Q1 - Who oversees Consent Managers - is it only the Data Protection Board, or also the government?

Consent Managers are registered and regulated by the Data Protection Board of India. The Board checks whether they meet technical, financial, and organizational requirements before granting registration (Schedule I).

The Central Government, through the Rules, sets the overall framework, but day-to-day oversight — audits, inspections, and inquiries — lies with the Board.

Example

If ABC Consent Services Pvt. Ltd. is registered as a Consent Manager and a complaint arises that it is favoring certain banks in displaying consent options, the Data Protection Board can investigate, audit, and if needed, suspend its registration.