India is witnessing a massive shift in how legal grievances are settled. The recent notification of the Digital Personal Data Protection Act 2023 has introduced a “Digital-by-Design” justice framework. Consequently, Online Dispute Resolution under DPDP Act is now the primary method for handling data-related complaints.
Introduction: The Shift Toward Digital Justice in India
Traditional litigation often struggles with the technical nature of data breaches. Therefore, the Indian government has prioritized modern ODR frameworks to manage high-volume data grievances efficiently. This shift allows for faster resolutions. Furthermore, it provides specialized technical oversight for complex cases.
Why Data Disputes Need ODR
Digital disputes require speed and technical accuracy. For example, a single data breach can affect millions of users simultaneously. Traditional courts cannot handle such volume without facing massive delays. Modern legal tech like LawSathi now helps practitioners manage these digital mandates effectively.
Modern Redressal and LawSathi
Legal practitioners must adapt to these tech-driven mandates. Specifically, LawSathi prepares lawyers by organizing digital evidence and consent logs. This ensures that case files are ready for immediate referral to ODR platforms. As a result, lawyers save time during the initial filing phase.
The Statutory Basis: Section 27 and Section 28 of the DPDP Act
The power to resolve disputes digitally stems directly from the law. Specifically, the Digital Personal Data Protection Act 2023 empowers the Data Protection Board (DPB). The Board acts as a “digital office” to receive and process complaints.
Powers under Section 27
Section 27 outlines the broad powers of the Data Protection Board. The Board can direct parties to resolve their issues through mediation. This process is further detailed in the DPDP Rules 2025. Therefore, the Board functions primarily through digital means to ensure efficiency.
Mandatory Referral under Section 28
Under Section 28, the Board has the authority to compel digital mediation. If the Board believes a dispute is resolvable via ODR, it shall direct the parties accordingly. In fact, settlements reached this way have the same legal standing as a Board order. This makes the process both binding and reliable.
The Hierarchy of Redressal
First, the Data Principal must approach the Data Fiduciary’s Grievance Redressal Officer (GRO). Second, if they are unsatisfied, they reach out to the DPB. Finally, the Board refers the matter to an ODR institution for final resolution. This structured approach ensures every complaint is vetted properly.
Step-by-Step Legal Procedure for ODR in Data Disputes
Practitioners must follow a specific sequence to invoke Online Dispute Resolution under DPDP Act. Compliance starts with the exhaustion of internal remedies. Consequently, failing to follow these steps can lead to a petition being dismissed. Lawyers should track each stage meticulously.
Initial Notice and GRO Phase
The process begins at the internal level. Data Fiduciaries have a 90-day window to resolve queries under the 2025 Rules. Therefore, lawyers must ensure their clients have documented all initial communication. This documentation serves as vital evidence later.
Filing the Petition
Once internal remedies fail, the lawyer files a complaint via the DPB digital portal. For instance, this portal is accessible through a dedicated mobile app. After this, the Board reviews the case for a “prima facie” breach. If the evidence is strong, the case proceeds to the next stage.
Invoking ODR and Choosing Platforms
If the breach is not deemed significant, the Board refers it to ODR. Parties can then select a platform from a Board-recognized list. These platforms must follow the NITI Aayog ODR framework for technical standards. Consequently, this ensures a high level of neutrality and security.
The Mediation Phase
The proceedings can be asynchronous or synchronous. This means parties can submit logs and evidence without being online at the same time. However, virtual hearings are still used for final arguments. This flexibility makes the process convenient for all stakeholders.
Key Challenges for Modern Practitioners in ODR
While ODR offers efficiency, it also presents unique legal hurdles. For example, maintaining confidentiality is a major concern. Lawyers must ensure that the ODR platforms they use meet the highest security standards. Furthermore, they must stay updated on changing digital regulations.
Managing Electronic Records
Practitioners must now handle evidence under the Bharatiya Sakshya Adhiniyam standards. This includes server logs and digital “consent receipts.” Above all, ensuring the chain of custody for digital data is vital. Failure to do so may render the evidence inadmissible.
Enforceability and the Mediation Act
Settlements under the DPDP Act must align with the Mediation Act, 2023. This creates a complex overlap of statutes. Consequently, lawyers must draft settlement agreements that are enforceable across both frameworks. Professional drafting is therefore more important than ever.
Data Security During ODR
Platforms must use end-to-end encryption for all shared documents. Moreover, the 2025 Rules mandate strict audit logs. Therefore, lawyers should verify the compliance of an ODR platform before proceeding. This step protects the client from further data exposure.
The Role of AI and Legal Tech in Streamlining ODR
The sheer volume of data makes manual management nearly impossible. Specifically, AI-powered tools are now essential for tracking Online Dispute Resolution under DPDP Act. These tools help automate compliance. In addition, they can significantly speed up the filing process.
Speeding Up Data Breach Filings
AI can analyze thousands of data logs in seconds. As a result, lawyers can identify the exact moment a breach occurred. Furthermore, this data can be automatically formatted for the DPB portal. This automation reduces human error during high-pressure litigation.
LawSathi for ODR Readiness
LawSathi’s workspace allows practitioners to organize files for immediate ODR referral. For example, you can track the “18-month phased compliance” timeline for your clients. This ensures all documentation is ready before a dispute even starts. Therefore, you stay one step ahead of the legal curve.
Automating Compliance Checks
AI can monitor “Consent Managers” in real-time. This helps prevent disputes by ensuring user withdrawals are reflected immediately. Consequently, legal tech acts as a shield against unnecessary litigation. It simplifies complex regulatory requirements for busy law firms.
Future Outlook: The Rules and Notifications of 2026
By November 2026, the DPDP Act will be fully operational across all sectors. Recent MeitY 2026 notifications have already streamlined the digital office of the DPB. Therefore, a “Digital-By-Default” practice is no longer optional. It is now a professional necessity.
The Evolution of Consent Managers
Consent Managers will play a massive role in dispute prevention. They act as intermediaries who manage a user’s data permissions. In fact, most future ODR cases will likely involve these entities as key witnesses. Therefore, understanding their technical operations is essential for modern lawyers.
Preparing Your Law Firm
Law firms must adopt digital lockers and verifiable consent tools. This transition is essential to remain competitive. Most importantly, firms using platforms like LawSathi will find it easier to adapt to these shifts. As a result, they can provide better value to their clients.
Conclusion
In summary, Online Dispute Resolution under DPDP Act is the future of Indian data law. By following the statutory procedures under Sections 27 and 28, lawyers can provide faster relief. Embracing legal tech is the best way to navigate this new digital landscape.
Future-proof your practice against data disputes. Explore how LawSathi’s AI-driven platform helps you manage DPDP Act compliance and ODR filings seamlessly. Book a demo today!
