Description: This report aims to understand the impact of the Digital Personal Data Protection Act’s (DPDPA’s) restrictions on the processing of children’s personal data. In particular, it focuses on three aspects – (i) the impact of the DPDPA’s verifiable parental consent (“VPC”) requirement on small businesses and children; (ii) the impact of the DPDPA’s restrictions on personalised digital experiences and content for children; and (iii) the impact of the DPDPA’s restrictions on targeted advertising on businesses that produce products and services for children, especially those that may be beneficial to children’s development.

Attribution: Shweta Venkatesan, Meghna Bal, and Vikash Gautam, An Empirical Appraisal of the Children’s Data Privacy Provisions in the DPDPA, September 2025, Esya Centre.

Description: Competition authorities, in India and across the globe, are increasingly proscribing sideloading. Sideloading entails downloading an application from outside the perimeter of a first-party app store, such as, the Apple AppStore or the Google Play Store.

In India, the Ministry of Corporate Affairs introduced the Draft Digital Competition Bill (DDCB) 2024. The DDCB introduces ex-ante obligations for large digital entities classified as “Systemically Significant Digital Enterprises” in the name of enhancing fairness and contestability. Section 13(a) of the Bill prohibits these entities from restricting or impeding the ability of users to download third-party applications or software. This means that even the warning shown to Android users about the risks of sideloading would not be permitted under this provision.

This report evaluates the security implications of enabling sideloading in the interest of promoting digital competition.

Attribution: Karnal Singh, Meghna Bal and Mohit Chawdhry. Sideloading: A National Security Threat. Issue No. 52, 2025, Esya Centre.

Description: This report explores the increasing use of dark patterns in India’s retail sector. India’s retail sector is a cornerstone of its economic growth, contributing Rs 20.18 lakh crore in Goods and Services Tax (GST) collections in FY 2024 and ranking among the top five start-up segments in the country. However, this sector is facing rising scrutiny for employing manipulative design tactics that undermine user autonomy.

This report finds that dark patterns are prevalent across both online and offline retail environments, though they are more readily identifiable in digital contexts. It critiques the disproportionate regulatory focus on e-commerce, noting that many of the flagged practices resemble long-standing marketing strategies. In this context, an ex-ante regulatory framework may not be appropriate for dark pattern regulation. 

The report recommends a reliance on a principles-based approach that emphasizes transparency and willful consent to safeguard consumer interest while mitigating the risk of harming innovation.

Attribution: Meghna Bal, Dr Vikash Gautam, and Tamanna Sharma. Dark Patterns in Indian Retail: An Empirical Examination, Issue No. 51, 2025, Esya Centre.

Description: This report examines the challenges to implementing India’s Digital Personal Data Protection Act, 2023 (DPDPA). Seeking to understand the operational and technical hurdles faced by organisations to the Act’s enforcement, the report delves into aspects related to the implementation of consent mechanisms, provisions for children and persons with disabilities, and the intricacies of appointing data protection officers. Specifically, it explores the internal processes required for compliance and establishes the timelines necessary for meeting the DPDPA’s obligations.

Attribution: Meghna Bal and Gopal Jain. An Empirical Evaluation of the Implementation Challenges of the Digital Personal Data Protection Act, 2023: Insights and Recommendations for the Way Forward. January 2024, Esya Centre.

Description: This primer questions the effect of regulating machine-to-machine (M2M) communication services by using telecom law in India. It responds to the Draft Indian Telecommunication Bill 2022, on which comments have been sought by the Department of Telecommunications (DoT), which defines a ‘telecommunication service’ to include ‘machine-to-machine communication services’ – suggesting that telecom style regulation may be applied to M2M communications as well. It outlines the technology that underpins M2M services, the regulatory issues that may arise as they gain use, asks whether telecom law is suited to redressing these concerns, and concludes with recommendations.

Attribution: Mohit Chawdhry, The Pitfalls of Regulating M2M Communication Services under Telecom Law, October 2023, Esya Centre.

Description: Major telecom service providers (telecom operators or telcos) in India are arguing for the introduction of a network usage fee for over-the-top (OTT) applications. They contend that there is currently a structural imbalance as OTT platforms allegedly benefit from telecom operator funded networks but do not invest in creating, operating, maintaining or expanding them. Relying on secondary research, this report evaluates the merits of their assertions. Broadly, the literature available indicates that contentions in favour of network usage fees may be incorrect.

Attribution: Noyanika Batta & Meghna Bal. Unbundling the demand for a Network Usage Fee. July 2023, Esya Centre.

Description: The release of the Telecom Regulatory Authority of India’s consultation paper on “Assignment of Spectrum for Space-based Communication Services” in April 2023, triggered a debate on whether or not spectrum should be assigned across satcom services via auctions. It has also sparked concerns regarding access to sufficient satellite spectrum amongst global satellite operators such as Amazon (Project Kuiper) and OneWeb who want to enter the Indian market. The paper comes at a time when TRAI is consulting with stakeholders on spectrum assignment for space-based communication services. It presents a comprehensive analysis of technical, regulatory, and economic arguments on this issue and echoes the view of majority stakeholders.

Attribution: Tamanna Sharma and Niharika. Assigning Spectrum for Satellite Services in India. June 2023,Esya Centre.

Description: This paper focuses on information warfare operations conducted by foreign adversaries through social media platforms. Specifically, it considers challenges related to social media and information warfare in the Indian context and makes suggestions on how India may mitigate such threats, in particular by leveraging and partnering with domestic social media platforms. The recommendations in the paper emanate from global best practices in responding to these threats.

Attribution: Vaishnavi Prasad, Meghna Bal, Shweta Venkatesan, and Dr. Ajai Garg. Information Warfare Through Social Media Platforms. March 2023, Esya Centre.

Description: The rules governing cross-border data flows are becoming increasingly fragmented, at the domestic and international level. In April 2020, some 128 of 194 countries had data protection rules in place. While these laws manifest different approaches to cross-border data transfers, trends suggest that restrictions are growing on free data flows. This paper examines the competing approaches to cross-border data flows and identifies some challenges. It also explores India’s new approach to cross-border data flows, and the opportunity the country can seize to champion a more harmonised regulatory approach.

Attribution: Vaishnavi Prasad. Addressing Regulatory Fragmentation in Cross-Border Data Flows. February 2023, Esya Centre.