Recently, the parliament enacted the DPDPA to secure the personal digital rights of individual (i.e., Data Principal)

Consent Management under the provisions of the Digital Personal Data Protection Act (DPDPA), 2023

Recently, the parliament enacted the DPDPA to secure the personal digital rights of individual (i.e., Data Principal). Under this Act, it is mandatory that before processing the personal data of an individual for a particular purpose, the service provider (i.e., Data Fiduciary, Consent Manager) adhere to the following:

  • To establish the consent management processes for obtaining specific consent from the individual (data principal) before the processing of her personal data for specific purposes.
  • It may be noted these statutory provisions give individuals more control over their personal data and how it is used by service providers.2 (It is pertinent to note that the consent management process is based on the general principle of consensus ad idem in the contract; otherwise, the said agreement/request would be treated as invalid)
  • Established the consent manager, who is a single point person and registered with the Data Protection Board (i.e., Adjudicatory body under the Act), and who acts as a facilitator to enable data protection to give, manage, review, and withdraw consent through an accessible, interoperable platform.
  • Under the Act, there is a mandate that consent obtained from data principal be subject to adherence to the following principles:
    • The said consent should be free/unconditional.
    • It shall be specific.
    • It shall be unambiguous, with a clear affirmative. (It may be noted that these principles are also spirited by the general principles contract.)
  • Every request for consent should be in clear and simple language, giving the data principal the option to access such a request in English or any other language specified in the Eighth Schedule of the Indian Constitution.
  • The data principal has the right to give, manage, review, or withdraw her consent to the Data Fiduciary through the Consent Manager.
  • The consent manager shall be accountable to the data principal and execute its statutory obligations as per the defined rule.
  • It is also mandatory that the additional burden lie on the data fiduciary to prove that consent was obtained from the data principal as per the provisions of the Act.
Views: 42
Related Posts
Bilateral Investment Treaties and ODI

BIT's bilateral investment agreements provide an economic cooperation framework and protection of investments in two countries, which have a substantial Read more

Healthcare Startups: Turning Regulatory Roadblocks into Stepping Stones for Success

In the era of healthcare innovation, startups play a crucial role in propelling transformative change. The sudden outbreak of the Read more

Ransomware – The Most Dangerous Cyber Threat
Ransomware

Ransomware is a form of malware that locks and encrypts the data, files, devices, or systems of a victim, discarding Read more

Funding for Startups: Don’t Get Lost in the Fundraising Process

In the era of entrepreneurship. India currently holds the third-largest market share for startups. In fact, the overall amount of Read more

Big Data and Competition Law in Telecom: India vs. Europe
Association of big data and Competition Law

India's Competition Act of 2002, aimed at fostering fair competition and protecting consumers, plays a critical role in regulating the Read more

Provident Fund (PF) for International Employees in India: A Guide to Post-Termination Procedures

For international employees who have completed their service in India, the process of claiming their Employees' Provident Fund (EPF) benefits Read more

Navigating the Skies of Regulation
Navigating the Skies of Regulation

Aviation law - the "Law of the Air," is a legal framework that governs and regulates various aspects of air Read more

WIPO & Member States Approve the Treaty Relating to IP, Genetic Resources and Associated Traditional Knowledge

As a result of decades of negotiations, Word Intellectual Property Organization (WIPO) member states have approved a groundbreaking treaty relating Read more

Joint Venture Agreements for Startups: Key Considerations for Successful Collaborations

A joint venture is when two or more businesses agree to work together. It is a commercial agreement between two Read more

The legal stride of online gaming: Analysing India and South Korea
online gaming

Abstract: This research article provides a comprehensive examination of the legal framework governing the online gaming market in India and Read more

Need help with legal issues?
Call Back Request

Leave a Reply

Your email address will not be published. Required fields are marked *