Connect With Us

DPDP Consultants, your trusted partner in ensuring Digital Personal Data Protection (DPDP Act 2023) compliance for businesses in India.

Contact Info

Our Office : DPDP Consultants Privacyium Tech Pvt. Ltd. 4th floor, GM IT Park, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201305
Landline : 0120-6930999
Toll Free : 1800-5711333
Write To Us : info@dpdpconsultants.com
Our Timings : Mon-Sat: 10:00 – 19:00

(+91) 0120-6930999

Schedule a Call

Please provide a Name.

Please provide an Email.

Please provide a Contact Number.

I have read, understood, and agree to Privacium's Privacy Notice, and Terms and Conditions, and I consent to the processing of my personal data.

Blog

What Are The Different Types Of Consent?

By Admin

On Jul 05, 2024
By Admin

What Are The Different Types Of Consent?

Explore 9 types of consent that ensure clear communication, transparency, and privacy in handling personal information effectively.

As people share more of their personal information online, strong data protection has become essential. The Digital Personal Data Protection Act (DPDPA) of 2023 sets out clear rules for safeguarding personal data in India.

Under the DPDPA and other privacy laws, one of the key responsibilities of organisations is to get consent from individuals before using their data. This can be challenging because the amount of data collected keeps increasing.

There are different types of consent designed to fit various situations and levels of data use. These types help ensure clear communication between data principals and those handling their data, highlighting the importance of transparency and privacy.

Let’s explore the 9 different consent types and how they are crucial for protecting personal data.

1. Informed Consent

The DPDPA requires that consent must be informed. This means individuals need to fully understand how their data will be used, the risks involved, and their rights.

For consent to be informed, companies have to give clear details about:

Why they’re collecting the data
Who will receive the data
How long they’ll keep the data
If the data will be transferred internationally

An example of an informed consent type is when a social media site gives users a detailed privacy notice explaining how their data will be used, shared, and protected. With informed consent, people can control their information and ensure companies meet high standards for data privacy.

2. Explicit Consent

Explicit consent, sometimes called express or active consent, means individuals must clearly and indisputably agree to the data being collected and used.

This type of consent is usually needed for sensitive information like health records, racial or ethnic background, religious beliefs, or political views. For example, an online health platform would ask users to actively opt in and share their medical history for personalised health advice.

3. Implied Consent

Implied or passive consent means that a consumer’s consent is assumed unless they explicitly say otherwise.

A common example is cookie policies. When you keep browsing a website after seeing a cookie banner or privacy notice, your continued use is often seen as implied consent for the website to place and access cookies on your device.

Implied consent types are often used when the data controller thinks people would generally agree to the data processing, or when the processing is necessary for a contract or service. However, clear and transparent information must be provided about the purposes of data processing and how to opt-out.

Businesses like opt-out consent because it requires customers to take action to stop or decline processing. Many people don’t read the fine print and end up giving consent, which benefits the organisation.

4. Granular Consent

Out of all types of consent, granular consent is all about giving people choices and control over specific parts of data processing. It lets individuals decide what types of data sharing or purposes they agree to.

For example, if your business sends updates about different services, you should let subscribers choose which services they want information about.

By offering granular consent, organisations respect users’ autonomy and empower them to decide exactly how their data is used. It’s a user-first approach to privacy, helping people make informed decisions and ensuring their privacy expectations are met.

Furthermore, the act mandates that Data Fiduciaries provide the Privacy Notice in English and any regional language specified in the Eighth Schedule of the Constitution.

5. General Consent

Unlike granular consent, general consent gives broad permission for various data processing activities without detailing specific purposes or conditions. These types of consent are often seen in online service agreements where users agree to the general collection, processing, and storage of their personal data needed to use the service.

Hospitals could ask for general consent for routine, low-risk medical procedures like exams, tests, and minor treatments.

6. Conditional Consent

With conditional consent, individuals can place limits on how their data is used. They agree to data processing under certain conditions or for specific purposes but not for others.

For example, in a survey, participants might give consent for their responses to be used for research but not for marketing or third-party sharing.

Conditional consent lets people control the extent and scope of their data use, setting boundaries and specifying their preferences.

Common practices needing conditional consent include:

Research studies
Marketing communications
Data sharing with third parties
Cross-border data transfers
Personalisation and profiling

7. Ongoing consent

Ongoing consent, or dynamic consent, is important in long-term relationships where data processing happens over time. It acknowledges that people’s preferences and circumstances can change, so it regularly seeks to renew or confirm consent. These consent types keep individuals informed about data processing activities and allow them to update their consent choices.

For instance, if something changes during a research study or new information arises, the organisation needs to inform participants and ask if they still consent to be part of the study.

Such types of consent promotes continuous communication between individuals and data handlers, making it easy to adjust and align with changing privacy preferences.

8. Presumed Consent

Presumed consent means that consent is assumed based on laws, societal norms, or the specific context. It implies that individuals agree to certain data processing activities unless they explicitly object or opt-out. This is often used when there’s a strong public interest or legal reason for processing data.

The DPDP Act 2023 has updated a similar concept of ‘deemed consent’ from the 2022 draft. Now called ‘legitimate uses,’ it allows for the processing of personal data for specific purposes without the individual’s consent.

9. Revocable Consent

Revocable consent or withdrawable consent, lets individuals revoke or withdraw their previously given consent for their personal data to be collected. It highlights the idea that people should have the right to change their minds and control their data whenever they want.

Such consent types acknowledge that consent isn’t just a one-time thing but an ongoing process that respects individuals’ autonomy and their ability to decide how their personal information is used.

While consent is generally something you can withdraw, there are situations where it might not be revocable. For instance, if data processing is necessary to comply with legal obligations imposed on the organisation, they may need to continue processing your data even if you withdraw consent.

How Should You Manage Consent?

Consent management is a crucial issue in data privacy. However, with the amount of consent types, it’s not always straightforward and can be challenging to navigate.

At DPDP Consultants, we’ve developed a suite of tools to help companies handle all their compliance obligations, regardless of the types of consent they collect.

Our Data Protection Consent Management (DPCM) tool automates consent requests, ensuring your processes are clear and transparent under India’s privacy laws.

DPCM begins by organising assets for each department and uploading existing information like names, emails, and phone numbers. It also assists in creating necessary privacy notices that accompany valid consent.

Key Features

Customisable to align with your business processes
Automates the management of personal data consent requests
Provides a robust system to track and handle these requests internally
Integrates with your company’s email service provider to efficiently manage consent and monitor unconsented personal data
Shares outcomes with department heads, Data Protection Officers, stakeholders, and management
Helps manage consent for your legacy personal data
Suitable for businesses of all sizes and scales with your business

In addition to the DPCM tool, they offer various services and tools to help you comply with the DPDP Act 2023 efficiently.

DPDPA Readiness Review: Helps organisations understand the impact of the DPDPA on their operations.
Contract Review service: Ensures your existing contracts align with DPDP specifications and makes necessary revisions.
DPDPA Compliance Assistance: Helps set up internal audit frameworks for regulatory alignment.
Data Protection Impact Assessment (DPIA): Assists in conducting DPIAs to assess and mitigate risks in data processing. Our DPIA tool automates the process, allowing users to conduct DPIAs through a user-friendly platform, track identified risks, and keep stakeholders informed about mitigation progress.
Data Principal Grievance Redressal (DPGR): Enables data principals to raise their concerns through a user-friendly platform, reducing response times and ensuring compliance.
Data Protection Awareness Program (DPAP): A training program that educates your staff on the new regulation through regular awareness sessions and assessments, ensuring compliance with the DPDPA.

Upgrade Your Consent Management with DPDP Consultants!

Streamline your consent management today with DPDP Consultants’ customisable DPCM tool. Automate your processes, enhance transparency and ensure 100% compliance with India’s privacy law.