‘Data Protection In E-Commerce: A Cross-Jurisdictional Study Of Gdpr And The Indian Dpdp Act’

Abstract

The exponential growth of e-commerce has transformed how personal data is collected, processed, and stored, raising critical concerns about privacy and data protection. The General Data Protection Regulation (GDPR) of the European Union and the Digital Personal Data Protection Act, 2023 (DPDP Act) of India are two important regulatory frameworks that are the subject of this paper's comparative legal study.Both laws aim to regulate personal data handling and empower users with control over their information, yet they reflect distinct legal traditions, enforcement mechanisms, and digital governance philosophies.

The two laws aim to regulate the processing of personal data and provide users with the possibility of controlling information, but reflect the various legal traditions, coercion, and philosophy of digital management.

GDPR is known for its trustworthy model based on its extracurricular volume and harmony, establishing global standards in terms of emphasising data protection, transparency, responsibility and data rights. On the contrary, India's DPDP law is more flexible and employed, focusing on approaches adapted to the context of India's digital economy and social legislators. This document analyzes key provisions, including processing, user consent, cross-dota transfer, the role of data protection and reward mechanisms. Thanks to thematic research and interpretations established by law, this study highlights how e-commerce platforms should adapt data methods to meet jurisdictional requirements. Additionally, we explore the consequences of regulatory differences among multinationals operating in both modes, including issues of harmony of conformity, ensuring legal data programs, and preventing fines. This study also addresses the role of algorithmic profiling and intentional advertising in the formation of consumer behavior, poses ethical issues according to two laws.

While the GDPR is a right-based basis to emphasize individual autonomy, the DPDP Act reflects the balance between user rights and states' interest in issues of national security and innovation. This comparative approach provides ideas on how developing countries such as India develop data protection methods that interact with global standards during regional real-world investigations. This document concludes with political recommendations for e-commerce stakeholders to improve compliance, data management and consumer confidence in the digital market.