Unambiguous consent given through a clear affirmative action specifically for the stated processing purpose.
Explicit consent under DPDPA requires a clear affirmative action from the Data Principal — they must actively opt in, not merely fail to opt out. Pre-ticked checkboxes, silence, or continued browsing do not constitute explicit consent. The consent must be specific to each processing purpose, informed by a clear notice, and documented with immutable proof. For special category data and children's data, heightened explicitness requirements apply with additional verification steps.
Every consent record in your system must demonstrate an explicit affirmative action. If audited, you must prove each user actively consented to each specific purpose — not that they failed to uncheck a default or scrolled past a banner.
A Pune health-tech app implements explicit consent correctly: separate toggle for each purpose (medical record storage, sharing with doctors, research use), each toggle defaults to OFF, a clear notice is shown before each toggle, and a SHA-256 proof hash is stored when the user clicks "Save Preferences."
Scrolling past a consent banner, not unchecking a pre-ticked box, or "by using this service you agree" language does NOT constitute explicit consent under DPDPA. An affirmative action (click, toggle, signature) is required.
DPDPA Shield automates Consent Management. See how →