Privacy guide

What is a consent manager under DPDP?

Consent manager explained simply: what this DPDP role is meant to do, how it could help Indian users manage consent, and what to watch for.

The simple answer

Under the DPDP framework, a consent manager is meant to be a registered intermediary through which you can give, review, manage and withdraw your consent across services in one place.

The idea is to make consent less scattered: instead of chasing settings on every app, you could manage permissions through one accountable point. How this works in practice depends on implementation.

What to check

1
Understand consent should be manageable, not one-time.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

2
Look for clear give and withdraw options.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

3
Check whether withdrawing consent is as easy as giving it.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

4
Watch how the service records your choices.

If this is unclear, treat it as a signal to ask the company for a plain-English explanation.

From our investigation

Consent should be manageable, not trapped.

State of Privacy found consent often bundled into a single click. A working consent manager is the opposite idea: clear, reviewable and reversible control.

What to do next

1
Treat consent as something you can change.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

2
Use withdraw options when offered.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

3
Ask companies how you can review and revoke consent.

Keep it practical: take one action, save proof, and avoid giving more data than the task needs.

People also ask

What does a consent manager do?

It is meant to let you give, review, manage and withdraw consent across services through one accountable point.

Is a consent manager available now?

The role exists in the DPDP framework; how and when it operates in practice depends on implementation.

Why is this useful?

Because it can replace scattered, one-time consent with manageable, reversible control.

If you are a company
Check your own website.

How many trackers run on your pages? Does your privacy policy name them? Can you answer a data-rights email? If you don't know, we can help you find out.

Talk to Meridian Bridge Strategy →
Your right under Indian law
Mera data mera hai.

Your personal data belongs to you. Under DPDP, every company must tell you what they have and delete it if you ask. One email is all it takes.

Get the template email →
Read the full investigation.

We investigated 107 Indian company websites. The public report shows what we found.

Read the reportTry the experience