AUTHOR:

Adiba Saifi

ABSTRACT

India’s Digital Personal Data Protection Act (DPDP, 2023–2025) represents a watershed moment in the country’s evolving digital privacy landscape. This research provides a critical examination of the Act’s legislative ambitions, practical implementation realities, and the persistent “user experience gap” that often transforms consent forms and terms of use from enablers of privacy into obstacles to meaningful engagement. Employing a dual-lens framework that integrates technical infrastructure considerations with human behavioral practices, the paper draws on original empirical survey data complemented by comprehensive policy analysis to reveal persistent gaps in user awareness, consent usability, and equitable access to digital privacy protections (Saifi, 2025).

The study synthesizes these insights with scholarly literature to propose actionable recommendations aimed at transforming data protection laws from abstract rights into everyday lived realities. Crucially, the research foregrounds the concept of “security as practice”—the understanding that privacy protection is not merely a legal or technological product but a dynamic, context-driven process shaped by the interplay of technical tools, institutional frameworks, and user behaviors (Schneier, 2000; Williams, 2020). Findings reveal that while the DPDP Act establishes a robust legal foundation, its transformative potential depends fundamentally on bridging the critical divide between formal protections and the lived experiences of diverse user populations. This research contributes to the broader understanding of how emerging digital governance frameworks can balance legal rigor, technological innovation, and user-centric design in diverse socio-cultural contexts, with particular relevance for other Global South nations navigating digital policy reform.