For years, India’s relationship with personal data existed in fragments—scattered rules, evolving judgments, and growing digital dependence. The law acknowledged the importance of data, but never fully controlled its flow. As technology advanced and personal data became the currency of the digital economy, one truth became unavoidable: a scattered approach could no longer sustain a data-driven nation. 1. The Journey So Far India’s path to data protection was gradual and layer

From Legal Gaps to a Data Protection Framework For years, India stood at the crossroads of a digital revolution without a corresponding legal shield. Personal data flowed freely collected, stored, traded, and sometimes breached yet the law struggled to keep pace. The recognition of privacy as a right raised expectations, but the absence of a comprehensive framework exposed a deeper truth: rights without enforcement are merely promises. The Digital Personal Data Protection Act

Long before India enacted a comprehensive data protection law, a global standard had already begun reshaping how personal data was viewed, regulated, and protected. The General Data Protection Regulation (GDPR) did not merely regulate Europe—it redefined data protection worldwide. India’s eventual framework reflects this influence, both in adoption and in deliberate divergence. 1. What is the GDPR? TheGeneral Data Protection Regulation is a comprehensive data protection law t

Before data protection became a compliance requirement, it was a constitutional battle. Before laws began regulating companies, the Constitution had to recognize the individual. In a historic moment, the Supreme Court didn’t just decide a case, it redefined the relationship between the State and personal liberty. What Is the Puttaswamy Judgment? The Justice K.S. Puttaswamy v. Union of India (2017)  judgment is a landmark decision of the Supreme Court of India. It held that: R

Before India had a comprehensive data protection law, privacy protection existed in fragments, reactive, limited, and often overlooked. Yet, within this fragmented framework lay the first serious attempt to regulate personal data… quietly embedded in cyber law. What Are Section 43A and the SPDI Rules? India’s earliest structured framework for data protection emerged through: Section 43A of the Information Technology Act, 2000 The Information Technology (Reasonable Security Pr

Before a comprehensive law stepped in, privacy in India existed like a scattered puzzle — pieces of protection, but no complete picture. The question was never whether privacy mattered… but whether the law truly safeguarded it. What Was the State of Privacy Before the DPDP Act? Before the enactment of the Digital Personal Data Protection Act, 2023, India did not have a dedicated, comprehensive data protection law . Instead, privacy protection existed through: Judicial interpr