How India is catching up on user data protection with DPDPA

India may not have a dedicated cookie law, but the Digital Personal Data Protection Act (DPDPA) sets clear principles for obtaining granular consent from users

By  Storyboard18Jan 28, 2025 2:44 PM
How India is catching up on user data protection with DPDPA
India may not have a dedicated cookie law, but the Digital Personal Data Protection Act (DPDPA) sets clear principles for obtaining granular consent from users

The Advertising Standards Council of India (ASCI) Academy, in collaboration with PSA Legal and Tsaaro Consulting, has released a comprehensive white paper titled 'Navigating Cookies: Recalibrating your cookie strategy in light of the DPDPA' to commemorate Data Privacy Day. The white paper explains in detail how granular consent takes shape in India towards building better privacy standards.

India may not have a dedicated cookie law, but the Digital Personal Data Protection Act (DPDPA) sets clear principles for obtaining granular consent from users, especially in cookie banners and privacy statements. Since cookies collect and store user data, consent under the DPDPA must comply with Sections 5 and 6 of the Act.

Under Section 5(1)(i), data fiduciaries must provide users (referred to as "data principals") with a notice outlining the personal data being collected and the purpose of its use before requesting consent. This mirrors Article 6(1)(a) of the GDPR, which requires data subjects to be informed about each purpose for processing their data before giving consent.

Section 6(1) of the DPDPA highlights that consent must be free, specific, informed, unambiguous, and given explicitly for a specific purpose. It further limits the use of personal data to that stated purpose alone. Moreover, Section 6(3) mandates that consent requests must be presented in plain, simple language, ensuring clarity for users. Importantly, under Section 6(4), users retain the right to withdraw their consent at any time.

These provisions align closely with Article 4(11) and Article 7 of the GDPR, which define consent as freely given, specific, informed, and unambiguous. The GDPR also requires that consent requests be clear, accessible, and understandable, and ensures users can withdraw consent whenever they wish.

The DPDPA’s emphasis on specificity and clarity ensures compliance with global standards, paving the way for the adoption of granular consent mechanisms in India.

First Published on Jan 28, 2025 2:44 PM

More from Storyboard18

Brand Makers

Zomato’s Deepinder Goyal buys Rs 52 crore apartment at The Camellias in Gurugram

Zomato’s Deepinder Goyal buys Rs 52 crore apartment at The Camellias in Gurugram

How it Works

Pocket FM sues Kuku FM parent Mebigo Labs over alleged show title infringement; seeks Rs 85.7 cr in damages

Pocket FM sues Kuku FM parent Mebigo Labs over alleged show title infringement; seeks Rs 85.7 cr in damages

Brand Marketing

Meta faces French antitrust heat over alleged ad market dominance

Meta faces French antitrust heat over alleged ad market dominance

Digital

Google to retire ad sharing feature, signaling full shift toward asset-based advertising

Google to retire ad sharing feature, signaling full shift toward asset-based advertising

Brand Makers

US bankruptcy court holds Byju Raveendran in contempt for failing to comply with orders

US bankruptcy court holds Byju Raveendran in contempt for failing to comply with orders

How it Works

Chrome killers? How OpenAI and Perplexity AI browsers could rewire Google’s ad empire

Chrome killers? How OpenAI and Perplexity AI browsers could rewire Google’s ad empire

Digital

Perplexity launches AI-powered browser 'Comet'; aims at Google Chrome’s 68% market share

Perplexity launches AI-powered browser 'Comet'; aims at Google Chrome’s 68% market share

Brand Marketing

Days after axing thousands of jobs, Microsoft says AI helped save over $500 million

Days after axing thousands of jobs, Microsoft says AI helped save over $500 million