Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in India.

Featured Resources

The evolution of India’s data privacy regime

While a standalone and comprehensive privacy law does not yet exist in the country, 2021 witnessed key developments in the data privacy and personal data protection space across various sectors in India. This article explores these developments.
Read More

Consent manager framework under India’s PDPB

When India’s Joint Parliamentary Committee submitted its report on the PDPB 2019 to Parliament in December 2021, it reinstated the concept of “consent managers.” The committee recommended the term be added to the definition clause of the upcoming Data Protection Act. This article explains consent managers are capable of transforming the way information is used and breaks down what companies need to do to ensure compliance with the concept.
Read More

Proposed changes to PDPB

The Joint Parliamentary Committee reviewing India’s Personal Data Protection Bill made a number of suggested changes to the law in its final report submitted to Indian Parliament Dec. 16, 2021. This article breaks down the most intriguing proposals that will be considered by Parliament ahead of tabling a final draft.
Read More

Latest News and Resources

CERT-In releases guidance on cyber-incident reporting

On 28 April, the Indian Computer Emergency Response Team issued guidance on information security practices, procedure, prevention, response and reporting of cyber incidents under the Information Technology Act. Effective 60 days after issue, the guidance includes mandatory cyber-incident reporting to CERT-In and follows the agency’s identification of gaps and issues in facilitating incident-response measures. “These directions shall enhance overall cyber security posture and ensure safe & tr... Read More

India mulling data protection bill rewrite

The Economic Times reports Indian officials are considering a complete re-draft of the Data Protection Bill 2019. An unnamed source involved in the pitch for fresh legislation said, "a new Bill altogether which is aligned with the current times" is being considered because lawmakers can "only tweak the clauses to some extent" with where the DPB stands now. Another source indicated the current DPB framework doesn't reflect India's advanced technology market and compliance with the existing bill "... Read More

India’s proposed DPB to have ‘tremendous impact’ on online advertising

MediaNama reports on the impacts India’s proposed Data Protection Bill is likely to have on the online advertising industry. As proposed, the bill requires specific, informed and clear user consent for personalized advertising, implements potential compliance burdens, restrictions on cross-border data transfers, and more. Miglani Varma & Co. Managing Partner Nikhil Varma said the “gamut of changes” the bill creates “is bound to have tremendous impact on how online advertising has been conduc... Read More

An examination of the DPO requirements in India’s proposed Data Protection Bill

The Indian Parliament moved one step closer to passing what would be the nation’s first comprehensive data protection law when, in December, a joint committee released a long-awaited report that recommended substantial changes to the original version of the comprehensive legislation. Although Parliament has yet to submit a version of the bill for a final vote, many experts think that will happen this year.  The report is the result of a two-year deliberation by the committee during which it con... Read More

PDPB report submitted to Indian Parliament
(IAPP, December 2021)
Supreme Court of India rules on privacy rights of citizens, journalists, social activists
(IAPP, November 2021)
Consumer privacy and the dispatch system in India
(IAPP, August 2021)
India’s new Intermediary & Digital Media Rules: Expanding the Boundaries of Executive Power in Digital Regulation
(Future of Privacy Forum, July 2021)
Handbook on Data Protection and Privacy for Developers of Artificial Intelligence in India
(Data Security Council of India, July 2021)
Indian biometric law stirs privacy concerns
(IAPP, July 2021)
Indian farmer database raises privacy concerns
(IAPP, July 2021)
Information Technology Rules, 2021 suggest big changes for Big Tech in India
(IAPP, April 2021)
Privacy Updates in China and India: 2 Giants Legislating Data Protection
(IAPP, April 2021)
WhatsApp sues Indian government over IT rules
(IAPP, May 2021)
Installation of facial recognition in Delhi schools raises privacy fears
(IAPP, March 2021)
DPO hiring gains momentum in India
(IAPP, February 2021)
Privacy program management in India — How to get started
(IAPP, January 2021)
Citizens must link mobile, ID data for COVID-19 vaccine
(IAPP, January 2021)
Assessing the quality and future of India’s privacy law
(IAPP, January 2021)
Media trials in India: An unwritten carve-out to the right to privacy?
(IAPP, November 2020)
Digital marketing and privacy: Navigating the Indian landscape
(IAPP, October 2020)
India moving forward with centralized health database
(IAPP, September 2020)
Government group issues draft for Indian third-party access
(IAPP, September 2020)
CIPL, DSCI Report: Enabling Accountable Data Transfers from India to the United States Under India’s Proposed Personal Data Protection Bill
(Hunton Andrews Kurth, September 2020)
How would India’s surveillance regime stack up in a ‘Schrems II’ scenario?
(IAPP, August 2020)
Op-ed: Unanswered questions in India’s proposal to regulate non-personal data
(IAPP, August 2020)
Op-ed: How the ‘Schrems II’ decision effects India
(IAPP, July 2020)
How to update your processes to be compliant with India’s privacy bill
(IAPP, March 2020)
Comparison: Indian Personal Data Protection Bill 2019 vs. GDPR
(IAPP, March 2020)
Privacy advocates question facial-recognition use at Delhi rally
(IAPP, January 2020)
Privacy advocates question facial-recognition use at Delhi rally
(IAPP, January 2020)
Will complying with India’s privacy law mean violating GDPR?
(IAPP, January 2020)
What you should know about India’s forward-moving privacy bill
(IAPP, December 2019)
Preparing for India’s new data protection framework
(IAPP, October 2019)
Localization conundrums: The Indian context
(IAPP, February 2019)
The Indian Supreme Court’s Aadhaar judgment — A privacy analysis
(IAPP, October 2018)
View More Resources

PDPB Bill and Documents

PDPB report submitted to Indian Parliament

A Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers. Lok Sabha outlined the report, which features 81 recommendations from the JPC and 150 corrections and improvements to various provisions. Lok Sabha and Rajya Sabha have until the end of the Winter Session Dec. 23 to consider and approve the report before acting on the bill, which may be considered in the current session or a future session. Key discrepancies remai... Read More