16th May 2025 (15 Topics)

Copy

1 May

2 May

3 May

5 May

6 May

7 May

8 May

9 May

10 May

12 May

13 May

14 May

15 May

16 May

17 May

19 May

20 May

21 May

22 May

23 May

24 May

26 May

27 May

28 May

29 May

30 May

31 May

Account Aggregators & Consent Managers under the DPDP Act

Context

The Digital Personal Data Protection (DPDP) Act, 2023 has been passed, and the Draft DPDP Rules, 2025 have been released, introducing a framework for Consent Managers (CMs). This has sparked discussions on leveraging the existing Account Aggregator (AA) model as a blueprint for rolling out consent-based data governance across sectors beyond finance.

Background (India’s Data Governance Landscape)

India is moving towards a more structured, privacy-respecting, and user-empowering data ecosystem. This effort is driven by:
- The Digital Personal Data Protection (DPDP) Act, 2023: India’s landmark privacy law which gives individuals (called Data Principals) greater control over their personal data.
- The Account Aggregator (AA) framework: A practical model already working in India’s financial sector that enables individuals to share their financial data securely, based on explicit consent.
As India rolls out the DPDP Act, Consent Managers (CMs) are being proposed as key players to ensure that people have full control over who uses their personal data and for what purpose. The AA model is seen as a blueprint for this broader regime.

What are Account Aggregators (AAs)?

Account Aggregators are digital platforms licensed by the RBI that allow individuals to:
- View, manage, and share their financial data (like bank statements, insurance, tax info) from multiple sources.
- Share this data securely with other institutions like lenders or investment platforms – only if they give consent.
- Revoke consent any time they want.
This system does not store data – it simply acts as a secure bridge between the data holder (like your bank) and the data receiver (like a loan provider), based on user consent.
Significance:
- It breaks data silos across banks, mutual funds, and insurers.
- It makes financial services faster and more tailored.
- Most importantly, you remain in charge of your data.

What is the DPDP Act, and what are Consent Managers?

The DPDP Act, 2023 aims to create a rights-based framework where:

Data can be collected or processed only after the user consents.
Consent must be free, informed, specific, and revocable.
Users must be able to manage and withdraw this consent easily.

This is where Consent Managers come in.
Under the DPDP regime:

A Consent Manager is an intermediary who helps individuals give, manage, and withdraw consent from multiple organisations (called Data Fiduciaries).
They act as user-friendly dashboards that work across sectors – not just finance, but also healthcare, education, employment, e-commerce, etc.

This mirrors the AA model but on a wider, all-sector scale.

Why the AA Model is the Blueprint?

The AA framework already works at scale in finance and has:
- A strong legal foundation (via RBI’s Master Directions).
- Real-time, machine-readable, API-based consent flows.
- A focus on user control, privacy, and data minimisation.
Given this experience, it makes sense to use it as the base model for Consent Managers under the DPDP Act. This would help India avoid starting from scratch and create one interoperable, unified framework for all personal data.

Key Proposals & Needed Reforms

Mandatory Registration with the Data Protection Board (DPB): All Consent Managers should be officially registered to ensure accountability and legal compliance.
- Allow Sector-Specific Consent Managers
- Let different sectors (health, education, etc.) have their own consent managers, as long as they follow common technical standards.
Enable Commercial Sustainability: Consent Managers should be allowed to form legitimate business arrangements with Data Fiduciaries (like banks, hospitals, etc.), provided they don’t compromise user rights.

Wider Significance and Challenges

Benefits:	Challenges:
Builds trust in digital services. Gives citizens more control over their data. Prevents data misuse or unauthorized sharing. Promotes data portability, leading to better competition and innovation.	Ensuring data security during transfers. Preventing dark patterns or manipulation in consent seeking. Educating citizens about how and when to give or deny consent. Avoiding fragmentation between sectoral consent systems (finance, health, etc.).

New beginning: On Syria’s present and future

International Relations Miscellaneous

US backtracks on mediation claims in Kashmir

International Relations Miscellaneous

The paradox of the approach to the Manipur issue

Polity & Governance Governance

India’s stand on Pakistan’s nuclear posture

International Relations India and its Neighbourhood

President's reference to the Supreme Court (Article 143)

Polity & Governance The Judiciary

Does Article 21 include right to digital access?

Polity & Governance Governance

Should NOTA be included in all elections compulsorily

Polity & Governance Governance

Naxal-Free India

Security Internal Security

Saraswati Pushkaralu

Art and culture Indian Culture

Mahadayi (Mhadei) River

Geography Locations in News

Renaming by China

International Relations India and its Neighbourhood

Dr. Ajay Kumar Assumes Charge as UPSC Chairman

Polity & Governance Constitutional Provisions

Colombia joins China’s BRI

International Relations Miscellaneous

Akash Missile System

Science & Technology Defence

GS Analyst: Daily Current Affairs

Account Aggregators & Consent Managers under the DPDP Act

Background (India’s Data Governance Landscape)

What are Account Aggregators (AAs)?

What is the DPDP Act, and what are Consent Managers?

Why the AA Model is the Blueprint?

Key Proposals & Needed Reforms

Wider Significance and Challenges