We finally have clarity on the role of consent managers under India’s privacy law
Subscribe to enjoy similar stories. When India’s Digital Personal Data Protection Act (DPDP Act) was enacted in 2023, it was the first data protection law to reference an entity called the ‘Consent Manager.’ However, since the Act said very little about what this consent manager was supposed to do, speculation within the private sector was rife.
Most assumed this meant managers who would map the consent provided by a data principal (the individual to whom the personal data relates) with the ways in which that data could be used. With onerous laws like Europe’s General Data Protection Regulation in force, entities around the world have sprung up to help data fiduciaries (entities that determine the purpose and means of personal data processing) manage the consent they need to operate.
Most international websites rely on these entities to not only record your agreement with the terms of their privacy policy, but also provide dashboards for you to manage cookies and enable notifications. This January, India’s draft DPDP Rules were released for public consultation, finally clarifying what the government had in mind.
It is now clear that consent managers under the DPDP Act have much more to do than just map consent to the ways in which personal data can be used. They will also have to set up a digital architecture to facilitate data transfers between data fiduciaries, while ensuring that the privacy of the underlying information is preserved in a manner consistent with the design of India’s digital public infrastructure.
Read more on livemint.com
