Consent
Bare Law
Section 7(1)
Consent of the Data Principal means any freely given, specific, informed and unambiguous indication of the Data Principal's wishes by which the Data Principal, by a clear affirmative action, signifies agreement to the processing of her personal data for the specified purpose.
Subsection Definitions π
For the purpose of this sub-section, βspecified purposeβ means the purpose mentioned in the notice given by the Data Fiduciary to the Data Principal in accordance with the provisions of this Act.
Section 7(2)
Any part of consent referred in sub-section (1) which constitutes an infringement of provisions of this Act shall be invalid to the extent of such infringement.
Illustration π¬
βAβ enters into a contract with βBβ to provide a service βXβ to βBβ. As part of the contract, βBβ consents to: (a) processing of her personal data by βAβ, and (b) waive her right to file a complaint with the Board under the provisions of this Act. Part (b) of the consent by which βBβ has agreed to waive her right shall be considered invalid.
Section 7(3)
(3) Every request for consent under the provisions of this Act shall be presented to the Data Principal in a clear and plain language, along with the contact details of a Data Protection Officer, where applicable, or of any other person authorised by the Data Fiduciary to respond to any communication from the Data Principal for the purpose of exercise of her rights under the provisions of this Act. The Data Fiduciary shall give to the Data Principal the option to access such request for consent in English or any language specified in the Eighth Schedule to the Constitution of India.
Section 7(4)
(4) Where consent given by the Data Principal is the basis of processing of personal data, the Data Principal shall have the right to withdraw her consent at any time. The consequences of such withdrawal shall be borne by such Data Principal. The withdrawal of consent shall not affect the lawfulness of processing of the personal data based on consent before its withdrawal. The ease of such withdrawal shall be comparable to the ease with which consent may be given.
Illustration π¬
βAβ enters into a contract with βBβ to provide a service βXβ to βBβ. As part of the contract, βBβ consents to processing of her personal data by βAβ. If βBβ withdraws her consent to processing of her personal data, βAβ may stop offering the service βXβ to βBβ.
Section 7(5)
(5) If a Data Principal withdraws her consent to the processing of personal data under sub-section (4), the Data Fiduciary shall, within a reasonable time, cease and cause its Data Processors to cease processing of the personal data of such Data Principal unless such processing without the Data Principalβs consent is required or authorised under the provisions of this Act or any other law.
Illustration π¬
βAβ subscribes to an e-mail and SMS-based sales notification service operated by βBβ. As part of the subscription contract, βAβ shares her personal data including mobile number and e-mail ID with βBβ which shares it further with βCβ, a Data Processor for the purpose of sending alerts to βAβ via e-mail and SMS. If βAβ withdraws her consent to processing of her personal data, βBβ shall stop and cause βCβ to stop processing the personal data of βAβ.
Section 7(6)
The Data Principal may give, manage, review or withdraw her consent to the Data Fiduciary through a Consent Manager.
Subsection Definitions π
For the purpose of this section, a "Consent Manager" is a Data Fiduciary which enables a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform.
Section 7(7)
The Consent Manager specified in this section shall be an entity that is accountable to the Data Principal and acts on behalf of the Data Principal. Every Consent Manager shall be registered with the Board in such manner and subject to such technical, operational, financial and other conditions as may be prescribed.
Section 7(8)
The performance of any contract already concluded between a Data Fiduciary and a Data Principal shall not be made conditional on the consent to the processing of any personal data not necessary for that purpose.
Illustration π¬
If βAβ enters into a contract with βBβ to provide a service βXβ to βBβ then βAβ shall not deny to provide service βXβ to βBβ on Bβs refusal to give consent for collection of additional personal data which is not necessary for the purpose of providing service βXβ.
Section 7(9)
Where consent given by the Data Principal is the basis of processing of personal data and a question arises in this regard in a proceeding, the Data Fiduciary shall be obliged to prove that a notice was given by the Data Fiduciary to the Data Principal and consent was given by the Data Principal to the Data Fiduciary in accordance with the provisions of this Act.
Explanation
Free Tools
The contents of the website is provided "as is", without warranty of any kind, express or Implied, including but not limited to the warranties of merchantability, Fitness for a particular purpose and noninfringement. In no event shall the Authors or copyright holders or sponsorers be liable for any claim, damages or other Liability, whether in an action of contract, tort or otherwise, arising from, Out of or in connection with the website or the use or other dealings in the website.