Swiping right on grievance redressal.
Karishma Sundara Karishma Sundara

Swiping right on grievance redressal.

Much has been written about the recently-released Swiped. Some critics liked the movie (due, in no small part, to Lily James’ performance), which is inspired by Whitney Wolfe Herd’s journey from co-founding Tinder through to reshaping online dating with Bumble. Others have suggested that the film can be one-note at the expense of fleshing out the complex issues at its heart and the underlying tech journey. (To be fair, asking a two-hour film to be everything to everyone is unrealistic.) 

As a technology lawyer, watching an app or feature being built, shaped, or deployed in real life is always exciting (and watching it on screen comes close). More so for me, personally, when it’s a woman-led tech venture or story.


But this isn’t a post about women in tech (or tech law), or the cinematic ups and downs of the biopic itself (I’ll save that for another time). It’s about how an app built grievance redressal into its business model and product design, and why there's an important lesson in there for everyone.

Read More
Five issues to consider as the DPDPA turns two.
Privacy and Data Protection, E-commerce, Consumer Protection, Cybersecurity Karishma Sundara Privacy and Data Protection, E-commerce, Consumer Protection, Cybersecurity Karishma Sundara

Five issues to consider as the DPDPA turns two.

Yesterday marked the second anniversary of India’s (yet to be enforced) data protection law, the Digital Personal Data Protection Act, 2023 (fondly, the DPDPA).

In the months that followed its enactment, Indian tech lawyers dissected every inch of the new law. We analysed what its enforcement might mean for data fiduciaries and data subjects alike, identified risks and compliance gaps, and comforted ourselves with nuanced positions.

We were flooded with questions. Some were time-oriented: “How long will we have to implement the law?” Others were concerned about the DPDPA's scope: “Will this apply to me if I process personal data of foreign persons in India?” Yet others focused on how much would need to change in entities' compliance processes: “But, it’s just like the GDPR, isn’t it?” (No, friends, it isn’t.)

Two years on, here are 5 (of the many!) issues that have stayed with me several stakeholder meetings, and one set of draft rules later. I touch on 3P personal data woes, personalising content for children, the age (old) question, and more in this inaugural In Medias Res post.

Read More