India's Comprehensive Data Protection Resource  ·  DPDPA @2026  ·  From Implementation to Board Representation

Possible Disputes Under the Digital Personal Data Protection Act, 2023

Visual summary on top. Detailed explanation is available below (scroll inside the box if needed).

Possible Disputes Infographic

1) Consent Issues

Disputes arise when personal data is processed without valid, free, informed, and specific consent.

  • Invalid or missing consent
  • Forced or bundled consent (no real choice)
  • Consent withdrawal ignored
  • Misleading consent mechanisms (dark patterns / coercion)
  • Using data for a new purpose without fresh consent
2) Notice Failures

Disputes occur when individuals are not clearly informed about data collection, use, and grievance options.

  • No notice provided
  • Vague or incomplete notice
  • Notice not understandable (language / accessibility)
  • Notice not updated when purpose changes
3) Rights Denied

Individuals have rights such as access, correction, and erasure. Disputes happen when these are denied or delayed.

  • Access requests denied
  • Correction requests denied
  • Erasure requests denied
  • Grievances ignored or no mechanism provided
  • Nominee rights not recognized
4) Security Lapses

Organizations must implement reasonable safeguards to protect personal data.

  • Weak security controls / inadequate safeguards
  • Poor internal access controls
  • Failure to appoint grievance officer / public contact point (where required)
  • Collecting more data than needed or retaining data too long (often linked to security risk)
5) Data Breaches

When breaches occur, timely notification and mitigation are key. Disputes arise from delays or negligence.

  • Breach not notified to affected individuals / authority
  • Unreasonable delay in notification
  • No meaningful mitigation/remedial action
  • Breach due to preventable negligence
6) Children’s Data

Children’s personal data requires higher protection, including verifiable parental consent.

  • No verifiable parental consent
  • Tracking/profiling of children
  • No effective age verification controls
7) Cross-Border Transfers

International transfers may be restricted or require safeguards and transparency.

  • Transfer to restricted/non-approved countries
  • No safeguards for international transfer
  • Transfer not disclosed to individuals (where required)
8) SDF Non-Compliance

Significant Data Fiduciaries (SDFs) have additional obligations for high-risk processing.

  • DPO not appointed (where required)
  • DPIA not conducted (where required)
  • Lack of accountability for automated/algorithmic decisions
9) Enforcement & Complaint Issues

Disputes can arise during grievance handling and enforcement processes.

  • Complaint rejected without proper inquiry
  • Non-compliance with binding orders
  • Frivolous/vexatious complaints
  • Jurisdiction disputes on whether DPDPA applies

Disclaimer: For user awareness only. Not legal advice. Consult a qualified data protection lawyer for specific matters.

Previous page Next Page