Acting for large domestic and multinational corporations, IndusLaw has a broad data protection practice that is adept at handling all aspects of data processing, protection, and optimisation, as well as advising on data breach responses and compliance frameworks. With significant expertise in international data law frameworks such as the GDPR, international and cross-border mandates are a notable area of strength for the team. Practice co-head Namita Viswanath, based in Bengaluru, has a broad data privacy practice focused on regulatory, policy, and compliance issues for clients across a broad spectrum of industries, with particular emphasis on emerging technologies and the fintech sectors. Founding partners Suneeth Katarki and Avimukt Dar oversee the department from the Bengaluru and New Delhi offices, respectively. Also in New Delhi, Shreya Suri is recommended for her ‘well-rounded and practical advice'; she has a broad practice that covers compliance, regulatory, and commercial matters for clients in the telecoms and e-commerce sectors.
Data protection in India
IndusLaw
Practice head(s):
Avimukt Dar; Suneeth Katarki; Namita Viswanath; Shreya Suri
Testimonials
‘Shreya Suri provides well-rounded and practical advice while keeping in mind our business offerings.’
Key clients
RooFoods Ltd. (Deliveroo UK)
Moody’s Corporation
Paychex Inc.
FedEx
Delhivery Private Limited (Delhivery)
Mango Sciences
Scrut.io (Riversys Technologies Private Limited)
TalentSprint
Azalp Technologies Private Limited (Rigi)
Work highlights
- Advised Netlink on its response protocol for an identified data breach, drafted the breach report and submitted the same to the Indian Computer Emergency Response Team (CERT-In) constituted under the Information Technology Act, 2000.
- Advised Moody’s, one of the worlds’ largest technology and data-enabled companies supporting the financial industry, on the new and then nascent cybersecurity directions applicable to various intermediaries and service providers issued by the CERT-In (Directions), the regulatory body for investigating and providing support on mitigation measures for cybersecurity incidents in India, on the key implications, the compliances and reporting required thereunder, and nuances relating to the extraterritorial applicability thereof.
- Advised Amazon.com Services LLC on the extraction and use of data and personal images to train a machine learning algorithm which would be applied globally. In this context, assisted Amazon in reviewing their agreements from the perspective of Indian data privacy and protection laws as well as intellectual property rights.
Khaitan & Co.
Jointly led by Supratim Chakraborty and Harsh Walia, the data protection team at Khaitan & Co. stands out for its multidisciplinary approach. Drawing together specialists from various practice areas such as TMT, corporate, IP, and competition, the practice runs the gamut of advisory matters across industries such as fintech, e-commerce, insurance, and securities markets. In Kolkata, the ‘very proactive' Chakraborty advises on emerging legislation as well as the data aspects of major transactional matters. In New Delhi, Walia is routinely instructed by large tech companies, regulatory authorities, and media organisations on cross-border data transfers and security mandates; counsel Shobhit Chandra is another key name here. Also in Delhi is telecoms regulatory and data protection specialist Abhinav Chandan.
Practice head(s):
Supratim Chakraborty; Harsh Walia
Other key lawyers:
Shobhit Chandra; Abhinav Chandan
Testimonials
‘Supratim Chakraborty has a good grasp on this evolving subject and that is what makes him and his team distinct.’
‘The Khaitan & Co team has hands-on knowledge on the subject of data protection law. They have expertise in not just Indian data protection law, but also advise on GDPR compliances.’
‘Supratim Chakraborty is a very proactive lawyer, having hands-on experience in handling any kind of queries and compliance with data protection law.’
Key clients
Reliance Industries Limited Group
Meta Platforms, Inc.
Bloomberg LP
STT Global Data Centres India Private Limited
SK Innovation
The Pokémon Company
Axis Bank Limited
Work highlights
- Advising Reliant Industries Limited Group on several aspects of its data privacy and protection compliances, including review of existing data privacy policies, considering its large scope of business. As part of such activities, advised the client on mandatory disclosures in its privacy policy, reasonable security practices, etc.
- Meta sought an extensive analysis of data access and surveillance regulations in India, including queries on law enforcement assistance, data retention, encryption use, and more. By navigating the intersection of technology and telecommunications law, the team was successful in identifying specific obligations and providing practical solutions for compliance.
- Providing an analysis of website terms of use and privacy policy for ‘Pokémon Café ReMix’ to ensure compliance with prevailing information technology and data protection laws in India. Conducted a detailed assessment of the client’s services with their existing policies, and proposed necessary changes to meet compliance standards, while minimizing country-specific alterations.
Spice Route Legal
Multinationals from a diverse range of sectors regularly instruct Spice Route Legal’s dedicated data protection, privacy, and cybersecurity team for advice across the full gamut of advisory, regulatory, and contentious matters. The Bengaluru-based team is led by co-founder Mathew Chacko, a seasoned data privacy specialist with strength in complex cross-border data protection mandates and regulatory issues, as well as data-related disputes. Aadya Misra, who is now a counsel, advises clients on emerging technologies, regulatory advisory matters, and incident reports, and has particular expertise handling major financial services data transfers from the EU to India, following the Schrems II decision. On the cybersecurity front, the team has seen increased activity concerning data breach response mandates.
Practice head(s):
Mathew Chacko
Other key lawyers:
Aadya Misra; Ankita Hariramani; Shambhavi Mishra
Testimonials
‘Mathew Chacko and Aadya Misra stand out. Both are collaborative and deeply knowledgeable about the law. What more can one want?’
‘The SRL team, led by Mathew Chacko, is able to keep the legal objectives, the letter of the law and technological change in focus while crafting an opinion or solution. They are willing to debate, define the issues and seek answers collaboratively with the client, which is a unique capability in this team.’
‘The team has been fantastic to work with. They are eager and curious about this field.’
‘Expertise, business understanding, practical approach, accommodation of reasonable client requests. It is a pleasure to work with them.’
‘Spice Route Legal is very practical and methodical in its approach to the issues. They have clear knowledge of the subject and are efficient in handling the issues which were presented to them.’
Key clients
3M
Adobe Inc.
Air India
Airtel
Bayer
Dell
Disney
Fiserv
HDFC Bank
Hewlett Packard
ICICI Bank
Meta Inc.
Microsoft
Talview Inc.
Zoom
BYJU’s
Gameopedia
Ingka
John Lewis Partners
Livspace
Lupin
Moneyview
Northern Arc
Proximie
Qure.Ai
Sandvine
SHL Group
Srijan Technologies
Stryker
Tanla Platforms
Tricog Health
Urban Company
Warner Bros
Workday
Work highlights
- Advised Singapore-based Livspace on data transfer analysis and compliance across India, Singapore, Malaysia, and Saudi Arabia.
- Assisted Northern Arc with ensuring that the data processing activities comply with the Reserve Bank of India’s new digital lending requirements and in developing procedures to ensure that its various partners in the digital lending ecosystem also do so.
- Assisted Talview Inc. with a 40-jurisdiction data protection compliance assessment to assess regulatory and business risks of offering AI-powered HR-tech video interview tools on a global scale.
Trilegal
Advising government entities, industry bodies, and large multinationals, the data protection offering at Trilegal spans the full range of advisory, strategic, and compliance matters. Counting major international tech entities among its impressive roster of clients, the Bengaluru-based team handles cross-border data transfers, emerging legislation compliance, and data breaches and cybersecurity incidents. Founding partner Rahul Matthan now heads the team, while former co-heads Nikhil Narendran and Jyotsna Jayaram remain with the practice. Matthan is a seasoned expert specialising in tech, regulatory, and e-commerce matters; TMT and corporate specialist Narendran advises blue-chip technology companies on data protection policies and practices, while Jayaram has recently assisted clients in the fintech, healthtech, and digital content sectors on sectoral data regulations and data-related transactional mandates.
Practice head(s):
Rahul Matthan
Other key lawyers:
Nikhil Narendran; Jyotsna Jayaram
Testimonials
‘Expertise and practical lawyering.’
Key clients
Solis Health Private Limited
SUN Mobility
IQVIA
Wikimedia Foundation
Davidson Kempner
Amazon Web Services
Amazon
PayPal India Private Limited
PayU Payments Private Limited
DXC Technology
Accenture India Pvt. Ltd.
Work highlights
- Advised on the Open Network for Digital Commerce (ONDC) initiative, advising on applicable data protection framework in India and making it future-ready, and assisted on aspects related to the deployment of smart contracts on the ONDC network and formulated the data governance policies and strategies that will govern the ONDC network.
Nishith Desai Associates
Nishith Desai Associates' dedicated data protection and privacy practice is adept at advising on all aspects of data, with expertise in personal data privacy, geospatial data matters, and novel issues related to emerging technologies such as AI. Acting for multinational corporations, the team takes an industry-focused approach and has particular strength in advising on domestic and international data protection laws. In Mumbai, Gowree Gokhale is recommended for her sector expertise across the pharma and tech industries; Bengaluru-based Huzefa Tavawalla focuses on matters relating to disruptive technologies as well as data-heavy transactions. Gokhale and Tavawalla now jointly co-head the team following the 2023 departure of former co-head Aarushi Jain to Cyril Amarchand Mangaldas. 2023 also saw the departure of Indrajeet Sircar to an in-house position.
Practice head(s):
Gowree Gokhale; Huzefa Tavawalla
Testimonials
‘The people here are brilliant, and they understand the new technologies.’
DSK Legal
DSK Legal’s data protection offering spans the full range of mandates, handling compliance, data transfer and sharing arrangements, as well as advising on security incidents and breach responses for a diverse roster of clients. Rishi Anand heads the firm’s technology practice and co-heads the data protection team, advising large multinationals and domestic corporates on the data protection implications of corporate transactions and cross-border M&A. Anand works alongside co-head Nakul Batra, a corporate and M&A expert and qualified computer science engineer; the duo is based in New Delhi.
Practice head(s):
Rishi Anand; Nakul Batra
Other key lawyers:
Chirag Jain
Testimonials
‘DSK is top-notch in the delivery of their services. They are prompt and do a deep dive analysis of matters offered to them. Their quality of services is commendable.’
‘The team consists of highly skilled people. They are extremely prompt in responding to our requests for assistance.’
Key clients
Amazon Digital Services Private Limited
Blue Dart Express Limited
Guangdong OPPO Mobile Telecommunications Corp., Ltd., China
Housing Development Finance Corporation Limited
HDFC Capital Advisors Limited
Herbalife International Inc., USA and Herbalife International India Private Limited
MoneyClub Technologies Private Limited
OnePlus Technology (Shenzhen) Co. Ltd.
Reliance Retail Limited
Redcliffe Lifetech Private Limited
DENSO International India Private Limited
Nykaa Fashion Private Limited
Scribetech India Healthcare Private Limited
Aurum Proptech Limited
Appcino Technologies Private Limited
Arisaig Partners (Asia) PTE Ltd
Oben Electric Vehicles Private Limited
Paygate India Private Limited
PhonePe Private Limited
Religare Enterprises Limited
National Payments Corporation of India
Fortinet Inc., and Fortinet Technologies India Private Limited
Astrum Digital Private Limited
Mumbai City Football Club, and City Football Group
Bhartipay Services Private Limited
Work highlights
- Advised and assisted Mumbai City FC and the CFG in reviewing and revising the intra-group data transfer agreement (IGDTA) entered into between the different football clubs under CFG in furtherance of the mandatory legal requirements under the EU laws, from an Indian data protection and privacy law perspective.
Samvad Partners
Leveraging the firm’s broader corporate, commercial, and transactional capabilities, Samvad Partners has extensive experience advising on cybersecurity, online privacy, and data protection issues, handling both advisory and contentious matters. The team is jointly led by Rohan George, based in Chennai, and Nivedita Nivargi, in Bengaluru. George advises Indian and international clients in the emerging tech sector on data protection aspects of compliance, licensing, and contracting. TMT specialist Nivargi has a broad practice and advises on data protection issues in the fintech, blockchain, and aerospace industries.
Practice head(s):
Rohan George; Nivedita Nivargi
Key clients
ADReS
Altlifelab Solutions Private Limited
Craft Council of India
Dhiway Networks Private Limited
FA Consulting
Freshworks Ltd
GILDEMEISTER Beteiligungen GmbH (DMG Mori AG)
Hevo Technologies India Private Limited
Joveo Inc
LHI TV Private Limited
Moveinsync Technology Solutions Private Limited
Socion Advisors
Sundaram Finance Ltd
Work highlights
- Acting as legal advisers for Jio Digital’s portfolio companies, such as Asteria Aerospace Limited, Sankhyasutra Labs, NewJ and Tesseract.
- Advised Algonomy regarding the need for opt-in consent prior to placing of cookies on user devices and advised on how the website could be in adherence to applicable data privacy laws, that is, United Kingdom General Data Protection Regulation (“UK GDPR”), Data Protection Act, 2018 (“DPA, 2018”) and The Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR”).
- Advised LHI TV Private Limited on the various data privacy related compliances applicable to the platform, from Indian laws, United States laws and GDPR perspective.
AZB & Partners
AZB & Partners' multidisciplinary data protection offering has considerable expertise in healthcare, IT, e-commerce, and emerging technologies, and handles both advisory, transactional, and compliance mandates both domestically and across borders. Key members of the team include Mumbai-based IP and IT specialist Nandan Pendsey, recommended for his regulatory expertise, as well as Rachit Bahl and Rohan Bagai, both in Delhi; Bahl advises multinational corporations on the data privacy and protection aspects of e-commerce, online healthcare, and surveillance issues, while Bagai has a special focus on payments and emerging technologies, routinely acting for fintech businesses.
Other key lawyers:
Nandan Pendsey; Rachit Bahl; Rohan Bagai
Testimonials
‘Detailed, well-considered advice on a fast evolving subject matter. Responsive and practical in their outlook.’
Majmudar & Partners
Majmudar & Partners leverages its considerable TMT practice to assist clients in the tech, IT, telecoms, and e-commerce sectors on a range of data protection issues, including regulatory, compliance, and transactional matters. Akil Hirani
, Neerav Merchant and N. Raja Sujith jointly oversee the practice. Sujith, based in Bengaluru, leads the firm’s South India practice and advises on the data protection elements of corporate transactions. Hirani, triple-qualified in India, England and Wales and California, and Merchant, who draws on in-house experience from the software industry, work alongside Sujith and co-lead the practice from Mumbai.
Practice head(s):
Akil Hirani; Neerav Merchant; N. Raja Sujith
Key clients
Baidu India Internet Private Limited
Empaxis Data Management India Private Limited
Maven Silicon Softech Pvt Ltd
Work highlights
- Advising Baidu India Internet Private Limited (subsidiary of Baidu, the Chinese Internet major) on various Indian law matters, including company law, information technology regulations and data protection laws.
- Advising Empaxis Data Management India Private Limited, a subsidiary of Empaxis US, the first middle and back-office outsourcing company designed to deliver offshore services exclusively to asset managers, hedge funds, and wealth managers, on various corporate, technology and employment law matters.
- Advised Maven Silicon Softech Pvt Ltd, an Indian VLSI training company, regarding the master service agreement with Synopsys.