INTERFACE OF DATA PROTECTION AND IPR: THE EMERGING INDIAN LANDSCAPE.

INTERFACE OF DATA PROTECTION AND IPR: THE EMERGING INDIAN LANDSCAPE.

I. Introduction

The intersection of data protection and intellectual property rights (IPRs) has become one of the most significant contemporary issues in Indian legal discourse. As data converts itself into a core economic asset, questions arise regarding the proprietary claims over data, the privacy interests of individuals, and the competing commercial rights of enterprises engaged in data-driven innovation. The promulgation of the Digital Personal Data Protection Act, 2023 (“DPDPA, 2023”), coupled with India’s evolving jurisprudence on copyrights, trade secrets and database rights, has brought this interface into sharp focus.

Unlike traditional IPR regimes, which primarily protect expressions, inventions and commercial identifiers, data protection law aims to safeguard individual autonomy, informational privacy and lawful processing of personal data. The friction between exclusivity-based IPR protection and the rights-based privacy framework necessitates a careful balancing exercise. The emerging Indian landscape is characterised by an attempt to reconcile these competing interests through statutory interpretation, sectoral regulation and judicial reasoning.

II. Nature of Data: Property, Privacy and Proprietary Claims

A central question is whether raw data, especially personal data, can be treated as “property” capable of being subjected to intellectual property protection. Indian law does not recognise proprietary rights over personal data per se. The Supreme Court in Puttaswamy (Privacy) affirmed privacy as a fundamental right, thereby establishing that personal data is an extension of individual autonomy rather than an economic asset owned by another.

However, datasets generated through investment, skill and organisational effort may enjoy copyright protection in their selection or arrangement, and trade secret protection in their compilation, provided they are kept confidential and derive value from secrecy. Thus, the proprietary protection available in India pertains not to the data itself, but to the creative effort or confidential processes through which data is compiled or utilised.

III. Copyright and Database Rights in India

India does not recognise a sui generis database right of the kind available under EU law. Instead, database protection flows from the general copyright framework under the Copyright Act, 1957, which requires a demonstrable level of skill, labour and judgment in the selection or arrangement of data.

Two implications arise:

1. Raw, unstructured data is not protected.

Only the manner in which the data is curated or organised attracts copyright protection.

2. Copyright cannot override data protection rights.

Where a database contains personal data, the rights of data principals under the DPDPA, 2023—such as consent, purpose limitation and erasure—must prevail. Copyright protection cannot justify processing personal data in a manner inconsistent with statutory privacy obligations.

This dual structure creates a layered regime wherein copyright protects the database architect, while data protection safeguards individuals represented within the dataset.

IV. Trade Secrets and Confidential Business Information

Indian law does not have a dedicated statute governing trade secrets; protection arises through contractual obligations, equitable principles and common law. Commercial datasets, algorithms, customer lists and analytical models often fall within the domain of trade secrets, provided confidentiality is demonstrably maintained.

The interface with data protection arises in two situations:

1. Use of personal data in confidential datasets:
   Trade secret protection cannot legitimise the processing of personal data without lawful basis. Confidentiality does not override statutory consent requirements.
2. Disclosure obligations under privacy law:
   Data principals may exercise rights such as confirmation, access or correction. These rights may, in certain contexts, impinge upon the confidentiality of proprietary datasets. Balancing tests become essential to prevent undue disclosure of commercially sensitive information while respecting statutory rights.

V. Artificial Intelligence, Data Training and Ownership Concerns

AI systems depend heavily on large training datasets. Indian law currently offers no explicit statutory regime governing ownership of AI-generated outputs or the legal status of training datasets. The key concerns include:

• Whether training on personal data requires express consent under the DPDPA, 2023;
• The extent to which copyright in training datasets restricts model development;
• Potential infringement arising from training on copyrighted works;
• Obligations on data fiduciaries deploying AI models in terms of accountability and purpose limitation.

The legal position is still evolving, but the emerging consensus is that:

• Personal data may not be used for AI training unless the data principal’s consent explicitly covers such use.
• Copyrighted content used for training may raise infringement concerns unless protected by fair dealing or licensed use.
• AI outputs that substantially replicate copyrighted material may attract infringement liability.

VI. Competition Law Dimensions

At the interface of IPRs and data, competition law plays a subtle but important role. Excessive control over commercially valuable datasets may create barriers to market entry. Conversely, compelled disclosure may undermine legitimate IP protection.

Indian competition authorities, drawing from global trends, have begun to scrutinise:

• Practices involving refusal to share essential datasets;
• Self-preferencing through exclusive data access;
• Discriminatory data sharing arrangements;
• Tying of data-driven services with proprietary platforms.

The challenge lies in preserving IPR-based incentives for innovation while preventing data-based monopolisation.

VII. Sectoral Regulations and Overlapping Obligations

India’s regulatory landscape includes several sectoral regimes that operate in tandem with data protection and IPR laws:

• RBI and financial data regulations,
• Telecom and TRAI guidelines,
• Health data management rules,
• E-commerce and consumer protection regulations,
• IT Act, 2000 and Information Technology Rules.

Enterprises must therefore navigate a multi-layered compliance ecosystem in which proprietary rights, confidentiality obligations, and statutory responsibilities coexist.

VIII. Balancing Privacy and Innovation: The Emerging Indian Approach

The jurisprudential trend in India reveals four guiding principles:

1. Primacy of Personal Privacy

Where personal data forms part of a proprietary dataset, privacy rights override commercial claims.

2. Protection of Proprietary Investment

Copyright, trade secret law and contract law continue to safeguard the legitimate interests of entities that invest in data compilation.

3. Purpose-Limited Processing

Proprietary claims cannot justify processing beyond declared purposes or undermine data principals’ autonomy.

4. Accountability in Data-Driven Innovation

Entities deploying AI or advanced data analytics must ensure transparency, accuracy and fairness, consistent with statutory obligations.

IX. Conclusion

The interface of data protection and IPR in India is defined by a complex interplay of rights—individual, proprietary and public—each justified by distinct legal rationales. As India transitions into a data-driven economy, resolving tensions between exclusivity and privacy becomes essential. The present landscape demonstrates a cautious but deliberate movement toward harmonisation, ensuring that innovation is encouraged without compromising the dignity and autonomy of individuals.

The emerging Indian model recognises that neither privacy nor intellectual property can claim absolute primacy; instead, a principled and context-sensitive balance must guide the evolution of the law.

***