Recently, the parliament enacted the DPDPA to secure the personal digital rights of individual (i.e., Data Principal)
Consent Management under the provisions of the Digital Personal Data Protection Act (DPDPA), 2023
Recently, the parliament enacted the DPDPA to secure the personal digital rights of individual (i.e., Data Principal). Under this Act, it is mandatory that before processing the personal data of an individual for a particular purpose, the service provider (i.e., Data Fiduciary, Consent Manager) adhere to the following:
- To establish the consent management processes for obtaining specific consent from the individual (data principal) before the processing of her personal data for specific purposes.
- It may be noted these statutory provisions give individuals more control over their personal data and how it is used by service providers.2 (It is pertinent to note that the consent management process is based on the general principle of consensus ad idem in the contract; otherwise, the said agreement/request would be treated as invalid)
- Established the consent manager, who is a single point person and registered with the Data Protection Board (i.e., Adjudicatory body under the Act), and who acts as a facilitator to enable data protection to give, manage, review, and withdraw consent through an accessible, interoperable platform.
- Under the Act, there is a mandate that consent obtained from data principal be subject to adherence to the following principles:
- The said consent should be free/unconditional.
- It shall be specific.
- It shall be unambiguous, with a clear affirmative. (It may be noted that these principles are also spirited by the general principles contract.)
- Every request for consent should be in clear and simple language, giving the data principal the option to access such a request in English or any other language specified in the Eighth Schedule of the Indian Constitution.
- The data principal has the right to give, manage, review, or withdraw her consent to the Data Fiduciary through the Consent Manager.
- The consent manager shall be accountable to the data principal and execute its statutory obligations as per the defined rule.
- It is also mandatory that the additional burden lie on the data fiduciary to prove that consent was obtained from the data principal as per the provisions of the Act.
Content created by generative Artificial Intelligence (AI) programs are currently one of the most important global developments. The common question Read more
In the competitive world of startups and burgeoning businesses, arbitration has undeniably captured the attention of many in the past Read more
India is a worldwide economic powerhouse that attracts investors globally to explore its vast array of prospects in the ever-expanding Read more
BIT's bilateral investment agreements provide an economic cooperation framework and protection of investments in two countries, which have a substantial Read more
On February 19, 2023, an ambitious plan was unveiled by a consortium led by Ajay Singh of SpiceJet and Nishant Read more
Safeguarding Tomorrow's Play: Balancing Innovation and Responsibility in AI Toys — Ethical Considerations, Safety Measures, and Comparative Insights on Children's Read more
In the world where innovation reigns supreme, NatWest Group, the UK’s largest business and commercial bank, has embarked on a Read more
In our rapidly changing digital environment, the implementation of the Digital Personal Data Protection Act in 2023 marks a major Read more
NEW ANSWERS FOR NEW NEEDS, EXPLAINING THE RECENT CASE LAWS AND CHANGES IN ARBITRATION PRACTICE The law of arbitration in Read more
The essence of client-centricity is considering how your business is structured and how you manage service delivery from the client's Read more
