Abstract

The‍‌‍‍‌‍‌‍‍‌ introduction of the Digital Personal Data Protection Act, 2023 (DPDP Act) is a major change in India's data protection framework but, at the same time, it poses complicated questions about the jurisdiction in relation to the already existing Information Technology Act, 2000 (IT Act). This study determines the statutory intersections between the two regimes by examining overlapping provisions, adjudicatory mechanisms, and enforcement competencies. It explores how these overlaps can cause regulatory uncertainty, compliance burden, and inconsistent accountability in data governance. The study, using a comparative lens, considers India's dual-framework issues in light of international standards such as the General Data Protection Regulation (GDPR) of the European Union and the California Consumer Privacy Act (CCPA) of the United States. Using doctrinal and comparative legal methodologies, the paper outlines normative and institutional gaps in India's data protection framework and suggests the harmonization of strategies to improve legal coherence, regulatory coordination, and international compliance ‍‌‍‍‌‍‌‍‍‌alignment.

Keywords