Decoding consent managers under the Digital Personal Data Protection Act, 2023 : empowerment architecture, business models and incentive alignment

Jain, Aditya Sushant (2025) Decoding consent managers under the Digital Personal Data Protection Act, 2023 : empowerment architecture, business models and incentive alignment. Journal of Data Protection & Privacy, 7 (4). p. 406. ISSN 2398-1687

[thumbnail of Jain paper-Vol.7.4 JDPP (Summer 2025)[75].pdf] Text
Jain paper-Vol.7.4 JDPP (Summer 2025)[75].pdf - Published Version
Restricted to Repository staff only

Download (678kB) | Request a copy

Abstract

The Digital Personal Data Protection Act, 2023 (DPDP Act) represents a pivotal shift in India’s data governance framework, emphasising consent as the foundation of personal data processing. Within this landscape, consent managers emerge as critical intermediaries, addressing structural inefficiencies in data sharing, mitigating consent fatigue and enabling data portability. While earlier conceptualisations, such as Justice Srikrishna’s ‘dashboard model’, envisioned consent managers as passive facilitators of consent tracking, the Data Empowerment and Protection Architecture (DEPA) framework expands their role significantly. Under DEPA, consent managers function as intermediaries that facilitate seamless, interoperable data exchange between fiduciaries, thereby dismantling monopolistic data silos and fostering competitive innovation. Their viability, however, hinges on overcoming several economic and operational challenges, including the sustainability of business models, the resolution of the fee dilemma, and the incentivisation of fiduciary participation. This paper critically examines the consent manager ecosystem, exploring its potential to empower data principals through personalised consent management, behavioural nudges and privacy-preserving mechanisms. It further evaluates how reciprocity, cost savings and exemptions for inferred data could encourage large fiduciaries to engage in this ecosystem voluntarily. The analysis in this paper situates consent managers within the broader context of India’s Digital Public Infrastructure (DPI), arguing that their successful implementation could set a global precedent for decentralised, user-centric data governance. Achieving this requires regulatory clarity, standardised technical frameworks and robust market-driven solutions. By addressing these challenges, consent managers could serve as the keystone of India’s digital economy, balancing individual autonomy with technological innovation in an increasingly data-driven world. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

Item Type: Article
Keywords: consent | consent managers | data fiduciary | data principal | data privacy
Subjects: Social Sciences and humanities > Business, Management and Accounting > Strategy and Management
Social Sciences and humanities > Business, Management and Accounting > General Management
Social Sciences and humanities > Business, Management and Accounting > Management of Technology and Innovation
Social Sciences and humanities > Social Sciences > Law and Legal Studies
Social Sciences and humanities > Social Sciences > Public Policy
JGU School/Centre: Jindal Global Law School
Depositing User: Mr. Gautam Kumar
Date Deposited: 02 Jul 2025 07:19
Last Modified: 02 Jul 2025 07:19
Official URL: https://doi.org/10.69554/MHLP2916
URI: https://pure.jgu.edu.in/id/eprint/9741

Downloads

Downloads per month over past year

Actions (login required)

View Item
View Item