Published Paper Details:

The past decade has witnessed a rise in the e-commerce platforms in India which has led to an enormous influx of data generated through customer interactions, transactions, and browsing behaviors. In this context, data mining acts as a powerful tool in extracting valuable data from large raw data sets, enabling e-commerce platforms to enhance user experiences, optimize platform operations and formulate strategic decisions. However, the use of data mining techniques in e-commerce raises legal concerns that necessitate careful consideration. This paper highlights the methods used in data mining to understand patterns and relationships between the customer and the platform, thus, increasing the business value, and explores the legal implications of data mining in e-commerce platforms in India. It examines how data mining practices intersect with the existing regulations, primarily focusing on the Information Technology Act, 2000 and the recently enacted Digital Personal Data Protection Act, 2023. Further, it analyses landmark judgments and regulatory guidelines set forth by the Judiciary on the evolving jurisprudence around personal data protection, the concept of consent and liability, in essence, the consumer rights in e-commerce platforms. One of the primary concerns that data mining raises is, user consent and data ownership. E-commerce platforms collect and store a multitude of personal as well as behavioral data, often without taking explicit consent from the users. This further raise privacy concerns of the users with no right to data portability and the right to be forgotten under the Digital Personal Data Protection Act, 2023, which further brings about a gap between the legislation and precedents. Further, the cross-border transfer of data to other countries might pose a threat to the privacy of users interacting on such e-commerce platforms in India. The transfer of personal data from India to other countries, unless they are explicitly blacklisted by the Central Government, may be subject to unauthorized use and breaches by private and governmental entities if there is no robust data protection legislation in the transferee country. This further raises the issue of inadequate protection of personal data in the process of data mining by e-commerce platforms that are providing goods and services to users within the territory of India. This paper delves into concepts of data privacy, data localization, and user consent enshrined in the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 with an attempt to answer the fundamental question of pondering: how can we protect our personal data without parting ways with the evolving technology? With the ever-evolving landscape of data protection and e-commerce, the stakeholders must ensure compliance with the existing and forthcoming regulations. The e-commerce platforms must adopt transparent data collection practices, robust mechanisms for consent, and extensive data protection policies to mitigate legal risks. The research methodology adopted for this research paper is doctrinal, descriptive and conceptual. The sources referred to are secondary in nature, such as books, articles, and journals.