.svg)
%20(1).avif)
What are Cookies?
Cookies are small pieces of data stored on a user’s device by websites to remember their preferences and actions.
They allow websites to identify users and offer a more personalized experience, such as retaining login details, items in a shopping cart, and even showing targeted ads based on browsing behavior.
While first-party cookies are used by the websites to enhance user experience based on their visits to a website, the third-party cookies are placed by external entities for advertising and tracking purposes. These third-party cookies collect data on user behavior, such as their age and gender, to create detailed profiles for targeted marketing.
Why is consent needed for third-party cookies?
Third-party cookies have been long used by businesses to collect data for targeted marketing over the years but it has raised some privacy concerns because they collect extensive personal data without users' full knowledge or consent.
Users are often unaware of how these cookies track their activities and how their data is used. This lack of transparency has led to significant privacy concerns. The DPDP Act addresses these concerns and ensures Indian business process PII with transparency. .
The DPDP Act raises significant questions about whether cookies will be classified as personal data under the law. Personal data, as per the DPDP Act, refers to any data that can identify an individual. Since cookies store information that can be used to identify and track users, they contain personal data. This means that business must comply with its consent requirements before collecting any data through cookies on their website.
How will businesses process cookie consent under DPDP Act?
All businesses that use cookies on their website as a process to collect personal data for marketing will need to update their websites by providing a clear and easily understandable cookie notice, explaining the types of cookies used, the purpose for their use, and the third parties involved.
Users must have an option to consent explicitly to the use of cookies through an “Accept Cookies” button, and they should also have the option to opt out or withdraw consent at any time.
Businesses must appoint a consent manager to streamline the consent cookie collection process so that they can comply with the DPDP Act. If they fail to comply with the Act, a heavy fine will be levied on the businesses.
What are the alternatives to cookie collection for businesses?
The phase-out of third-party cookies by Google and other major browsers like Safari and Firefox signals a significant shift in the digital advertising landscape. As browsers move towards prioritizing user privacy, alternative technologies such as first-party data, contextual targeting, and device fingerprinting are emerging as viable options for businesses to maintain personalized marketing strategies without compromising privacy. These changes align with the growing demand for privacy and transparency, which is increasingly reflected in global data protection regulations, including the DPDP Act.
What is the road ahead?
Companies should start preparing by understanding the provisions of the DPDP Act and implementing necessary privacy practices. Until further clarification is provided regarding cookies under the DPDP Act, businesses should focus on enhancing transparency, obtaining clear consent, and ensuring user privacy to avoid potential penalties.
You can learn more about this in our detailed blog on cookie consent under new DPDP Act