In part VII of our series on global capability centres (“GCCs”), we discuss key emerging data privacy and cybersecurity considerations that impact GCCs in India.Continue Reading Data Privacy and Cybersecurity Landscape for GCCs in India: Key Considerations
Arun Prabhu
Partner (Head - Technology) at Cyril Amarchand Mangaldas. Arun special expertise in advising clients in the information technology enabled services, outsourcing and information technology sectors. He was also a member of the Government of India’s working group on the legal enablement of information and communication technology systems. Arun was described as a “very effective and highly knowledgeable” lawyer by Chambers and Partners in 2011. He can be reached at arun.prabhu@cyrilshroff.com
“Voluntary Provision” under the DPA: Too Good to be True?
This article examines some pitfalls around the processing of “voluntarily provided” personal data under India’s Digital Personal Data Protection Act, 2023 (“DPA”), and it is the second of a three-part series. The first, focussing on “employment purposes” can be accessed here.Continue Reading “Voluntary Provision” under the DPA: Too Good to be True?
Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data
India has been preparing for the Digital Personal Data Protection Act, 2023 (“DPA”), for almost a year now. During this time, companies have realised that relying on consent as a long-term basis for processing may be difficult, and instead, using ‘legitimate uses’[1], as the bases for processing may be a better alternative.Continue Reading Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data
The Telecommunications Act, 2023
The Telecommunications Act, 2023 (“Act”) has received presidential assent and has been notified for information.[1] When rulemaking under the Act is completed, and it is notified as being in force, it will replace existing legislation governing telecommunications in India, namely the Indian Telegraph Act, 1885, the Wireless Telegraphy Act, 1933, and the Telegraph Wires (Unlawful Possession) Act, 1950 (collectively, “Telegraph Laws”).Continue Reading The Telecommunications Act, 2023
Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws
Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws
Dark Pattern Guidelines: Illuminating Or Illusory?
The Central Consumer Protection Authority (“CCPA”) notified Guidelines for Prevention and Regulation of Dark Patterns, 2023 (“Guidelines”), under Section 18 of the Consumer Protection Act 2019 (“COPRA”), on November 30, 2023.Continue Reading Dark Pattern Guidelines: Illuminating Or Illusory?
India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?
On August 11, 2023, India’s long-awaited general personal data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) was finally enacted.
Governing the world’s fifth largest economy and one of its fastest growing digital markets, the DPDPA will be of importance to a large number of international businesses that operate in India, rely on Indian service providers/group service companies for their operations, or are looking to enter Indian markets.Continue Reading India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?
Children and Consent under the Data Protection Act: A Study in Evolution
The Digital Personal Data Protection Act, 2023[1] (“Act”) has, at long last, been past before both houses of Parliament and been published in the official Gazette upon receiving Presidential assent.
The Act is intended to provide legislative expression to the contours of the right to privacy as outlined by the Supreme Court of India in the Puttaswamy Judgements[2] and since then, by other constitutional Courts. The principle, which now stands more or less crystallized, is that the autonomy of a person is inalienably linked to their autonomy over their personal data. Therefore, in a regime which continues to be firmly consent based, the questions of who is a child, who can consent to allowing their personal data to be collected, as well as what can and cannot be done with it, are key to their status as ‘Digital Nagariks’ in years to come.Continue Reading Children and Consent under the Data Protection Act: A Study in Evolution
Of Consent and Lawful Uses:Where the Rubber meets the Road
While the concept of consent, in consonance with the current consent based regime under the Information Technology Act, 2000 (“IT Act”)[1] as well as the constitutional primacy of consent and autonomy under various court decisions dealing with the right to information privacy has remained firmly entrenched as the primary basis for collection and processing of personal data under the various drafts of general personal data protection legislation in India over the years,[2] the newly notified Digital Personal Data Protection Act, 2023 (“Act”)[3]also provides for “legitimate use” as key additional basis available to Data Fiduciaries[4] for collection and processing of personal data[5].Continue Reading Of Consent and Lawful Uses:Where the Rubber meets the Road
A Fine Balance:The DPDA and Data Localization
On November 18, 2022, when the Ministry of Electronics and Information Technology (“MEITY”) tabled an entirely new draft Digital Personal Data Protection Bill, 2022 (“Draft”)[1], the concerns around one section, namely Section 17 dealing with cross-border data transfers, were perhaps more pronounced than the shock which accompanied the withdrawal of a long debated previous draft.Continue Reading A Fine Balance:The DPDA and Data Localization