A Project by Meridian Bridge Strategy
Archived analysis

This page is old. Amazon India was reviewed on 2026-02-09.

This is a historical, policy-only review. Policies, product behavior and source URLs may have changed since this analysis was published.

For current public evidence from website trackers, policy findings and proof samples, go to State of Privacy 2026.

View current public evidence
E-commerce

Amazon India

Ready Score 58/100
Functional Gaps vs Industry Avg: 48
Sushant Pasumarty
ANALYSIS SUPERVISED BY Sushant Pasumarty
📅 9 Feb 2026

Discuss this page with an LLM

ChatGPT Claude Gemini Perplexity

Executive Summary

Amazon India operates under a global privacy policy that benefits from mature US/EU compliance but lacks India-specific DPDP alignment. At 58/100, the combination of e-commerce, voice assistant (Alexa), payment (Amazon Pay), and entertainment (Prime Video) data creates a multi-dimensional profile — all flowing to US-headquartered infrastructure.

How To Read This Analysis

This is an archived policy-only review of the company's public privacy policy. It is not a government certification and it is not legal advice.

For current public evidence from website trackers, policy findings and proof samples, see State of Privacy 2026.

We look for:

  • Notice and consent clarity
  • Purpose limitation
  • Data minimization
  • Retention and deletion language
  • Vendor and processor disclosures
  • Data Principal rights
  • Grievance redressal
  • Breach and security posture

Source Check

  • Source policy was reviewed for this archived analysis, but the old policy URL is not linked because public policy locations may have changed.
  • Date reviewed: 2026-02-09
  • Company: Amazon India
  • Readiness score: 58/100
  • Policies and product behavior may have changed since review
  • Whether the current source policy still matches this archived policy-only review
  • Whether app, web and product flows match the policy

What To Do With This

If your company has a similar data model, use this analysis as a warning map. Do not copy the score. Map your own data flow.

Ask internally:

  • Do we collect similar categories of personal data?
  • Do we share data with the same number or type of vendors?
  • Can users understand why their data is shared?
  • Can we prove deletion, retention and grievance workflows?
  • What evidence would we show if questioned?

If this analysis resembles your business model, the next step is not a better privacy-policy paragraph. It is a data map and gap analysis.

Book a DPDP readiness call

⚠️ Compliance Gaps

  • Global privacy policy not tailored to DPDP Act 2023
  • Alexa voice data and Ring camera data handling raises DPDP questions
  • Amazon Pay + shopping data creates comprehensive financial-consumption profile
  • Data Protection Board not referenced — US/EU authorities mentioned
  • Indian user data subject to US legal jurisdiction
  • Recommendation algorithm transparency absent

✅ Strengths

  • Comprehensive global privacy infrastructure
  • Data download and deletion tools available
  • Transparent cookie management
  • Regular transparency reports
  • Strong encryption and security measures

Overview

Amazon India’s ecosystem spans shopping, Amazon Pay, Prime Video, Alexa, Kindle, and more. Each touchpoint adds to a comprehensive consumer profile processed by Amazon’s global infrastructure headquartered in the US. While global privacy maturity is strong, DPDP-specific compliance requires India-focused layering.

DPDP Readiness: Section-by-Section Analysis

Section 6 — Consent & Notice ⚠️

Global privacy notice covers all Amazon services under one consent. Indian users receive the same privacy treatment as US or EU users, without India-specific provisions.

Unique concern: Alexa voice recordings and processing — Indian users may not realize voice commands are processed in US data centers.

Section 8 — Obligations of Data Fiduciary ✅

World-class security infrastructure. AWS powers much of the internet — security is core.

Section 9 — Data Retention ⚠️

Some global retention policies exist but India-specific timelines not defined. Alexa voice recording retention has been controversial globally.

Section 11 — Rights of Data Principal ⚠️

Data download and deletion tools available through Amazon account settings — better than most Indian platforms. However, nomination mechanism absent.

Section 16 — Cross-Border Data Transfer 🔴

Primary concern: all Indian user data processed in Amazon’s global infrastructure. Subject to US legal processes. No India data residency guarantee.

Risk Assessment

CategoryRisk LevelPotential Impact
Cross-border transferCriticalIndian data on US infrastructure
Ecosystem profilingHighShopping + payments + voice + video
DPDP-specific gapsMediumStrong baseline, needs India layering
Data principal rightsLowGood self-service tools

Recommendations

  1. Create India DPDP addendum — Supplement global policy with DPDP-specific provisions
  2. Address Alexa voice data — Clear Indian user consent for voice recording and US processing
  3. Offer India data residency — Option for Indian user data to remain in India
  4. Reference Data Protection Board alongside US/EU authorities
  5. Add Section 14 nomination for Indian accounts

📖 Related Compliance Guides

compare DPDP vs Kenya Data Protection Act Guide compare DPDP vs Data Protection Act: Compliance compare DPDP vs Federal Data Protection Act Guide

What Should You Do Next?

🔍 Map Your Own Exposure

Book a DPDP readiness call if this analysis resembles your business model.

🎓 Train Your Team

Book a DPDP compliance workshop — available online, onsite, and hybrid.

📰 Stay Updated

Get the daily DPDP news digest. Track enforcement, breaches, and policy changes.

Fix these compliance gaps today.

Book 1:1 Consultation >
Book clarity call