Consent that is given freely without coercion, bundling with unrelated services, or detriment for refusal.
Under DPDPA Section 6, consent must be "free" — meaning the Data Principal must have a genuine choice. Consent is not voluntary if: it is bundled with access to a service (consent or lose access), there is a power imbalance making refusal impractical (employer-employee), or refusal results in detriment beyond the natural consequence of non-processing. The Data Fiduciary must not make service provision conditional on consent for processing that is not necessary for that service.
If your app shows "Accept all cookies or leave" with no granular options, consent is not voluntary. If you block service access until users consent to analytics and marketing alongside core functionality, the entire consent may be invalid.
A Delhi food delivery app requires consent for location tracking (necessary for delivery) and marketing notifications (unnecessary). Making the app unusable without marketing consent renders the marketing consent involuntary. The app must allow delivery without marketing opt-in.
Offering a "free" tier that requires broad consent while a "paid" tier offers privacy is potentially coercive. The Board may view this as punishing privacy-conscious users, making the "free" tier consent involuntary.
DPDPA Shield automates Consent Management. See how →