India Digital Personal Data Protection Bill: Understanding and Ensuring Compliance for Website Owners

The India DPDP Digital Personal Data Protection Bill, 2023

The digital landscape in India has witnessed a significant change, especially when looking at user privacy and data protection. One such change is the introduction of the new DPDP law. The India data protection law has similarities with GDPR and aims to give users more control over their personal data and how websites use it. As a website owner, it’s crucial to understand the implications of this law and ensure that your website is compliant.

What is the New Law about?

In regard to the use of cookies and trackers, the India data protection law now mandates websites to obtain explicit consent from users before collecting or processing their personal data through cookies. Unlike the previous regulations where implied consent was often considered sufficient, the new law emphasizes the importance of clear and informed consent.

Why is it Important?

The primary objective of this law is to enhance user privacy and data protection. With the increasing number of data breaches and misuse of personal data, there’s a growing need for transparency and user control over their data. By ensuring that users are aware of how their data is being used and giving them the choice to opt-in or opt-out, the law aims to build trust between users and website owners.

At CookieInfo we would like to welcome website owners, publishers and web-shops who would like to start working with a Consent Management Platform.

How Can India Website Owners Comply?

  1. Clear Cookie Notice: Ensure that your website has a clear and visible cookie notice that informs users about the use of cookies and the purpose behind it.
  2. Explicit Consent: Instead of relying on implied consent, seek explicit consent from users. This means users should actively agree (e.g., by clicking on an “Accept” button) rather than just continuing to use the website.
  3. Easy Opt-out: Provide users with an easy way to withdraw their consent at any time. This can be achieved by having a clear “Reject” or “Opt-out” option.
  4. Regular Audits: Regularly audit the cookies used on your website to ensure that you’re only collecting necessary data and that all third-party cookies are compliant with the law.
  5. Update Privacy Policy: Ensure that your privacy policy is up-to-date and clearly mentions the use of cookies, the type of data collected, and how it’s used.
  6. Use Reliable Tools: Consider using tools like Google Tag Manager in conjunction with cookie consent solutions. Read this CookieInfo blog about Google Tag Manager and cookie consent. Google Tag Manager can be integrated with cookie consent solutions to ensure that tags are only fired when users give their consent.
Digital Personal Data Protection Bill - Cookie banner consent options.
Cookie consent banner – first screen.
Cookie consent banner – 2nd screen.

Here is a summary of the Digital Personal Data Protection Bill, 2023

Key points:

  1. Objective: The bill aims to protect the personal data of individuals and establish a framework for data protection in India.
  2. Data Protection Authority: The bill proposes the establishment of a Data Protection Authority (DPA) to oversee and enforce data protection regulations.
  3. Rights of Data Principals: The bill outlines the rights of data principals (individuals whose data is being processed). These rights include the right to access, correct, and delete their personal data.
  4. Obligations of Data Fiduciaries: Data fiduciaries (entities that determine the purpose and means of processing personal data) have certain obligations. They must ensure data quality, data security, and compliance with the bill.
  5. Data Localization: The bill mandates that certain types of personal data be stored only in India.
  6. Exemptions: The bill provides exemptions for certain types of data processing, such as for national security or journalistic purposes.
  7. Penalties: The bill specifies penalties for violations, which can be significant depending on the nature of the violation.
  8. Cross-Border Data Transfer: The bill has provisions related to the transfer of personal data outside India. Such transfers are subject to certain conditions.
  9. Data Protection Impact Assessment: Data fiduciaries must conduct a data protection impact assessment for certain types of data processing activities.
  10. Data Audits: The bill mandates periodic data audits to ensure compliance.


The new India Digital Personal Data Protection Bill is a step forward in ensuring a safer and more transparent digital environment. While it might seem daunting for website owners initially, with the right tools and practices, cookie compliance can be straightforward. By respecting user choices and being transparent about data collection practices, website owners can not only comply with the law but also build a stronger relationship with their users.

Free cookie guide

The CookieInfo cookie guide is the most comprehensive online guide available with all information on cookies, legislation and techniques. Download this free cookie guide. Learn how you can use cookies on your website while being compliant with GDPR and ePR.