What is "Consent" in Data Privacy?

Introduction

When websites, apps, or companies collect your personal data, they usually ask:

“Do you agree?”

That agreement is called consent.

Consent is one of the most important foundations of data protection law. Without valid consent, many types of data processing cannot happen.

1. What Is Consent? (Simple Meaning)

Consent means: A person clearly agrees to allow their personal data to be collected or used for a specific purpose.

But consent must not be:

• Forced

• Hidden in long terms and conditions

• Automatically assumed

• Given without understanding

Consent must be free, informed, specific, and clear.

2. Elements of Valid Consent

Under modern laws like GDPR and the DPDP Act, 2023, consent must be:

🔹 1. Free

The person should not be forced.There should be no pressure or unfair condition.

Example:A company cannot say, “You must agree to data sharing or you cannot use our basic service” unless it is truly necessary.

🔹 2. Informed

The person must know:

• What data is collected

• Why it is collected

• How it will be used

• With whom it will be shared

🔹 3. Specific

Consent must be given for a clear purpose.

General vague consent like “we may use your data for business purposes” is not enough.

🔹 4. Clear and Unambiguous

Consent must be an active action:

• Clicking “I Agree”

• Checking a box

Silence or inactivity is not valid consent.

3. Case Law on Consent

📌 Google Spain v. AEPD (2014)

Facts:A person requested removal of outdated information from Google search results.

Issue:Whether individuals have control over personal information appearing online.

Judgment:The Court recognized that individuals must have control over their personal data.

This case strengthened the importance of consent and individual rights in digital spaces.

📌 Justice K.S. Puttaswamy v. Union of India (2017)

Importance for Consent:The Supreme Court emphasized that:

• Personal autonomy is part of privacy.

• Individuals must have control over their information.

This case became the constitutional foundation for consent-based data protection in India.

📌 Facebook Cambridge Analytica Case (2018)

Facts:User data was collected through a quiz app and used for political profiling without proper informed consent.

Issue:Was the consent truly valid?

Impact:The scandal led to stricter enforcement of privacy regulations worldwide.

It showed that fake or unclear consent is not real consent.

4. Consent Under Indian Law (DPDP Act, 2023)

Under the DPDP Act:

• Consent must be clear and specific

• Users must be informed about data usage

• Consent can be withdrawn anytime

• Companies must stop processing after withdrawal (unless legally required)

This ensures stronger control for individuals.

5. Why Consent Is Important

Consent ensures:

• Transparency

• Trust between users and companies

• Respect for individual rights

• Legal compliance

Without consent, data processing may be unlawful.

6. Real-Life Example

When you install a mobile app:

• It asks permission to access location.

• If you allow it only for using maps, that is valid consent.

• But if the app secretly shares your location with advertisers, that violates consent principles.

Conclusion

Consent is the heart of data protection.

It gives individuals control over their personal information.

However, consent must be:

✔ Free

✔ Informed

✔ Specific

✔ Clear

Landmark cases like Puttaswamy and Google Spain show that privacy laws are built on the principle of meaningful consent.

Understanding consent is essential before moving to advanced topics like lawful processing and data fiduciary obligations.