As more people start sharing more of their personal information online, strong data protection has become a necessity. The Digital Personal Data Protection Act (DPDPA) of 2023 has been laid out to set out clear rules for safeguarding the personal data of the citizens of the country.
Under the DPDP rules, the privacy law of India, one of the important responsibilities of the organisation is to receive the consent of the individuals before the collection of their data. This is particularly challenging because the amount of data is ever-increasing.
There are various types of consent that have been designed to cater to different situations and levels of data usage. These consent types help in ensuring clear communication across data principals and handling data, as well as highlighting the significance of privacy and transparency.
In this blog, we will explore all 9 types of consent and how important they are for protecting personal data.
Also Read : The DPDP Compliance Checklist (2025): Step-by-Step Guide for Indian Businesses
Explicit Consent
Informed Consent
Granular Consent
Ongoing Consent
General Consent
Conditional Consent
- Marketing communications
- Profiling and personalisation
- Cross border data transfer
- Research studies
- Data sharing with third parties
Implied Consent
Revocable Consent
Presumed Consent
Explicit consent, also known as active or express consent which ensures that individuals must indisputably and clearly agree upon the data that is being used and collected.
This type of consent is required for important and sensitive data such as ethnic background, health records, political beliefs, and religious sentiments. For example, for an online health platform asks users to opt in and share medical records for personalising their health advice.
The DPDP rules ensure that the consent is informed. This implies that there should be a full understanding on the individual’s part of how their data is being used, the rights and risks involved in the same.
Among the 9 types of consent, this consent is about giving individuals control over the specific parts of their data and choices for processing the same. It allows individuals to decide upon the type of data they are comfortable sharing.
For example, for enterprises sending updates for various services, it should let its subscribers choose the services they wish to receive information about.
Dynamic consent, also called ongoing consent, is really crucial for long-term relationships where processing of data happens over time. It is an acknowledgement that circumstances and preferences of people change, so it regularly renews and seeks consent. These types of consent keep the person informed about the processing of their data activities, allowing them to update their consent choices.
For example, in case new information comes up or something changes during the research, the company must inform its participants and seek their consent on whether they still want to be a part of the study.
These types of consent ensure continuous communication between data handlers and individuals, making it easy to align and adjust the ever-changing privacy preferences.
Also Read : Top 5 Consent Management Platforms in India 2025
This is different from granular consent, where general consent provides the companies with broad permission for various data processing activities without going into the details about the exact condition or purpose. These types of consent are always seen around online service agreements, where users agree to the processing, storage, and collection of their personal data required for the service.
With this type of consent, individuals can limit how their data is used. They can agree to the processing of their data under specific conditions and only for specified purposes.
For example, participants of a survey might agree to give consent to their responses being used for research purposes, but they might not agree to third-party sharing. Some of the common practices that would need conditional consent are:
In this type of consent, it means that the user has agreed to the consent unless they explicitly mention otherwise.
A very common example can be the cookie policy. When users are still browsing the website despite seeing the privacy notice or cookie banner, the continued use is often seen as an implied consent for the website to access cookies on the user’s device.
This type of consent is often used when the data controller believes that people would usually agree to the processing of the data or when the data processing is required for an important service or contract. However, transparent, clear information must be provided for revocation of the data, along with the purpose for which the data was collected.
Withdrawal consent or revokable consent lets people withdraw or revoke the consent they previously gave for the collection of their personal data. It works on the concept that people should have the right to control and change their minds about their data whenever they want.
Also Read : Penalties Under DPDP: Fines, Breach Scenarios, and How to Reduce
Presumed consent means that consent taken is based on the societal norms, laws, and specific context. It implies that the person agrees to the processing of certain data unless they have explicitly decided to opt out. This is used when there are legal reasons attached to processing data or when there’s a strong public interest. The DPDP rules talk about a similar concept described as ‘deemed consent’ from the 2022 draft.
How to Manage Different Types of Consent
Consent management is an important aspect of data privacy. However, with so many types of consent present, it’s not always a straightforward route to navigate this maze. Consent management under the DPDP Rules is not just a compliance obligation, but it's more of a trust-building activity.
The enterprises that will adopt these frameworks faster will have an edge in global competitiveness. Privacy is no longer a necessity; it has become a competitive edge both domestically and internationally. Privy by IDfy exactly helps you solve this and get ahead of the curve.
Get in touch with us at shivani@idfy.com so that we can help you streamline your DPDP compliance journey.