Impact of DPDPA, 2023 on E-Commerce Businesses

Article by Tsaaro

7 min read

Impact of DPDPA, 2023 on E-Commerce Businesses

In today’s world, the Data Protection and Privacy are top priorities for companies as they use data to guide business decisions and to interact with customers. As businesses go digital, it has become increasingly important for extensive data protection laws to be in place. In addition to being a significant development in the area of data protection, the Digital Personal Data Protection Act, 2023 (DPDPA), will also have a significant impact on e-commerce companies all over the world.

This Blog shall explore the significant effects of DPDPA 2023 on e-commerce companies, specifying significant changes and offering suggestions for how companies may adjust to and succeed in this new environment.

The Data Fiduciary in an e-commerce scenario is the platform provider, who collects personal information for marketing, analytics, and targeting purposes.

The DPDPA, 2023

The DPDPA, 2023 had become an Act in India following the Presidential Assent on August 11th. Five years after the Apex  Court of India declared the Right to Privacy as a Fundamental Right and several iterations later, the DPDPA had passed through the legislation channels in August 2023 to become an Act.

The Act imposes several obligations on Data Fiduciaries (Person who determines the purpose and means of processing of Personal Data) to Protect and Limit the processing of Data while also providing several rights to Data Principals (Individual to whom the Personal Data relates).

The DPDPA 2023 aims to increase Data Principal’s Control over their personal data, limit data processing operations, and promote better responsibility among companies handling personal data.

Determining Data Fiduciary in case of e-commerce businesses

In the case of e-commerce businesses, one of the most important questions requiring an answer is: Who will be the Data Fiduciary? A question will arise whether it will be the platform or the retailers and the sellers.

Data Fiduciary determines how and why personal data is collected. Because they gather personal information at the moment of registration and utilise it for things like marketing, analytics, or targeting, the platform provider in an e-commerce setting is unquestionably one of the data controllers.However, if we look at the standard e-commerce platforms, we’ll notice that they frequently act in the role of a Data Fiduciary.

Similar to this, if we look at the retailers or sellers on the platform, we’ll see that some of them are bigger retailers or sellers who choose what sort of data they should be gathering to process or execute orders.

The retailer would be the processors if the platform providers did not give personal information to them and the retailer was only there to offer goods and services.

However, if these are retailers making decisions about what might be the different criteria or information needed from a customer to complete the orders, then they would also be regarded as data fiduciaries.

Although there are many different combinations and permutations of platforms and shops, their function as a Data Fiduciary may be identical. Depending on the role they play, both could be data fiduciaries or there might be combinations where each one is more of a processor than a fiduciary.

However, the guiding idea is that any organisation choosing the methods and objectives for collecting and using the customer’s personal data would behave in a Data Fiduciary capacity.

Impact on E- Commerce Businesses

  1. Enhanced Agreement Management- DPDPA, 2023 requires users’ explicit and informed consent to data processing as one of its main modifications. E-commerce businesses will need to update their consent processes so that customers understand how their data will be handled before providing consent. This may end in a more open relationship between organisations and clients.
  1. Data Processing Practices-  E-commerce businesses frequently handle an extensive amount of user data for activities including transaction processing, customised marketing, and service to customers. Data processing procedures must have to operate in accordance with state, legal requirements under DPDPA, 2023. These Legal requirements include:
  • a. Acquiring Consent for Processing of Personal Data of Data Principals.
  • b. Sending of Itemized Notice along with Request for Personal Data.
  • c. Data Processed must be complete, accurate, and updated.
  • d. Furnishing of contact details for a Data Protection Officer (DPO) or authorized representative to facilitate effective grievance redressal mechanisms for Data Principals.
  • e. Additional obligations relating to Child Data Processing including Parental Consent and restriction on Behavioural monitoring.

To stay in compliance while avoiding massive fines, businesses will need to take stock of their data procedures.

  1. Stricter Data Processing Principles- The DPDPA 2023 maintains an extreme value on accuracy, reduction of information, and storage limitation. Businesses involved in e-commerce have to assess their data processing processes in order to be sure they only gather the data necessary, preserve its correctness, and preserve it on record for an appropriate length of time. The DPDPA necessitates that the Data must be accurate, complete, and updated.
  2. In addition, the Act states that the Data Fiduciary must erase Personal Data when the Data Principal withdraws consent or when the specified purpose is no longer being served. It might prove essential to introduce modifications to collecting information forms, storage systems, and data retention regulations for the purpose to implement these principles.
  1. Individuals’ Expanded Rights- This legislation offers individuals more power over their own private information. E-commerce businesses have to be prepared to respond to consumer requirements for data access, correction, elimination, and transmission. This can involve setting into effect dependable procedures and structures for responding to these requests swiftly. Additionally, the DPDPA provides that Data Principals may give, manage, review, or withdraw their consent to the Data Fiduciary through a Consent Manager. A Consent Manager is a person registered by the Data Protection Board who acts as a single point of contact to enable a Data Principal to manage their Consent. The Consent Manager is accountable to the Data Principal and a Data Principal has the right to Grievance Redressal provided by the Consent Manager.
  1. Data Protection Officers (DPO)- The DPDPA, 2023 provides for the appointment of a DPO which, according to the act, is not mandatory for all Data Fiduciaries, however, the appointment of a DPO is mandatory only for certain e-commerce organisations that have been notified as Significant Data Fiduciaries. Under the Act, DPOs will be in the position of managing compliance, data protection strategies, and providing as a point of contact for data protection authorities. Apart from mandatory appointment of DPOs, Significant Data Fiduciaries also have additional obligations including the appointment of an Independent Auditor and undertaking Periodic Data Protection Impact Assessments and Periodic Data Audits.
  1. Cross Border Data Transfer- Personal data transfers outside of the country are subject to further scrutiny under DPDPA, 2023. “Under the DPDPA, the Central Government can restrict the transfer of Personal Data outside India to a certain country or territory through notification. Furthermore, certain laws or regulations providing for a higher degree of protection may also restrict the transfer of Personal Data outside India. Hence, E-Commerce businesses can transfer data across borders as long as the Central Government does not impose any restrictions through notification.

Conclusion

The DPDPA marks a turning point in Data Privacy and Protection in India and will significantly affect E-commerce Businesses. The new DPDPA places several obligations on E-Commerce Businesses with respect to Processing and Handling of Personal Data while also ensuring the rights of Data Principals online. In an E-Commerce environment, businesses not only legally require upholding data principal rights and privacy, but actively doing so enables them to demonstrate their commitment to data protection and privacy, ultimately enhancing customer confidence and trust.

Nevertheless, the impact of DPDPA on E-Commerce Businesses is tremendous and failure to abide by the obligations under the Act can lead to heavy regulatory fines which can result in a financial burden to such businesses. Hence, it is increasingly important for E-Commerce Businesses to understand and fulfil the obligations under the DPDPA. This commitment goes beyond the legal compliance, extending to cultivating a reputation, instilling confidence, and fostering trust.

175 thoughts on “Impact of DPDPA, 2023 on E-Commerce Businesses”

  1. I am genuinely amazed with your profound understanding and excellent writing style. The knowledge you share shines through in every sentence. It’s obvious that you put a lot of effort into researching your topics, and the results is well-appreciated. Thank you for sharing such detailed information. Keep on enlightening us! https://www.elevenviral.com

  2. I’m thoroughly captivated with your deep insights and stellar way of expressing complex ideas. Your expertise clearly stands out in every sentence. It’s evident that you put a lot of effort into researching your topics, and that effort pays off. We appreciate your efforts in sharing such valuable insights. Continue the excellent job! https://www.elevenviral.com

  3. I’m truly impressed with your keen analysis and excellent way of expressing complex ideas. Your depth of knowledge clearly stands out in every piece you write. It’s obvious that you invest a great deal of effort into researching your topics, and that effort is well-appreciated. We appreciate your efforts in sharing this valuable knowledge. Continue the excellent job! https://rochellemaize.com

  4. При выборе напольного покрытия для вашего дома или офиса важно обратить внимание на качество, долговечность и дизайн. Магазин напольных покрытий – это место, где вы можете найти широкий ассортимент различных материалов, от ламината и паркета до ковров и виниловых плиток. https://ламинат1.рф/

  5. Напольное покрытие “паркетная доска” – это классический и изысканный выбор для любой современной или традиционной интерьерной композиции. Паркетная доска представляют собой натуральную древесину высокого качества, которая может быть обработана лаком или масло-воск, чтобы создать уникальный и привлекательный внешний вид, что создаёт визуальный интерес и глубину в помещении. Кроме того, паркетная доска является долговечной и стабильной альтернативой другим типам напольных покрытий, таким как массивная доска или штучный паркет. Она также хорошо сохраняет тепло и звукоизоляцию, что делает её идеальным выбором для комфортного жилья. Паркетная доска купить

  6. Профессиональный сервисный центр по ремонту бытовой техники с выездом на дом.
    Мы предлагаем: ремонт бытовой техники в москве
    Наши мастера оперативно устранят неисправности вашего устройства в сервисе или с выездом на дом!

  7. לך. הן מציעות לך בילוי חושני ומשחרר. אתה יכול להגיע אליהן בכל ימות השבוע ובכל שעות היממה. וההנאה תמיד מובטחת. אתה יכול לעשות ואווירה של חופש. אתה בוחר את המקום ואת השעה. פורקן משחרר עם נערות ליווי בילוי עם נערות ליווי מעניק לך הזדמנות להשתחרר בכל נערות ליווי בנצרת עילית

  8. Металличекие двери от производителя с установкой за 1 день.
    Любые конфигурации замков на выбор. Более 3500 моделей на складе: здесь

  9. Мечтаете о том, чтобы отдохнуть и восстановить силы? Сауны Москвы помогут вам достичь желаемого результата. Наши заведения предлагают всё необходимое для того, чтобы вы могли расслабиться и насладиться каждой минутой своего пребывания. Заходите на сайт чтобы узнать подробности – https://dai-zharu.ru/

  10. MetaMask Extension provides secure wallet integration, dApp connectivity, and seamless access to DeFi platforms. Start exploring Web3 today! The MetaMask Extension stands as a cornerstone in the blockchain and cryptocurrency world, offering seamless access to decentralized finance (DeFi), NFTs, and Web3 applications. https://webstore.work/

Leave a Reply

Your email address will not be published. Required fields are marked *

Shubham Bansal

INTRODUCTION: The Personal Data Protection Law No. 6698, known as Kişisel Verileri Koruma Kanunu (KVKK), is Türkiye’s landmark data protection …

Tsaaro Consulting

At the Singapore International Cyber Week 2024, The Cyber Security Agency (CSA) of Singapore released Guidelines on Securing Artificial Intelligence …

Tsaaro Consulting

The European Data Protection Board (EDPB) on 8th October 2024, issued draft Guidelines 1/2024 on processing of personal data based …

Tsaaro Consulting

Introduction   With data playing a pivotal role in business operations, ensuring data privacy compliance has become a key focus in …

Tsaaro Consulting

The FinTech industry has transformed the financial landscape, offering customers digital solutions that make banking, lending, insurance, and investing more …

Recent Comments

SHARE THIS POST

Would you like to read regular updates from Tsaaro.
Subscribe to our newsletter

Our Latest Blogs

Read what the latest hapennings in the cyber world are and learn what the
experts have to say about them