Sovereigns Of The Data Realm: Jurisdictional Overlaps And Forum Shopping Between The Competition Commission Of India And The Data Protection Board Of India

Tejas Shukla, Amity University Madhya Pradesh

ABSTRACT

India spent the better part of a decade arguing about whether it needed a data protection law, and almost no time at all asking what would happen to the regulators it already had once that law arrived. The Digital Personal Data Protection Act of 2023 has now created a Data Protection Board, a specialised adjudicator for the misuse of personal data. But personal data was, by then, already being policed from another direction. The Competition Commission of India had spent the preceding years treating the way dominant digital platforms collect and exploit data as a question of market power, and in its order against Meta it fined the company for precisely that. Two regulators now look at the same conduct of the same firms and see two different wrongs. This paper asks what happens when they look at the same conduct and reach for the same firm at the same time. It argues that the overlap is real, that the statutes do little to resolve it, and that the most likely consequence is not open conflict between the two bodies but something quieter and harder to police: forum shopping, in which complainants and defendants alike steer the same grievance towards whichever regulator promises the better outcome. The trouble is not that India has built two regulators where it needed one. It is that it has built two and given them no rule for who goes first.

Keywords: data protection; competition law; Data Protection Board; Competition Commission of India; jurisdictional overlap; forum shopping; DPDP Act