EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Decoding consent managers under the Digital Personal Data Protection Act, 2023: Empowerment architecture, business models and incentive alignment

Aditya Sushant Jain
Additional contact information
Aditya Sushant Jain: Jindal Global Law School, India

Journal of Data Protection & Privacy, 2025, vol. 7, issue 4, 406-420

Abstract: The Digital Personal Data Protection Act, 2023 (DPDP Act) represents a pivotal shift in India’s data governance framework, emphasising consent as the foundation of personal data processing. Within this landscape, consent managers emerge as critical intermediaries, addressing structural inefficiencies in data sharing, mitigating consent fatigue and enabling data portability. While earlier conceptualisations, such as Justice Srikrishna’s ‘dashboard model’, envisioned consent managers as passive facilitators of consent tracking, the Data Empowerment and Protection Architecture (DEPA) framework expands their role significantly. Under DEPA, consent managers function as intermediaries that facilitate seamless, interoperable data exchange between fiduciaries, thereby dismantling monopolistic data silos and fostering competitive innovation. Their viability, however, hinges on overcoming several economic and operational challenges, including the sustainability of business models, the resolution of the fee dilemma, and the incentivisation of fiduciary participation. This paper critically examines the consent manager ecosystem, exploring its potential to empower data principals through personalised consent management, behavioural nudges and privacy-preserving mechanisms. It further evaluates how reciprocity, cost savings and exemptions for inferred data could encourage large fiduciaries to engage in this ecosystem voluntarily. The analysis in this paper situates consent managers within the broader context of India’s Digital Public Infrastructure (DPI), arguing that their successful implementation could set a global precedent for decentralised, user-centric data governance. Achieving this requires regulatory clarity, standardised technical frameworks and robust market-driven solutions. By addressing these challenges, consent managers could serve as the keystone of India’s digital economy, balancing individual autonomy with technological innovation in an increasingly data-driven world. This paper is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.

Keywords: data privacy; consent managers; data principal; data fiduciary; consent (search for similar items in EconPapers)
JEL-codes: K2 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/9482/download/ (application/pdf)
https://hstalks.com/article/9482/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:jdpp00:y:2025:v:7:i:4:p:406-420

Access Statistics for this article

More articles in Journal of Data Protection & Privacy from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-06-19
Handle: RePEc:aza:jdpp00:y:2025:v:7:i:4:p:406-420