The Indigo fiasco is a good education for all organizations and the MeitY regarding DPDPA Compliance deadline which comes on 13th May 2027.
The problem of INDIGO was directly related to their stubborn attitude to refuse regulatory compliance and challenging the Government much the same way as Meta, Amazon or Google or X would like to do for the implementation deadline under DPDPA.
Given the fact that Indigo refused to make arrangements for compliance even though 2 years was available for planning and implementation and tried to stall the implementation with Court cases, the Ministry was unable to foresee the game plan and even now is struggling to force Indigo to take corrective action.
Since there was prima facie evidence of deliberate negligence as claimed by the pilots, there was a case for criminal action against the CEO of the company who should have been arrested immediately (Could have been released on bail to initiate further action after which the case could have been withdrawn). But the Ministry of Civil Aviation was not strong enough to do it.
In the DPDPA case also, though 2 years is available, many of the organizations could raise objections in the court a few months before the deadline and force the Government to extend the due date. There is no guarantee that MeitY will be more committed than the Ministry of Civil Aviation in enforcing compliance.
Hence it is necessary for DPB to keep following how the major companies are moving towards compliance in the interim period from now to next 17 months and push organizations to show their preparations.
The SEBI should indicate that under Clause 49 declaration, every listed company should declare the “DPDPA Non Compliance Risk” in their annual reports. Those companies who donot come under such listed companies must be pushed by the sectoral regulators to file an Action Taken Report for DPDPA Compliance every quarter from now onwards.
Share holders of companies should also raise this issue in AGMs. Media should try to track the implementation efforts independently so that we donot see a crisis on May 13, 2027 when a company may say “I am not compliant and will cause disturbance in the society if I am forced.”
Hope Meity and DPB will take appropriate Technical and Governance measures to ensure Compliance by the specified date.
FDPPI has a “Privacy Watch” page where public can report any of their observations on apparent violations so that a record can be kept of any deliberate challenge being mounted on the Government rejecting the compliance requirements.
Naavi
After the announcement of the next Virtual training program for C.DPO.DA. by Naavi/FDPPI from 20th December 2025, a query was received from a well known professional on
“Why anybody should chose to take this course when other courses which are also called “CDPO” are available at a lesser cost”.
Well it is good that options are available and it is the prerogative of any person to chose any option based on the cost or any other factor.
We can only say that a course should be evaluated on the basis of
If possible you can give 1-10 for each of the above parameters add weightage to the different parameters and arrive at a net score and then compare it with the cost.
It is better if some of the participants themselves make such an evaluation and give us a feedback.
Enclosed is a feedback sheet that you can use to evaluate a course.
You can also use this Google form and provide a feedback
Naavi
It is proposed that Naavi’s Cyber Law College will be conducting a two day online education program on DPDPA in preparation for the Certificate exam of FDPPI for C.DPO.DA.
The Program will be conducted on December 20th and 21st as a faculty led virtual program.
Time: 10.00 am to 5.00 pm with breaks at 11-15-11.30, 1.00 to 2.00 pm and 3.5 to 3.30 pm.
Coverage
Day 1:
Legal nuances of DPDPA and the DPDPA Rules
Classification of DPDPA protected Data (DPD)
ROPA as a strategic tool of Compliance
Technical challenges of Management of Legal Basis for processing and Rights of Data Principal
Day 2:
Governance Structuring for meeting the obligations under DPDPA by a Data Fiduciary
The Roles of DPO and Data Auditor in the DPDPA era
Use of DGPSI as a Compliance Management framework
AI and its challenges in meeting the obligations with DGPSI AI
Comparison of DGPSI with ISO 27701
Fees Rs 29500/- including all taxes . This includes fees for examination (One attempt). Subsequent attempts Rs 5000/-
Early bird discount: Rs 4500/- (Net price Rs 25000/-)..Applicable till 12th December 2025
Sessions will be conducted with several discussions on case studies.
Interested persons can register at https://fdppi.in/wp/c-dpo-da/
Naavi
It appears that Perplexity ai platform has been bought over by Google…unless Google is blatantly violating trademark law and NIXI is ignoring the violation and GoDaddy is assisting the violation.
For the last few days it has been observed that the domain name www.perplexity.in redirects automatically to https://gemini.google.com/app.
This situation can arise only if Gemini/Google has registered the domain name perplexity.in or the domain name server of ICANN has been poisoned.
Since Perplexity is a well known brand name and it is a competitor to Gemini.ai, there is a clear trade mark violation unless Perplexity has willingly allowed Gemini to take over the domain name.
We checked the who-is information of the domain name which unfortunately is registered with Godaddy with a privacy protection mechanism that hides the information about the owners of the domain name. The obvious reason is “Privacy”.
As we have repeatedly pointed out, there is no “Personal Privacy” that can be an excuse to the domain registration since the registration is for business and there is no “Personal Privacy” either in India or US.
Now Privacy protection is the domain of DPDPA and Meity needs to re-visit the practice of domain name registrars to redact registrant details of domains using “Privacy” as an excuse. Domain name registration is for hosting electronic documents for public view and hence the registrant information must be considered as “Public”.
I also request one of the public spirited lawyers to take up this issue with a Court and get a direction that domain name registrants should not redact the registrant information and make the legal address of the registrant available for public to raise any dispute if required.
Assuming that Google is unlikely to so brazenly violate the IPR law, the presumption is that Perplexity has been sold out and any data shared with Perplexity may now be under access of Google. This disclosure is a mandatory requirement for Perplexity without which they will be in violation of DPDPA.
Comments are welcome.
Naavi
The Press Club of India had submitted a joint memorandum to the Ministry on June 25, 2025 . After a meeting with the Secretary of MeitY, the Press Council had again submitted a list of 35 questions on August 23, 2025 seeking clarifications. Subsequent to the release of the rules on November 13, 2025, a discussion has again ensued on the points raised by the Press Council of India.
MeitY after supposedly considering all the 6915 comments received from public final the rules which were released on November 13, 2025.
Now the Editor’s Guild has raised a warning that the DPDPA will cripple journalism. In a statement released by DIGIPUB, the body of journalists has urged the Union Government to “Commence a reform Process for DPDPA 2023” and “DPDPAR-2025″to restore clear statutory exemption for journalistic and public interest processing. It has also asked for amendments to provisions that undermine media freedom, the right to information and integrity of the digital public sphere.
The response from the MeitY is awaited.
FDPPI would like other industry segments also to study the rules and collate their views through a SIG (Special interest Group) being formed by FDPPI. In particular we would like the SME sector to put together their views and provide suggestions of how they can be assisted in being compliant to DPDPA.
Naavi
