The Insolvency and Bankruptcy Code 2016 requires a successful resolution applicant to obtain regulatory approvals for the implementation of a resolution plan. The exact stage at which such regulatory approvals are required was not clear until a new Section 31(4) was introduced by the Insolvency and Bankruptcy Code (Second Amendment) Act, 2018, which required the necessary regulatory approvals to be obtained within a period of one year from the date of approval of the resolution plan by the National Company Law Tribunal (“Tribunal”) or within such period as provided for in the applicable law, whichever is later.
However, a proviso to Section 31(4) lays down that where the resolution plan contains a provision for combination under the Competition Act, 2002, the resolution applicant is required to obtain the approval of the CCI prior to the approval of such resolution plan by the CoC (“CCI Proviso”). While the requirement under the CCI Proviso is mandatory, certain judgements of the Tribunal/National Company Law Appellate Tribunal have diluted the mandatory effect of the CCI Proviso by treating the CCI Proviso as ‘directory’. This note explores the question as to whether the CCI Proviso serves any useful purpose and is needed at all.
While the current draft of India’s Digital Personal Data Protection Bill, 2022 (“DPDP”) is partly similar to the EU’s General Data Protection Regulation (“GDPR”) with respect to ‘notice’ and ‘consent’ requirements, the former introduces certain unique elements – such as ‘deemed consents’ under Section 8, involving nine subsections.
While a consent under subsection (1) may be considered ‘deemed’ when a person voluntarily provides their data and it is reasonably expected that they would provide it in such a situation (similar to Section 15 of Singapore’s Personal Data Protection Act, 2012 (“PDPA”)), sub-sections (2) to (9) deal with circumstances where data may be non-consensually processed on account of a necessity or a prescribed purpose (similar to Article 6 of the EU’s GDPR). Although both such categories have been included under the same provision, they are inherently different.
While Singapore’s PDPA specifically imposes purpose limitations and requires reasonable necessity (e.g., contractual performance) with regard to deemed consents, DPDP’s Section 8(1) does not. It is also unclear if ‘notice’ requirements apply to deemed consents under the latter provision. Further, unlike the EU’s GDPR, subsections (2) to (9) of DPDP’s Section 8 do not permit non-consensual processing by non-state and/or private entities other than in a few limited circumstances.
At the same time, a wide variety of human activity could lead to deemed consents under Section 8(1). For instance, during interface with a new technology or platform, an individual may inadvertently (albeit ‘voluntarily’) make their personal data available without actually agreeing to its collection or use. In that regard, DPDP is ambiguous about the possibility of withdrawing a deemed consent –although it allows consent withdrawals in general. Since data processing is required to stop in such cases – unless non-consensual processing is authorized by law (or is otherwise necessary), the final draft of DPDP could clarify this point.
Given the imminence of India’s refurbished digital data framework, along with the diversely innovative ways in which personal data is collected and/or processed today on account of new technologies and platforms – ‘notice’ and ‘consent’ requirements have assumed additional importance.
In this note, we address some such aspects with reference to the current draft of India’s Digital Personal Data Protection Bill, 2022 (“DPDP”) and the EU’s General Data Protection Regulation (“GDPR”).
While DPDP mirrors certain provisions of GDPR with respect to notice and consent, there are significant departures from the EU template. In particular, while earlier iterations of DPDP had more faithfully reproduced GDPR-like disclosure requirements that were comprehensive, elaborate, and rights-laden, DPDP in its present form eschews several such principles. Moreover, DPDP introduces novelties such as ‘deemed consent’ – which we discuss in our next note.
Nevertheless, subject to potential changes in DPDP’s November 2022 draft further to stakeholder feedback, the revised DPDP bill (which is likely to be tabled before parliament during the monsoon session) may continue to retain references to bespoke regulation as may be subsequently prescribed – allowing for flexibility while technologies, priorities, and public policies evolve over time.
In the last few years, many Indian businesses “flipped” their shareholding structure by setting up a holding company in offshore jurisdictions. This was driven by several factors, including commercial, tax and regulatory considerations. However, this trend has reversed in recent times and the notion of “reverse-flipping” has picked up momentum. One objective of reverse flips has been to achieve a public listing in India. This note explores reverse flips and potential mechanisms to achieve them.
Developments in data science have revolutionized the means through which personal data is capable of being collected and/or processed. Control over mass markets can be instrumentalized through mobile and web-based terminals, each of which remains equipped with a variety of embedded technologies. As a result, vast numbers of users – who remain permanently online – come in contact with such technologies, including with respect to the ‘measurement’ of their individual characteristics.
Further, such bio-surveillance and/or data collection via internet-linked apps and devices is powered by increasingly sophisticated analytic tools provided by the digital infrastructures of online media platforms. Unsurprisingly, therefore, the world has witnessed a growing demand for the re-use of this valuable informational inventory.
Since the aggregation of such an inventory may involve both personal and non-personal data, the associated regulatory paradigm must consider the fundamental differences between the two. More importantly, India’s new digital data regime will likely remain alert about how personal information may be converted into its non-personal equivalent, as well as the ramifications of such conversion.
A five-judge bench of the Supreme Court of India has in N.N. Global Mercantile Private Limited v. Indo Unique Flame Limited & Others held by a 3:2 majority that an arbitration clause contained in an instrument that is not duly stamped is non-existent in law until such agreement is validated by payment of the requisite stamp duty following the procedure laid down under the relevant legislation for payment of stamp duty, particularly the Indian Stamp Act, 1899. The minority was of the view that non-payment of stamp duty on an agreement liable to stamp duty, being a curable defect, would not render the arbitration clause contained within such agreement to be void.
The following are the key takeaways from the decision. First, if an arbitration agreement (either standalone or contained as a provision in a contract) is found to be unstamped, it would be impounded immediately and returned only upon payment of the requisite stamp duty and penalty. Second, if such arbitration agreement is insufficiently stamped and the deficit in stamp duty is nominal, parties may undertake a self-assessment and pay the deficit stamp duty and penalty. Should parties not be able to self-assess the deficit in stamp duty, they are required to formally submit the agreement for adjudication with the relevant authority. Third, the judgment expressly notes that it does not comment on Section 9 of the Arbitration Act and Conciliation Act, 1996, as amended, in relation to application by parties to the courts for interim reliefs.
With respect to the collection/processing of children’s personal information under Indian law, Clause 2(3) of the current draft of the country’s Digital Personal Data Protection Bill, 2022 (“DPDP”) defines a ‘child’ to mean “an individual who has not completed eighteen years of age.” Accordingly, a significant number of individuals may be covered under DPDP’s special requirements related to children’s data.
Meanwhile, the proposed Digital India Act (the “Proposed DI Act”) may also introduce special provisions with respect to children – including by ‘age gating’ them from: (i) addictive technologies, and (ii) online/digital platforms that collect/process their data. However, if the Proposed DI Act ends up defining a ‘child’ with a similarly high threshold, there may be implications for a multitude of online/digital/social media platforms, as well as for children and parents themselves, including in terms of access and compliance.
In this note, the fourth of S&R Data+, we discuss the implications of stipulating an upper age-limit of 18 while defining a child in connection with data protection, including through global comparisons.
The waterfall mechanism under the Insolvency and Bankruptcy Code, 2016 (“IBC”) gives priority to debts owed to financial creditors over operational dues, including statutory dues. However, certain recent case law and proposed statutory amendments have questioned this principle. In particular, a proposal has emerged that government dues secured pursuant to a transaction or an agreement should have priority over other dues (including financial dues). The Telecommunication Bill, 2022 proposes that the spectrum of telecom companies under insolvency should be returned to the central government on failure of payment of dues. This note discusses certain implications of such proposed changes.