This interview has been published by Namrata Singh and The SuperLawyer Team
Could you share with us your journey into the legal profession? What sparked your interest in law and led you to specialize in international privacy law and corporate law specifically?
I started working as a business journalist in 1994, after graduating with a degree in commerce and economics from Bombay University (as it was called then). A chance meeting with a friend convinced me to study law, as I believed that it would improve my skills and help me become a better business journalist. (The Stock Market was still reeling from the effect of the 1992 scam and knowledge of various corporate and business laws would help.) So I enrolled to study at the prestigious Government Law College at Church gate, mostly, because it was close to my workplace and early morning classes allowed us to work all day. I signed up for a moot court competition within a few months of classes and I immediately knew that this is what I want to do in the long run! So I eventually quit journalism a few months later to focus on my law studies.
There were no privacy laws then – and my favourite subjects in college were the law of Torts, Contracts, Interpretation of Statutes and Private International law. I eventually joined Desai & Diwanji, where I was introduced to corporate commercial law, property law and commercial litigation. I wanted to become a counsel, so I joined the chambers of Snehal Paranjape and started my practice as a Counsel in the Original Side of the Bombay High Court. After a year and half I relocated to Bangalore, and as I did not know Kannada then (I am fluent now), I went back to doing corporate work and then moved in-house.
I worked for a few companies, setting up their legal function and then became the General Counsel of some large IT / ITES companies. Contracts and negotiations are the life blood and most important aspect for any corporate lawyer, and as the legal head, I was also responsible for supporting growth of the business across countries, mergers and acquisitions and compliance, apart from everything else that comes with the role. When I was the General Counsel of Minacs, the Company was acquired by Concentrix, and I set up the Compliance function at Concentrix. That’s about when GDPR happened and I was one person in the company who had no conflict of interest in taking up the role of the Data Protection Officer (DPO). So I learned all about Data Protection and Privacy and set up the privacy function. Gradually, we saw the introduction of Artificial Intelligence where the laws are even more challenging. I was also responsible to ensure that we had a framework in place to ensure ethical and responsible AI design. I learnt a lot on the job and it was very exciting and enriching for me.
In December 2023, I joined hands with my old friend, Rashmi Sharma, and we set up Kosmos Partners together.
So this is my career trajectory in a snapshot – property, corporate advisory, litigation, back to corporate transactions (this time in-house – mostly tech laws), corporate compliance and data protection and privacy, AI regulations and finally – back to practice.
You’ve had an impressive career spanning over 25 years, with significant roles in various organizations. How have these experiences shaped your understanding of international privacy law and corporate legal practices?
One can never understate the value of experience. Each and every transaction, incident, case or matter comes with its own learning. I was extremely fortunate to be at the right place at the right time and to handle the kind of matters I got to do. I was very fortunate to have the opportunity to handle quite a few mergers and acquisitions independently right at the start of my in-house career and that was a great learning. I negotiated a couple of very challenging multi-jurisdictional contracts with large corporations, who are known to be very rigid and unwilling to bend on some key terms, but we still managed to get excellent terms from them based on how we positioned ourselves. Some of these learnings taught me how to break up a problem into smaller pieces to solve it better, how to take a step back and understand the big picture, how to bring value to the table and demonstrate that, especially while negotiating.
I travelled extensively to negotiate contracts with large clients and also, as part of my role as the Compliance leader. This exposure taught me a lot about the laws and legal practices of many other countries, their cultures and also helped me understand the data protection, privacy and cyber security laws and practices in various countries. I also began to appreciate how law and privacy are closely linked to the local culture. I think it is necessary to understand the history and culture of the other country before negotiating a contract or working on compliances or data privacy requirements of that country to be more effective.
One of the biggest challenges is to try to help the business create business processes that comply with the laws of multiple jurisdictions without making it too complicated for the business.
I also learned how important it is to understand the business and its challenges before we try to teach them the law. Once we understand their challenges, as lawyers, we should partner with the business and help solve their problems in a more practical way, rather than preaching to them. Raising awareness of the laws and regulations among business teams is also very important for business lawyers.
Given the dynamic nature of data privacy laws globally, how do you stay updated with the latest developments and how do these changes impact your clients?
The only way to stay updated is to read, read and read. There are quite a few free online legal subscriptions that one can subscribe to, so one is updated of the latest regulations. Also, consider joining online groups and WhatsApp, which are good at information sharing, many of them are rather helpful too.
Could you walk us through a challenging case or project you’ve handled in international privacy law? How did you navigate through it and what were the key takeaways?
One of the most challenging project was during the outbreak of the COVID-19 pandemic, and having to support the business teams in moving to work from home in a very short time. We barely had time to understand what was happening and we needed to move all equipment to employees’ homes in multiple countries around the same time. These had privacy and compliance implications, which we had to deal with for each country separately. Not only that, every country / city / state kept coming out with various regulations and notifications, which a couple of us were closely tracking real-time.
Soon enough, the tech teams had to come up with tools to protect the security of the data that was to processed by employees from their homes, which had even more privacy challenges. Our challenge was to walk the fine line between protecting the company and its client data and confidential information and to ensure cyber security on one hand, while on the other hand, ensuring that we do not violate privacy rights. We had a great team that rose to the challenge very well. We had to understand the needs of the business, the proposed solution, its impact on privacy and then map it against the laws of each country, so we could then work with the teams on implementing a viable solution. The biggest takeaway from such projects was the importance of team effort. Understanding the laws, of course, was important, but none of these challenging projects are successful unless everyone comes together as a larger team.
In your opinion, what are some of the most common misconceptions clients have about data privacy laws, and how do you address them in your practice?
The largest misconception clients have about data privacy laws is that they are fully compliant since they are GDPR compliant. GDPR is considered as the gold standard in data privacy, but one does not need to implement GDPR across board indiscriminately. Some clients take pride in doing that. But the Indian privacy law is more focused on a consent driven approach, and if you needlessly implement GDPR for Indian data principles, you will anyway have to take a look at everything once again.
Transitioning to corporate law, what are some of the most rewarding aspects of advising on mergers and acquisitions or structuring financial transactions? Could you share a memorable experience from your career in this field?
I have handled and led quite a few mergers and acquisitions as the legal head. Though mergers and acquisitions are long, complex and challenging transactions, they are just the beginning. The real success of a merger or acquisition lies in the integration, that follows completion of the transaction. And to ensure that the integration is complete and thorough, one must ensure that the due diligence was as complete and thorough. More often than not, sadly, due diligence is left to junior lawyers, who may not even understand the challenges in the documents they have been checking.
One very memorable transaction for me, very early in my career was a deal where we were acquiring a company headquartered in the US with a subsidiary in India. The founder had passed and his wife was unable to run the business and hence selling it. There were quite a few challenges in the deal right from the start. We found tax issues and litigation in the due diligence, both in US and India. The seller wanted to retire and did not want to be saddled with any of the issues, especially in India, so she wanted us to buy the stocks in the holding company and take care of everything, while we wanted only to buy out all the assets so we did not have to deal with their tax matters. The negotiations, led by our CFO almost came to breaking point as we could not agree on the transaction structure.
Finally, we went to our CEO and I will never forget how he broke down the transaction into smaller parts and suggested why don’t we take the stocks of the Indian company as we can deal with their litigation here since we are local and set up a new company in US and buy out the assets there, and leave the Seller to clean up the tax issues in US since she was a local there, which was acceptable to her too. We had to look at the key pain points for both parties and resolve that, and it suddenly became a win-win for both parties. The same transaction also saw the Seller sacking her CA in the middle of the transaction. She had retained the CA to negotiate the transaction as well as vet the contract for her, but it turned out that he was not really providing her much support on the contract piece. After some time, she ended placing so much trust and faith in me that she would sign any document only if I confirmed that I have seen it and it is ok for her to sign. I had to remind her that I do not represent her, but she still reposed so much trust and faith in me to draft a fair document. That was a very overwhelming experience, and something I can’t forget.
As someone who has held leadership positions in legal departments of major corporations, what advice would you give to young professionals looking to advance their careers in corporate law and privacy law?
Young professionals should try to develop an understanding of the business and develop a strategic outlook.
For in house counsels, focus on developing a deep understanding of the company’s business objectives. This involves not only knowing the law but also understanding how it impacts the bottom line. Additionally, cultivating strong interpersonal and communication skills is crucial. The ability to build relationships with colleagues across different departments, and to articulate complex legal concepts in clear and concise terms, is invaluable.
Privacy lawyers, should necessarily try to develop some technical expertise. Beyond technical expertise, develop a strategic mindset. Anticipating legal risks and providing proactive solutions is essential for career growth. Seeking out opportunities to take on leadership roles, even at an early stage, can accelerate professional development.
Also, do seek out a mentor, take their advice, and learn from their experience. Later, as you grow in your career, please do mentor juniors. It is our duty to keep grooming younger lawyers and build a legacy.
Finally, considering your extensive experience and success in the legal field, what advice would you offer to fresh graduates aspiring to follow a similar path in international privacy law and corporate law?
This is a very exciting time for fresh graduates – especially with the rapid changes to technology that we are seeing and will continue to see. The most important thing is for them to work on building a strong foundation and develop a deep understanding of the core legal principles and business fundamentals. Secondly, build a global outlook. Both privacy and corporate laws transcend borders nowadays, so it is important to stay updated on the legal and regulatory developments worldwide. Last, but not the least, as lawyers, we have to be committed to a lifetime of learning. Although Continued Legal Education is not mandatory in India, it is something we owe to ourselves. In addition, it is necessary to build a good professional network, and develop skills in legal writing, drafting, negotiations and communication and try to align yourself with a field of law that you feel passionate about. Don’t do something because it appears to be the cool thing to do. Otherwise, it will eventually wear you down. Enjoy your work and you will continue to cherish it.
Get in touch with Vasanthika Srinath-