Legal Compliance and Consumer Protection in the Digital Marketplace: GDPR-Driven Standards for E-Commerce Privacy Policies within the International Legal Framework

Article Sidebar

Download PDF
Published: Feb 13, 2026
DOI: https://doi.org/10.48161/qpj.v5n1a41
Keywords:
GDPR, DPDP Act 2023, brussels effect, E-commerce law, data sovereignty, consumer protection

Main Article Content

Madhulika Singh
Faculty of Law, Jai Narain Vyas University, 342011, India
https://orcid.org/0009-0007-0436-3019
Tatiana Suplicy Barbosa
Departments of Law and Psychology, UniFael – Centro Universitário, Lapa, Paraná, Brazil.
https://orcid.org/0009-0004-4177-7219

Abstract

The foundation of European Union’s General Data Protection Regulation (GDPR), has played a pivotal role in regulating rapid digitalization of global commerce, bringing in the necessary model shift in digital data governance. The article explores in depth GDPR as a transnational regulatory instrument crucial in enforcing extraterritorial reach of its provisions. Further the Court of Justice of the European Union (CJEU) have through judicial activism and expansive interpretation defined corporate digital responsibility. The article highlights how transcontinental regulation, especially through the ‘Brussels Effect’, GDPR has transformed privacy into a competitive differentiator, through play in market dynamics rather than being enforced through stringent legislations. The article then moves to study the pressure of GDPR’s requirement for autonomous consumer consent and corporate dark patterns that slyly bypasses the regulatory hammer of data sovereignty. The celebrated cases against Meta and Amazon are analysed to illustrate the transition of privacy policies from symbolic disclosures to enforceable legal instruments. Furthermore, the article provides a comparative evaluation of India’s Digital Personal Data Protection (DPDP) Act, 2023, highlighting the normative convergence between the ‘rights-based’ European model and India’s ‘sovereignty-driven’ framework. The cross-national development on the regulation of privacy is emerging, though structural divergences regarding state exemptions and regulatory independence remain the persistent challenges. The article suggests a ‘highest common denominator’ compliance strategy and a shift toward ‘privacy by design’ to navigate this increasingly fragmented international legal landscape.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 5 No. 1 (2026)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

References

Google Spain SL v. Agencia Española de Protección de Datos (AEPD), Case C-131/12, ECLI:EU:C:2014:317, May 2014.

Planet49 GmbH v. Bundesverband der Verbraucherzentralen, Case C-673/17, ECLI:EU:C:2019:801, Oct 2019.

UN General Assembly, “Universal Declaration of Human Rights,” GA Res. 217A (III), UN Doc. A/810, Dec. 10, 1948.

UN General Assembly, “International Covenant on Civil and Political Rights,” Dec. 16, 1966, United Nations Treaty Series, vol. 999, p. 171, Mar. 23, 1976.

UN Human Rights Committee, “General Comment No. 16: Article 17 (Right to Privacy),” UN Doc. HRI/GEN/1/Rev.9, 1988.

R. Á. Costello, Critical Reflections on the EU’s Data Protection Regime. Oxford University Press, 2024.

UN General Assembly, “The Right to Privacy in the Digital Age,” UN Doc. A/RES/68/167, 2013.

S. Wachter, B. Mittelstadt, and L. Floridi, “Why a right to explanation of automated decision-making does not exist in the General Data Protection Regulation,” International Data Privacy Law, vol. 7, no. 2, pp. 76–99, 2017.

UNCTAD, “United Nations Guidelines for Consumer Protection,” United Nations Conference on Trade and Development, 2016.

C. Busch, “Digitalisation and the law of consumer contracts,” Journal of European Consumer and Market Law, vol. 11, no. 1, pp. 12–25, 2019.

A. Bradford, “The Brussels effect,” Northwestern University Law Review, vol. 107, no. 1, p. 1, 2012.

A. Chander, The Trade Origins of Privacy Law. Cambridge University Press, 2024.

M. D. Birnhack and G. Mundlak, “The Brussels effect(s) and the rise of a privacy profession,” International Data Privacy Law, vol. 15, no. 2, pp. 138–155, 2025.

European Data Protection Board, “Guidelines 03/2022 on Dark Patterns in Social Media Platform Interfaces: How to Recognise and Avoid Them,” Apr. 2023.

European Commission, “Commission preliminarily finds Meta in breach of transparency obligations under the Digital Services Act,” Press Release IP/24/2503, Oct. 2024.

European Data Protection Board, “Guidelines 4/2019 on Article 25 Data Protection by Design and by Default,” Oct. 2020

A. Yadav and R. Pandey, “Data privacy across borders: A comparative analysis of European Union and Indian protection laws,” University of Bologna Law Review, vol. 10, no. 1, pp. 177–210, 2025.

R. Matthan, Data Protection Law in India. Oxford University Press, 2022.

G. Greenleaf, “The DPDP Act 2023: India’s compromised step toward data privacy,” Privacy Laws & Business International Report, vol. 182, pp. 1–6, 2023.

S. Divan, “Digital privacy and India's DPDP Act,” Journal of Indian Law and Society, vol. 14, no. 1, pp. 45–68, 2023.

A. Bradford, Digital Empire: The Global Battle to Regulate Technology. Oxford University Press, 2023.

Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation), 2016 O.J. (L 119) 1.

European Data Protection Supervisor, “Opinion on the functioning of the One-Stop-Shop mechanism,” 2021.

A. Burman, “India's new data protection law: The good, the bad, and the unknown,” Carnegie India, Aug. 2023.

M. Burri, “The governance of data and data flows in trade agreements,” Journal of World Trade, vol. 51, no. 3, pp. 407–425, 2017.