Skip to main content

Q6 - Can a Data Principal sue a Consent Manager directly if it mishandles their consents?

Yes. A Data Principal can:

  • File a complaint directly with the Consent Manager through its grievance mechanism.
  • If not satisfied, escalate the complaint to the Data Protection Board, which can investigate and impose penalties.
  • In addition, if harm is suffered (e.g., data misuse leading to financial fraud), the Data Principal may also seek remedies under other applicable Indian laws, such as the IT Act or consumer protection laws.
Example

If Govind withdraws consent to share his phone number with advertisers through a Consent Manager, but continues to receive spam calls because the Consent Manager failed to notify the advertiser, Govind can file a complaint.

If unresolved, he can escalate the matter to the Board, which may penalize the Consent Manager.