Sunday, July 14, 2024
  1. You Are At:
  2. News
  3. Technology
  4. Only 9% of Indian organizations secure explicit user data consent: Report reveals

Only 9% of Indian organizations secure explicit user data consent: Report reveals

PwC India conducted a thorough examination of the websites belonging to 100 Indian enterprises in order to gauge their adherence to the DPDP Act. The results uncovered that 41% of these enterprises' websites included details concerning the rights of data principals.

Edited By: Saumya Nigam @snigam04 New Delhi Published on: October 04, 2023 22:26 IST
Indian businesses, user data consent, compliance, tech news
Image Source : PIXABAY Indian businesses struggle with user data consent- Just 9% in compliance, Report finds

A recent report has shed light on significant compliance gaps in data consent practices among Indian organizations as the government collaborates with industry stakeholders to formulate detailed regulations under the Digital Personal Data Protection (DPDP) Act of 2023. The report, released on Wednesday, indicates that a mere 9% of Indian organizations obtain explicit and informed data consent from individual users, exposing notable shortcomings in adhering to the new Act.

PwC India analyzed the websites of 100 Indian enterprises to assess their compliance with the DPDP Act. The findings revealed that 41% of these enterprises' websites incorporated information about data principal rights, encompassing aspects such as correction, access, and erasure, in their privacy policies.

However, a mere 9% of organizations were found to actively seek consent that adhered to the principles of being free, specific, and informed. While approximately 90% of the reviewed organizations provided a privacy notice to users when collecting data via their websites, this high level of compliance doesn't necessarily indicate a robust data privacy framework.

Regarding third-party data transfers, 43% of organizations were found to lack clear definitions regarding the purpose for which personal data was shared with third-party data processors.

Sivarama Krishnan, Partner and Leader of Risk Consulting at PwC India, highlighted the opportunity for organizations to streamline their data collection and processing procedures, build customer trust, and enhance global competitiveness. He emphasized the shift from regarding privacy as a regulatory requirement to integrating "privacy by design" to contribute significantly to India's digital transformation.

The report also noted that while 48% of organizations surveyed offer the option to withdraw consent, the process for doing so is not as straightforward. A mere 2% of organizations obtain consent in multiple regional languages.

Approximately 16% of organizational websites feature a cookie consent banner, informing users about the collection and processing of personal data. About 33% display a cookie notice that mentions the use of cookies on the website. Additionally, 41% of organizations include information about data principals' rights (erasure, access, and correction) on their websites, along with the mechanisms for exercising these rights.

ALSO READ: Meta considers a $14 monthly fee for ad-free access to Instagram and Facebook

While many organizations in sectors such as information technology, hospitality, consumer goods, and pharmaceuticals have processes to honour data subject rights, they often do not provide dedicated email addresses or online forms for user support.

The report coincides with the government's announcement last month that certain entities may be granted a year's grace period to fine-tune their systems for compliance with the Digital Personal Data Protection Act of 2023, which applies to the processing of digital personal data in India, both online and offline, as well as its processing abroad when offering goods or services in India.

ALSO READ:  Google India appoints Srinivas Reddy as its head of policy: Know more

Inputs from IANS


Read all the Breaking News Live on and Get Latest English News & Updates from Technology