{"id":43507,"date":"2025-05-16T21:59:15","date_gmt":"2025-05-16T16:29:15","guid":{"rendered":"https:\/\/www.nextias.com\/ca\/?p=43507"},"modified":"2025-05-16T21:59:40","modified_gmt":"2025-05-16T16:29:40","slug":"account-aggregators-blueprint-consent-managers-india-dpdp-act","status":"publish","type":"post","link":"https:\/\/www.nextias.com\/ca\/current-affairs\/16-05-2025\/account-aggregators-blueprint-consent-managers-india-dpdp-act","title":{"rendered":"Account Aggregators: Blueprint for Consent Managers under India\u2019s DPDP Act"},"content":{"rendered":"\n<p><strong>Syllabus: GS3\/ Economy<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Context<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>With the Digital Personal Data Protection (DPDP) Act, 2023 and Draft DPDP Rules, 2025, India aims to expand its consent-based data-sharing system by building on the <strong>Account Aggregator model.<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is an Account Aggregator (AA)?<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Definition:<\/strong> An Account Aggregator is a type of <strong>Non-Banking Financial Company (NBFC-AA) <\/strong>regulated by the <strong>Reserve Bank of India (RBI).<\/strong>\n<ul class=\"wp-block-list\">\n<li>It helps individuals <strong>securely and digitally access and share information<\/strong> from one financial institution to another in a real-time, consent-based, and secure manner.<\/li>\n\n\n\n<li>It acts as an <strong>intermediary<\/strong> between Financial Information Providers (FIPs) and Financial Information Users (FIUs).<\/li>\n\n\n\n<li>The AA does not store or process the data; it simply facilitates the encrypted transfer of data.<\/li>\n\n\n\n<li>The system is based on a <strong>\u2018consent layer\u2019, <\/strong>ensuring user control and privacy.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Working: <\/strong>Users link their bank accounts to an AA.\n<ul class=\"wp-block-list\">\n<li>Gives consent to share data (e.g., bank statement) with a Financial Information User (FIU) like a bank or NBFC.\u00a0<\/li>\n\n\n\n<li>The AA fetches the data from the Financial Information Provider (FIP), like a bank, and shares it securely with the FIU.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Examples of licensed Account Aggregators (AAs):\u00a0<\/strong>\n<ul class=\"wp-block-list\">\n<li><strong>CAMS FinServ: <\/strong>A subsidiary of Computer Age Management Services (CAMS).<\/li>\n\n\n\n<li><strong>PhonePe AA:<\/strong> A subsidiary of PhonePe, leveraging its digital reach.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Key Stakeholders of Account Aggregator<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Financial Information Providers (FIPs): <\/strong>Banks, mutual fund companies, insurance companies, etc.<\/li>\n\n\n\n<li><strong>Financial Information Users (FIUs): <\/strong>Lenders, wealth managers, insurers, etc.<\/li>\n\n\n\n<li><strong>Account Aggregators (AAs):<\/strong> Licensed entities that facilitate data flow between FIPs and FIUs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>The DPDP Act and Consent Managers (CMs)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The Digital Personal Data Protection Act, 2023<\/strong> introduces <strong>Consent Managers (CMs)<\/strong> as intermediaries to facilitate:\n<ul class=\"wp-block-list\">\n<li>Consent collection and withdrawal<\/li>\n\n\n\n<li>Consent lifecycle management<\/li>\n\n\n\n<li>Secure data sharing between<strong> Data Principals<\/strong> (individuals) and <strong>Data Fiduciaries<\/strong> (entities processing personal data).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Draft DPDP Rules, 2025<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The recently released Draft DPDP Rules, 2025 outline the registration process, obligations, and permitted activities of consent managers.<\/li>\n\n\n\n<li>Given the significant structural alignment between the <strong>Account Aggregator (AA) and Consent Manager (CM) frameworks<\/strong>, certain revisions have been proposed to the Draft Rules. They are as;\n<ul class=\"wp-block-list\">\n<li><strong>Mandatory Registration with the Data Protection Board (DPB): <\/strong>Entities seeking to operate as consent managers under the DPDP regime must be mandatorily registered with the DPB.<\/li>\n\n\n\n<li><strong>Enable Sector-Specific Consent Managers: <\/strong>The DPB should allow for the registration of sector-specific consent managers, provided they operate on common, interoperable APIs and technical specifications as prescribed.<\/li>\n\n\n\n<li><strong>Allow Commercial Arrangements with Data Fiduciaries: <\/strong>Consent managers should be allowed to have business deals with data fiduciaries (like banks or companies that use personal data).\u00a0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Significance of a Unified Consent Infrastructure<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Avoids duplication:<\/strong> Aligning AA and CM frameworks reduces regulatory overlap.<\/li>\n\n\n\n<li><strong>Increases efficiency: <\/strong>Leveraging existing AA insights accelerates CM implementation.<\/li>\n\n\n\n<li><strong>Promotes innovation: <\/strong>Encourages startups and established entities to develop secure data services.<\/li>\n\n\n\n<li><strong>Supports Digital Public Infrastructure (DPI):<\/strong> Strengthens India\u2019s ambition for a holistic, interoperable data governance regime.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Concluding remarks<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>India has an unprecedented opportunity to become a global pioneer in citizen-centric data governance.\u00a0<\/li>\n\n\n\n<li>By harmonising the Account Aggregator framework with the emerging Consent Manager regime under the DPDP Act, India can move toward a secure, scalable, and inclusive data economy.<\/li>\n<\/ul>\n\n\n\n<p><strong>Source: <\/strong><a href=\"https:\/\/www.thehindu.com\/business\/account-aggregators-the-blueprint-for-consent-managers-under-indias-dpdp-act\/article69578960.ece#:~:text=While%20consent%20managers%20m\" rel=\"nofollow noopener\" target=\"_blank\"><strong>TH<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<h3><strong>Context<\/strong><\/h3>\n<li class=\"ms-5\">With the Digital Personal Data Protection (DPDP) Act, 2023 and Draft DPDP Rules, 2025, India aims to expand its consent-based data-sharing system by building on the Account Aggregator model.<\/li>\n<p><\/p>\n<h3><strong>Key Stakeholders of Account Aggregator<\/strong><\/h3>\n<li class=\"ms-5\">Financial Information Providers (FIPs): Banks, mutual fund companies, insurance companies, etc.<\/li>\n<li class=\"ms-5\">Financial Information Users (FIUs): Lenders, wealth managers, insurers, etc.<\/li>\n<li class=\"ms-5\">Account Aggregators (AAs): Licensed entities that facilitate data flow between FIPs and FIUs.<\/li>\n<p><a href=\"https:\/\/www.nextias.com\/ca\/current-affairs\/16-05-2025\/account-aggregators-blueprint-consent-managers-india-dpdp-act\" class=\"btn btn-primary btn-sm float-end\">Read\u00a0More<\/a><\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-43507","post","type-post","status-publish","format-standard","hentry","category-current-affairs"],"acf":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/43507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/comments?post=43507"}],"version-history":[{"count":3,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/43507\/revisions"}],"predecessor-version":[{"id":43527,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/43507\/revisions\/43527"}],"wp:attachment":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media?parent=43507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/categories?post=43507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/tags?post=43507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}