An Analysis of the Liberal and Strict Provisions in India’s New Privacy Law

India’s passage of its new Digital Personal Data Protection Act (DPDP) extends privacy rights to 881 million more internet users, posing a sheer volume challenge to global companies’ data compliance. The law, which creates a new regulator, is relatively relaxed about transfers of personal data and foregoes a few common privacy obligations for companies, though strongly emphasizes consent. This article breaks down the DPDP’s business-friendly, strict and unclear aspects, sharing insights from experts at DLA Piper, Epiq, Husch Blackwell, Osano and Wilmer Hale. See our three-part series on data localization: “Laws Spread and Enforcement Rises” (Nov. 3, 2021), “New Compliance Headaches and Costs Across the Globe” (Nov. 10, 2021), and “Cybersecurity Challenges Abound” (Nov. 17, 2021).

To read the full article

Continue reading your article with a CSLR subscription.