GDPR

The Ghost in the Machine?: The Recent “Business Requirement Document” on Consent

By Arun Prabhu, Apoorva Sundar, Himanshi Mahajan & Divyashri Sivaramakrishnan on June 19, 2025

Corporate India, eagerly awaiting the final version of the Draft Digital Personal Data Protection Rules, 2025[1] (“Draft Rules”), under the Digital Personal Data Protection Act, 2023[2] (“DPDPA”), was recently jolted by a Business Requirements Document for Consent Management under the DPDPA (“BRD”)[3] discreetly issued by the National e-Governance Division of the Ministry of Electronics and Technology (“MeitY”).Continue Reading The Ghost in the Machine?: The Recent “Business Requirement Document” on Consent

Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data

By Rashmi Pradeep, Arun Prabhu, Varsha Sriram, Apoorva Sundar & Digvijay Singh on May 28, 2024

Posted in Data Protection, Employment Law

Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data

India has been preparing for the Digital Personal Data Protection Act, 2023 (“DPA”), for almost a year now. During this time, companies have realised that relying on consent as a long-term basis for processing may be difficult, and instead, using ‘legitimate uses’[1], as the bases for processing may be a better alternative.Continue Reading Handle with CARE: Relying on “Purposes of Employment” for Processing Employee Data

The Great Reset: What Lies in Store for Targeted Advertising?

By Arjun Goswami, Varun Mehta & Aryan Vij on February 12, 2024

Posted in Consumer Law, Data Protection

Background

The European Court of Justice (“CJEU”) in mid-2023 passed a landmark judgment in Meta Platforms Inc. v. Bundeskartellamt[1], by imposing strict restrictions on social media entities using personal data of consumer’s for targeting them with personalised advertisements through their platforms. This ruling struck at the core revenue model of many big technology organisations. Continue Reading The Great Reset: What Lies in Store for Targeted Advertising?

FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

By Anu Tiwari, Vishrut Jain & Aditya Sarkar on January 15, 2024

Posted in Data Protection

FIG Paper No. [29], Data Law Series [3]: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

Introduction:

The Digital Personal Data Protection Act, 2023 (“DPDP Act”) is India’s foray into the global regulatory movement on personal data rights. In designing the DPDP Act, there has been a strong focus on simplicity, brevity, and standardisation. We note a marked effort to align with data regulation across the world, most significantly, the European Union’s General Data Protection Regulation (“GDPR”). While principally similar, the Indian regime has peculiarities for which financial services entities will have to prepare themselves. Continue Reading FIG Paper No. 30, Data Law Series 4: Implications of Digital Personal Data Protection Act, 2023 for Foreign Banks in India

Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

By Arun Prabhu, Arpita Sengupta & Anoushka Soni on January 9, 2024

Posted in Data Protection, Digital, Technology

Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

Nearly five years after a landmark Supreme Court ruling, which reiterated that information privacy is a fundamental right enshrined in the Constitution, India finally enacted its Digital Personal Data Protection Act, 2023 (the “DPDPA” or “Act”), on August 11, 2023.Continue Reading Comparing Global Privacy Regimes Under GDPR, DPDPA and US Data Protection Laws

India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?

By Arun Prabhu, Arpita Sengupta & Anoushka Soni on October 10, 2023

Posted in Data Protection, Digital, Technology

India's New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?

On August 11, 2023, India’s long-awaited general personal data protection legislation, the Digital Personal Data Protection Act, 2023 (“DPDPA”) was finally enacted.

Governing the world’s fifth largest economy and one of its fastest growing digital markets, the DPDPA will be of importance to a large number of international businesses that operate in India, rely on Indian service providers/group service companies for their operations, or are looking to enter Indian markets.Continue Reading India’s New Data Protection Law: How Does it Differ from GDPR and What Does that Mean for International Businesses?

The Personal Data Protection Bill, 2019: An Analysis

By Arun Prabhu on December 12, 2019

Posted in Data Protection, Digital

A draft of the Personal Data Protection Bill, 2019 (“Bill”) has been introduced before the Lok Sabha on December 11, 2019.

The Bill is based, in large part, on the proposed draft of the Personal Data Protection Bill, 2018 (“Draft Bill”) which was attached to the report submitted to the Government by the Committee of Experts constituted under the Chairmanship of Justice Srikrishna (Retd.) (for details see our analysis[1] of the Draft Bill and its comparison with the European Union’s General Data Protection Regulation[2] (“GDPR”)[3] ).

That being said, the Bill also includes several modifications and changes in scope and intent.
Continue Reading The Personal Data Protection Bill, 2019: An Analysis

India Corporate Law

GDPR

Follow Us