Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in India.

Featured Resources

The evolution of India’s data privacy regime

While a standalone and comprehensive privacy law does not yet exist in the country, 2021 witnessed key developments in the data privacy and personal data protection space across various sectors in India. This article explores these developments.
Read More

Consent manager framework under India’s PDPB

When India’s Joint Parliamentary Committee submitted its report on the PDPB 2019 to Parliament in December 2021, it reinstated the concept of “consent managers.” The committee recommended the term be added to the definition clause of the upcoming Data Protection Act. This article explains consent managers are capable of transforming the way information is used and breaks down what companies need to do to ensure compliance with the concept.
Read More

Proposed changes to PDPB

The Joint Parliamentary Committee reviewing India’s Personal Data Protection Bill made a number of suggested changes to the law in its final report submitted to Indian Parliament Dec. 16, 2021. This article breaks down the most intriguing proposals that will be considered by Parliament ahead of tabling a final draft.
Read More

Latest News and Resources

Indian government reiterates intent to table reworked data protection bill

The Government of India told the Supreme Court of India that a revised data protection bill will be tabled in Parliament's Winter Session, ANI reports. During a hearing challenging WhatsApp's privacy notice, Solicitor General Tushar Mehta told the court the government is "alive" to India's lack of a privacy framework and a reworked bill is "underway." Supreme Court justices asked Mehta and the government to bring the bill before Parliament to resolve the WhatsApp case or they will move to a fina... Read More

India proposes telecom, online messaging bill

TechCrunch reports Indian Parliament published the draft Telecommunication Bill 2022, which aims to regulate digital communications. The bill allows the government to view all online communications in cases of perceived national security or public safety concerns while giving agencies immunity from potential lawsuits stemming from such intervention. The legislation also addresses spam messages, proposing consent requirements and a "Do Not Disturb" registry. The government opened a public consult... Read More

Call to protect customer privacy in India's new draft data protection bill

The Hindustan Times reports Reserve Bank of India deputy governor T Rabi Sankar said the new draft data protection bill should include protections for customer data. He also cautioned that monetization of customer data should offer “some level of consent.” Last month, Indian Minister of Railways, Communications and Electronics and Information Technology Ashwini Vaishnaw suggested a new data protection bill could be tabled during Parliament's next budget session in January 2023.Full Story... Read More

India's revised data protection bill could be presented to Parliament by early 2023

The Hindu reports Indian Minister of Railways, Communications and Electronics and Information Technology Ashwini Vaishnaw indicated a fresh data protection bill will be published for public comments soon and hopefully be tabled during Indian Parliament's Budget Session in January 2023. Vaishnaw said the bill will reflect modern thinking around data protection, adding that "it should not be like we are trying to create a paper system for a digital world." The upcoming draft may include reported c... Read More

India's next data protection bill may drop DPA

Members of Indian Parliament could exclude provisions for a data protection authority when drafting a fresh data protection bill, the Hindustan Times reports. An official familiar with Parliament's negotiations said many proposed DPA functions "were out of its remit" and dropping the DPA would help "to not overwhelm one authority and increase compliance costs for small companies." The new bill may add a consumer redress mechanism in lieu of a regulator.Full Story... Read More

Indian Parliament withdraws Data Protection Bill
(IAPP, August 2022)
CERT-In releases guidance on cyber-incident reporting
(IAPP, May 2022)
India mulling data protection bill rewrite
(IAPP, February 2022)
India’s proposed DPB to have ‘tremendous impact’ on online advertising
(IAPP, February 2022)
An examination of the DPO requirements in India’s proposed Data Protection Bill
(IAPP, February 2022)
State of Data Privacy: Mobile Apps & Websites from India
(ARRKA, January 2022)
PDPB report submitted to Indian Parliament
(IAPP, December 2021)
Supreme Court of India rules on privacy rights of citizens, journalists, social activists
(IAPP, November 2021)
Consumer privacy and the dispatch system in India
(IAPP, August 2021)
India’s Intermediary & Digital Media Rules
(Future of Privacy Forum, July 2021)
Handbook on Data Protection and Privacy for Developers of Artificial Intelligence in India
(Data Security Council of India, July 2021)
Indian biometric law stirs privacy concerns
(IAPP, July 2021)
Indian farmer database raises privacy concerns
(IAPP, July 2021)
Information Technology Rules, 2021 suggest big changes for Big Tech in India
(IAPP, April 2021)
Privacy Updates in China and India: 2 Giants Legislating Data Protection
(IAPP, April 2021)
WhatsApp sues Indian government over IT rules
(IAPP, May 2021)
Installation of facial recognition in Delhi schools raises privacy fears
(IAPP, March 2021)
DPO hiring gains momentum in India
(IAPP, February 2021)
Privacy program management in India — How to get started
(IAPP, January 2021)
Citizens must link mobile, ID data for COVID-19 vaccine
(IAPP, January 2021)
Assessing the quality and future of India’s privacy law
(IAPP, January 2021)
Media trials in India: An unwritten carve-out to the right to privacy?
(IAPP, November 2020)
Digital marketing and privacy: Navigating the Indian landscape
(IAPP, October 2020)
India moving forward with centralized health database
(IAPP, September 2020)
Government group issues draft for Indian third-party access
(IAPP, September 2020)
CIPL, DSCI Report: Enabling Accountable Data Transfers from India to the United States Under India’s Proposed Personal Data Protection Bill
(Hunton Andrews Kurth, September 2020)
How would India’s surveillance regime stack up in a ‘Schrems II’ scenario?
(IAPP, August 2020)
Op-ed: Unanswered questions in India’s proposal to regulate non-personal data
(IAPP, August 2020)
Op-ed: How the ‘Schrems II’ decision effects India
(IAPP, July 2020)
How to update your processes to be compliant with India’s privacy bill
(IAPP, March 2020)
Comparison: Indian Personal Data Protection Bill 2019 vs. GDPR
(IAPP, March 2020)
Privacy advocates question facial-recognition use at Delhi rally
(IAPP, January 2020)
Privacy advocates question facial-recognition use at Delhi rally
(IAPP, January 2020)
Will complying with India’s privacy law mean violating GDPR?
(IAPP, January 2020)
What you should know about India’s forward-moving privacy bill
(IAPP, December 2019)
Preparing for India’s new data protection framework
(IAPP, October 2019)
Localization conundrums: The Indian context
(IAPP, February 2019)
The Indian Supreme Court’s Aadhaar judgment — A privacy analysis
(IAPP, October 2018)
View More Resources

PDPB Bill and Documents

PDPB report submitted to Indian Parliament

A Joint Parliamentary Committee's final report on India's Personal Data Protection Bill has been tabled in Parliament's two chambers. Lok Sabha outlined the report, which features 81 recommendations from the JPC and 150 corrections and improvements to various provisions. Lok Sabha and Rajya Sabha have until the end of the Winter Session Dec. 23 to consider and approve the report before acting on the bill, which may be considered in the current session or a future session. Key discrepancies remai... Read More