Abstract
India’s digital growth has changed the way people share, store, and use personal information. Services such as Aadhaar, UPI, DigiLocker, online shopping, digital banking, and artificial intelligence have made everyday life easier, but they have also increased concerns about privacy, data security, and consumer protection. The Digital Personal Data Protection Act, 2023 is India’s first comprehensive law dealing with digital personal data and aims to create a balance between protecting individual privacy and supporting governance, business, and innovation. This article examines whether the DPDP Act achieves that balance. It discusses the constitutional right to privacy recognised in Justice K.S. Puttaswamy (Retd.) v. Union of India, the rights and responsibilities created under the Act, the impact of government exemptions, and the growing importance of consumer trust in India’s digital economy. It also compares India’s approach with the European Union’s General Data Protection Regulation (GDPR) to understand what lessons India can adopt while developing its own data protection framework. The article concludes that the DPDP Act is an important beginning, but its long-term success will depend on transparency, accountability, effective implementation, and public trust. As technologies such as artificial intelligence, cloud computing, digital public infrastructure, and cross border digital services continue to grow, India’s data protection framework must continue to evolve while protecting both individual rights and legitimate public interests.