On Data Privacy Day, ASCI, PSA Legal, and Tsaaro Consulting Launch White Paper for businesses on Navigating Cookies

0
10
On Data Privacy Day, ASCI, PSA Legal, and Tsaaro Consulting Launch White Paper for businesses on Navigating Cookies

Mumbai, January 28, 2025: To commemorate Data Privacy Day, the Advertising Standards Council of India (ASCI) Academy, in collaboration with PSA Legal and Tsaaro Consulting, has released a comprehensive white paper titled Navigating Cookies: Recalibrating your cookie strategy in light of the DPDPA. This paper builds on ASCI’s ongoing efforts to address data privacy concerns, following the Privacy and Progress: Pillars of Digital Bharat paper published in March 2023, which focused on preparing organizations for Digital Personal Data Protection Act (DPDPA) compliance.

Cookies are an important feature of most internet interfaces and can help create value for both advertisers and consumers. Advertisers use cookies to gather data on user behaviour, preferences, and browsing history to deliver targeted ads that drive higher engagement and better ROI. For consumers, cookies can streamline browsing by personalizing content, remembering preferences, and simplifying website interactions.

However, the use of cookies raises concerns about privacy, data security, and user autonomy when users remain unclear about how their data is collected, shared, or monetized.

A dipstick done for the purpose of this paper analysed the cookie consent practices of the top 50 websites in India, accounting for 30 billion visits in December 2024 alone. The results show that only 6% of them are ready for specific consent as outlined by the DPDPA 2023, read with the draft DPDP rules published on January 3, 2025.  While the DPDPA is likely to provide a runway for compliance, the results indicate a need for organizations to take up cookie consent best practices as a part of their compliance readiness efforts. 

The paper explores cases and examples in other jurisdictions and sheds light on how the issue of cookie consent has been addressed in different countries. The paper provides actionable insights on crafting an effective cookie policy to help stakeholders navigate the complexities of consent, transparency, and user control in an increasingly privacy-conscious world.

Manisha Kapoor, CEO & Secretary-General, ASCI, said, “On this Data Privacy Day, we are pleased to present this collaborative white paper with PSA Legal and Tsaaro Consulting. The paper aims to help advertisers understand and prepare for cookie consent practices that are both compliant with the new DPDPA as well as build consumer trust and transparency. The paper provides practical knowledge and insights to create effective cookie practices in a privacy-conscious world.”

Dhruv Suri, Partner, PSA Legal, said, “With the final DPDPA Rules on the horizon, advertisers are at a crossroads where privacy, technology, and the law converge. Once the law is better understood, the technology, i.e., cookies, will no longer be mere marketing tools but will serve as a means to strengthen customer loyalty. Global precedents can serve as the perfect roadmap to tailor strategies and navigate cookie consent management in a country that is just beginning its data privacy journey. 

Akarsh Singh, CEO, Tsaaro Consulting, said, Cookie consent is no longer a checkbox exercise; it’s a strategic element of modern advertising. The first step to creating a privacy-centric ecosystem that values the customer’s data rights when deploying cookies is to acknowledge that a gap exists between existing marketing tactics and the privacy laws and then to actively work towards bridging the gap between practicality and compliance.”

Key Highlights of the White Paper Include:

  • Compliance Readiness Gaps in India: Tsarro Consulting conducted a dipstick analysis of India’s top websites, revealing that only 6% implement cookie consent banners, indicating a gap in terms of readiness.
  • Granular Consent Mandates: The DPDPA requires explicit, informed, and revocable consent for cookie usage, calling for a rethinking of traditional consent models.
  • Lessons from Global Standards: The paper draws insights from GDPR and other jurisdictions that bring out the need for transparency and user control.
  • Industry Impact: The paper examines current practices and use cases in various industries like e-commerce, tech and software, social media platforms, marketing and advertising, and healthcare.
  • Opportunities for Advertisers: By prioritizing user-centric practices, advertisers can turn compliance into a competitive advantage, building consumer trust in a privacy-conscious marketplace.