COOKIE POLICY
India's Digital Personal Data Protection Act (DPDPA) (2023) mandates explicit, opt-in consent for e-commerce sites to use cookies, shifting to a "no consent, no collection" model for personal data, requiring clear notices, granular choices (accept/reject non-essential), easy withdrawal options, and detailed privacy policies, with significant penalties for non-compliance, impacting personalization and advertising.Key Requirements for E-commerce Cookie Policies in India:
Explicit Consent (Opt-In):
Users must actively agree to cookies, not passively accept them (no pre-ticked boxes).
Consent must be free, specific, informed, and unambiguous for each processing purpose.
Transparency & Information:
A clear, easily understandable cookie notice/banner must explain what cookies are used, why (purpose), how long they last, and who (third parties) is involved.
This information must be in plain language.
Granular Control:
Users must be able to choose which types of cookies (essential, analytics, marketing, etc.) they consent to. They need options to accept all, reject all, or customize their choices.
Easy Withdrawal:
Users must be able to withdraw their consent easily at any time, just as easily as they gave it.
Detailed Privacy Policy:
A comprehensive policy must detail data collection, usage, retention, and user rights.
Essential vs. Non-Essential Cookies:
Even essential cookies (for core functions like login, cart) generally require consent under DPDPA, though denial of service might be permissible if consent for necessary data collection is withheld.
Consent Management:
Implementing a Consent Management Platform (CMP) helps automate collection, track records, and manage preferences efficiently. Penalties:
Failure to comply can result in heavy fines, potentially up to ₹250 crores.
Impact on E-commerce:
Personalization: Reduced reliance on third-party cookies for targeted ads; focus shifts to first-party data, contextual ads, and explicit user preferences.
User Trust: Building trust through transparent practices and user control.
Compliance: Risk of significant fines and reputational damage for non-compliance.