Conditions of Valid Consent

Paraphrased legal text

Consent shall be free, specific, informed, unconditional, unambiguous, with a clear affirmative action, and shall signify agreement to the processing of personal data for the specified purpose. The Data Principal has the right to withdraw consent at any time, and withdrawal must be as easy as giving consent.

What this means in plain English

• Free + specific + informed + unconditional + unambiguous.
• A pre-ticked box or a 'continue using' implicit consent is invalid.
• Each purpose needs its own consent — no bundled flags.
• Withdrawal must be as easy as granting. OTP-gated withdrawal flows are the safe path.

Penalty if you get this wrong

Bundled or fraudulent consent invalidates every record built on top of it — and exposes you to the ₹250 crore safeguard band.

How ProtectComply solves it

Consent Management

• Per-purpose granular capture — bundled flags rejected at write time
• OTP-gated withdrawal as a first-class flow
• Returning-principal recognition (cookie + SHA-256 fingerprint)
• Every record carries IP / UA / fingerprint provenance