wordpress blog stats
Connect with us

Hi, what are you looking for?

Should the rules under India’s data protection law include deprecating consent? #PrivacyNama2023

Deprecating consent indicates automatic withdrawal of consent when the user has not used the relevant feature for a certain period of time.

India’s recently enacted Digital Personal Data Protection Act of 2023 requires all companies to obtain consent from users before collecting and processing their personal data except in a few cases. The Act also allows users to withdraw their consent at any time. However, there is no concept of deprecating consent, which refers to the automatic withdrawal of consent when a user hasn’t used the relevant feature for a certain period of time.

Google’s Android, for example, removes permissions if a user of the app hasn’t used those permissions for a while. Should the rules formed under the Act include deprecating consent as a requirement, MediaNama’s Founder and Editor Nikhil Pahwa asked the speakers at PrivacyNama 2023 held on October 26-27. “I mean that’s probably one of the the most important privacy-protecting frameworks that I have come across because you shouldn’t have to give consent for life,” Pahwa opined.


This discussion was organised with support from Meta, PhonePe, Google, and Salesforce, and in partnership with CUTS and the Centre for Communication Governance.

Abha Tiwari, Data Protection Officer at Renault Group, opined that the consent can only be for the specified purpose and the specified purpose cannot be an infinite purpose. The purpose should be measurable and identifiable, and data should be collected only for this purpose. “If the purpose is not specified or the purpose is too large then that may not fall or that may end up being in violation of the DPDP Act,” she said. The consent that organisations take can only be for that purpose and data cannot be collected forever. “This consent cannot be stretched beyond the purpose. And if it gets stretched then that is again a violation,” she added. Tiwari’s explanation implies that deprecating consent is not explicitly needed because the Act already only allows the consent to be used for specified purposes.

Advertisement. Scroll to continue reading.

While not directly addressing the idea of deprecating consent, Jagannath PV, Chief Privacy Officer at LTIMindtree, spoke about how companies should delete any personal that doesn’t serve them a purpose. He shared the example of job applications. “Now, how long are you going to keep a resume? There is no point in having a resume for more than a year because a person would have learned something else and they would have updated their resume by the last year. So instead of keeping it for four or five years and going after an old resume, you would rather delete it in one year,” Jagannath elaborated. “I would apply that practical principle of data deletion to your question as well,” he added.

Vasudha Gupta, Chief Privacy Officer at Unlimit, suggested that companies build a consent preference centre where users can manage consent. “You bring in a centre where a person can log in and then they can be verified with that through an OTP or any other mechanism. And then they could choose to opt out of various services that you’re providing them. So that’s another way to handle this situation,” she explained. This response doesn’t address deprecating consent but rather an easier way for users to manage the consent they have given to platforms.

Also Read

STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!


Written By

Free Reads


Vaishnaw's remarks come a day after Google removed apps belonging to Matrimony.com, Info Edge (Naukri and 99 Acres), Shaadi.com, Altt, Truly Madly, Stage, Quack...


Paytm has started distancing itself from PPBL in light of the current negative spotlight on PPBL.


The move can be seen as an attempt by Paytm to distance itself from the troubled Paytm Payments Bank, which has been significantly restricted...

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...


Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...


The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...


Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...


Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ