Only 3 of India’s 50 most-visited sites comply with user consent rules, finds ASCI white paper

‘Require improvements’

The dipstick or quick analysis, undertaken by Tsaaro Consulting, selected websites based on the list compiled by Semrush.com–and these 50 accounted for over 30 billion visits in December 2024.

The analysis found that only three websites (6 percent) currently implement cookie consent banners, underscoring a significant gap in compliance readiness. “Among the websites with banners, most fall short of best practices, requiring improvements such as providing clear opt-out options and enabling users to give granular consent for different types of cookies,” the white paper noted.

While there is no specific cookie law in India, the white paper noted that the DPDPA provides principles for granular consent to be obtained from users in cookie banners and privacy statements. Since cookies collect and store information, they would require specific and granular consent.

The websites analysed were from diverse sectors, including e-commerce, social media, aviation, banking, education, healthcare, sports, travel and tourism, news media, and hospitality. “A limited number of websites, primarily from the news media and banking sectors, featured cookie consent banners. However, these banners did not adhere to best practices… A key challenge observed in current practices is the lack of user-friendly design and transparency in cookie consent banners,” the white paper said.

It added that many websites failed to provide clear, easy-to understand options for users to manage their cookie preferences, often presenting only a basic “accept all” option without offering sufficient control over individual cookie categories. “This not only complicates the user experience but also increases the risk of non-compliance with data protection regulations,” it said.

Pointing out that websites often lack mechanisms for users to easily withdraw consent, which further hinders compliance, the white paper said that practical difficulties indicate that businesses will need to significantly overhaul their cookie management strategies, focusing on user control, transparency, and granular consent, to meet the evolving regulatory standards under the DPDP Act.

“The absence of cookie consent banners on most analyzed websites points to the gap in preparedness to comply with the DPDPA. To align with global privacy standards and foster confidence among users, websites should implement–transparent and user-friendly cookie consent banners, clear opt-out mechanisms for non-essential cookies and granular consent options to enable users manage their cookie choices,” it said.

Highlighting the impact of DPDPA across sectors, the white paper noted that e-commerce retailers and social media companies, who use cookies to enhance user experience and provide personalised recommendations, will need to adopt mechanisms to ensure transparency and obtain user consent for different purposes of cookie usage.

[ad_1]

_{Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.}

[ad_2]