Chapter 1 - Preliminary
Chapter 2 - Obligations of Data Fiduciary
Chapter 3 - Right and Duties of Data Principal
Chapter 4 - Special Provisions
Chapter 5 - Data Protection Board of India
Chapter 6 - Powers, Function and Procedure To Be Followed By Board
Chapter 7 - Appeal And Alternate Dispute Resolution
Chapter 8 - Penalties And Adjudication
Chapter 9 - Miscellaneous
Schedule
Rule 1
Rule 2
Rule 3
Rule 4
Rule 5
Rule 6
Rule 7
Rule 8
Rule 9
Rule 10
Rule 11
Rule 12
Rule 13
Rule 14
Rule 15
Rule 16
Rule 17
Rule 18
Rule 19
Rule 20
Rule 21
Rule 22
Conditions For Registration of Consent Manager
Schedule Second
Schedule Third
Schedule Fourth
Schedule Fifth
Schedule Sixth
Schedule Seventh
Manager 1. The Consent Manager shall enable the data principal using its platform to give consent to the processing of his or her personal data by a data trustee on board such platform, either directly to such data trustee or through another data trustee on board such platform To a third party who retains such personal data with the consent of the data owner
Example
Individuals are enabled to give, manage, review and withdraw their consent for the processing of their personal data through P, a platform maintained by a consent manager. X, an individual, is a registered user on P. B1 and B2 are banks onboarded on P.
Case 1: B1 sends a request to X at P for consent to process the personal data contained in his bank account statement. X maintains the bank account statement as a digital record in his digital locker. X uses P to give his consent directly to B1, and provides B1 access to his bank account statement.
Case 2: B1 sends a request to X at P for consent to process the personal data contained in his bank account statement. X maintains his bank account with B2. X uses P to send his consent to B1 through B2, while also digitally instructing B2 to send his bank account details to B1. B2 proceeds to send the bank account details to B1. 2. The consent manager shall ensure that the manner in which personal data is made available or shared is such that its content cannot be read by him.
Case 3. The consent manager shall maintain a record of the following on its platform, namely:
Case 4: The consent manager shall—
Case 5: The Consent Manager shall develop and maintain a website or app, or both, as the primary means through which the Data Principal can access the Services provided by the Consent Manager.
Case 6: The Consent Manager shall not sub-contract or assign the performance of any of its obligations under the Act and these Terms.
Case 7: The Consent Manager shall take appropriate security measures to prevent personal data breaches.
Case 8: The Consent Manager shall act in a fiduciary capacity with respect to the Data Principal.
Case 9: The Consent Manager shall avoid conflicts of interest with the Data Trustees, including with respect to their promoters and key managerial personnel.
Case 10: The Concession Manager shall have measures in place to ensure that no conflict of interest arises by reason of its Directors, Key Management Personnel and Senior Management holding directorships, financial interests, employment or beneficial ownership in, or having a material financial relationship with, the Data Trust.
Case 11: The Concession Manager shall publish on its website or App or both, as the case may be, information about the following in an easily accessible manner
Case 12: The Concession Manager shall have effective audit mechanisms to review, monitor, evaluate and report to the Board the results of such audits from time to time and on such other occasions as the Board may direct, with respect to-
Case 13: The control of the company registered as co-manager shall not be transferred by way of sale, merger or otherwise, except with the prior approval of the Board and subject to the fulfilment of such conditions as the Board may specify in this regard. Note: In this Schedule,—