A Project by Meridian Bridge Strategy
Book Consultation
E-commerce

Amazon India

Ready Score 58/100
Functional Gaps vs Industry Avg: 49
Sushant Pasumarty
ANALYSIS SUPERVISED BY Sushant Pasumarty
📅 9 Feb 2026

Executive Summary

Amazon India operates under a global privacy policy that benefits from mature US/EU compliance but lacks India-specific DPDP alignment. At 58/100, the combination of e-commerce, voice assistant (Alexa), payment (Amazon Pay), and entertainment (Prime Video) data creates a multi-dimensional profile — all flowing to US-headquartered infrastructure.

⚠️ Compliance Gaps

  • Global privacy policy not tailored to DPDP Act 2023
  • Alexa voice data and Ring camera data handling raises DPDP questions
  • Amazon Pay + shopping data creates comprehensive financial-consumption profile
  • Data Protection Board not referenced — US/EU authorities mentioned
  • Indian user data subject to US legal jurisdiction
  • Recommendation algorithm transparency absent

✅ Strengths

  • Comprehensive global privacy infrastructure
  • Data download and deletion tools available
  • Transparent cookie management
  • Regular transparency reports
  • Strong encryption and security measures

Overview

Amazon India’s ecosystem spans shopping, Amazon Pay, Prime Video, Alexa, Kindle, and more. Each touchpoint adds to a comprehensive consumer profile processed by Amazon’s global infrastructure headquartered in the US. While global privacy maturity is strong, DPDP-specific compliance requires India-focused layering.

DPDP Readiness: Section-by-Section Analysis

Section 6 — Consent & Notice ⚠️

Global privacy notice covers all Amazon services under one consent. Indian users receive the same privacy treatment as US or EU users, without India-specific provisions.

Unique concern: Alexa voice recordings and processing — Indian users may not realize voice commands are processed in US data centers.

Section 8 — Obligations of Data Fiduciary ✅

World-class security infrastructure. AWS powers much of the internet — security is core.

Section 9 — Data Retention ⚠️

Some global retention policies exist but India-specific timelines not defined. Alexa voice recording retention has been controversial globally.

Section 11 — Rights of Data Principal ⚠️

Data download and deletion tools available through Amazon account settings — better than most Indian platforms. However, nomination mechanism absent.

Section 16 — Cross-Border Data Transfer 🔴

Primary concern: all Indian user data processed in Amazon’s global infrastructure. Subject to US legal processes. No India data residency guarantee.

Risk Assessment

CategoryRisk LevelPotential Impact
Cross-border transferCriticalIndian data on US infrastructure
Ecosystem profilingHighShopping + payments + voice + video
DPDP-specific gapsMediumStrong baseline, needs India layering
Data principal rightsLowGood self-service tools

Recommendations

  1. Create India DPDP addendum — Supplement global policy with DPDP-specific provisions
  2. Address Alexa voice data — Clear Indian user consent for voice recording and US processing
  3. Offer India data residency — Option for Indian user data to remain in India
  4. Reference Data Protection Board alongside US/EU authorities
  5. Add Section 14 nomination for Indian accounts

How Does Your Policy Compare?

🔍 Run Your Free DPDP Audit →

Analysis conducted by DPDP Consulting, a Meridian Bridge Strategy initiative. For a comprehensive compliance roadmap, book a free consultation.

Fix these compliance gaps today.

Book 1:1 Consultation
📞 Free Consultation