Only 6% of India’s top 50 websites comply with the specific cookie consent mandates under the Digital Personal Data Protection Act (DPDPA), revealed a study by the Advertising Standards Council of India (ASCI) Academy in collaboration with Tsaaro Consulting and PSA Legal. These websites collectively saw 30 billion visits in December 2024, highlighting a significant gap in compliance readiness.
Titled ‘Navigating Cookies: Recalibrating Your Cookie Strategy in Light of the DPDPA’, the white paper, released on Tuesday to coincide with Data Privacy Day, explores the challenges of granular consent management. While some companies have begun adopting granular cookie consent, most have not. A major gap is the lack of consent withdrawal mechanisms. This indicates “businesses will need to significantly overhaul their cookie management strategies, focussing on user control, transparency, and granular consent, to meet the evolving regulatory standards under the DPDP Act”, the report said.
Also ReadIndia’s top websites falling short on cookie consent, reveals ASCI
Dhruv Suri, partner at PSA Legal, explains why managing cookies will become tricky with DPDPA: “If users opt out of cookies, businesses that rely on vast data—such as intermediaries that sell data—may find it hard to survive.”
The white paper emphasises the importance of avoiding practices that compromise compliance and user trust. Pre-ticked checkboxes or banners lacking explicit consent options, which assume implied consent, violate regulations like GDPR and DPDPA, it says. Similarly, the use of manipulative “dark patterns” that pressure users into accepting cookies not only breaches compliance but also damages user trust. Concealing cookie consent options or making them hard to access leads to user dissatisfaction and legal risks. Additionally, neglecting to manage third-party cookies can result in compliance gaps and increased security vulnerabilities, underlining the need for a transparent and user-friendly approach to cookie consent practices.
The findings stress the need for businesses to strike a balance between compliance and functionality, ensuring a privacy-centric ecosystem.
» Read More
