India - DPDPA (Digital Personal Data Protection Act)

India DPDPA and how it handles consent

The Digital Personal Data Protection Act (DPDPA) is a comprehensive data protection law that brings significant changes to the privacy regulatory landscape in India. It imposes new and substantial requirements on businesses, along with penalties for non-compliance. Starting from June 2024, businesses are no longer allowed to freely use cookies for the collection of personal data from website visitors.

Organizations must secure consent from individuals prior to collecting or processing their personal data. Individuals hold rights to access, correct, and delete their personal data. They also retain the right to object to the processing of their personal data and to transfer their personal data to another organization.

While the DPDPA is still in its early stages of implementation, it is anticipated to significantly impact how organizations collect and process personal data in India.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

India DPDPA and Consent Cookie Banner

Under the 2023 India Digital Personal Data Protection Act (DPDPA), businesses are mandated to obtain explicit user consent for the use of cookies and other types of data processing. Unlike some regulations such as GDPR, the DPDPA doesn't explicitly require consent for each specific category, but it can be aggregated for user convenience. Consent is a fundamental legal basis for data processing according to the Indian DPDPA, especially in the context of using cookies.
To be ready to comply with the DPDPA regulation, illow recommends implementing a banner with the following:

• Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies.
• Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
• Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
• Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.
• Include a Link to the Cookie Settings: This isn’t required under GDPR as long as users have the choice to reject all cookies. However, it does have the benefit of allowing users who would otherwise reject all cookies to permit some forms of data collection. 

Observations: With illow´s GLOBAL banner, your site will be ready to comply with this regulation.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"