries, companies, firms, and government organisations (collectively, “Entities”, and each an “Entity”) specifying various ‘cyber security directions’ that they are required to follow (“Directions”)[1].

Continue Reading The Cert-In Cyber Security Directions: More Questions Than Answers?

FAQs on the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 The Way Ahead

From their abrupt promulgation[1] to their unusual administration by two ministries[2], to being the subject of widespread protests, and the staying of several operative portions by courts[3], the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Rules”) have had a brief and tumultuous existence.

Continue Reading FAQs on the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021: The Way Ahead

Self Regulation - A Gamechanger for Online Fantasy Sport

Innovation and growth, particularly in new age industries and sunrise sectors, is never a uniform or predictable process. Every industry, in its nascent stages of growth, attracts certain players who enter with a long-term vision of sustainability and others who operate with a myopic vision of short-term gains, taking advantage of regulatory arbitrage.

While this creates the need to regulate these sectors, their complex and dynamic nature often require deep industry knowledge and flexibility, which makes conventional, top down, government regulations difficult. Historically, a robust, responsible, transparent, and representative self-regulatory regime has directed the navigation of various sectors in a responsible and consumer friendly manner. This self-regulatory model, for instance, has been implemented successfully across various sectors internationally, as an efficient means of developing best practices and codes and checking bad actors. Some of the examples are the Entertainment Software Rating Board in the United States, which assigns ratings to video games and apps to assist parents in making purchase decisions, the Japan Toy Association for safety marks on toys, the Electricity and Gas Complaints Commission for consumer dispute resolution in New Zealand, the framework for mobile content and payment services between telecommunication companies in Denmark for mobile content and payment services and Confianza Online regulating ecommerce players in Spain.[1]
Continue Reading Self Regulation – A Gamechanger for Online Fantasy Sport

Consumer Protection E-Commerce Rules - Need for More Clarity Blog

The Ministry of Consumer Affairs, Food and Public Distribution has, on July 23, 2020, notified the Consumer Protection (E-Commerce) Rules, 2020 (“Rules”) under the Consumer Protection Act, 2019 (“Act”), with an intent to prevent unfair trade practices in e-commerce and protect interests and rights of consumers.

Scope and Applicability 

The Rules are intended to apply to (i) all goods and services bought or sold over digital or electronic networks, (ii) all models of e-commerce, and (iii) all formats of e-commerce retail, with the exception of natural persons transacting in their personal capacity (which is not part of any professional or commercial activity undertaken on a regular or systematic basis). In the absence of any guidance on what ‘regular or systematic basis’ means, a plain reading of this exclusion makes it very narrow.

The Rules govern e-commerce entities (“Platforms”), which own, operate, or manage, a digital or electronic facility or platform for electronic commerce, and sellers of products and services.
Continue Reading Consumer Protection E-Commerce Rules: Need for More Clarity

Cryptocurrency in India

On March 4, 2020, the Supreme Court of India (“Court”) in Internet and Mobile Association of India v. Reserve Bank of India[1] (“Judgement”) set aside the circular issued by the Reserve Bank of India (“RBI”) on April 6, 2018 (“Circular”)[2]. This Judgment marks the second occasion, in recent times, when the Supreme Court has reversed a policy decision of the RBI [3]. The Circular had restricted all entities regulated by the RBI, including nationalised banks, scheduled commercial banks, NBFCs, cooperative banks, payment system operators and other intermediaries (“Regulated Entities”) from dealing in or providing services for facilitating ‘any person or entity dealing with, or settling’ virtual currencies.

Thus, while the Circular did not expressly proscribe peer-to-peer trading in virtual currencies, it severely restricted the conversion of virtual currency into fiat currencies and impaired the ability of businesses which dealt with virtual currencies to access financial services in India.
Continue Reading Virtual Currencies in India: A New Dawn

Personal Data Protection Bill 2019 - Analysis

A draft of the Personal Data Protection Bill, 2019 (“Bill”) has been introduced before the Lok Sabha on December 11, 2019.

The Bill is based, in large part, on the proposed draft of the Personal Data Protection Bill, 2018 (“Draft Bill”) which was attached to the report submitted to the Government by the Committee of Experts constituted under the Chairmanship of Justice Srikrishna (Retd.) (for details see our analysis[1] of the Draft Bill and its comparison with the European Union’s General Data Protection Regulation[2] (“GDPR”)[3] ).

That being said, the Bill also includes several modifications and changes in scope and intent.
Continue Reading The Personal Data Protection Bill, 2019: An Analysis

The TRAI Recommendations on Privacy

This piece reviews the Telecom Regulatory Authority of India (TRAI) recommendations on “Privacy, Security and Ownership of Data in the Telecom Sector” released on July 16, 2018 (Recommendations) and attempts to highlight some of their more immediate potential consequences.

Consultations are typically taken up by TRAI based on requests from the Department of Telecommunications (DoT). In the instant case, the TRAI has atypically put out the consultation and subsequently the Recommendations of its own volition, without an explicit mandate on the subject.

TRAI recommendations are approved and implemented by the DoT pursuant to the procedure under Section 11 of the TRAI Act, 1997. This process may involve the DoT seeking clarifications, modifications or otherwise referring items back the TRAI.

This process may turn out to be more complex in connection with the current set of Recommendations, given that much of their content recommends the passing of broad-ranging new legislation that is not limited to only the telecom sector.

Continue Reading The TRAI Recommendations on Privacy, Security, and Ownership of Data in the Telecom Sector, 2018