LIJDLR

Data Fiduciary

CONSENT MECHANISMS UNDER THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023: A COMPARATIVE LEGAL ANALYSIS WITH GDPR AND CCPA/CPRA

CONSENT MECHANISMS UNDER THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023: A COMPARATIVE LEGAL ANALYSIS WITH GDPR AND CCPA/CPRA Vedant Raj Chaurasiya,BBA LLB (Final Year – X Sem.), Amity Law School, Amity University Madhya Pradesh Download Manuscript doi.org/10.70183/lijdlr.2025.v03.61 Consent remains a foundational pillar in contemporary data protection frameworks, yet its normative basis, scope, and enforceability vary significantly across jurisdictions. India’s enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) signals a shift towards a consent-centric model, but this framework departs in meaningful ways from the paradigms established under the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), as enhanced by the California Privacy Rights Act (CPRA). This paper conducts a structured comparative and doctrinal analysis to examine how each of these regimes conceptualizes consent, the role of enforcement mechanisms, and the degree of autonomy afforded to individuals. The GDPR situates consent within a rights-based approach, requiring it to be freely given, informed, specific, and revocable—supported by institutional safeguards like independent data protection authorities and mandatory risk assessments. Conversely, the CCPA/CPRA reflects a consumer-choice model where transparency and opt-out functionality dominate, with consent obligations emerging only in limited scenarios. The DPDP Act, though framed around consent, weakens its efficacy by introducing expansive “deemed consent” provisions and lacking critical oversight tools such as mandatory Data Protection Impact Assessments (DPIAs) or a fully independent regulatory authority. The analysis further explores the consequences of this design on India’s cross-border data transfer capability, especially its divergence from GDPR adequacy standards. Arguing for the evolution of a consent-plus architecture, this paper recommends enhancements such as fiduciary accountability, dynamic and context-sensitive consent models, and user interfaces tailored to India’s socio-linguistic diversity. These interventions are imperative for strengthening user autonomy, enhancing legal coherence, and enabling India’s data regime to stand alongside global best practices in digital rights governance.

CONSENT MECHANISMS UNDER THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023: A COMPARATIVE LEGAL ANALYSIS WITH GDPR AND CCPA/CPRA Read More »

NAVIGATING THE PERSONAL DATA CONTOURS UNDER THE DIGITAL PERSONAL DATA PROTECTION ACT 2023

NAVIGATING THE PERSONAL DATA CONTOURS UNDER THE DIGITAL PERSONAL DATA PROTECTION ACT 2023 Amri Gupta, Student at ICFAI Law School, IFHE, Hyderabad. Download Manuscript ABSTRACT The Digital Personal Data Protection Act, 2023, is a pivotal legislation in India’s digital governance landscape, aiming to address the growing need for robust data protection laws in the digital era. It defines and regulates personal data, introducing key entities like Data Fiduciary and Significant Data Fiduciary, along with strict obligations and penalties for non-compliance. However, the Act’s impact is not without challenges, particularly in its potential conflicts with the Right to Information Act, 2005. Amendments to the RTI Act’s Section 8(1)(j), expanding non-disclosure of personal data-related information, raise questions about the balance between data protection and the fundamental right to information. The role of the Data Protection Board emerges as crucial, tasked with providing clarity and guidance on the Act’s implementation. This article underscores the importance of striking a balance between data protection and the right to information, calling for nuanced approaches that safeguard privacy while ensuring transparency and accountability. It examines the Act’s provisions and highlights challenges, emphasizing the vital role of the Data Protection Board in providing much-needed clarity. The analysis stresses the need for clear guidelines and robust regulatory oversight to ensure the Act’s effective implementation. While the DPDP Act 2023 is a significant stride in data governance, the importance of well-defined guidelines becomes evident as India adapts to the intricacies of the digital age. Type Information Research Paper LawFoyer International Journal of Doctrinal Legal Research, Volume I, Issue IV, Page 98-112. Creative Commons Copyright This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. Copyright © LIJDLR 2024 Recent content Author Details (NIKITA AMBWANI & RUPALI CHAUHAN) LAW STUDENTS, UNIVERSITY OF RAJASTHAN, JAIPUR Publication Details Volume 1 Issue 1 Year 2022 Published on 01/09/2022

NAVIGATING THE PERSONAL DATA CONTOURS UNDER THE DIGITAL PERSONAL DATA PROTECTION ACT 2023 Read More »