The (鈥淒PDP Rules, 2025鈥) were finally released by the (鈥淢eity鈥) on 3rd January 2025. These rules complement the (鈥淒PDP Act, 2023鈥). One of the crucial additions to the DPDP Rules, 2025 has been the clarification to the role of the Consent Managers. This piece addresses the role of Consent Managers in transforming digital rights in India. It suggests certain changes which can be brought by the lawmakers to make more efficient use of Consent Managers. I conclude that while the involvement of Consent Managers is a welcome step for helping various users, there is still a long way to go before the realisation of complete digital rights.
Who are Consent Managers?
A Consent Manager is defined under section 2(g) of the DPDP Act, 2023 to 鈥渕ean any person who is registered with the Data Protection Board and acts as a single point of contact to enable a Data Principal to manage, review consent, etc.鈥 Data Principal under Section 2(j) of DPPD Act, 2023 has been defined to 鈥渕ean an individual to whom the personal data relates.鈥 Part A of Schedule 1 of DPDP Rules, 2025 makes it clear that the process of registration of Consent Managers will be regulated by the Data Protection Board. To become a consent manager, it is mandatory to have a net worth of around $320,000 CAD or more. Further, such an applicant must have the required technical, operational and financial facilities. Thus, after getting due approval from the Data Protection Board, Consent Managers can start working. Consent Managers are required to enable the Data Principal to use its platform to give consent to the processing of personal data according to Part B of 1st Schedule.
Role of the Consent Managers in promoting digital rights in India
Digital Rights which include the right to access information, upholding privacy and the right to freedom of expression and information. One of the crucial components of digital rights is the . Consent Managers play a crucial role in promoting human dignity, which was highlighted in the landmark case of . The Supreme Court of India noted that privacy was a constitutionally protected right and was intrinsic to the concept of human dignity. Flowing from this characterization of privacy as a constitutionally protected right is the fact that it will be important to manage the consent given by various users to uphold the right to make a reasoned and informed choice. This right is also mentioned in Section 6 of the DPDP Act which states that any consent given by the Data Principal must be unconditional and unambiguous. Further, such consent must be accompanied by a clear affirmative action for the specific purpose of processing of personal data.
It is important here to distinguish the role of Consent Managers from that of . Jan Suvedha Centres in India are meant to facilitate the creation and updating of various documents such as (identity proof for any citizen living in India) ( primarily used for tax collection) and so forth. Mostly, these centres cater to the needs of the people who come from marginalised communities and help them with their various needs. Similarly, any Consent Manager has an important role in ensuring that the consent of the users is managed effectively on various devices. When most of the users inIn this context, the role of Consent Managers becomes important in ensuring that the users are aware of the terms and conditions under which consent is given by the Data Principal.
These Consent Managers can also help aid the various government initiatives aimed at increasing digital literacy. Notably, the is aimed at reducing digital literacy gaps in rural areas by teaching people residing in rural areas to use smartphones, send emails, payments and so forth. The role of the Consent Managers becomes crucial in ensuring that while access to digital applications is increasing, there is also an increase in consent management. Interestingly, in 2022, a was introduced in the upper house of the Parliament to improve the digital literacy curriculum in schools. This bill highlights the fact that Consent Managers must ensure that terms and conditions provided to users are easily comprehensible without complex legal language.
What changes can be brought about by lawmakers?
One of the foremost changes that can be brought about by the functioning of Consent Managers is reducing the criteria of having a turnover of approximately $320,000 CAD (i.e., or sales made over a period). It is important to also note that a Consent Manager can be a person or a startup since Schedule 1 Part B of the DPDP Rules, 2025 states that a Consent Manager has to be a company incorporated in India. A lot of startups will be interested in performing the function of a Consent Manager. Further, Consent Managers are required to follow reasonable safeguards for protecting the privacy of the users as per Schedule 1 Part B of the DPDP Rules, 2025. It will be prudent to provide information on how privacy can be safeguarded in ways such as anonymisation, pseudonymisation, and privacy by design. Further, regarding the registration provided in the same part of Schedule 1, it is unclear what is meant by 鈥渆arning prospects of the applicant are adequate.鈥 This ambiguity possibly gives discretion to the Data Protection Board of India to decide subjectively whether a particular applicant has sufficient earnings or not to qualify as a Consent Manager. In such a case, it can adversely impact a potential Consent Manager who is likely to be eligible, but whose application has been rejected by the Data Protection Board. Lawmakers can either omit this criterion due to ambiguity or provide useful illustrations to ensure a sound interpretation of the law.
Way Ahead
It is hoped that Consent Managers in India will play a transformative role by realising the essence of Article 21 of the Constitution, which enshrines the right to personal liberty, by providing an affordable mechanism for making wise decisions regarding consent given to various platforms. As pointed out by Aharon Barak, , 鈥淸t]he best decisions on how life should be lived are entrusted to the individuals.鈥 To realise the effectiveness of such a statement, Consent Managers will have to play a very important role in protecting privacy and promoting digital rights in India.
My name is Siddharth Chaturvedi, and I am currently pursuing BALLB (Hons) from Dharmashastra National Law University, Jabalpur. I am in 5th Year. My interests include Tech Law, Constitutional Law and Competition Law.