Since users aren’t actively using the mobile app, what methods can you use to get their consent? Are there alternative ways, like a website, email link, or SMS, where users can easily provide their consent?
1 Answers
-
Email-Based Consent
• Consent Request Email:
o Send a clear and concise email with a link to a consent form.
o The email should:
-Explain the purpose of data processing.
-Provide a direct link to the consent form.
-Include instructions on how to withdraw consent.
o Use a double opt-in process where users confirm their consent by clicking a link in the email. -
SMS-Based Consent
• SMS Consent Request:
o Send an SMS with a short message and a link to a consent form.
o The SMS should:
-Clearly state the purpose of data processing.
-Provide a shortened URL or instructions to reply with a specific keyword (e.g., "YES" to consent).
o Ensure the SMS is concise and easy to understand. -
Website-Based Consent
• Dedicated Consent Page:
o Create a dedicated webpage where users can provide consent.
o The page should:
-Clearly explain the purpose of data processing.
-Include an opt-in mechanism (e.g., a checkbox) that requires a clear affirmative action.
o Use pop-ups or banners on your website to direct users to the consent page. -
Offline Methods
• Paper Forms:
o Provide paper-based consent forms for users who prefer offline methods.
o The forms should:
-Clearly explain the purpose of data processing.
-Include a signature field for the user to provide consent.
o Ensure the forms are scanned and stored digitally for record-keeping.
• Call Centers:
o Use call centers to verbally explain the purpose of data processing and obtain consent.
o Ensure the call is recorded (with the user’s consent) and the details are documented. -
Push Notifications (For Occasional Users)
• In-App Notifications:
o For users who occasionally use the app, send a push notification with a link to a consent form.
o The notification should:
-Clearly state the purpose of data processing.
-Provide a direct link to the consent form.
o Ensure the notification is non-intrusive and allows users to easily dismiss it if they are not interested. -
Consent Managers
• Registered Consent Managers:
o Use a Consent Manager (as defined in Section 2(g) of the DPDPA) to facilitate consent collection.
o Consent Managers act as a single point of contact for users to:
-Give, manage, review, and withdraw consent.
-Access a transparent and interoperable platform for consent management.
o Ensure the Consent Manager is registered with the Data Protection Board of India (DPBI) and complies with the obligations under Rule 4 of the DPDP Rules. -
Compliance with DPDPA
• Transparency:
o Ensure all consent requests are clear, transparent, and easy to understand, as required under Section 5(1) of the DPDPA.
• Record Keeping:
o Maintain records of consent (e.g., timestamps, method of consent, and user actions) to demonstrate compliance with the DPDPA.
• Withdrawal of Consent:
o Provide users with an easy mechanism to withdraw consent, as required under Section 6(4). The process should be as simple as giving consent. -
Example Scenarios
• Scenario 1: Email Consent:
o A user who has not used the app in months receives an email with a link to a consent form. They click the link, review the details, and provide consent by ticking a checkbox.
• Scenario 2: SMS Consent:
o A user receives an SMS with a link to a consent form. They click the link and provide consent via a web form.
• Scenario 3: Call Center:
o A user receives a call from a customer service representative who explains the purpose of data processing and obtains verbal consent, which is recorded and documented.