DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇮🇳 Asia-Pacific

Cookie consent in भारत

Consent and privacy law in भारत

In short
India's Digital Personal Data Protection Act was passed in 2023 but is being brought into force through rules and the establishment of the Data Protection Board. It is a consent-centric law that requires clear notice and consent for processing, with a strong emphasis on the consent manager concept, a novel role that lets people give, manage, and withdraw consent through a registered intermediary. Notices must be available in English and the languages listed in the Indian constitution. Consent must be free, specific, informed, and unambiguous. Children's data needs verifiable parental consent. Penalties reach up to 250 crore rupees per instance, which is significant by global standards.
Authority
Data Protection Board of India (to be established under the DPDP Act)
Status

Digital Personal Data Protection Act passed in 2023, awaiting full operationalisation

Primary law
DPDPA
Languages

hi, en

Who must comply

Any data fiduciary processing digital personal data in India, and those targeting people in India from abroad.

Penalties

Penalties up to 250 crore rupees per instance of non-compliance

Key obligations

  • Itemized notice and verifiable consent
  • Consent in clear, plain language
  • Verifiable parental consent for children under 18
  • No tracking or targeted ads to children
  • Easy withdrawal and a Consent Manager pathway

Local guidance

  • Prepare for the consent manager model as rules are finalised
  • Offer notices in English and Indian constitutional languages
  • Use free, specific, informed, and unambiguous consent
  • Obtain verifiable parental consent for children

How ConsentX helps

  • DPDPA §9 age-gate and parental flows
  • Itemized, plain-language consent notices
  • Verifiable consent receipts
  • Withdrawal as easy as consent
  • Per-region rules tuned for India
Get started free
yoursite.com
🇮🇳 India

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with India using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under India.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that India requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a India audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

What is a consent manager under India's DPDP Act?+

A consent manager is a registered intermediary that lets individuals give, manage, review, and withdraw their consent through a single accessible platform. It is a distinctive feature of India's law.

In what languages must DPDP notices be available?+

Notices must be available in English and in the languages listed in the Eighth Schedule of the Indian constitution, so people can understand them in their own language.

Governing law

🇮🇳 DPDPA

Other countries in Asia-Pacific

🇸🇬 Singapore🇹🇭 ประเทศไทย🇨🇳 中国🇯🇵 日本🇰🇷 대한민국🇦🇺 Australia🇳🇿 New Zealand / Aotearoa🇮🇩 Indonesia🇻🇳 Việt Nam🇲🇾 Malaysia🇵🇭 Pilipinas