Driven by excellence, focused on strategies for the longer term.

This is the crux of who we are. It is an articulation of precision in purpose, from the Firm’s beginnings to where we are today. Our collective eye is unerringly trained on tomorrow.

Deep sectoral expertise across services and industries.

Our insistence on strategic advisory exacts an in-depth understanding of and involvement with our clients’ businesses and industries. We engage not just individual businesses, but also contribute to the country’s legal and regulatory frameworks.

Personal commitment supported by experience and grit.

We commit early. We pull together internally for greater support. Every effort is sincere, every individual deeply dedicated to their task, their role, to the Firm.

Our undertakings for long-term impact are an organic extension of our purpose.

They are to employ our deep knowledge of the law beyond the business, the transaction, the deal. To use the opportunities and skills we possess, to reflect on the culture we’re creating. Individually and collectively, these are our efforts to help shape the thinking of our future generations, and arm them with strategies for true, sustainable growth.

Knowledge-sharing is intrinsic to equity and inclusivity.

This is a repository of thought leadership, deep insights and strong viewpoints, legal and other news and events and how they impact the industry and our clients.

Relevance is critical to growth. It necessitates a firm that is dynamic and responsive.

Amplifying intrinsic talent, sharpening skills, expanding knowledge, is vital to leading. It defines every aspect of how our firm functions and transacts. This is how we create new benchmarks and set industry standards.

  • Connect
Dec 31, 2022

Digital Personal Data Protection Bill, 2022 Released

A draft legislation titled the Digital Personal Data Protection Bill, 2022 (‘DPDB’) was released on November 18, 2022, by the Ministry of Electronics and Information Technology, inviting comments from stakeholders (which were to be provided by January 2, 2023). The DPDB is significantly different from the previous draft privacy legislation that was pending consideration until August and proposes significant changes to the current data protection regime in India.

The DPDB governs the processing of all digital personal data and amongst other provisions provides for ‘Data Fiduciaries’ and ‘Data Principals’. A Data Fiduciary is defined to mean any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data, and a Data Principal will mean the individual to whom the data relates. Some of the key changes that the DPDB contemplates are as follows:

i.     DPDB provides for the omission of Section 43A of the Information Technology Act, 2000 (‘IT Act’) which is the provision under which the existing data privacy and protection regime in India i.e., The Information Technology (Reasonable Security Practices & Procedures and Sensitive Personal Data or Information) Rules, 2011 (‘SPDI Rules’), have been enacted;

ii.    DPDB allows for the transfer of personal data outside India by a Data Fiduciary. However, personal data may be transferred only to those countries that are notified by the Central Government and subject to prescribed terms and conditions;

iii.   DPDB requires the Data Fiduciary to provide an itemized notice to the Data Principal, containing (i) a description of personal data sought to be collected; and (ii) the purpose of collecting such data. Specific, freely given, informed and unambiguous consent of Data Principals is to be obtained by the Data Fiduciary, prior to collecting their personal data; and

iv.   DPDB provides for ‘deemed consent’ of a Data Principal in certain cases. A Data Principal is deemed to have given his/her consent under the DPDB where (i) personal data is provided voluntarily in a situation where they would be reasonably expected to voluntarily provide such data; (ii) necessary for performance of any function under the law; (iii) necessary for compliance with any judgment or order issued under any law; (iv) necessary for providing medical treatment during an epidemic / outbreak of a disease / threat to public health; (v) necessary for public safety and order; or (vi) necessary for employment purposes.

Significant penalties have been included for non-compliance with the provisions of the DPDB and range from ₹10,000 (approx. US$ 120) to ₹250 crores (approx. US$ 30.1 million). As with the previous draft privacy legislation that was introduced by the Indian Government, the DPDB may undergo significant changes pursuant to stakeholder comments and discussions before it is introduced in Parliament for consideration.

TAGS

SHARE

Subscribe

DISCLAIMER

These are the views and opinions of the author(s) and do not necessarily reflect the views of the Firm. This article is intended for general information only and does not constitute legal or other advice and you acknowledge that there is no relationship (implied, legal or fiduciary) between you and the author/AZB. AZB does not claim that the article's content or information is accurate, correct or complete, and disclaims all liability for any loss or damage caused through error or omission.

RELATED READING

Inter Alia

Guidelines for Establishing Foreign Universities in India

Jan 23, 2024 | Regulatory & Securities
Inter Alia

Seven Judge Bench of SC Held That Unstamped or Inadequately Stamped Arbitration Agreement are Not Rendered Void or Void Ab Initio or Unenforceable

Jan 23, 2024 | Dispute Resolution
Inter Alia

SEBI Amends Guidelines on Anti-Money Laundering Standards and Combating Financing of Terrorism

Jan 23, 2024 | Regulatory & Securities