Reshma (Vaidya) Gupte

Counsel, Mumbai
Contact

Tel : +91 22 4302 8000
Fax : +91 22 4302 8001
Email : rgupte@snrlaw.in

Practice Areas

Intellectual Property
Data Privacy

Prior Work Experience

Khaitan & Co., Mumbai

Luthra & Luthra Law Offices, Mumbai

Representative Experience

For a list of select transactions, please contact the individual lawyer

Education

National Law University, Jodhpur (B.Sc. LL.B., 2010)

Bar Admissions

Delhi, India (2010)

Publications

The Implications of India’s New Data Protection Law on Internal Investigations

Internal investigations may need to be carried out in India by employers in relation to a wide range of issues and/or situations. In case of Indian subsidiaries of MNCs, investigations may be carried out for the purpose of satisfying compliance requirements under law(s) applicable to the parent entity, like the Foreign Corrupt Practices Act of 1977 of the US or the UK’s Bribery Act 2010.
In the course of such internal investigations, large amounts of personal data related to accused persons and other relevant individuals may need to be processed by the employer – either by itself or through its advisors and agents. Accordingly, an informed assessment of the rights of such individuals, as well as the obligations of the employer and its advisors/agents, becomes crucial from the perspective of applicable data protection law.
This note specifically discusses the processing of personal data in the context of internal investigations, including with respect to allegations or suspicions of economic and criminal offences. While necessary rules under the Digital Personal Data Protection Act, 2023 are yet to be notified, provisions of this new law, as published in August 2023, indicate key considerations for employers (each of which is likely to be treated as a “data fiduciary”), including with respect to consent, legitimate use and potential exemptions.

India’s New Data Protection Regime: Tracking Updates and Preparing for Compliance

The Digital Personal Data Protection Act, 2023 (the “DPDP Act”), published in India’s official gazette last year, is a new law regulating the collection, storage, use and processing of personal data. The DPDP Act will take effect from the date(s) notified by the Indian Government, and different dates may be notified for different provisions of the DPDP Act. Further, several provisions of the DPDP Act require specific rules which are yet to be notified.
According to a recent statement made by the new union minister of the Ministry of Electronics and Information Technology, the new rules are in advanced stages of drafting and are expected to be released for industry-wide consultation in the near future. Given that both rules and provisions of the DPDP Act are likely to be notified over the next few months, all entities need to check whether and to what extent the DPDP Act applies to them and their operations.
For the purpose of preparing for, and complying with, obligations under the DPDP Act, it would be advisable for all organizations to undertake data mapping exercises and data audits inter alia in order to facilitate the identification and determination of ‘personal’ information from mixed or legacy databases and/or organizational datasets.

A New Code for Pharmaceutical Marketing Practices: From Symptoms to Diagnosis

Pursuant to a notification dated March 12, 2024, the Department of Pharmaceuticals under India’s Ministry of Chemicals and Fertilizers issued a new uniform code for pharmaceutical marketing practices (the “New Code”), replacing a decade-old version of the same code (the “Old Code”).
The New Code applies to both pharmaceutical and medical device companies and aims to provide operational clarity around promotional activities undertaken by such companies. Although several key themes of the Old Code have been retained, a more balanced approach with respect to educational events and items has been introduced. Further, while it has been generally strengthened relative to the Old Code – including in respect of penalties, complaints and appeals, along with the possibility of future standing orders – the New Code remains voluntary, although an explicit reference to its voluntary nature has now been omitted.

AI-Generated Inventions: New Questions for Patent Regimes

Since patent regimes around the world are primarily designed to reward “human” innovation, such norms may need to be revisited for the purpose of protecting inventions that are generated by artificial intelligence (“AI”).
In most jurisdictions, existing patent laws contemplate an “inventor” to (only) mean a natural person. Further, recent authoritative interpretations have been reluctant to extend the concept of inventorship to AI systems.
However, with the growing use of AI, modern technology has arrived at an inflection point where an AI algorithm can play a determinative role in the inventive process. Accordingly, the question of granting patents to AI-generated inventions has assumed additional importance, including in terms of incentivizing innovation and investments into future AI models.
Subject to new developments and priorities, legislators may want to consider options such as amending extant patent regimes, introducing a bespoke framework especially for AI-generated inventions, allowing human beings to be named as inventors to the extent of their involvement in the use or development of the AI system concerned, or even doing away with the requirement of naming an inventor for AI-generated inventions.