Eight years after the Supreme Court’s landmark judgment in KS Puttaswamy (2017) that recognised privacy as a fundamental right, India finally has a functioning data protection regime. The notification of the Digital Personal Data Protection (DPDP) Rules marks the end of an unusually protracted journey, from the Srikrishna Committee report of 2018, through multiple drafts and political compromises, to the diluted but workable framework unveiled recently.

For a country that is now one of the world’s most digitised societies, this law could not have come sooner. In recent years, consumers have been consistently exposed to cyber threats. Incidents of hackers breaching sensitive Aadhaar-linked databases, phishing attacks on banks, and ransomware hits on public systems have made it evident that

See Full Page