What this topic covers
Cookie banners are the single most-scanned DPDP compliance surface — the Data Protection Board's eventual scanners will look at them first, and our own scanner already does. A complete explainer on DPDP-compliant banners walks through the six Section 6 criteria (free, specific, informed, unconditional, unambiguous, affirmative-action) and explains how each criterion kills a common banner pattern still in use across Indian SMB sites.
Past the criteria, a good video on banners will show before-and-after examples: a pre-ticked, accept-only banner that fails on three of the six criteria; a banner with equal-prominence accept/reject and granular categories that passes. The visual contrast is where the lesson lands — Indian SMBs typically internalise the principle faster from one example than from three minutes of theory.
Section 6(4) — withdrawal as easy as the original consent — is the criterion that ends most existing banner architectures. The fix is a persistent 'Manage cookies' link in the footer of every page that re-opens the banner with the current state. Good explainer videos demo this UX and explain why anything more complex (account login, support ticket) is treated as a Section 6 violation.
Points a complete video on this topic should cover
- The six Section 6 criteria for valid DPDP consent
- Equal prominence for Accept and Reject (no dark patterns)
- Granular per-category toggles, all defaulted OFF
- Section 6(4) — withdrawal as easy as giving consent
- The CMP integration pattern (Customer Privacy API, consent events)
- Tracker gating — nothing fires before user opts in to the relevant category
- Mobile-specific behaviour (cut-off Reject buttons fail the prominence test)
Relevant sections of the DPDP Act / Rules
- Section 6 (consent)
- Section 6(4) (withdrawal)