New Delhi, Feb. 25 -- When India's Digital Personal Data Protection Act (DPDP Act) was enacted in 2023, it was the first data protection law to reference an entity called the 'Consent Manager.' However, since the Act said very little about what this consent manager was supposed to do, speculation within the private sector was rife.

Most assumed this meant managers who would map the consent provided by a data principal (the individual to whom the personal data relates) with the ways in which that data could be used.

With onerous laws like Europe's General Data Protection Regulation in force, entities around the world have sprung up to help data fiduciaries (entities that determine the purpose and means of personal data processing) manage...