Data Protection

Key Changes Announced in the Regulation of Geospatial Data & Data Services

On 15 February 2021, in an effort to boost innovation in the sector, the Government of India announced the liberalisation of policies on the acquisition and production of geospatial and mapping data. In this regard, the Department of Science and Technology (“DST”) has issued a set of guidelines that has removed all prior approvals for …

Key Changes Announced in the Regulation of Geospatial Data & Data Services Read More »

The Right To Be Forgotten in India: Recent Developments

Recent discussions on the scope of the right to privacy often centre on the ambit of the “right to be forgotten”. Finding significant footing in the EU’s General Data Protection Regulation (“GDPR”), the right to be forgotten substantiates erasure obligations, and requires companies that publicise personal data to erase links to, or copies of, such …

The Right To Be Forgotten in India: Recent Developments Read More »

APAC Update: Data Protection Developments in China

It has been an interesting quarter for data protection developments in China. Shortly after the National People’s Congress issued a draft of a proposed data protection law in October 2020, the country’s cyberspace regulator has initiated steps to limit the scope of information sought by operators of mobile applications.  The Cyberspace Administrator of China (or …

APAC Update: Data Protection Developments in China Read More »

IBLJ ranks us a top tier law firm for (i) Data Compliance and Cybersecurity, (ii) Fintech and (iii) Technology & Telecommunications

We are pleased to announce that Spice Route Legal’s work has been appreciated by the India Business Law Journal and we have ranked as a top tier law firm for data compliance and cybersecurity, fintech and technology and telecommunications. The editorial board observed that “In a short period of time, Spice Route Legal has made …

IBLJ ranks us a top tier law firm for (i) Data Compliance and Cybersecurity, (ii) Fintech and (iii) Technology & Telecommunications Read More »

Cross-border transfers of genomic data: the Indian framework

Introduction A significant increase in medical research in India gives rise to the question – does transfer of genomic data from India require regulatory consent? India’s data protection framework is silent – and its health laws, while not so silent, do not comprehensively frame the process required for the transfer of genomic data. In summary, …

Cross-border transfers of genomic data: the Indian framework Read More »

Vicarious Liability for Data Breach: English Law

INTRODUCTION The Supreme Court of the United Kingdom (“Supreme Court” or “Court”) in WM Morrison Supermarkets plc versus Various Claimants[1] was faced with the question on the vicarious liability of employers for a data breach committed by employees. While this question has not yet arisen under Indian law, given the Puttaswamy judgment[2] – we suspect …

Vicarious Liability for Data Breach: English Law Read More »

Data Localisation

On June 26, 2019, the Reserve Bank of India issued clarifications to its fairly controversial data localisation order that required all data relating to payment systems to be stored in India (“Data Localisation Order” or “Order”). While the Data Localisation Order regulated entities that fell within the RBI’s ambit, the clarifications go a step further: …

Data Localisation Read More »

Privacy In The Context Of Mental Healthcare Act, 2017

I. Introduction The Mental Healthcare Act, 2017 (“Mental Healthcare Act”) effectuated in 2018 replaced the then extant – and archaic – 1987 law on the treatment of mental health and illness in India. Aimed to protect the rights of persons with mental illnesses, the Mental Healthcare Act goes a step further than the 1987 legislation …

Privacy In The Context Of Mental Healthcare Act, 2017 Read More »

Kerala High Court: Demand for Bank Account Statements Amounts to Violation of Fundamental Right To Privacy

Introduction The Division Bench of the Kerala High Court on September 4, 2019, in Raju Sebastian and Ors. v. Union of India[1] ruled that demand for bank statements and income tax details would constitute a violation of the fundamental right to privacy if the demand did not satisfy the tests of legality, proportionality, and necessity as …

Kerala High Court: Demand for Bank Account Statements Amounts to Violation of Fundamental Right To Privacy Read More »