The Foreign Exchange Department, Reserve Bank of India (“RBI”), on May 13, 2026, issued a circular titled ‘Operating framework for facilitating Outward Remittance services by non-bank entities through Authorized Dealer (Category I) Banks (“AD Banks”) in India’ (“Outward Remittance Circular”), which:
Continue Reading FIG Paper No 58: RBI Issues Operating Framework for Facilitating Outward Remittance Services by Non-Bank Entities
With over 1,700 Global Capability Centers (“GCCs”), revenues at $64.6 billion (a 40% jump over FY23 numbers) and a 17% global share of the GCC capacity base, India is the GCC Capital of the World. The GCC market in India is projected to grow to $99-105 billion by 2030 with nearly 2,100-2,200 GCCs and a headcount of ~2.5-2.8 million.[1]
Continue Reading Global Capability Centers – Trends, Opportunities and Recent Learnings
In part VII of our series on global capability centres (“GCCs”), we discuss key emerging data privacy and cybersecurity considerations that impact GCCs in India.
Continue Reading Data Privacy and Cybersecurity Landscape for GCCs in India: Key Considerations
In Priya Randolph Vs Deputy Controller of Patent and Design,[order dated December 20, 2023],the Madras High Court set aside a refusal order passed by the Deputy Controller of Patents and Designs in appeal proceedings. The Court held that mere involvement of a business method in an invention doesn’t render it unpatentable under Section 3(k) of the Indian Patents Act, 1970. The Court observed that the invention involved hardware, software and firmware and that all these components put together, improve data privacy and protection mechanisms.
Continue Reading Scope of business method inventions under Section 3(k)
On August 11, 2023, India’s long-awaited general personal data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) was finally enacted.
Governing the world’s fifth largest economy and one of its fastest growing digital markets, the DPDPA will be of importance to a large number of international businesses that operate in India, rely on Indian service providers/group service companies for their operations, or are looking to enter Indian markets.
Continue Reading India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?
The Digital Personal Data Protection Act, 2023[1] (“Act”) has, at long last, been past before both houses of Parliament and been published in the official Gazette upon receiving Presidential assent.
The Act is intended to provide legislative expression to the contours of the right to privacy as outlined by the Supreme Court of India in the Puttaswamy Judgements[2] and since then, by other constitutional Courts. The principle, which now stands more or less crystallized, is that the autonomy of a person is inalienably linked to their autonomy over their personal data. Therefore, in a regime which continues to be firmly consent based, the questions of who is a child, who can consent to allowing their personal data to be collected, as well as what can and cannot be done with it, are key to their status as ‘Digital Nagariks’ in years to come.
Continue Reading Children and Consent under the Data Protection Act: A Study in Evolution
The Digital Personal Data Protection Bill, 2023 (“Bill”)[1] tabled before Parliament on August 3, 2023 is the culmination of a decade long process for evolving general data protection regime for India.
By withdrawing an elaborate, prescriptive draft which was under consideration by Parliament until 2021, to introducing a new, lean, principles based draft for consultation on November 18, 2022 (“Draft”),[2] and then engaging an extensive consultation process which reportedly involved in excess of 20,000 submissions,[3] and several dozen discussions involving personal participation at the highest levels of the Ministry, the Ministry of Electronics and Information Technology has set the stage for the evolution and adoption of a customized and Indian legislation that seeks to find a balance between enabling ease of doing business, and protecting sovereign imperatives and citizens’ rights, which has proved elusive globally.[4]
Continue Reading The DPDP Bill Overview: A New Dawn for Data Protection in India
Dire times call for ingenious, and often, radical measures. The COVID-19 pandemic, which has led to actions being taken under the Epidemic Diseases Act, 1897, and the Disaster Management Act, 2005, in India, is one such unprecedented and grim event. While governments and health workers all over the world are grappling to curb the spread of the virus, it has been realised that surveillance of affected persons is of paramount importance in order to assess and implement preventive and control measures.
Data tracking and analysis has emerged as an unlikely hero. This analysis has enabled governments to implement measures to stop the pandemic at its source and to prevent deaths, social disruption, unnatural burden on the healthcare system and economic loss. As government authorities are required to control the pandemic not only in their own country, but also understand how the same is evolving in other countries, governments all over the world have taken the stance that free flow of information that is updated in real time will allow for the formation of a steady global picture and help in curbing the spread of the pandemic.
Continue Reading Double Trouble in 2020 – Tackling COVID-19 while Protecting the Right to Privacy
We are moving towards a data centric world, and “data is the new oil”[1]. And few would disagree that a key debate today in finance is ‘trust and privacy vs. using data for business growth’. As modern day businesses look to adapt themselves to generate revenue from customer related data, regulators across the world are grappling with the formulation of effective laws to regulate the data-driven economy. Given the relative novelty of the concept, regulators are reflecting on fundamental questions such as the right to privacy, property rights over data and the right to use the collected data.
In India, the Reserve Bank of India (“RBI”) has been fairly forward looking, by passing various regulations and constituting a host of committees to address issues ranging from cyber security to customers data protection norms.[2] In almost all its regulations, RBI has adopted a data privacy framework similar to the one advocated by the Justice BN Srikrishna Committee in its Personal Data Protection Bill, 2018 (“DP Bill”) – an amalgamated framework consisting of consent-and-notice and the vesting of certain rights with the originators of such information.[3] Undoubtedly, the DP Bill will have an impact on the manner in which data is collected, processed and shared by the financial industry. With this as the background, the authors seek to analyse the impact of the DP Bill on businesses engaged in the financial sector.
Continue Reading In the throes of Data Protection (and the associated woes) lies the business of trust