What this topic covers
Section 5 of the DPDP Act is the single most violated section across Indian websites in 2026. Most 'privacy policies' fail it because they're generic statements of practice rather than itemised, purpose-specific notices. A useful explainer on Section 5 will spend most of its runtime on what an itemised notice actually looks like — specific purposes, specific categories of personal data, specific retention windows, named Grievance Officer with a real SLA.
The criterion that most explainers miss: every notice element must be specific to the purpose it serves. 'For marketing and other purposes' is not specific — 'to send you order-status emails and (with separate opt-in) monthly product updates' is. Specificity isn't optional under Section 5; the Act explicitly requires informed consent, and you can't give informed consent to a vague purpose.
Good Section 5 videos also cover the multilingual obligation. Notices must be available in English plus the 22 Eighth-Schedule languages — Hindi, Tamil, Bengali, Telugu, Marathi, and the rest. Most Indian SMBs publish in English only; the Rules 2025 timeline gives them a window to add language support, but the obligation is real and enforceable from the deadline.
Points a complete video on this topic should cover
- What "itemised" actually means — purpose-specific, not generic
- The five mandatory elements: purposes, data categories, retention, rights mechanism, Grievance Officer
- Plain-language drafting that survives Section 6 informed-consent scrutiny
- Multilingual obligation (English + 22 Eighth-Schedule languages)
- When to update the notice (every change in purpose, processor or category)
- The footer placement + form-side disclosure pattern
- How to name the Grievance Officer and publish the 30-day SLA
Relevant sections of the DPDP Act / Rules
- Section 5 (notice)
- Section 6 (consent)
- Rule 3 (notice contents)