Corporate, Commercial & Finance
Technology, Data and Cyber Law
Advice on data protection, intermediary liability, technology contracts and cybercrime under the IT Act, the DPDP Act and the Telecommunications Act.
Technology law has moved from a niche to a board-level concern, driven by a wave of new legislation: the Digital Personal Data Protection Act, 2023, the Telecommunications Act, 2023 and the evolving rules on intermediaries and online content, layered over the Information Technology Act, 2000. The firm advises businesses and individuals on compliance with this framework, on technology contracts, and on the cybercrime and data-breach matters that increasingly arise.
This is an area where the firm's particular combination of technology and legal training is directly useful. Compliance and disputes here turn on how systems actually handle data and how electronic evidence is produced, which the firm reads with genuine technical understanding.
Data protection and privacy
The Digital Personal Data Protection Act, 2023, with the rules notified in 2025, sets out how organisations that handle personal data must obtain consent, give notice, limit purpose and retention, secure the data and honour the rights of individuals. The firm advises businesses on building this compliance into their notices, consents and systems, and advises individuals on their rights and on data-breach situations.
Intermediary liability and online content
Online platforms enjoy a conditional safe harbour under Section 79 of the Information Technology Act, provided they meet the due-diligence obligations in the intermediary rules. The firm advises platforms and businesses on these obligations, on content takedown and grievance processes, and on responding to notices and orders.
Technology contracts and cybercrime
The firm drafts and negotiates technology contracts, software, SaaS, data-processing and outsourcing agreements, with proper allocation of liability and data obligations. On the contentious side, it advises on cyber offences under the Information Technology Act and on the gathering and challenging of electronic evidence, where the integrity and certification of the record are often decisive.
The legal framework
The principal statutes and the provisions that most often decide these matters. Statute text can be read in the firm's Legal Library; always check the current version at the official source.
Information Technology Act, 2000 · Act 21 of 2000
- Section 43A — compensation for failure to protect sensitive personal data.
- Section 79 — the conditional safe harbour for intermediaries that observe due diligence.
- Sections 66, 72 — computer-related offences and breach of confidentiality.
Digital Personal Data Protection Act, 2023 · Act 22 of 2023
- Consent and notice — obligations on data fiduciaries and the rights of data principals.
Telecommunications Act, 2023 · Act 44 of 2023
- Telecom framework — the new law for telecommunication services and spectrum, replacing the Telegraph Act, 1885.
Key judgments
Grouped by issue. Each case is cited from the court's own record; open a heading to read it.
Online speech & intermediaries 1
Shreya Singhal v. Union of India Supreme Court
(2015) 5 SCC 1
Struck down Section 66A of the IT Act as an unconstitutional restriction on free speech, and read down the intermediary safe harbour in Section 79 so that an intermediary need act on content only on a court order or a government direction, not on private demands.
Privacy & data protection 1
K.S. Puttaswamy v. Union of India Supreme Court
(2017) 10 SCC 1
A nine-Judge Bench held that the right to privacy is a fundamental right under Articles 14, 19 and 21, and that any intrusion must satisfy a test of legality, necessity and proportionality. This is the constitutional foundation of India's data-protection framework.
Electronic evidence 1
Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal Supreme Court
(2020) 7 SCC 1
A certificate is mandatory to admit electronic records where the original device is not produced (now Section 63 of the Bharatiya Sakshya Adhiniyam, formerly Section 65B of the Evidence Act); the Court affirmed Anvar P.V. and resolved the conflicting case law.
How we work on these matters
The firm advises on technology and data compliance as an integral part of how a business runs, not as an afterthought, building it into notices, consents and contracts.
Technology disputes are read with real technical understanding of how systems handle data and how electronic evidence is produced.
Advice on exposure and on compliance obligations is given plainly, in terms a business can act on.
Frequently asked questions
What does my business need to do under the DPDP Act?
In broad terms, it must collect personal data only with valid consent and clear notice, use it only for the stated purpose, keep it secure, retain it no longer than needed, and honour individuals' rights to access, correction and erasure. The detail depends on the data you hold, and the firm advises on building this into your systems.
Is my platform liable for content posted by users?
Section 79 of the IT Act gives intermediaries a conditional safe harbour, provided they meet the due-diligence and grievance obligations in the intermediary rules. Whether the protection applies in a given case depends on whether those conditions were met.
We have suffered a data breach or cyber fraud. What should we do?
The priority is to contain the incident, preserve the electronic evidence properly, meet any notification obligations, and take advice on liability and on action against those responsible. The firm advises on both the technical response and the legal steps.
This note is general information on the law as at Jun 2026, not legal advice on any specific matter. The law changes; for advice on your facts, please speak to the firm.
Tell us about your matter.
Share the facts and we will tell you, candidly, where you stand and how we can help.