Privacy News
Unsecured Database Leak Exposes 184 Million Login Records from Major Tech Platforms Tiffany Confirms South Korea Data Breach After Similar Dior Incident Authorities Expand SK Telecom Data Breach Investigation to KT and LG Uplus Italy Fines AI Chatbot Firm Replika €5 Million for Data Privacy Violation
Consent Manager Consent Manager

DPDPA Users in a New Era: Consent Managers, Not AAs, Will Lead the Way

India’s Account Aggregator (AA) system was created to allow safe and consent-based sharing of financial data within the regulated ecosystem and approved participants. It operates under rules set by the Reserve Bank of India (RBI). Over last , the AA system has grown, linking more than 100+ million accounts, However, many AA businesses face serious problems. They have high costs to operate and find it hard to form partnerships with financial institutions called Financial Information Providers (FIPs). Because of these challenges, some big companies have left the AA business.

For example, PhonePe gave up its AA license in early 2025. Even though it had 50 million users, it could not make enough partnerships to grow. Another company, Subex Limited, left in late 2024 without starting its operations. These exits show that the AA sector has deep issues. It needs better business models, stronger partnerships, and more participation from FIPs to succeed.

Article content

Domain and Market Focus: Account Aggregators vs Consent Managers

Account Aggregators mainly handle financial data sharing. They work only within banks and financial companies, which is a very specific area. In contrast, Consent Managers under the new Digital Personal Data Protection Act (DPDPA) will work across many industries. These include telecom, e-commerce, healthcare, and others. Consent Managers will manage many kinds of consent – from cookies on websites to personal data use during its entire lifecycle. This means Consent Managers have a much bigger market and a wider range of customers. The DPDPA also fixes many gaps from earlier laws. It gives better rights to people by giving them control over their personal data. Because of this, AA companies risk being stuck in their small financial area and old infrastructure. New Consent Managers can grow both in many industries and across countries, without old limits holding them back.

Account Aggregators (AAs), launched to facilitate the secure sharing of financial data in India, started with pricing models that ranged from ₹10 to ₹30 per data pull. However, as the ecosystem expanded and regulatory pressure increased, pricing dropped drastically. While this made data sharing more affordable, it severely impacted the viability of the AA business model. The primary challenge lies in their high operational costs: AAs must interface with legacy banking infrastructure, which is expensive to maintain and integrate. Additionally, recurring costs for API calls, SMS-based OTPs, and long-term consent lifecycle management make each data pull costly and resource-intensive.

On the other hand, Consent Managers under the Digital Personal Data Protection Act (DPDPA) are building their platforms in a new era. Without the baggage of legacy systems, they can adopt modern technology stacks – leveraging open-source tools, blockchain for auditability, and modular architectures. This not only reduces costs but also improves performance, scalability, and innovation.

Technology and User Experience

Account Aggregators were built mainly to share financial data behind the scenes. They are not focused on giving a good user experience for managing consent. They do one main thing well but lack broader consumer-friendly features. New Consent Managers can design platforms that put privacy first and focus on the user’s needs. They can use new technologies like User Managed Access (UMA) and decentralized identity systems for safer and more scalable consent.

Account Aggregators also face problems with data formats. Different banks send data in many different ways, so AAs must build special programs to read each one. For example, ICICI Bank and IndusInd Bank have different statement formats. This makes it costly and hard for AAs to process data smoothly. Also, banks often share only partial data, not full records. This limits the usefulness of the data for customers and businesses.

Furthermore, FIP coverage is uneven. Out of 117 FIPs, nearly half are connected to only one AA, and few FIPs work with most AAs. This weakens the whole AA ecosystem and reduces its effectiveness.

Why Consent Managers have the edge over Account Aggregators in India’s Data Economy?

While AAs were designed to serve as a foundational data-sharing layer in the financial ecosystem, their tightly regulated and centralized design restricts their scalability across industries. The AA framework is effective for high-value, high-risk data like bank statements and credit reports – where control and compliance are paramount. However, extending such a rigid model to non-financial sectors or global use cases is impractical, especially when multinational companies must comply with diverse international privacy regulations.

This is where DPDPA-based Consent Managers show clear advantages. The law mandates that consent must be freely given, specific, informed, and purpose-limited. More importantly, DPDPA enables machine-readable, purpose-bound, and revocable consent, allowing automation of privacy and compliance workflows. It ensures that data without valid consent becomes functionally unusable – even in the event of a breach. This “consent-centric” design is a game-changer in how data will be accessed, processed, and protected.

India’s 800 million digital citizens (data principals) and thousands of organizations classified as significant data fiduciaries will generate trillions of consent transactions over the next decade. Consent Managers hold a strategic position at the heart of this massive, emerging data economy, leveraging their technical expertise to lead the way.

Ecosystem and Regulatory Advantages for Consent Managers

The new DPDPA law applies to all industries. It requires companies to manage consent as part of legal compliance. This means demand for Consent Managers will grow quickly across many sectors. Not just big enterprises, but also startups, small businesses, public sector units, and government organizations must collect and manage consent properly. Account Aggregators depend heavily on a small group of FIPs and Financial Information Users (FIUs). Many of these participants are inactive or only partly involved. New Consent Manager platforms can connect with a much wider network of companies, regulators, and data fiduciaries. They are less dependent on just a few big players.

Regulators also encourage specialized Consent Managers that offer features beyond AA capabilities. These include real-time audit logs, managing data rights across sectors, and portals where consumers can see and control their data. This creates a big opportunity in the privacy operations ecosystem and helps build a formal data-sharing environment.

Market Trends and Customer Needs

Businesses now prefer specialized consent management tools rather than bundled AA services. They want modular software that focuses only on consent. Customers want simple and clear ways to control their personal data across all services they use. Consent Managers, with their dedicated focus, can provide this better. Account Aggregators trying to move into consent management might lose relevance and become less flexible. Meanwhile, new startups without old legacy burdens can innovate fast, partner with cloud providers, and grow quickly.

Article content

DPDPA Consent Managers are poised to lead the next wave of India’s digital transformation. While Account Aggregators played a vital role in establishing the country’s first data-sharing rails, their business constraints, rigid architecture, and high operational costs make them ill-suited to scale in the broader, more dynamic ecosystem envisioned by the Digital Personal Data Protection Act (DPDPA). The consent economy under DPDPA is vast, legally mandated, and demands agile, user-friendly, and interoperable platforms – something only new-age, specialized Consent Management Platforms (CMPs) can deliver.

Startups building smart, modular, and privacy-first consent infrastructures from the ground up are uniquely positioned to meet this demand. They can iterate faster, price more competitively, and scale more sustainably – unburdened by legacy systems and outdated processes.

Consent is no longer just a checkbox, it’s becoming the building block of India’s emerging formal data economy. Over time, Consent Managers will evolve into custodians of digital trust, managing how data flows, is accessed, and shared across sectors.

Think of it like the shift from landlines to smartphone AAs helped set up the connection, but CMPs will deliver the smart, secure, and scalable experiences the future demands. The real growth lies ahead – and it belongs to those who build for tomorrow.

Welcome to the gold standard of data privacy and data utility in making — from India to the world!