Platform for Peace and Humanity

Facebook Linkedin X-twitter Instagram Youtube bluesky-icon Telegram Spotify

India’s Digital Personal Data Protection Act (DPDPA) in action: Digital Individualism vs. Tribal Collectivism

  • Kedar Bhasme

<- Back to Monitor Issue

The Peace and Security Monitor

The Indo-Pacific

Issue 7, December 2025

Indonesia’s “Gen-Z” Uprising

  • Robert Sutton

Human rights abuse in Laos: An analysis of the Hmong

  • Esm’eralda Marion

When typhoon winds match a high-speed train: Asia’s intensifying storm threats

  • Claire Stein

Key Takeways

  • India’s DPDPA precipitates a fundamental constitutional crisis in Northeast India by enforcing a philosophy of “normative individualism” that is structurally incompatible with the collective governance models mandated for tribal communities under the Sixth Schedule and Articles 371A and 371G.
  • The digitisation of customary records threatens to fracture communal identity, as the Act’s recognition of the “Data Principal” as a singular unit allows individuals to unilaterally alienate or erase data regarding land titles and lineage that constitutes the shared heritage of the entire clan.
  • Section 17’s broad exemptions for State instrumentalities risk bypassing the “Free, Prior, and Informed Consent” (FPIC) mandates established by the Supreme Court, effectively disempowering Gram Sabhas from exercising their statutory right to control local development and beneficiary data.
  • A policy shift toward “Data Pluralism” is essential to reconcile these diverging legal epistemologies, requiring the introduction of “Community Data Fiduciaries” and dual-key consent mechanisms that empower traditional bodies to manage digital rights on behalf of the group.

1. Introduction: The Collision of Two Legal Epistemologies

The enactment of India’s Digital Personal Data Protection Act, 2023 (DPDPA) marks a paradigm shift in the nation’s governance of informational privacy, yet it precipitates a fundamental constitutional crisis within the pluri-legal framework of Northeast India.1 The DPDPA is predicated on a philosophy of normative individualism, identifying the “Data Principal” as a singular, atomic unit empowered with unilateral rights to consent, erasure, and correction.2 This statutory architecture is structurally incompatible with the collective governance models constitutionally mandated for tribal communities under the Sixth Schedule, Article 371A (Nagaland), Article 371G (Mizoram), and the Panchayats (Extension to Scheduled Areas) Act, 1996 (PESA).3

In these customary jurisdictions, rights over land, lineage, and cultural knowledge are not individual assets but communal estates vested in the clan, village council, or Gram Sabha.4 The immediate legal risks arise from the digitisation of traditional records, specifically land titles (under schemes like SVAMITVA), genealogical registers, and customary resource rosters.5 Under the DPDPA, an individual clan member may exercise “erasure” or “portability” rights over data that is intrinsically communal, thereby fracturing the integrity of collective records essential for tribal identity and inheritance. Furthermore, Section 17(1) of the DPDPA, which exempts State instrumentalities from consent requirements for “legitimate uses”, potentially empowers the central government to bypass the Free, Prior, and Informed Consent (FPIC) mandates established by the Supreme Court in the Orissa Mining Corporation (Niyamgiri) judgment.6

The digitisation of governance in India is not merely a technological upgrade; it is a re-engineering of the relationship between the citizen and the state. The DPDPA represents the culmination of a decade-long debate on privacy, sparked by the Aadhaar judgment and crystalised in K.S. Puttaswamy v. Union of India.7 However, as the Indian state attempts to standardise data processing protocols to fuel a $1 trillion digital economy, it encounters the friction of India’s “asymmetric federalism”, specifically, the distinct constitutional status of the tribal communities in the Northeast.8

1.1 The DPDPA’s Individualistic Architecture

The DPDPA is built upon the edifice of the “Data Principal”, defined strictly as the individual to whom the personal data relates.9 The Act constructs a privacy framework where this individual is the sole locus of authority, empowered to grant consent, withdraw it, and demand the erasure of their digital footprint. This model aligns with the Supreme Court’s ruling in Puttaswamy, which recognised privacy as a fundamental right flowing from individual dignity and liberty under Article 21.10 It draws heavily from Western legal traditions, particularly the European Union’s General Data Protection Regulation (GDPR), which views privacy as the protection of the individual against intrusion.11

However, this architecture assumes a homogenised citizen-subject who exists independently of their community. It fails to account for “informational privacy” in societies where the “self” is constituted through relationships such as kinship, clan, and village.12 By centralising power in the individual and the State (through broad exemptions), the Act ignores the intermediate layer of community rights that defines social and legal life for millions of tribal citizens. The Act’s silence on “group privacy” or “community data” concepts extensively debated by the Kris Gopalakrishnan Committee but ultimately discarded creates a legislative vacuum that threatens tribal autonomy.13

1.2 The Customary Legal Order of Northeast India

In contrast to the DPDPA’s individualism, the legal order of Northeast India is fundamentally collectivist. The Constitution of India, through the Sixth Schedule and special provisions like Articles 371A (Nagaland) and 371G (Mizoram), creates a “state-within-a-state” mechanism.14 Here, legislative competence over key areas such as land, inheritance, marriage, and social customs is transferred from the Parliament and State Assemblies to Autonomous District Councils (ADCs) and traditional village authorities.15

In these jurisdictions, an individual’s rights are derivative of their membership in a community. Land is often owned by the clan (Ri Kur in Meghalaya) or the village; inheritance is determined by customary lineage laws; and justice is dispensed by tribal courts that prioritise restorative community harmony over individual adversarial vindication.16 The legal subject here is not just the individual citizen, but the member of a collective.

1.3 Digital Sovereignty vs. Digital Colonialism

This clash is not merely administrative; it is ontological. The concept of Indigenous Data Sovereignty (IDS), which asserts that Indigenous peoples have the right to control data about their communities, lands, and resources, frames this conflict as a struggle against “digital colonialism”.17 Just as colonial legal systems historically derecognised collective land tenure to facilitate extraction (labeling it terra nullius), the DPDPA’s refusal to recognise collective data rights threatens to extract information from tribal communities converting sacred lineages and community resources into tradeable “digital assets” without the collective consent required by their customary laws.18

This report, serving as a continuation of previous work on data sovereignty in Australia and New Zealand (ANZ), analyses this conflict through the lens of legal precedents and offers a roadmap for reconciling these diverging legal epistemologies. It leverages the theoretical frameworks of the CARE Principles and the empirical realities of India’s Northeast to demonstrate why a “one-size-fits-all” data law is constitutionally untenable.

Ao Naga at Chuchuyimlang village, India (Retlaw Snellac Photography from Belgium via Wikimedia Commons 2007)

2. The Legal Architecture of DPDPA 2023 and the Exclusion of Collective Rights

To understand the depth of the conflict, one must first dissect the operational mechanics of the DPDPA 2023 and identify specifically where it structurally excludes collective rights. The Act’s definitions and mechanisms are designed for a liberal, market-based society, creating friction when applied to customary, kinship-based societies.

2.1 The “Data Principal” as an Atomic Unit

Section 2(j) of the DPDPA defines a “Data Principal” as the individual to whom the personal data relates. Where the individual is a child or a person with a disability, the definition extends to their parents or lawful guardians.19

Critical Gap: The Act contains no provision for a “Collective Data Principal” or a “Group Data Principal.” This is a significant departure from the recommendations of the Kris Gopalakrishnan Committee on Non-Personal Data (2020), which explicitly proposed the recognition of “Community Data” and “Community Rights” to prevent the exploitation of aggregated data sets that belong to a group rather than any single individual.20

In the context of tribal communities, this omission is fatal. Tribal identity is rarely singular; it is relational. A “Naga” or “Khasi” individual’s data such as their clan affiliation, their village of origin, or their customary land holding is inextricably linked to the data of their entire kinship group. By recognising only the individual, the DPDPA allows a single member to alienate, sell, or delete data that constitutes the shared heritage of the entire group. This mirrors the “individualisation of tenure” that colonial powers used to break up communal lands; today, it is the individualisation of data about tenure.21

2.2 The Consent Mechanism and its Customary Incompatibility

Section 6 of the DPDPA mandates that consent must be “free, specific, informed, unconditional, and unambiguous”.22 While this sets a high standard for individual autonomy, it fails to accommodate “Collective Consent” protocols mandated by customary law.

Feature DPDPA (Section 6) Customary Law (Northeast India) Conflict Point
Locus of Consent Individual Data Principal Gram Sabha / Village Council / Clan Head Individual can bypass community checks.
Withdrawal Unilateral right of the individual Often requires community consensus Individual withdrawal disrupts collective records.
Purpose Specific usage (e.g., loan, service) Holistic community welfare Commercial use vs. Customary prohibition.
Authorisation Digital verification (OTP, Biometric) Public deliberation / Consensus Lack of transparency in digital consent.

In many Sixth Schedule areas, an individual cannot authorise the sharing of family or clan records without the approval of the Kur (clan) head or the village council. The DPDPA ignores this hierarchy. If a fintech company seeks access to a tribal individual’s land data for a loan, and the individual consents, the DPDPA treats this as valid. However, under customary law (e.g., in the Khasi Hills), that land may be ancestral clan property (Ri Kur), and the individual may have no right to encumber it or share its details without the clan council’s durbar.23

The Act grants Data Principals the Right to Erasure (Section 12). If a disgruntled family member demands the erasure of their name from a digitised family tree, the DPDPA compels the Data Fiduciary to comply (unless retention is required by “law”). This unilateral erasure could destroy the genealogical proof required by the entire clan to prove their Scheduled Tribe (ST) status or inheritance rights in a customary court. Because “law” in the DPDPA typically refers to statutory law, it is unclear if customary law requirements for record retention would be respected as a valid exception to erasure.24

2.3 Section 17: The State’s Override Power and the FPIC Bypass

Perhaps the most contentious provision regarding tribal autonomy is Section 17, which exempts the “State and its instrumentalities” from the requirement of notice and consent for processing data for “legitimate uses,” including the provision of subsidies, benefits, certificates, or in the interests of the sovereignty and integrity of India.25

This section effectively allows the central or state government to digitise tribal records (land, census, health) without seeking the consent of the Gram Sabhas or Autonomous District Councils.

The Panchayats (Extension to Scheduled Areas) Act, 1996 (PESA), specifically empowers the Gram Sabha to approve all plans, programs, and projects for social and economic development. By allowing the State to process data for “benefits” without consent, Section 17 of the DPDPA bypasses the Gram Sabha’s statutory right to verify beneficiary lists and control local development data.26

The Forest Rights Act (FRA), 2006, vests the authority to recognise forest rights in the Gram Sabha. Digitisation of forest rights data by the State without Gram Sabha consent, enabled by Section 17 violates the spirit of the Niyamgiri judgment, which mandated collective decision-making.27

3. The Customary Legal Order: Constitutional Shields in Northeast India

To appreciate why the DPDPA’s application is contested, one must examine the robust constitutional shields that protect the “customary mode of life” in Northeast India. These are not merely cultural recognitions; they are jurisdictional bars against the automatic application of parliamentary law.

3.1 Article 371A: The Nagaland Paradigm

Article 371A of the Constitution stands as the strongest bulwark against legislative encroachment. It states that “no Act of Parliament” in respect of:

  1. Religious or social practices of the Nagas;
  2. Naga customary law and procedure;
  3. Administration of civil and criminal justice involving decisions according to Naga customary law;
  4. Ownership and transfer of land and its resources;
    shall apply to the State of Nagaland unless the Legislative Assembly of Nagaland by a resolution so decides28.

The digitisation of land records involves processing data about “ownership and transfer of land.” Since Article 371A explicitly excludes Parliament’s jurisdiction over Nagaland, the DPDPA’s provisions regulating the processing of digital land records are arguably unconstitutional in Nagaland unless ratified by the Assembly.29 The DPDPA dictates how land data is stored, shared, and erased functions that impinge on the substantive right of “ownership and transfer.”

Naga customary law relies on oral and written records maintained by village councils. The DPDPA’s imposition of a “Data Protection Board of India” (a central body) to adjudicate disputes regarding these records constitutes an interference in the “administration of civil justice” according to customary law, which Article 371A forbids.30

3.2 Article 371G: The Mizoram Context

Similar to Nagaland, Article 371G provides that no Act of Parliament concerning Mizo customary law, social practices, or land ownership shall apply to Mizoram unless the State Assembly resolves to adopt it.31

The Mizoram Assembly has previously exercised this power to block or modify central acts (like the Forest Conservation Amendment Act, 2023) to protect local rights.32 The DPDPA, by regulating the “digital” aspect of Mizo identity and land data, falls squarely within the ambit of “Mizo customary law and procedure.” Without a resolution from the Mizoram Assembly, the enforceability of DPDPA on Mizo tribal data remains legally precarious.

3.3 The Sixth Schedule and ADCs

In Assam, Meghalaya, Tripura, and Mizoram, the Sixth Schedule creates Autonomous District Councils (ADCs) with legislative powers over land, forests, and inheritance.33

Paragraph 3 of the Sixth Schedule empowers ADCs to make laws regarding “inheritance of property” and “social customs.” Data regarding these subjects (e.g., a digital will or a digital marriage certificate) is, therefore, subject to ADC legislation. The DPDPA’s attempt to regulate this data centrally creates a federal conflict, as it encroaches upon the legislative domain reserved for these autonomous bodies. The Governor, under Paragraph 12(1)(b), has the power to direct that an Act of Parliament shall not apply to an autonomous district or shall apply with such modifications as he may specify.34

4. The Conflict Vectors: Where Data Meets Custom

The conflict between the DPDPA and customary law is not abstract; it manifests in specific categories of data that are currently undergoing digitisation.

The Government of India’s Digital India Land Records Modernisation Programme (DILRMP) and SVAMITVA scheme aim to create a centralised, digital database of land ownership.35 The goal is to provide “conclusive titling.”

In tribal areas, land is often held communally or under “usufructuary” rights that do not translate easily into the “exclusive individual ownership” model of digital databases.

When a surveyor enters a name into the database as the “owner” (Data Principal), they effectively erase the underlying community title. Under DPDPA, this individual “owner” can then consent to share this land data with banks or real estate developers.

Customary law requires the Village Council to approve any land transfer. The DPDPA allows the “Data Principal” to share land data directly with third parties, bypassing the Council’s oversight and potentially facilitating land alienation to non-tribals, a practice strictly prohibited in Sixth Schedule areas.36 The SVAMITVA guidelines themselves note the complexity of implementing in Sixth Schedule areas due to these conflicts.37

Tribal identity in Northeast India is strictly lineage-based. The Khasi inherit lineage from the mother (Kur), while Nagas follow patrilineal clan lines. Records of these lineages are maintained orally or in clan registers.

A member of a Khasi clan converts to a different religion or leaves the community and, exercising their rights under Section 12 of the DPDPA, demands the erasure of their personal data from the clan’s digital lineage register.

Under DPDPA, the Data Fiduciary (the Clan Council or researcher) might be legally obligated to erase the data. However, under customary law, the integrity of the lineage record is paramount for determining the inheritance of ancestral property (Ri Nongtymmen). The erasure of one link breaks the chain of evidence for the entire group. Here, the individual’s “Right to Erasure” directly destroys the community’s “Right to Cultural Preservation” and legal evidence for succession.38

The Naga Hoho and other bodies have vehemently opposed the patenting or unauthorised digitisation of traditional designs and medicinal knowledge.39

If a researcher collects data on traditional medicine from an individual healer and obtains their individual consent under DPDPA, the processing is lawful.

Customary law views this knowledge as the collective property of the tribe. An individual cannot consent to its alienation. By validating individual consent, the DPDPA provides a legal veneer for biopiracy, allowing corporations to bypass the collective authorisation required under the Nagoya Protocol and customary norms.40 The Traditional Knowledge Digital Library (TKDL) attempts to protect this, but DPDPA does not explicitly integrate TKDL’s defensive mechanisms into its consent framework.

Genomic research often targets indigenous populations due to their unique genetic markers. The uploaded research highlights the risks of “overvaluing individual consent” in such studies.41

Genetic data is inherently shared; an individual’s DNA reveals information about their parents, siblings, and tribe. The DPDPA allows an individual to consent to genetic sequencing. This data can stigmatise the entire community (e.g., if a predisposition to alcoholism is “discovered”).

Tribal communities require collective consent for genetic research to assess group harm, a provision standard in ANZ research ethics but absent from the DPDPA.42

Melthum veng, Aizawl, Mizoram, India (R London via Wikimedia Commons 2014)

5. Comparative Insights: Learning from the ANZ Experience

The conflict in India is not unique; it mirrors the struggles of Indigenous peoples in Australia and New Zealand (ANZ), offering valuable comparative insights for policy formulation.

In New Zealand, the Waitangi Tribunal has recognised Māori data as “taonga” (treasure), protected under Article 2 of the Treaty of Waitangi. This legal status requires the Crown to partner with Māori in data governance, rather than merely consulting them.43

The shift from census to administrative data (using existing government records) was opposed by Māori groups because it created “deficit data” focusing on crime and health problems rather than cultural resilience.

Where in New Zealand, Te Mana Raraunga (Māori Data Sovereignty Network) was established and Māori data governance protocols integrated into New Zealand’s statistics, India lacks an equivalent “Tribal Data Sovereignty Network” or statutory recognition of tribal data as taonga.

The Global Indigenous Data Alliance (GIDA) proposed the CARE Principles (Collective Benefit, Authority to Control, Responsibility, Ethics) to complement the FAIR principles (Findable, Accessible, Interoperable, Reusable) used by scientists.

Principle DPDPA Approach CARE / Indigenous Approach Recommendation for India
Collective Benefit Benefit to individual or economy Benefit to the community ecosystem Mandate “Community Benefit” assessments for tribal data processing.
Authority to Control Control with Data Fiduciary/State Control with Indigenous governance bodies Recognise Gram Sabhas as “Community Data Fiduciaries.”
Responsibility Accountability to Data Protection Board Accountability to the people/relations Decentralise grievance redressal to ADCs.
Ethics Minimising individual harm Minimising collective harm Introduce “Collective Harm” as a category in DPDPA rules.

Australia’s new framework emphasises “decolonising bureaucracy” by shifting from consultation to co-design.44 It requires government agencies to partner with Indigenous communities throughout the data lifecycle. In contrast, India’s DPDPA was drafted with minimal consultation with tribal bodies, reflecting a top-down imposition rather than a co-designed partnership.

6. Conclusion: Toward a Pluralistic Data Democracy

The DPDPA represents a significant leap in India’s digital governance capabilities, but its uniform application threatens to replicate the historical injustices of colonial resource extraction in a new, digital guise. By treating data as a purely individual asset, the Act renders invisible the complex web of collective rights and customary duties that sustain the tribal societies of Northeast India.

The “conflict” described here is not merely technical; it is a test of Indian federalism. If the “special provisions” of the Constitution (Articles 371A, 371G, Sixth Schedule) are to have meaning in the 21st century, they must extend to the digital domain. Data about land is as sensitive as the land itself; data about lineage is as sacred as the bloodline.

Failing to address this will likely lead to extensive litigation, with tribal bodies invoking the Niyamgiri and Ratan Singh precedents to challenge the DPDPA’s constitutionality. Alternatively, India has the opportunity to become a global leader in Indigenous Data Sovereignty, demonstrating how a modern digital economy can coexist with, and empower, ancient systems of collective wisdom. The path forward requires moving from “Data Protection” to “Data Pluralism,” where the digital rights of the individual do not come at the cost of the digital sovereignty of the community.

Policy Recommendations

To resolve this conflict and prevent a “digital mutiny” in the Northeast, where tribes may refuse to participate in digital census or land surveys, the Government of India must adopt a pluralistic approach to data governance.
  • The Act should be amended to introduce a ‘Community Data Fiduciary’ status for traditional bodies like Gram Sabhas and Clan Councils. These bodies would hold the rights of a Data Principal on behalf of the group for datasets that are collectively owned. Furthermore, for data tagged as ‘Tribal’ or ‘Scheduled’, the Act must mandate a ‘dual-key’ consent mechanism: requiring collective consent via the Village Council in addition to individual consent. This ensures that individual data sharing does not harm collective interests and aligns the statute with customary governance.
  • State-level constitutional powers must be activated to create specific exemptions. The Governors of Assam, Meghalaya, Tripura, and Mizoram should utilise Paragraph 12(1)(b) of the Sixth Schedule to notify that the DPDPA applies with modifications, specifically designating ADCs as appellate authorities for customary data disputes. Simultaneously, the Legislative Assemblies of Nagaland and Mizoram must pass resolutions under Articles 371A and 371G respectively, applying the DPDPA only if it incorporates specific rules protecting customary data ownership, thereby forcing the Central Ministry to issue state-specific regulations.45
  • Instead of tribal data residing in the silos of corporate fiduciaries or the State, it should be held in Data Trusts managed by the community. The Trust would act as a legal intermediary, negotiating terms of access with third parties (banks, researchers, government). This can leverage the existing Account Aggregator framework but replace the commercial intermediary with a Community Trust. This ensures that the economic value of data (monetisation) flows back to the tribe, aligning with the Kris Gopalakrishnan Committee’s vision of community economic rights over data.46
  • Digital platforms like Bhu-Aadhaar (land records) or health registries operating in tribal areas must build FPIC workflows directly into their code. When a surveyor attempts to digitise a land parcel in a Sixth Schedule area, the software should require two digital signatures: one from the individual holder and one from the Village Headman (Rangbah Shnong/Gaon Burha). Without the Headman’s digital authorisation (signifying community consent), the record cannot be finalised in the central database.47

Table 1: Comparative Analysis of Data Governance Models

Feature DPDPA 2023 (India) Customary Law (NE India) Indigenous Data Sov. (ANZ)
Primary Unit Individual (Data Principal) Community (Clan/Village) Collective (Iwi/Tribe)
Consent Model Individual, Notice-based Collective, Consensus-based Collective Authority (CARE)
Data Ownership Fiduciary holds custody Community holds heritage Data as Taonga (Treasure)
State Access Broad Exemptions (Sec 17) Restricted by Autonomy Treaty-based negotiation
Dispute Resolution Data Protection Board Village Council / Customary Court Tribal/Māori Governance Bodies

Endnotes

  1. DLA Piper, ‘Data Protection Laws in India’ DLA Piper Data Protection (2025) https://www.dlapiperdataprotection.com/?t=law&c=IN accessed 18 December 2025.
  2. Supreme Court Observer, Right to Privacy: Puttaswamy Judgment Supreme Court Observer  (2021) https://www.scobserver.in/wp-content/uploads/2021/10/Right_to_Privacy__Puttaswamy_Judgment_1.pdf accessed 18 December 2025.
  3. Parliament of India, The Constitution of India (English Final) (undated) eParliament Library & Reference Services https://eparlib.sansad.in/bitstream/123456789/2982247/1/29-05-27_Constitution_English_Final.pdf accessed 18 December 2025.
  4. VakeelLaw, ‘Customary Laws and Modern Legal Systems: A Study of the Tribal Communities in India’ VakeelLaw (2025) https://vakeellaw.com/wp-content/uploads/2025/06/Customary-Laws-and-Modern-Legal-Systems-A-Study-of-the-Tribal-Communities-in-India.pdf accessed 18 December 2025.
  5. Latham & Watkins LLP, ‘India’s Digital Personal Data Protection Act 2023 vs the GDPR: A Comparison’ Latham & Watkins LLP (2023) https://www.lw.com/admin/upload/SiteAttachments/Indias-Digital-Personal-Data-Protection-Act-2023-vs-the-GDPR-A-Comparison.pdf accessed 18 December 2025.
  6. Charmian Aw and Ciara O’Leary, ‘India’s Digital Personal Data Protection Act 2023 Brought into Force’ Hogan Lovells (17 November 2025) https://www.hoganlovells.com/en/publications/indias-digital-personal-data-protection-act-2023-brought-into-force- accessed 18 December 2025.
  7. Supreme Court Observer, Right to Privacy: Puttaswamy Judgment.
  8. PRS Legislative Research, ‘The Digital Personal Data Protection Bill, 2023’ PRS India (2023) https://prsindia.org/billtrack/digital-personal-data-protection-bill-2023 accessed 18 December 2025.
  9. Sanjeev Kumar and Prof Punam, ‘Right to Privacy in the Age of Social Media: An Analysis of Indian Jurisprudence’ 9–20 ResearchGate (2025) https://www.researchgate.net/publication/394520562_Right_to_Privacy_in_the_Age_of_Social_Media_An_Analysis_of_Indian_Jurisprudence accessed 18 December 2025.
  10. PRS Legislative Research, ‘Non-Personal Data Governance Framework’ PRS India (2025) https://prsindia.org/policy/report-summaries/non-personal-data-governance-framework accessed 18 December 2025.
  11. de Souza SP and Bhardwaj K, ‘India’s Conception of Community Data and Addressing Concerns for Access to Justice’ Digital Society 3(1) 16 (2024) https://pmc.ncbi.nlm.nih.gov/articles/PMC10960881/ accessed 18 December 2025.
  12. Neisakhono Yano and Srikanth Yamsani, ‘Traditional Governance and Customary Laws in Angami Nagas’ 253–269 ResearchGate (2025) https://www.researchgate.net/publication/394569773_Traditional_Governance_and_Customary_Laws_in_Angami_Nagas accessed 18 December 2025.
  13. Lanusashi Longkümer, ‘Self-Governance and Democracy among the Ao Naga of Nagaland Asia’ Indigenous Peoples Pact (2024) https://aippnet.org/wp-content/uploads/2024/03/Ao-Naga-Self-Governance-resized.pdf accessed 18 December 2025.
  14. Mihir Kaulgud, ‘India’s Approach to Data Decolonization: Moving Away from the “Data as Resource” Metaphor’ Social and Political Research Foundation (October 2022) https://sprf.in/wp-content/uploads/2022/10/data-decol-IB.pdf accessed 18 December 2025.
  15. Kris Gopalakrishnan Committee, ‘Report on Non-Personal Data Governance Framework’ OurGov.Live (2020) https://ourgovdotin.wordpress.com/wp-content/uploads/2020/07/kris-gopalakrishnan-committee-report-on-non-personal-data-governance-framework.pdf accessed 18 December 2025.
  16. Juster Lyngdoh and Malathi Adusumalli, ‘Spaces for Indigenous Knowledge: Examining Participatory Conceptual Approach and Practices in Khasi Community’ Cogent Social Sciences 11(1) 2491697 (2025) https://www.tandfonline.com/doi/pdf/10.1080/23311886.2025.2491697 accessed 18 December 2025.
  17. Shantipriya Nag and Balabet Kharmalki, ‘A Breakthrough on How Cultural Norms Affect Women’s Engagement with Digital Finance Platforms: A Matrilineal Context on the State of Meghalaya’ International Journal for Multidisciplinary Research 7(6) 1 (2025) https://www.ijfmr.com/papers/2025/6/58848.pdf accessed 18 December 2025.
  18. Hogan Lovells, ‘India’s Digital Personal Data Protection Act 2023 Brought Into Force’ JD Supra (19 November 2025) https://www.jdsupra.com/legalnews/india-s-digital-personal-data-1886813/ accessed 18 December 2025.
  19. Archisman Bhattacharjee, ‘Every Business Is a Data Business: Applicability of DPDP Act to Non-Financial Entities’ Vinod Kothari (8 December 2025) https://vinodkothari.com/2025/12/every-business-is-a-data-business-applicability-of-dpdp-act-to-non-financial-entities/ accessed 18 December 2025.
  20. Vajiram and Ravi, ‘Handout 15th Nov 2025’ Vajiram and Ravi (2025) https://vajiramandravi.s3.us-east-1.amazonaws.com/media/2025/11/15/15/2/1/Handout_15th_Nov_2025.pdf accessed 18 December 2025.
  21. Stellina Jolly, ‘The Vedanta (Niyamgiri) Case: Promoting Environmental Justice and Sustainable Development’ in Sumudu A Atapattu, Carmen G Gonzalez and Sara L Seck (eds), The Cambridge Handbook of Environmental Justice and Sustainable Development (Cambridge University Press, 2021) 289–302 https://www.cambridge.org/core/books/abs/cambridge-handbook-of-environmental-justice-and-sustainable-development/vedanta-niyamgiri-case/CE325EAC955B21FC970F5740975151EB accessed 18 December 2025.
  22. PWOnlyIAS, ‘A Comprehensive Guide to Article 371–371J: Special Provisions for States in Indian Polity’ PWOnlyIAS https://pwonlyias.com/upsc-notes/special-provisions-for-some-states/ accessed 18 December 2025.
  23. Julia Fogerite, Jack Jenkins Hill and Athong Makury, ‘Land and Forest Governance in the Naga Village Republic: Resource Rights for the Indigenous Peoples (RRtIP)’ Resource Rights for the Indigenous Peoples (March 2018) https://www.lift-fund.org/sites/lift-fund.org/files/publication/LIFT-LCG-Land-and-Forest-Governance-Naga_EN_Mar2019.pdf accessed 18 December 2025.
  24. Drishti IAS, ‘Current Affairs Consolidation January 2025 Part 2’ Drishti IAS (2025) https://www.drishtiias.com/images/pdf/CA_Consolidation_January_2025_Part_2.pdf accessed 18 December 2025.
  25. Dr Chumben Murry, ‘On Naga Customary Law’ The Morung Express (18 June 2025) https://morungexpress.com/on-naga-customary-law accessed 18 December 2025.
  26. Mizoram Forest Department, ‘Notification: The Forest Conservation Amendment Act 2023’ Government of Mizoram (14 October 2025) accessed 18 December 2025.
  27. Ezrela Dalidia Fanai, ‘Mizoram Forest Conservation Amendment Act, 2023 Adopted’ India Today NE (27 August 2025) https://www.indiatodayne.in/mizoram/story/mizoram-forest-conservation-amendment-act-2023-adopted-1268075-2025-08-27 accessed 18 December 2025.
  28. R Gopinath Rao, Meghalaya State Profile (Government of India, Ministry of Micro, Small and Medium Enterprises) DCMSME https://dcmsme.gov.in/dips/state_wise_dips/MEGHALAYA%20STATE%20PROFILE%20REVISED.pdf accessed 18 December 2025.
  29. Khasi Hills Autonomous District (Village And Town Development Council) Act 2021 (25 January 2022), LegitQuest https://www.legitquest.com/act/khasi-hills-autonomous-district-village-and-town-development-council-act-2021/c6ed accessed 18 December 2025.
  30. Dr Kiran Dennis Gardner, Dr Sheikh Inam Ul Mansoor and Ms Shivani Dutta (eds), Transforming Society, Evolving Law: A Compilation of Global Legal Perspectives (School of Law, Dayananda Sagar University 2024) https://www.dsu.edu.in/images/law/Newsletter/Law_Conference_book.pdf accessed 18 December 2025.
  31. Trisha Pande and Vrinda Bhardwaj, Land Rights and the Digital Revolution in India: Potential and Pitfalls (14 January 2022) Centre for Policy Research https://cprindia.org/wp-content/uploads/2022/02/Land-Rights-and-the-Digital-Revolution-in-India-Potential-and-Pitfalls.pdf accessed 18 December 2025.
  32. PRS Legislative Research, Land Records and Titles in India PRS India https://prsindia.org/policy/analytical-reports/land-records-and-titles-india accessed 18 December 2025.
  33. Meghalaya-Based Body Seeks Exemption of Meghalaya & Garo Hill Districts from ‘Svamitva Scheme’ (27 December 2021) Northeast Today https://northeasttoday.in/northeast/meghalaya-based-body-seeks-exemption-of-meghalaya-garo-hill-districts-from-svamitva-scheme/ accessed 18 December 2025.
  34. Ministry of Panchayati Raj, ‘Framework for Implementation of Svamitva Scheme’ (2022), SVAMITVA https://svamitva.nic.in/DownloadPDF/SvamitvaGuidelinesupdated_1644043306576.pdf accessed 18 December 2025.
  35. Ministry of Panchayati Raj, ‘Report of Expert Committee on SVAMITVA’ (2022), SVAMITVA https://svamitva.nic.in/DownloadPDF/ExpertCommitteeReport_1667797591504.pdf accessed 18 December 2025.
  36. NH Web Desk, ‘Naga Shawl Controversy Is Unnecessary’ (4 November 2018) National Herald India https://www.nationalheraldindia.com/regional/naga-shawl-controversy-is-unnecessary accessed 18 December 2025.
  37. D Kalbande and Priya S, Traditional Knowledge Digital Library: A Magic Bullet in the War against Biopiracy Library Philosophy and Practice https://digitalcommons.unl.edu/cgi/viewcontent.cgi?article=11486&context=libphilprac accessed 18 December 2025.
  38. H Abdullah, ‘Learning from India’s TKDL: digitisation as a Tool to Protect Cultural Property’ (2021), Georgetown Law Technology Review https://georgetownlawtechreview.org/wp-content/uploads/2021/05/Abdullah-Learning-From-Indias-TKDL-5-GEO.-TECH.-REV.-99-2021.pdf accessed 18 December 2025.
  39. Krystal Tsosie, Joe Yracheta and Donna Dickenson, ‘Overvaluing Individual Consent Ignores Risks to Tribal Participants’ (2019) Nature Reviews Genetics 20(9) 1 https://www.researchgate.net/publication/334461618_Overvaluing_individual_consent_ignores_risks_to_tribal_participants accessed 18 December 2025.
  40. Bobby Saunkeah, Julie A Beans, Michael T Peercy, Vanessa Y Hiratsuka and Paul Spicer, ‘Extending Research Protections to Tribal Communities’ (2021) The American Journal of Bioethics 21(10) 5–12 https://www.tandfonline.com/doi/full/10.1080/15265161.2020.1865477 accessed 18 December 2025.
  41. David R Curry and Paige Fitzsimmons, Informed Consent: A Monthly Review (Center for Informed Consent Integrity, October 2019) https://ge2p2global-centerforinformedconsentintegrity.org/wp-content/uploads/2020/01/ge2p2-global_informed-consent-a-monthly-review_october-2019.pdf accessed 18 December 2025.
  42. A J Calac and T K Mackey, ‘A Systematic Review of Responsible Stewardship of Research and Health Data from Indigenous Communities’ (2025) NPJ Digital Medicine 8(1) 504 https://pmc.ncbi.nlm.nih.gov/articles/PMC12326002/ accessed 18 December 2025.
  43. Kriti Sharma, ‘Niyamgiri: 10 Years since India’s First Environmental Referendum’ (19 April 2023) Down To Earth https://www.downtoearth.org.in/governance/niyamgiri-10-years-since-india-s-first-environmental-referendum-88850 accessed 18 December 2025.
  44. Divij Joshi, ‘Non-Personal Data Regulation: Interrogating “Group Privacy”’ (30 July 2020) Centre for Law and Policy Research https://clpr.org.in/blog/non-personal-data-regulation-interrogating-group-privacy/ accessed 18 December 2025.
  45. Vidushi Marda, ‘Non-personal Data: The Case of the Indian Data Protection Bill, Definitions and Assumptions’ (15 October 2020), Ada Lovelace Institute https://www.adalovelaceinstitute.org/blog/non-personal-data-indian-data-protection-bill/ accessed 18 December 2025.
  46. Indian Kanoon, ‘State Of Nagaland vs Ratan Singh, Etc on 9 March, 1966’ (1966), Indian Kanoon https://indiankanoon.org/doc/400907/ accessed 18 December 2025.
  47. Ibid.