Medianama, a well known website has commented on the Business Requirement Document (BRD) released by MeitY with the following caption.
“MeitY Explains How an Ideal Consent Management System Should Work Under DPDPA”
The perception has been that MeitY has actually released a guideline in extension of the DPDPA Rules on the Consent Management System more particularly for the Consent Managers.
We should however point out that this is a mis conception. The NeGD under MeitY has actually released this document to support a “Code Development Challenge” that it has floated for developing an open source recommendation for Data Fiduciaries.
“Consent Managers” who register themselves with DPB are also data fiduciaries but their requirement goes beyond managing the consent. They are an intermediary with multiple Data Fiduciaries whose services are used by data principals.
Further the BRD is a generic platform which requires to be customized by different data fiduciaries.
It is necessary to clarify the purpose of this document as otherwise there would be a difficulty for Data Fiduciaries who may think this is the final guideline from the Ministry.