Data Protection Laws

Introduction:

Technology has fundamentally transformed the financial services industry, with many contemporary financial institutions (“FI”) adopting a digital-first or exclusively online business model. With third-party technology service providers handling critical functions for FIs, as outsourced partners, regulators such as the Reserve Bank of India (“RBI”), Securities and Exchange Board of India (“SEBI”) and the Insurance Regulatory and Development Authority of India (“IRDAI”) have issued their respective guidelines on outsourcing/ adoption of cloud services.[i] Additionally, FIs are also required to comply with general data protection laws.[ii]Continue Reading FIG Paper (No. 46 – Series 3): Contracting Considerations for Financial Institutions

Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

Digital Personal Data Protection Bill, 2023

The Digital Personal Data Protection Bill, 2023 (“Bill”)[1] tabled before Parliament on August 3, 2023 is the culmination of a decade long process for evolving general data protection regime for India.

By withdrawing an elaborate, prescriptive draft which was under consideration by Parliament until 2021, to introducing a new, lean, principles based draft for consultation on November 18, 2022 (“Draft”),[2] and then engaging an extensive consultation process which reportedly involved in excess of 20,000 submissions,[3] and several dozen discussions involving personal participation at the highest levels of the Ministry, the Ministry of Electronics and Information Technology has set the stage for the evolution and adoption of a customized and Indian legislation that seeks to find a balance between enabling ease of doing business, and protecting sovereign imperatives and citizens’ rights, which has proved elusive globally.[4] Continue Reading The DPDP Bill Overview: A New Dawn for Data Protection in India