[Adarsh Philip Roy is a PG student at West Bengal National University of Juridical Sciences (WBNUJS), Kolkata.] The Digital Personal Data Protection Act, 2023 (DPDPA) establishes a framework for the collection, storage, processing, and ultimately the protection of personal data. On closer examination, however, this seemingly progressive law carries a controversial twist. Unlike other global data protection laws,…
Category: Data Privacy
Zero Days and Zero Rights? Legal Vacuum In India’s Cyber Incident Reporting Regime
[This article has been co-authored by Aayushman Verma and Amal Singh Patel, who hold an MS in Cyber Law & Information Security from the National Law Institute University, Bhopal. It examines India’s cyber incident reporting regime under CERT-In’s 2022 Directions, arguing that while it imposes strict six-hour reporting deadlines on companies, it fails to create…
A Critical Analysis of the Publicly Available Data Exemption in the Digital Personal Data Protection Act
[This article has been co-authored by Arpanjot Kaur and Shubham Thakare, third-year students at the National Law School of India University (NLSIU), Bengaluru. It critically examines Section 3(c)(ii) of India’s Digital Personal Data Protection Act, which exempts “publicly available” personal data from protection, arguing that its vague language creates a massive loophole that undermines the…