Consent managers are crucial for India’s data governance, enabling user-centric data control and decentralised innovation.
Authors
Aditya Sushant Jain, Jindal Global Law School, O.P. Jindal Global University, Sonipat, Haryana, India
Summary
The Digital Personal Data Protection Act, 2023 (DPDP Act) represents a pivotal shift in India’s data governance framework, emphasising consent as the foundation of personal data processing. Within this landscape, consent managers emerge as critical intermediaries, addressing structural inefficiencies in data sharing, mitigating consent fatigue and enabling data portability. While earlier conceptualisations, such as Justice Srikrishna’s ‘dashboard model’, envisioned consent managers as passive facilitators of consent tracking, the Data Empowerment and Protection Architecture (DEPA) framework expands their role significantly. Under DEPA, consent managers function as intermediaries that facilitate seamless, interoperable data exchange between fiduciaries, thereby dismantling monopolistic data silos and fostering competitive innovation. Their viability, however, hinges on overcoming several economic and operational challenges, including the sustainability of business models, the resolution of the fee dilemma, and the incentivisation of fiduciary participation. This paper critically examines the consent manager ecosystem, exploring its potential to empower data principals through personalised consent management, behavioural nudges and privacy-preserving mechanisms. It further evaluates how reciprocity, cost savings and exemptions for inferred data could encourage large fiduciaries to engage in this ecosystem voluntarily.
The analysis in this paper situates consent managers within the broader context of India’s Digital Public Infrastructure (DPI), arguing that their successful implementation could set a global precedent for decentralised, user-centric data governance. Achieving this requires regulatory clarity, standardised technical frameworks and robust market-driven solutions. By addressing these challenges, consent managers could serve as the keystone of India’s digital economy, balancing individual autonomy with technological innovation in an increasingly data-driven world.
Published in: Journal of Data Protection and Privacy
To read the full article, please click here.
