Today's Headlines

1. The hollow heart of data protection: How the DPDP Act abandons the data breach victim

Source: Google News DPDP | Read Original →

A recent critique argues that while the DPDP Act imposes significant penalties on Data Fiduciaries for data breaches, it offers limited direct recourse or compensation mechanisms for the affected individuals (Data Principals). This analysis highlights a perceived gap where the Act prioritizes penalizing non-compliance (specifically Section 8 obligations) rather than directly empowering victims with avenues for quick redressal, leaving it largely to the discretion of the Data Protection Board.

2. India's DPDP Act: Data Breach Penalties Shift from Victims to State

Source: Google News DPDP | Read Original →

Echoing similar concerns, this report emphasizes that penalties for data breaches under the DPDP Act (which can be up to ₹250 Cr for failure to take reasonable security safeguards under Section 8(5)) are paid to the state rather than directly compensating victims. For businesses, this means the focus remains squarely on preventing breaches and ensuring robust security, as non-compliance will incur substantial financial liability, even if individual Data Principals don't receive direct payouts.

3. WhatsApp says Italian surveillance company tricked around 200 users into downloading spyware

Source: The Hindu Tech | Read Original → WhatsApp (owned by Meta Platforms) revealed that an Italian surveillance company, ASIGINT, a subsidiary of SIO, tricked approximately 200 users into downloading spyware. While an international incident, this underscores the persistent and evolving threat landscape of cyberattacks and the critical importance for all Indian Data Fiduciaries to implement state-of-the-art security measures to protect Personal Data under Section 8(5) of the DPDP Act.

4. USTR flags issues in DPDP Act, IT Rules provisions impacting firms - Business Standard

Source: Google News DPDP | Read Original →

The U.S. Trade Representative (USTR) has expressed reservations regarding certain provisions within India's DPDP Act and the IT Rules, suggesting they could adversely affect foreign companies operating within the Indian market. This development signals ongoing international scrutiny of India's data protection framework, potentially influencing future regulatory adjustments and prompting Indian businesses, especially those with global operations, to closely monitor implications for cross-border data flows and compliance overhead.

5. IAMAI sees 'overreach' in NHRC's notice to MeitY over AI companies' DPDP breaches - ET BrandEquity

Source: Google News DPDP | Read Original →

The Indian Internet and Mobile Association of India (IAMAI) has criticized a notice issued by the National Human Rights Commission (NHRC) to MeitY concerning alleged DPDP breaches by AI companies, calling it an "overreach." This dispute highlights the burgeoning complexity of regulatory oversight for emerging technologies like AI and raises questions about the clear demarcation of enforcement authority under the DPDP Act, signaling potential jurisdictional challenges for businesses navigating Data Fiduciary obligations in AI development.

Stay Compliant

Not sure if your business meets DPDP standards? Start with a free check:

🔍 Run Your Free DPDP Audit →

16 questions. 60 seconds. Instant risk report.

---

Published by DPDP News, a Meridian Bridge Strategy initiative. For compliance consulting, book a free call.