Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023 (“Bill”)[1] tabled before Parliament on August 3, 2023 is the culmination of a decade long process for evolving general data protection regime for India.

By withdrawing an elaborate, prescriptive draft which was under consideration by Parliament until 2021, to introducing a new, lean, principles based draft for consultation on November 18, 2022 (“Draft”),[2] and then engaging an extensive consultation process which reportedly involved in excess of 20,000 submissions,[3] and several dozen discussions involving personal participation at the highest levels of the Ministry, the Ministry of Electronics and Information Technology has set the stage for the evolution and adoption of a customized and Indian legislation that seeks to find a balance between enabling ease of doing business, and protecting sovereign imperatives and citizens’ rights, which has proved elusive globally.[4] Continue Reading The DPDP Bill Overview: A New Dawn for Data Protection in India

On April 6, 2023, India introduced a new legal regime for operators of online games by introducing  amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”) (amendments are referred to as “Gaming Amendments”).Continue Reading The Online Gaming Intermediaries Regulations: What is New?

Digital Healthcare

The development in science and technology has scaled multiple heights and reached unprecedented levels of sophistication. Advanced methods are being used in all branches of research and technology, including medical diagnosis. Given that diagnosis is done either voluntarily or pursuant to a prescription, the field of medical testing is broad and encompasses a variety of situations. The process of diagnosis depends upon a range of variables, which includes diversified procedures, competent personnel, functional instruments, suitable facility or lab, reagent, etc. Each factor is as important as the other. Further, medical devices include a gamut of instruments ranging from a miniscule syringe used to collect blood samples, to sophisticated CT scanners. Both have the capacity to grossly impact a diagnosis. Hence, arises the need to minimise the variables and ensure uniformity in quality and standards. And, while the monitoring of medical devices, facilities and competent personnel are largely regulated, it is important to ensure that the diagnostic procedures are standardised.Continue Reading Evolving Landscape of Diagnostics’ Regulation in India & Digital Healthcare

Financial institutions have invested heavily into artificial intelligence (“AI”) and machine learning (“ML”) techniques globally, and in India, over the past decade. There are estimates that AI technologies could potentially contribute towards US$ 1 trillion in additional value for the global banking sector, and a World Economic Forum survey indicated that seventy seven per cent of all respondents (151 fintechs and financial institutions from thirty three countries) anticipated AI to possess a high or a very high overall importance in their businesses in the near future. Tangible use-cases in the financial sector have resultantly sprung, benefitting both customers and investors through robo advisors, portfolio optimisation, and algorithmic trading bots. Financial institutions on their part have benefitted greatly through chat bots handling consumer interactions and grievances, identity verification (including video KYC), predictive analytics to mitigate and minimise frauds, etc.Continue Reading FIG Paper (No. 19 – Series 1)- AI/ ML, ChatGPT: Legal and regulatory considerations for financial service use-cases

The last few years have seen an unprecedented rise in digital payment transactions via Payment Aggregators (“PA”), Payment Gateways (“PG”), and Unified Payments Interface (“UPI”), via third-party application providers (TPAPs), with PAs undergoing licensing by the Reserve Bank of India (“RBI”), under the March 17, 2020, RBI PA/PG Guidelines. Retail payments historically would flow via NEFT/ RTGS/ IMPS, etc. However, UPI has now become the preferred payment mode for online payments, constituting a significant volume of small ticket retail payments in India, which is mostly via PAs. The payment architecture, which was earlier ‘card network’ driven via entities licensed under the Payment and Settlement Systems Act, 2007 (as a ‘payment system operator’), is increasingly moving towards PA/PGs, including for digital asset exchanges, online shopping, check-out financing and digital lending (where significant changes have been implemented by the RBI recently, including via the September 2022 Digital Lending Guidelines).Continue Reading FIG Paper (No. 18 – Series 1)- Technology/ Financial Services – Recent Law Enforcement Trends

Gaming Rules

Days after “online gaming” was formally brought under the purview of the Ministry of Electronics and Information Technology (“MEITY”) through the Government of India (Allocation of Business) Rules, 1961[1], MEITY has proposed amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“2021 Rules”), to create a novel co-regulatory framework to govern the operations of online gaming intermediaries (“Draft Gaming Rules”). The Ministry has invited public comments on the Draft Gaming Rules till January 17, 2023.[2]Continue Reading Draft Rules for Online Gaming: The Beginning of an Enabling Framework?

Data Protection Bill 2022

The Ministry of Electronics and Information Technology (“MEITY”) has released a draft of the Digital Personal Data Protection Bill, 2022 (“The Bill”) for public consultations along with an explanatory note for each provision and the underlying principles that guide the drafting[1]. The public consultations are open till December 17, 2022[2].  This is Part II of our analysis on the Bill.  Click here to read Part I of this postContinue Reading The Digital Personal Data Protection Bill, 2022 – Part II

Data Protection Bill

The Ministry of Electronics and Information Technology (“MEITY”) has released a draft of the Digital Personal Data Protection Bill, 2022 (“The Bill”) for public consultations along with an explanatory note for each provision and the underlying principles that guide the drafting[1]. The public consultations are open till December 17, 2022[2].Continue Reading The Digital Personal Data Protection Bill, 2022 – Part I