India’s emerging data protection framework : A critical analysis of legal reform and global interoperability

This paper discusses the data protection and governance framework in India, catalysed by rapid digitisation and escalating cyber threats, data thefts and data breaches. The central research question is ‘How India’s evolving legislative and regulatory framework specifically the Information and Technology Act, 2000 (IT Act) and the Digital Personal Data Protection Act, 2023 (DPDP Act) and its rules are helping in protecting personal data, ensuring accountability, aligning with global norms on data protection and cross border data transfer and many other related issues?’. The paper posits that while the IT Act laid foundational digital infrastructure, it lacked comprehensive safeguards to protect personal data and user rights gaps, which the DPDP Act aims to bridge through a more comprehensive, rights-based, and principle-driven approach. This paper uses comparative legal analysis, case law review and regulatory gap assessment to show that the DPDP Act represents a significant shift by codifying user rights, establishing an independent Data Protection Board of India (DPB), and imposing stricter duties on data fiduciaries. However, it also points out possible challenges related to practical compliance. The findings of this research may offer vital guidance on emerging compliance requirements, disapprovals and potential exposures/risks. For policymakers, it emphasises harmonised rulemaking and enhanced institutional capacities. For businesses, it provides practical insights into managing user consent, navigating cross-border data transfers and mitigating compliance risks under the evolving regulatory landscape. Ultimately, the true impact of the framework will depend on its effective implementation and enforcement in the near future, paving the way for a transparent, secure, equitable, accountable and globally compatible data governance ecosystem. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.