The Corporate law committee organised a talk on Digital Personal Data Protection Act by Mr. Madhav Thampi, Senior Associate at Trilegal, Bengaluru. He addressed the gathering of students by primarily addressing three key aspects related to India’s Data Protection Act: a) The need for such an Act b) the principles that govern data protection and c) India’s tryst with ‘privacy’ before the introduction of the DPDP, 2023.

The need for a Data Protection Act the speaker stated was to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes. He further added that such purposes are strictly governed by time and relevance of the data that is being asked for. However that being said, Mr Madhav added that not all data would come under the ambit of the Act.

The Guest Speaker then spoke about the principles that generally governs a data protection framework irrespective of country. Some of these principles that shape such a framework as discussed by Mr Madhav are as follows: a) the object of processing data should be lawful b) the principle of data minimisation c) the principle of purpose limitation d) the principle of storage limitation e) the principles of security, integrity and confidentiality and f) the principle of accuracy and lastly g) the principle of accountability.

Mr Madhav then delved into the pre-DPDP regime in India wherein he spoke about the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (Privacy Rules). Post this the guest speaker led an interactive session with the students and answered a variety of questions limited not just to the law but also involving recent developments in the Indian privacy landscape.