Rigorous Academic Course
Data Privacy Laws in India
A rigorous academic course on the DPDP Act, constitutional privacy law, and India's place in the global data protection landscape.
Rigorous privacy law education for the digital legal economy.
The course is anchored by the Centre for Data Protection & AI Governance of Lawlit, a specialised initiative dedicated to privacy law, artificial intelligence, data governance, compliance, and emerging technology regulation.
A rigorous academic course on the DPDP Act, constitutional privacy law, and India's place in the global data protection landscape.
Saturday and Sunday, across three weekends.
60 minutes each across 6 live sessions across 3 weekends, for 6 hours of total contact time.
The Statute, Unpacked
Enforcement, Critique & Synthesis
Three modules, six live academic sessions.
The course moves from constitutional foundations and legislative history to the statute, enforcement, critique, AI, and case-based synthesis.
Foundations & Legislative History
Session 1 - Why a data protection law and why now
- The failure of the IT Act 2000 and SPDI Rules 2011
- Justice Puttaswamy v. Union of India (2017) and the constitutional right to privacy
- The Srikrishna Committee report, drafts, and what got dropped
- The journey from PDPB 2019 to DPDPA 2023 and the political economy of delay
Session 2 - India in global context
- GDPR - what India borrowed and what it rejected
- Singapore's PDPA and Thailand's PDPA as Asia-Pacific comparisons
- China's PIPL and a different model of data sovereignty
- India's adequacy problem and its implications for cross-border data flows
The Statute, Unpacked
Session 3 - Scope, definitions, and the consent architecture
- Who the Act covers
- The consent framework under Section 7 - free, specific, informed, unconditional
- Deemed consent and legitimate uses
- Children's data under Section 9 and the age-gating problem
Session 4 - Obligations, rights, and significant data fiduciaries
- Data fiduciary obligations under Sections 8-11
- Data principal rights under Sections 12-14 - access, correction, erasure, grievance redressal
- Significant data fiduciaries - designation criteria and additional obligations
- Data protection officers and consent managers
Enforcement, Critique & Synthesis
Session 5 - The Data Protection Board, penalties, and what the Act got wrong
- Constitution, independence, and powers of the Board
- Complaint mechanism, inquiry process, and appellate review
- The penalty framework - up to ₹250 crore, compared to GDPR
- Section 17(2) and the state exemption - the surveillance carve-out and its constitutional implications
- The delegated legislation problem and absence of a non-personal data framework
- Civil society responses and the dissent within the Srikrishna Committee
Session 6 - Cross-border flows, AI, case studies, and open Q&A (live only)
- The cross-border transfer framework and India's data governance trajectory
- How the DPDP Act interacts with AI regulation and the pending DPDP Rules
- Hypothetical fact patterns from real compliance and enforcement scenarios
- Structured student arguments and synthesis discussion
- Reading list, research directions, and career paths in tech law
- Open Q&A with faculty
Live teaching, recordings, certificate, community, and readings.
- 6 live sessions across 3 weekends
- 60 minutes each
- 6 hours of total contact time
- Recordings of every session to keep
- Certificate of completion from Lawlit
- Access to the cohort WhatsApp community
- Direct access to faculty during and after sessions
- Full reading list covering primary sources, academic papers, and policy notes
Built for students and early-career lawyers entering tech law.
Law students and early-career lawyers who want to specialise in data protection, technology law, and digital regulation - and want to understand the law properly, not just pass a compliance checklist.
- Law students
- Early-career lawyers
- Students interested in data protection
- Students interested in technology law
- Students interested in digital regulation
- Learners who want rigorous legal understanding beyond compliance checklists
Assessment, certificate, and readings.
No examination. Attendance across all six sessions earns a Lawlit certificate of completion issued as a downloadable PDF with your name, course title, and date.
A full reading list - primary sources, academic papers, and policy notes - is shared on registration. Assigned readings are light per session, roughly 30-45 minutes of preparation.
Registrations close on July 9, 2026.
Questions before you register.
Course format, fees, certificate, recordings, community access, and support for Cohort 1.
About the course
What is this course about?
Data Privacy Laws in India is an academic course that teaches you how to think, argue, and practise in the field of data protection law. It covers the constitutional origins of privacy law in India, the DPDP Act 2023 in depth, how India compares to global frameworks like GDPR, and the open policy questions that practitioners are actively debating. It is not a compliance checklist - it is a law course taught at the level of a law school elective.
Who is this course for?
Law students, recent graduates, and early-career lawyers who want to build a serious foundation in data privacy and technology law. You do not need prior knowledge of the DPDP Act or technology law - only a willingness to engage with the material rigorously.
Do I need to have studied technology law before?
No. The course is designed to be self-contained. Session 1 begins from first principles - the constitutional right to privacy and the failures of India's pre-DPDP framework - so you can follow the course comfortably even if this is your first exposure to data protection law.
Is this a compliance course?
No. Compliance courses teach you what to do. This course teaches you why the law is the way it is, what it got right, what it got wrong, and how to argue about it. If you want to work in tech law - in litigation, policy, in-house, or academia - this course is for you.
How is this different from reading the Act myself?
The Act is 44 sections. The course covers the 213-page Srikrishna Committee Report, the constitutional privacy jurisprudence behind it, the global frameworks it was compared against, and the academic and civil society critiques of what ultimately passed. Reading the Act takes an afternoon. Understanding it takes this course.
Format & Schedule
How is the course structured?
6 live sessions across 3 weekends - Saturday and Sunday each week, from July 11, 2026 to July 26, 2026. Each session is 60 minutes. Total contact time is 6 hours.
What time do sessions happen?
Session timings will be confirmed and shared with all registered students before July 11, 2026. You will receive the full schedule, Google Meet link, and onboarding note within 24 hours of registration.
Are sessions recorded?
Yes. Every session is recorded and made available exclusively to registered students. Recordings are yours to keep - they do not expire.
What if I miss a session?
You can watch the recording. However, Session 6 - the final case study and open Q&A session - is live only and cannot be replicated from a recording. We strongly encourage attendance across all sessions.
How many students are in the cohort?
Cohort 1 is intentionally small. Seats are limited to ensure direct access to faculty and a genuine discussion environment.
What platform are sessions conducted on?
Live sessions are conducted over Google Meet. The link is shared with registered students before the course begins.
Fees & Registration
What is the course fee?
The course fee is ₹1,499/-.
Is there an instalment option?
Not for Cohort 1. The full fee is payable at the time of registration.
Is there a refund policy?
Registrations are non-refundable once the course begins on July 11, 2026. If you register and are unable to attend before the course starts, please write to us and we will assess on a case-by-case basis.
When do registrations close?
Registrations close on July 9, 2026. No registrations will be accepted after this date for Cohort 1.
Will there be future cohorts?
Yes. If you miss Cohort 1, you can join the waitlist for Cohort 2. Note that pricing for future cohorts will be higher.
Certificate & Completion
Do I get a certificate?
Yes. A Lawlit certificate of completion is issued to every student who attends all six sessions. It is issued as a downloadable PDF with your name, course title, batch, and date.
Is the certificate recognised by the Bar Council or any university?
Not at this stage. The certificate is issued by Lawlit and reflects completion of a rigorous academic course. It is designed to be meaningful on your CV and LinkedIn profile as a signal of specialisation - not as a formal accreditation.
Can I put this on my LinkedIn?
Yes, and we encourage it. Add it under Licences & Certifications - issuing organisation: Lawlit, name: Data Privacy Laws in India, Cohort 1, 2026.
Community & Support
Is there a community component?
Yes. All registered students are added to a cohort WhatsApp group where session materials, readings, and announcements are shared. The group remains active after the course ends.
Can I ask questions during sessions?
Yes. Each session has a dedicated 10-minute Q&A at the end. You can also ask questions in the WhatsApp group between sessions.
Who is the faculty?
Faculty details will be shared with registered students. The course is anchored by Lawlit and the Centre for Data Protection & AI Governance.
Still have a question?
Write to us at office@lawlit.in and we will get back to you within 24 hours.