Press Release

96% of Indian Websites Collect User Data Without Consent, Reveals Largest DPDP Compliance Study

The Nation Times Team
96% of Indian Websites Collect User Data Without Consent, Reveals Largest DPDP Compliance Study

Examine of 6,000+ web sites throughout 24 sectors highlights widespread non-compliance forward of DPDP Act enforcement in 2027

Mumbai, March 31, 2026 – A complete new study by ComplyZero Research has revealed that 95.9% of Indian web sites gather person information via monitoring applied sciences with out acquiring correct cookie consent, probably violating the Digital Private Information Safety (DPDP) Act, 2023.

The report, titled “The State of Cookie Compliance in India, 2026,” analysed greater than 6,000 web sites throughout 24 trade sectors and evaluated over 84,000 monitoring cookies to evaluate India’s preparedness for the DPDP Act’s consent necessities. The findings recommend that the overwhelming majority of organisations are considerably underprepared for compliance obligations forward of full enforcement scheduled in Might 2027.

Key Findings from the Examine

The analysis highlights a vital compliance hole throughout industries:

  • Solely 4.1% of internet sites (249 out of 6,000+) show any type of person consent mechanism.
  • 95.9% of internet sites deploy monitoring cookies with out disclosure or consent.
  • Authorities web sites confirmed the bottom compliance, with solely 2 out of 1,154 web sites offering consent notices.
  • Practically 80% of internet sites start monitoring customers earlier than consent is granted.
  • Round 82% of monitoring applied sciences are used for advertising and marketing or promoting functions, somewhat than important web site performance.
  • Media web sites have been essentially the most aggressive trackers, averaging 30 monitoring applied sciences per web page, adopted by e-commerce web sites with a mean of 24 cookies per go to.

These findings point out a widespread lack of readiness amongst Indian companies, regardless of the DPDP Act’s requirement for clear discover and knowledgeable person consent earlier than gathering private information.

Authorized Perspective on DPDP Compliance

In accordance with Dr. Pavan Duggal, Advocate on the Supreme Court docket of India and a number one authority on cyber legislation:

“The DPDP Act is a game-changing laws that applies to all information fiduciaries. Non-compliance can pose an existential risk to organisations as a result of potential penalties of as much as ₹250 crores per violation.”

The DPDP Act applies not solely to digital companies however to any organisation gathering private information, together with healthcare suppliers, instructional establishments, retailers, and repair suppliers. Organisations should guarantee correct consent assortment, safe storage of non-public information, and supply people the power to entry, right, or erase their information upon request.

Rising Compliance Hole Forward of 2027 Enforcement

With the Information Safety Board of India (DPBI) already operational, companies should take proactive steps to make sure compliance earlier than enforcement begins in 2027. Every violation of the DPDP Act can appeal to penalties of as much as ₹250 crore, creating important authorized and monetary threat for non-compliant organisations.

Virat Shah, Founding father of ComplyZero, emphasised the urgency of consciousness and preparedness:

“This isn’t a expertise drawback. The instruments to implement cookie consent exist already. What’s lacking is consciousness that consent is now a authorized requirement, not only a finest observe.”

In regards to the Examine

The analysis was carried out in February 2026 by ComplyZero Analysis, masking over 6,000 web sites throughout sectors together with authorities, banking, healthcare, training, media, and e-commerce. The report represents essentially the most complete evaluation of DPDP cookie consent compliance carried out in India to this point.

The total report is offered at:
https://www.complyzero.com/research/state-of-cookie-compliance-india-2026

About ComplyZero

ComplyZero is India’s first self-serve DPDP compliance platform designed to assist companies implement cookie consent, privateness notices, and information safety compliance inside minutes. The platform affords automated cookie scanning, multilingual consent administration throughout 22 Indian languages, and audit-ready compliance information tailor-made to the necessities of the Digital Private Information Safety Act, 2023.

Media Contact

Mansi Mehta
Image Excellent Communication
📞 9833201004
✉️ P2communication@gmail.com

Related Posts