DPDP Compliance for Cookies & Online Tracking
Liability Check
Your website's cookies and online trackers are collecting personal data. Under DPDP, collecting this data without explicit, verifiable consent is a direct violation, risking penalties up to ₹250 Crore.
Why DPDP Compliance for Cookies & Online Tracking is at Risk
From a small D2C brand in Mumbai to a SaaS startup in Hyderabad's T-Hub, almost every Indian business uses cookies and trackers to understand user behaviour. DPDP considers data like **IP addresses, device IDs, and browsing behaviour** collected via these tools as **personal data**. This means your Google Analytics, Meta Pixel, or any other tracking script needs **explicit, granular consent** from Indian users. Without it, you're processing personal data without a legal basis, triggering severe penalties from the Data Protection Board.
Common Violations
- 1.Dropping non-essential cookies (e.g., for analytics, advertising) on a user's device **before obtaining explicit consent**.
- 2.Not providing clear, granular options for users to **accept or reject specific cookie categories** (e.g., functional, marketing, analytics).
- 3.Failing to offer an **easily accessible mechanism** for users to withdraw or change their cookie consent at any time.
The Immediate Fix
Implement a robust, DPDP-compliant Consent Management Platform (CMP) on your website and apps. This system must prevent non-essential cookies from loading until explicit, granular consent is received, and offer an easy way for users to modify or withdraw consent.
Projected Compliance Deadline: Immediate