Limited exemption permitting processing of personal data for research and statistical purposes under certain conditions.
DPDPA provides limited accommodation for research processing through the legitimate use provisions. Section 7(c) allows processing for publicly available personal data. For non-public data, research typically requires either consent or effective anonymisation. The research exemption does not create a blanket pass for academic or commercial research — it must be conducted on truly anonymised data or with consent. Rule 22 exemptions for research-archiving purposes provide additional but narrow scope.
If your startup processes data for analytics, ML training, or market research, you cannot assume a research exemption applies. Most commercial research still requires consent unless the data is genuinely anonymised to the irreversibility standard.
A Delhi AI startup wants to train language models on customer support conversations. They cannot claim a research exemption on raw transcripts. They must either: obtain consent for ML training as a specific purpose, or irreversibly anonymise the conversations before use (removing all identifying information).
There is no broad "research exemption" in DPDPA equivalent to GDPR Article 89. Commercial research, AI training, and analytics require consent or true anonymisation — academic vs commercial intent is irrelevant.