Consent of the Data Principal means any freely given, specific, informed and unambiguous indication of the Data Principal's wishes by which the Data Principal, by a clear affirmative action, signifies agreement to the processing of her personal data for the specified purpose.
Subsection Definitions 📓
For the purpose of this sub-section, “specified purpose” means the purpose mentioned in the notice given by the Data Fiduciary to the Data Principal in accordance with the provisions of this Act.
Any part of consent referred in sub-section (1) which constitutes an infringement of provisions of this Act shall be invalid to the extent of such infringement.
‘A’ enters into a contract with ‘B’ to provide a service ‘X’ to ‘B’. As part of the contract, ‘B’ consents to: (a) processing of her personal data by ‘A’, and (b) waive her right to file a complaint with the Board under the provisions of this Act. Part (b) of the consent by which ‘B’ has agreed to waive her right shall be considered invalid.
(3) Every request for consent under the provisions of this Act shall be presented to the Data Principal in a clear and plain language, along with the contact details of a Data Protection Officer, where applicable, or of any other person authorised by the Data Fiduciary to respond to any communication from the Data Principal for the purpose of exercise of her rights under the provisions of this Act. The Data Fiduciary shall give to the Data Principal the option to access such request for consent in English or any language specified in the Eighth Schedule to the Constitution of India.
(4) Where consent given by the Data Principal is the basis of processing of personal data, the Data Principal shall have the right to withdraw her consent at any time. The consequences of such withdrawal shall be borne by such Data Principal. The withdrawal of consent shall not affect the lawfulness of processing of the personal data based on consent before its withdrawal. The ease of such withdrawal shall be comparable to the ease with which consent may be given.
‘A’ enters into a contract with ‘B’ to provide a service ‘X’ to ‘B’. As part of the contract, ‘B’ consents to processing of her personal data by ‘A’. If ‘B’ withdraws her consent to processing of her personal data, ‘A’ may stop offering the service ‘X’ to ‘B’.
(5) If a Data Principal withdraws her consent to the processing of personal data under sub-section (4), the Data Fiduciary shall, within a reasonable time, cease and cause its Data Processors to cease processing of the personal data of such Data Principal unless such processing without the Data Principal’s consent is required or authorised under the provisions of this Act or any other law.
‘A’ subscribes to an e-mail and SMS-based sales notification service operated by ‘B’. As part of the subscription contract, ‘A’ shares her personal data including mobile number and e-mail ID with ‘B’ which shares it further with ‘C’, a Data Processor for the purpose of sending alerts to ‘A’ via e-mail and SMS. If ‘A’ withdraws her consent to processing of her personal data, ‘B’ shall stop and cause ‘C’ to stop processing the personal data of ‘A’.
The Data Principal may give, manage, review or withdraw her consent to the Data Fiduciary through a Consent Manager.
Subsection Definitions 📓
For the purpose of this section, a "Consent Manager" is a Data Fiduciary which enables a Data Principal to give, manage, review and withdraw her consent through an accessible, transparent and interoperable platform.
The Consent Manager specified in this section shall be an entity that is accountable to the Data Principal and acts on behalf of the Data Principal. Every Consent Manager shall be registered with the Board in such manner and subject to such technical, operational, financial and other conditions as may be prescribed.
The performance of any contract already concluded between a Data Fiduciary and a Data Principal shall not be made conditional on the consent to the processing of any personal data not necessary for that purpose.
If ‘A’ enters into a contract with ‘B’ to provide a service ‘X’ to ‘B’ then ‘A’ shall not deny to provide service ‘X’ to ‘B’ on B’s refusal to give consent for collection of additional personal data which is not necessary for the purpose of providing service ‘X’.
Where consent given by the Data Principal is the basis of processing of personal data and a question arises in this regard in a proceeding, the Data Fiduciary shall be obliged to prove that a notice was given by the Data Fiduciary to the Data Principal and consent was given by the Data Principal to the Data Fiduciary in accordance with the provisions of this Act.
The contents of the website is provided "as is", without warranty of any kind, express or Implied, including but not limited to the warranties of merchantability, Fitness for a particular purpose and noninfringement. In no event shall the Authors or copyright holders or sponsorers be liable for any claim, damages or other Liability, whether in an action of contract, tort or otherwise, arising from, Out of or in connection with the website or the use or other dealings in the website.