Questions to the DPO of BlueDart Express Courier

Posted on March 31, 2026 by Vijayashankar Na

BlueDart is one of the respected courier agencies in India. I have used their services and have been a satisfied customer in many instances.

I am however bringing this incident to public notice for general awareness since Blue Dart has not tried to resolve my grievance and tried to hide behind technicalities to cover their suspected deficiency of service.

We are aware that many delivery persons donot make a proper attempt to locate the delivery address and report “Address Not found” or “Address changed address” etc and claim charges for their visit. This is cheating the consignor besides adversely affecting the consignee with delayed delivery. This practice is not expected of Blue Dart. I am sure that the company would vehemently deny this.

But I suspect that this happened during a recent document sent by HDFC Bank which was not delivered to me under the excuse “C’Nee shifted from the given address”.

This is a blatant lie since the consignment was addressed to me and I have not shifted from the address for several decades.

On enquiry the company stated excuses  “Name was not clear, PIN Code was not proper and Bank had not given your phone number”. They washed their responsibility in the incident.

I have now raised the following questions to the DPO of Blue  Dart through the customer service department.

Quote:
Please treat this as a notice under Section 43A of ITA 2000 read with DPDPA 2023. I am exercising my right to seek information from you as a data fiduciary. This complaint may be forwarded to your Data Protection officer and Grievance redressal officer under copy to me for further processing since this is no longer a simple service deficiency.
1. I want to know what was the address mentioned in the  communication by HDFC Bank to you and why you accepted delivery without the contact phone number of the consignee?
2. In my conversation with your representative I was told that the name was mentioned as “Nagaraj” and the PIN code was not “560050”. My full name  was Vijayashankar Nagarajarao and no sane  person truncates it to only “Nagaraj”. My address is No 37, “Ujvala”, 20th Main, BSK first stage Bangalore 560050. Since you have mentioned that the “C’Nee Shifted From The Given Address”, I have already informed you that this is a “False Statement”.  Please show me cause why I should not presume that you have not made an attempt to deliver the document and returned it to the Bank charging them for the consignment. Will this not amount to “Cheating” the Bank.
3. Since you have mentioned that I have “Shifted” from “a” address, please let me know which is the address which was on the delivery list?
4. Your representative said that my phone number was not given  by the Bank. Please let me know why you accepted the consignment  with incomplete information? 
5. I am aware that normally you collect the phone number when a document is delivered from the consignee. I presume it is for verification purpose. But is that practice only a collection of personal information for the purpose of your marketing?
6. As a result of your deficiency of service, I am not able to get the document even today. This has resulted in a possible loss of Rs 75000/- to me. Please let me know why I should not take action in a consumer court for deficiency of service?
7. I am expecting an immediate reply to this email along with the photo of the cover mentioning my address and your delivery person’s note.
8. I will be placing this complaint in public domain through www.naavi.org to increase the awareness of the public on such malpractices of couriers.
Unquote
I am not sure if I will get a reply. But I am optimistic.
I am separately taking this up with HDFC Bank also and will place that also in public domain. 
This is to expose how big companies are yet to understand the impact of DPDPA on their services and what compliance measures they need to initiate.
DPDPA is not child’s play. It requires understanding  and effort to comply. 
The legal questions that arise here are
1. Since DPDPA 2023 will be fully implemented with its penalty sections only after 13th May 2027, is this complaint maintainable with the Adjudicator of ITA 2000 as a complaint under Section 43A read with the rules of 2011 and interpreted with DPDPA as a reasonable security practice and expected  due diligence 
2. How this  incident represents the right of a data principal under sections 11,12,13 of DPDPA 2023?
3. What is the status of  Blue Dart?…Is it a Data Fiduciary ? or Is it a Data Processor?. If it is a “Data Processor”, ,is it obliged to present the instructions of the Data fiduciary such as the address given to them in the above case?
4. Will this complaint sustain in a Consumer Court as “Deficiency of Service”?
It is time we learn from such mistakes…..Your comments are welcome
Naavi
Posted in Privacy | Leave a comment

NHRC ups the ante on DPDPA

Posted on March 27, 2026 by Vijayashankar Na

While the Supreme Court is hearing the petitions  on challenging DPDPA (where FDPPI has filed an  intervention petition to oppose the Challenge  and defend DPDPA), NHRC has issued notices to the Government on why action has not been initiated on implementation of provisions to protect the Privacy of Children.

Refer article here for details

The National Human Rights Commission (NHRC) has taken cognisance of alleged violations of the Digital Personal Data Protection Act (DPDP Act), particularly concerning the absence of systems for tracking children’s data transfers and grievance redressal mechanisms across major digital platforms.

It is expected to strengthen the Government of India in its defence  at the  Supreme Court.

Let us wait and see how it develops.

Naavi

Posted in Privacy | Leave a comment

Update on DPDPA Challenge in Supreme Court

Posted on March 24, 2026 by Vijayashankar Na

The petitions filed on March 12th including the one which has asked for the scrapping of  DPDPA and DPDPA Rules came up for hearing on 23rd March 2026 at the Supreme Court. The Union of India which had been asked to file it’s reply sought time to file a reply and a further time of 4 weeks have been granted. Afterwards 2 weeks time have been given for rejoinder affidavits to be filed and the next hearing is fixed for May 13, 2026.

In the meantime the intervention petition filed by FDPPI defending the DPDPA and DPDPA Rules was admitted and will also be heard on the next hearing day.

This petition is numbered IA No.85635/2026 and is being represented by Dr. Mahendra L., Adv., Dr. Tushar Mandlekar, Adv., Mr. Alok Sharma, Adv., Mr. Raghvendra Kumar, AOR and Mr. Devvrat Singh, Adv

The copy of the order  of the day is available here.

Further updates when available will be posted.

Naavi

Posted in Privacy | Leave a comment

Re-iterating the Responsibility of Data Processors to grow up with its own compliance framework

Posted on March 18, 2026 by Vijayashankar Na

While most of us are happy that Data Processors are not covered directly under DPDPA,  if some of the data processor really wants to enhance its trust with their clients and create a competitive edge.

DGPSI-Data Processor is  a framework specially created for the purpose.

Request professionals to study it and send their views.

Naavi

Posted in Privacy | Leave a comment

Posted on March 17, 2026 by Vijayashankar Na

Posted in Privacy | Leave a comment

FDPPI Study Centres to be set up at different places

Posted on March 17, 2026 by Vijayashankar Na

The Foundation of Data Protection Professionals in India (FDPPI) proposes to establish FDPPI Study Centres across different cities in India as part of its capacity-building and community-development initiatives in the field of data protection, privacy, and digital governance.

These Study Centres will be managed and coordinated by Associate Faculty of FDPPI and will function as local knowledge hubs to promote continuous professional learning and engagement.

Objectives of FDPPI Study Centres

    • To create a structured platform for regular interaction among data protection professionals, auditors, compliance officers, legal experts, and technology practitioners.

    • To conduct periodic training programs, workshops, and certification-oriented sessions aligned with FDPPI’s professional development framework.

    • To facilitate knowledge discussions, case-study reviews, regulatory updates, and best-practice sharing on emerging developments such as DPDPA implementation, DGPSI frameworks, and global privacy trends.

    • To encourage local networking and professional community building, thereby strengthening FDPPI’s national outreach and grassroots presence.

    • To support talent development and mentoring for aspiring DPOs, Data Auditors, and governance professionals.

Each Study Centre will meet at regular intervals (monthly / bi-monthly as decided locally) and may organize public awareness programs, industry roundtables, and collaborative initiatives with academic institutions and industry bodies.

Through this initiative, FDPPI aims to build a vibrant nationwide ecosystem of data protection excellence, enabling continuous learning, professional growth, and practical implementation support.

Each Study Center will require at least one Empanelled Associate Faculty Member as the “Coordinator”. This will be an independent individual initiative working in association with the Chapters.

Associate Faculty Members will be  empanelled to independently conduct certification training programs preparing individuals to take the online examinations of FDPPI.

Persons interested in managing such centres are requested to contact FDPPI/Naavi

Posted in Privacy | Leave a comment