Technology Law Update: Privacy Law Developments in India – Wrapping up 2019

Posted by By at 12 November, at 12 : 31 PM Print

November 12, 2019


From what was expected to be a prospectively chaotic year in terms of privacy law developments, has turned out to be a rather mellow year thus far. The introduction of the revamped general privacy and data protection law in India continues to loom but there appears to be some time until it is introduced. This update brings to you privacy and data protection related developments in India during the past 11 months, which may be of interest to organizations doing or looking to do business in India.

  1. New privacy and data protection law lurkingIndian Parliament is likely to consider the Personal Data Protection Bill, 2018 that is set to revamp the existing framework in India, in the upcoming Winter Session commencing from 18th November. The proposed law was publicly released last year and appears GDPR-inspired on various fronts. The proposed law may have a considerable impact on MNCs operating in India, whether with or without a physical presence, due to its data localization requirements and cross-border data transfer restrictions.Our paper provides details of the proposed law, how it compares to the GDPR, specific industry implications and tax considerations. Our Technology and Privacy law team had also hosted a webinar to discuss the development and our analysis.
  1. Clarifications on data localization in the payments industryThe Reserve Bank of India (apex bank in the country) had in April last year issued a data localization directive, mandating all authorized payment system operators and banks to store payment systems data only in India. This led to various ambiguities in the requirements as well as industry pushback on the strict requirements imposed, especially by global payment companies. Our write ups on this are accessible here and here. The RBI also issued the much awaited clarifications on the said directive. One of the major clarifications being that where processing of a payment transaction happens overseas, then the payment systems data (including end-to-end transaction details) for the said transaction could also be stored abroad, but only for a limited period i.e. for the duration of processing the transaction.We have analyzed the implications of the clarificatory press release here.
  1. Dedicated committee to look into governance of non-personal dataThe Ministry of Electronics and Information Technology (MEITY) had in September released an office memorandum which constitutes a new Committee of Experts, chaired by Shri. Kris Gopalakrishnan (Co-Founder, Infosys). The MEITY had taken cue from the Committee that framed the draft Personal Data Protection Bill, 2018, that observed that community data is relevant for understanding public behavior, preferences and making decisions for the benefit of the community. MEITY observed that there is also a need to ‘recognize the economic dimension of data and suitable taxonomy of data’ and that privately collected digital data could be a necessary requirement for policy making, governance and public service delivery in many areas. The terms of reference of this committee are to:i. study various issues relating to non-personal data; and
    ii. make specific suggestions for consideration of the Central Government on non-personal data.

    The report and recommendations of the Committee is currently awaited.

Interesting and exciting times lie ahead. As one can see, data is no longer looked at as an intangible commodity but rather as an asset on which further value can be derived. Both consumers, organizations and now the Government see value in data, its usage and security. Also, as sectoral and industry-wide regulation evolves, business models will have to keep up. One must wait and watch whether 2019 has a twist in the tail, but certainly buckle up for 2020.

– Aaron KamathHuzefa Tavawalla & Gowree GokhaleYou can direct your queries or comments to the authors

IFLR1000: Tier 1 for Private Equity and Project Development: Telecommunications Networks.
2020, 2019, 2018, 2017, 2014

AsiaLaw Asia-Pacific Guide 2020: Ranked ‘Outstanding’ for TMT, Labour & Employment, Private Equity, Regulatory and Tax

FT Innovative Lawyers Asia Pacific 2019 Awards: NDA ranked 2nd in the Most Innovative Law Firm category (Asia-Pacific Headquartered)

RSG-Financial Times: India’s Most Innovative Law Firm
2019, 2017, 2016, 2015, 2014

Chambers and Partners Asia Pacific: Band 1 for Employment, Lifesciences, Tax and TMT
2019, 2018, 2017, 2016, 2015

Benchmark Litigation Asia-Pacific: Tier 1 for Government & Regulatory and Tax
2019, 2018

Legal500: Tier 1 for Dispute, Tax, Investment Funds, Labour & Employment, TMT and Corporate M&A
2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012

Who’s Who Legal 2019:
Nishith Desai, Corporate Tax and Private Funds – Thought Leader
Vikram Shroff, HR and Employment Law- Global Thought Leader
Vaibhav Parikh, Data Practices – Thought Leader (India)
Dr. Milind Antani, Pharma & Healthcare – only Indian Lawyer to be recognized for ‘Life sciences – Regulatory,’ for 5 years consecutively

Merger Market 2018:Fastest growing M&A Law Firm in India

Asia Mena Counsel’s In-House Community Firms Survey 2018:The only Indian Firm recognized for Life Sciences

IFLR: Indian Firm of the Year
2013, 2012, 2011, 2010

IDEX Legal Awards 2015: Nishith Desai Associates won the “M&A Deal of the year”, “Best Dispute Management lawyer”, “Best Use of Innovation and Technology in a law firm” and “Best Dispute Management Firm”


The contents of this hotline should not be construed as legal opinion. View detailed disclaimer.

This Hotline provides general information existing at the time of preparation. The Hotline is intended as a news update and Nishith Desai Associates neither assumes nor accepts any responsibility for any loss arising to any person acting or refraining from acting as a result of any material contained in this Hotline. It is recommended that professional advice be taken based on the specific facts and circumstances. This Hotline does not substitute the need to refer to the original pronouncements.
This is not a Spam mail. You have received this mail because you have either requested for it or someone must have suggested your name. Since India has no anti-spamming law, we refer to the US directive, which states that a mail cannot be considered Spam if it contains the sender’s contact information, which this mail does. In case this mail doesn’t concern you, please unsubscribe from mailing list.


Related Posts

Post Your Comment

You must be logged in to post a comment.

About Us

Nishith Desai Associates (NDA) is a research based international law firm with offices in Mumbai, Bangalore, Silicon Valley, Singapore, New Delhi, Munich and New York.


Mobile App


  • .
  • .
  • .