Today's Headlines

1. DPDP Enforcement Begins - Lexology

Source: Google News DPDP | Read Original →

The Digital Personal Data Protection (DPDP) Act 2023 has officially moved from notification to active enforcement. This marks a significant shift for Indian businesses, as the grace period concludes and the Data Protection Board of India (DPBI) is now empowered to act on non-compliance, imposing penalties up to ₹250 Cr. Businesses must immediately ensure their practices align with Section 8 (Data Fiduciary obligations) and Section 10 (Data Processor obligations).

2. WhatsApp and DPDP Act in Supreme Court raise a question: Do citizens control their data, or does their data control them? - The Indian Express

Source: Google News DPDP | Read Original →

A crucial case involving WhatsApp's data sharing policies and user consent is currently before the Supreme Court, now explicitly viewed through the lens of the DPDP Act. This legal challenge underscores the Act's core intent to empower Data Principals with control over their personal data, reinforcing rights such as consent (Section 6) and right to erasure (Section 13), and will likely shape judicial interpretation of these provisions. The outcome will be highly influential for all major tech platforms operating in India.

3. Why privacy by design matters most in high-risk data ecosystems - Express Computer

Source: Google News DPDP | Read Original →

This article highlights the increasing importance of adopting privacy by design (PbD) principles, particularly for businesses handling sensitive data or operating in complex data ecosystems. Proactively embedding privacy safeguards into system architecture and processes from the outset, rather than as an afterthought, is now critical for meeting DPDP Act requirements, especially concerning reasonable security safeguards (Section 8(4)) and minimizing data collection. This approach helps businesses mitigate risks, ensure compliance, and build trust with Data Principals.

4. Consent Managers under India’s DPDP Regime: Gatekeepers of Data Autonomy or Instruments of Big-Fiduciary Control? - Legal Service India

Source: Google News DPDP | Read Original →

The concept of Consent Managers, as outlined in Section 6(4) of the DPDP Act, is under scrutiny regarding their actual impact on Data Principal autonomy. While intended to empower individuals to manage their consent centrally, questions arise about whether they might become tools for large Data Fiduciaries or truly serve the user. Businesses integrating with or considering Consent Managers must ensure these platforms are transparent, user-centric, and fully compliant with the spirit of the Act to avoid potential legal and reputational pitfalls.

Stay Compliant

Not sure if your business meets DPDP standards? Start with a free check:

🔍 Run Your Free DPDP Audit →

16 questions. 60 seconds. Instant risk report.

---

Published by DPDP News, a Meridian Bridge Strategy initiative. For compliance consulting, book a free call.