Target Audience: Multinational Corporations (MNCs) and Legal Counsel. Focus: Comparative law and transition strategy.
Introduction: For companies already compliant with Europe’s GDPR, the DPDPA might feel familiar. However, assuming “GDPR compliance = DPDPA compliance” is a dangerous mistake. India has introduced unique concepts that require specific architectural changes.
Key Differences to Watch:
- The Age of Consent: While GDPR allows member states to set the age of consent between 13 and 16, India has set a strict bar at 18. This significantly impacts EdTech, Gaming, and Social Media industries.
- Consent Managers: India introduces a new regulated entity—the “Consent Manager.” This is a platform that allows individuals to manage their consents across multiple fiduciaries in one place.
- Legitimate Uses vs. Legitimate Interests: The DPDPA is narrower. It replaces the broad “Legitimate Interests” of the GDPR with specific “Legitimate Uses,” such as medical emergencies or employment purposes.
- The Right to Nominate: Unique to India, a Data Principal has the right to nominate someone to exercise their rights in the event of death or incapacity.
The Mentor’s Take: Global firms should create an “India-specific Annex” to their global privacy policy rather than trying to force-fit European standards onto the Indian legal framework.
