Cookie Disclaimer

Are there rules governing the use of cookies?

Indian law does not directly deal with the use of cookies or equivalent technology.

Section 43 of the IT Act imposes a restriction on accessing, downloading, copying or extracting any data, computer database or information from any computer, computer system or computer network without the permission of the owner or the person in charge. The IT Act imposes both compensation and criminal penalties in case of a breach. The IT Act's language in this regard is broad enough to cover cookies and accordingly consent is technically required for the use of cookies.

Penalties and compensation

Penalties

What are the potential penalties for non-compliance with data protection provisions?

Under Section 43A, if a breach results in a wrongful gain or loss, the adjudicating officer or the courts (as the case may be) can order compensation to be paid. There is no maximum compensation prescribed.

The following penalties apply:

  • Under Section 66 (use of cookies without consent), the penalty is imprisonment of up to three years, a fine of up to Rs500,000 or both.
  • Under Section 72, the penalty is imprisonment of up to two years, a fine of up to Rs100,000 or both.
  • Under Section 72A, the penalty is imprisonment of up to three years, a fine of up to Rs500,000 or both.

The contents of cookies use policy

All Cookies Policies will include the same basic information. An adequate and compliant policy of this kind will inform users of the following:

  • That cookies are in use on your web site
  • What cookies are
  • What kind of cookies are in use (by you and/or third parties)
  • How and why you (and/or third parties) are using the cookies
  • How a user can opt out of having cookies placed on her device(s)

Most policies on this matter start by letting users know that cookies are in use, and telling them what cookies are. Simple, easy-to-understand language should be used here so that everyone is able to understand what the policy is saying.

How to inform users

Top banner pop-ups -

They pop up the first time a user visits a website, and are right in the main line of sight. These banners are a great way to quickly inform a user that cookies are in use on your website, provide a link to your Cookie Policy, and request consent to place cookies by including something such as a clickable “Continue” link. The user has the option to click “Continue” to give actual consent and is informed that by continuing to browse, even without clicking “Continue,” consent will be assumed.

General pop-up messages

Providing a pop-up box anywhere on your website will give adequate notice to users that cookies are in use on your website, so long as the pop-up box is conspicuous and clearly states what the purpose of the message is.

A Sample/Generic cookie template :

https://docs.google.com/document/d/1ZgVtL6naS64U1XYz0tu4WQRLTrV6O6fhvSb_Bz5Tp9w/edit?usp=sharing