Privacy law


TLA has a comprehensive privacy law practice that includes information security, data protection, and workplace and consumer privacy. The firm’s privacy practice group works with clients across different verticals, primarily in the technology sector to provide pre-emptive advice on privacy by design in data-driven technology and products, conduct privacy impact assessments and privacy audits, and structure data protection processes and policies (both internal and customer facing). For example, the firm advises mobile app and AI and IoT developers on privacy design of their applications and devices to ensure listing on Android and iOS platforms and regulatory compliance, including strategizing approach frameworks to personal data capture, processing, use and transfer and terms of use and privacy policies. The firm has also assisted several IT clients on filing actions before the cyber crime cell in relation to data breaches by employees.

The firm’s privacy and employment lawyers work in tandem to advise clients on the implications of India’s recent data privacy regulations and proposed omnibus personal data protection legislation in the workplace and conducts compliance audits to align employer practices with these regulations, specifically in terms of workplace personal data processing and external data transfers and storage and workplace surveillance. TLA then helps to build out associated organizational data privacy and protection practices and policies.

The firm has also commenced offering advice for Indian clients acting as data processors of EU personal data on GDPR compliance and building of contract provisions to align with EU directives in transfer of EU personal data to countries outside the EU.

Key offerings:

a. Privacy by design
b. Privacy audits and privacy impact assessments
c. Advice on data protection law and regulatory compliance
d. Workplace privacy and workplace surveillance
e. Data flow analysis from a legal standpoint
f. Advice on data breach and relevant legal actions
g. Privacy documentation, including privacy notices, policies, consent modes and forms (including streamlined to device interface limitations), intra-group data transfer agreements, data protection provisions in commercial contracts and app and device terms of use.