Vol. 11, Issue 10, Part E (2025)

Abstract
The rapid growth of e-commerce in India has led to unprecedented collection, processing, and dissemination of personal data, raising critical concerns regarding data privacy, consent, and consumer rights. The Digital Personal Data Protection Act, 2023 (DPDPA, 2023) provides a comprehensive legal framework aimed at regulating data fiduciaries, safeguarding sensitive personal information, and ensuring transparency in digital transactions. This paper critically examines the implications of the DPDPA on e-commerce platforms, focusing on its provisions related to consent management, fiduciary accountability, grievance redressal, cross-border data transfers, and enforcement mechanisms. Through comparative analyses with international standards such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), the study highlights both strengths and challenges in implementing effective privacy safeguards in the Indian digital ecosystem. The research also explores the role of the Data Protection Authority (DPA) in monitoring compliance, adjudicating disputes, and guiding best practices for organizations. Additionally, the paper discusses practical recommendations for e-commerce businesses, including privacy by design, automated consent management systems, security infrastructure, third-party accountability, and consumer education, which are essential for fostering a trust-based digital marketplace. By emphasizing the intersection of legal compliance, technological innovation, and ethical responsibility, this study demonstrates how the DPDPA serves as a pivotal instrument in enhancing consumer protection while enabling the sustainable growth of India’s digital economy. The paper concludes by outlining future directions for policy refinement, regulatory capacity building, and adaptive compliance strategies, underscoring the need for a holistic approach to data privacy governance in a rapidly evolving technological landscape.