Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in India.

Featured Resources

India’s DPDPB 2022

The recently proposed DPDPB 2022 from India’s Ministry of Electronics and Information Technology is seeking to fulfill years of shortcomings with the Indian government’s prior draft data protection legislation. This article runs down what’s familiar and what’s new about MEITY’s latest proposal.
Read More

The evolution of India’s data privacy regime

While a standalone and comprehensive privacy law does not yet exist in the country, 2021 witnessed key developments in the data privacy and personal data protection space across various sectors in India. This article explores these developments.
Read More

Consent manager framework under India’s PDPB

When India’s Joint Parliamentary Committee submitted its report on the PDPB 2019 to Parliament in December 2021, it reinstated the concept of “consent managers.” The committee recommended the term be added to the definition clause of the upcoming Data Protection Act. This article explains consent managers are capable of transforming the way information is used and breaks down what companies need to do to ensure compliance with the concept.
Read More

Latest News and Resources

India’s digital lending guidelines attempt to regulate data privacy concerns

India's digital lending industry has grown exponentially in the last decade. Now the industry allows consumers to borrow money from peer-to-peer lenders. In India, the Aadhaar identity program was launched in 2009, allotting unique 12-digit identification numbers to billions of citizens. The Aadhaar adoption — coupled with the India Stack initiative, a set of application programming interfaces allowing entities to utilize digital infrastructure for presenceless, paperless and cashless service d... Read More

Industry stakeholders make pitches for India's proposed Digital Personal Data Protection Bill

Industry stakeholders took a firm stance on holding India's government to phased implementation of the proposed Digital Personal Data Protection Bill, The Economic Times reports. In comments to Indian Parliament's public consultation on the bill, industry players opined the 24-month grace period found in India's past privacy proposals should be carried over to the latest bill. Additionally, BSA|The Software Alliance called for implementing regulations to be finalized 12 months following potentia... Read More

Indian government reiterates intent to table reworked data protection bill

The Government of India told the Supreme Court of India that a revised data protection bill will be tabled in Parliament's Winter Session, ANI reports. During a hearing challenging WhatsApp's privacy notice, Solicitor General Tushar Mehta told the court the government is "alive" to India's lack of a privacy framework and a reworked bill is "underway." Supreme Court justices asked Mehta and the government to bring the bill before Parliament to resolve the WhatsApp case or they will move to a fina... Read More

India proposes telecom, online messaging bill

TechCrunch reports Indian Parliament published the draft Telecommunication Bill 2022, which aims to regulate digital communications. The bill allows the government to view all online communications in cases of perceived national security or public safety concerns while giving agencies immunity from potential lawsuits stemming from such intervention. The legislation also addresses spam messages, proposing consent requirements and a "Do Not Disturb" registry. The government opened a public consult... Read More

Call to protect customer privacy in India's new draft data protection bill

The Hindustan Times reports Reserve Bank of India deputy governor T Rabi Sankar said the new draft data protection bill should include protections for customer data. He also cautioned that monetization of customer data should offer “some level of consent.” Last month, Indian Minister of Railways, Communications and Electronics and Information Technology Ashwini Vaishnaw suggested a new data protection bill could be tabled during Parliament's next budget session in January 2023.Full Story... Read More

India’s revised data protection bill could be presented to Parliament by early 2023
(IAPP, August 2022)
India’s next data protection bill may drop DPA
(IAPP, August 2022)
Indian Parliament withdraws Data Protection Bill
(IAPP, August 2022)
CERT-In releases guidance on cyber-incident reporting
(IAPP, May 2022)
India mulling data protection bill rewrite
(IAPP, February 2022)
India’s proposed DPB to have ‘tremendous impact’ on online advertising
(IAPP, February 2022)
An examination of the DPO requirements in India’s proposed Data Protection Bill
(IAPP, February 2022)
A look at proposed changes to India’s (Personal) Data Protection Bill
(IAPP, January 2022)
State of Data Privacy: Mobile Apps & Websites from India
(ARRKA, January 2022)
PDPB report submitted to Indian Parliament
(IAPP, December 2021)
Supreme Court of India rules on privacy rights of citizens, journalists, social activists
(IAPP, November 2021)
Consumer privacy and the dispatch system in India
(IAPP, August 2021)
Handbook on Data Protection and Privacy for Developers of Artificial Intelligence in India
(Data Security Council of India, July 2021)
Indian biometric law stirs privacy concerns
(IAPP, July 2021)
Indian farmer database raises privacy concerns
(IAPP, July 2021)
Information Technology Rules, 2021 suggest big changes for Big Tech in India
(IAPP, April 2021)
Privacy Updates in China and India: 2 Giants Legislating Data Protection
(IAPP, April 2021)
WhatsApp sues Indian government over IT rules
(IAPP, May 2021)
Installation of facial recognition in Delhi schools raises privacy fears
(IAPP, March 2021)
DPO hiring gains momentum in India
(IAPP, February 2021)
Privacy program management in India — How to get started
(IAPP, January 2021)
Citizens must link mobile, ID data for COVID-19 vaccine
(IAPP, January 2021)
Assessing the quality and future of India’s privacy law
(IAPP, January 2021)
Media trials in India: An unwritten carve-out to the right to privacy?
(IAPP, November 2020)
Digital marketing and privacy: Navigating the Indian landscape
(IAPP, October 2020)
India moving forward with centralized health database
(IAPP, September 2020)
Government group issues draft for Indian third-party access
(IAPP, September 2020)
How would India’s surveillance regime stack up in a ‘Schrems II’ scenario?
(IAPP, August 2020)
Op-ed: Unanswered questions in India’s proposal to regulate non-personal data
(IAPP, August 2020)
Op-ed: How the ‘Schrems II’ decision effects India
(IAPP, July 2020)
How to update your processes to be compliant with India’s privacy bill
(IAPP, March 2020)
Comparison: Indian Personal Data Protection Bill 2019 vs. GDPR
(IAPP, March 2020)
Privacy advocates question facial-recognition use at Delhi rally
(IAPP, January 2020)
Privacy advocates question facial-recognition use at Delhi rally
(IAPP, January 2020)
Will complying with India’s privacy law mean violating GDPR?
(IAPP, January 2020)
What you should know about India’s forward-moving privacy bill
(IAPP, December 2019)
Preparing for India’s new data protection framework
(IAPP, October 2019)
Localization conundrums: The Indian context
(IAPP, February 2019)
The Indian Supreme Court’s Aadhaar judgment — A privacy analysis
(IAPP, October 2018)
View More Resources

Privacy Legislation and Documents

India's Digital Personal Data Protection Bill 2022: Does it overhaul the former PDPB?

Four years ago India received the landmark Puttaswamy judgment, which enshrined the right to privacy for the world's largest democracy. Since then, through various iterations, the government of India has attempted to devise an act that can adequately ensure the privacy of its more than 760 million active internet users. Versions of the Personal Data Protection Bill were proposed in 2018 and 2019, each receiving extensive scrutiny from experts across the country and alarming tech giants with requ... Read More

PDPB report submitted to Indian Parliament

A Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers. Lok Sabha outlined the report, which features 81 recommendations from the JPC and 150 corrections and improvements to various provisions. Lok Sabha and Rajya Sabha have until the end of the Winter Session Dec. 23 to consider and approve the report before acting on the bill, which may be considered in the current session or a future session. Key discrepancies remai... Read More