Search Articles

I've been thinking about who gets left out when we design privacy tools and consent systems. On World Down Syndrome Day, that question feels more pressing than usual.

India Stack is brilliant engineering. It's also the most extensive personal data infrastructure any democracy has ever built. Holding both of those thoughts at once is where the interesting conversation starts.

A ten-year-old in Pune opens a gaming app and taps 'I agree' without reading a word. India's DPDPA 2023 says that shouldn't count as consent. But does the law actually protect kids, or does it just look good on paper?

So you searched for running shoes once, and now every app on your phone is showing you sneaker ads. That's not coincidence. Here's the machinery behind digital ad tracking in India, and whether you can actually escape it.

India's IT Intermediary Guidelines are the most significant set of rules governing social media in the country's history. They promise accountability and threaten privacy in roughly equal measure. A thoughtful examination of what they mean for you.

You handed your Aadhaar, PAN, and address proof to a bank. Now what can they do with it? A flat-toned walkthrough of what's allowed, what's not, and the gray zones nobody clarifies.

India's cyber insurance market wants you to believe it's mature. It's not. Here's a dry-eyed look at what these policies actually cover, what they exclude, and why you'll probably still need one anyway.

A friend got spam-bombed after one IRCTC booking. Here's what happened, what these portals actually collect, and the casual fixes that keep your data from leaking everywhere.

Most people assume India's Data Protection Board will function like a court. It won't. Here's a thoughtful breakdown of how the DPBI actually operates, what it can do, and the quiet structural problems no one's talking about.

February 2026 was a busy month for privacy in India — a fintech breach exposed 2.3 million records, the Data Protection Board got its full bench, and UPI fraud numbers got worse. Here's what happened.

Google Drive encrypts your files, sure — but Google holds the keys. That's not privacy, that's a filing cabinet where someone else has a copy of the combination. Here's what actually works.

A colleague lost Rs 4.7 lakh to a single phishing email that looked exactly like an SBI alert. Here's how to spot the fakes, lock down your inbox, and make sure you're not the next easy target.

Your boss might be watching your screen right now. No, really. Since the work-from-home boom, Indian companies have quietly installed keystroke loggers, screenshot tools, and GPS trackers on employee devices. The law on whether any of this is legal? It's a mess.

India slaps a flat 30% tax on crypto gains with zero deductions, while exchanges hand over your KYC data on request. Here's a Q&A breakdown of what crypto privacy actually looks like in this country, where the tax math stands, and what you can (and can't) do about it.

Practo knows your prescriptions. 1mg knows your lab results. PharmEasy knows what you're treating. Apollo 247 has your vitals. And the Ayushman Bharat Health ID might soon tie it all together. Who else is looking at your medical records?

What exactly does a Data Protection Officer do all day, and why are Indian companies suddenly willing to pay lakhs for someone to fill the role? The DPDPA has created a career that barely existed here three years ago. Here's what the job looks like, what it pays, and how to break in.

A single tap on a fake payment link cost a Chennai shopkeeper his entire month's earnings. UPI phishing scams are bleeding Indian wallets dry through bogus SMS blasts, spoofed Google Ads, and WhatsApp traps. Here's how to spot them before your money vanishes.

-- so you're telling me the government installed 15,000 cameras in my city, connected them to a centralized command center, and nobody asked whether residents were okay with being watched 24/7? Yeah. That's basically the situation in most of India's 100 smart cities.

People keep saying the DPDPA will let you ask what data the government holds on you. I disagree. The RTI Act has been doing that since 2005, for ten rupees, and most people haven't thought to try it.

Most Indian startups are already violating the DPDPA and don't even know it. The consent banners are wrong, the data maps don't exist, and the clock is ticking toward penalties that could shut a company down.

Your kid logs into an EdTech app for a math lesson, and the company records their age, location, quiz mistakes, how long they stared at a video, and which ads they tapped. Here's what Indian EdTech platforms actually do with student data -- and why parents should be paying closer attention.

So you found a deal on Flipkart that seems too good. Or someone on Instagram is selling branded shoes at 80% off. Before you punch in your UPI PIN, let's talk about how to shop online without getting scammed -- because the tricks are getting really clever.

India calls itself the world's largest democracy and simultaneously runs one of the most expansive social media monitoring operations on the planet. Here's what that actually looks like on the ground, and what it means for every Indian who posts, shares, or simply scrolls.

The Information Technology Act 2000 is the foundational cyber law in India. Learn about its key provisions, amendments, and how they impact your digital privacy.

Insurance companies in India collect and analyze vast amounts of health data to assess risk and set premiums. Understand how your health information is used and what rights you have.

India's cyber incident response agency wields enormous power over how companies report breaches, store logs, and cooperate with investigations — yet most citizens have never heard of it. Here's what CERT-In actually does, where it falls short, and why its 2022 directives changed the rules for everyone.

You've got more digital rights than you probably think. From the Puttaswamy privacy ruling to the DPDP Act to net neutrality protections, here's what the Constitution and Indian law actually guarantee you online — and how to use those rights when it matters.

India's data localization story has taken more turns than most people realize. From early drafts that demanded strict local storage to the DPDP Act's more flexible approach, here's what actually changed and why it matters for your data.

Over 1.8 billion records belonging to Indian citizens were exposed between 2018 and 2025. Here's a year-by-year breakdown of the biggest data breaches, what went wrong each time, and what ordinary people can actually do about it.

I keep seeing people call Telegram a 'secure' app and it drives me up the wall. Here's a Q&A breakdown of how Telegram and Signal actually stack up for Indian users — no fluff, no fanboying.

You ported out of Airtel two years ago, but they've still got your Aadhaar scan, your call logs, and a record of every cell tower you pinged. Here's what actually happened when I tried to get Indian telecoms to delete my data.

India slashed its breach reporting window from 24 hours to 6. That's just one piece of the 2026 cybersecurity guidelines -- quarterly CII audits, AI governance rules, and a tiered compliance system round out the rest.

Those cookie pop-ups aren't just a European thing anymore. India's DPDP Act and IT Act rules now shape what websites must do about cookies — and most sites are getting it wrong.

India's DPDP Act took over six years and four drafts to become law — here's what it actually says, who it hits hardest, and why most people I've talked to still don't know their rights under it.