Governing Consent in the Age of Digital Public Infrastructure

Consent, Privacy, and Power in the Data Economy

I don’t remember the last time I read a privacy policy. But I’ve clicked “I agree” more times than I can count, just to check the weather, book a cab, or read an article. Somewhere along the way, clicking became consent. And choice became choreography.

We’re told we have control over our data. But most of us know that’s a performance. In practice, consent in the digital world often means accepting terms we don’t understand, under conditions we didn’t set, for outcomes we can’t see. In places like India, where data protection laws are evolving and digital literacy is uneven, the gap between legal consent and informed choice is even wider.

The language of “user choice” assumes a certain kind of user, one with time, literacy, privacy, and power. But many people in the Global South navigate digital systems through shared devices, low connectivity, or limited education. Consent isn’t always active. Sometimes, it’s coerced. Sometimes, it’s inherited : a parent clicking through a form for their child, or a worker using a phone that’s not theirs. And sometimes, it’s simply invisible. You don’t know what you’ve agreed to until something goes wrong.

What makes this more complicated is the rise of Digital Public Infrastructure. Aadhaar, UPI, DigiLocker, CoWIN, all promising efficient service delivery through data. But when data flows without clear guardrails, consent becomes less about autonomy and more about access. Don’t want to link your number? You may not get your subsidy. Don’t want to share your health data? You may not get your vaccine certificate. These aren’t free choices. They’re trade-offs, and often, non-negotiable ones.

There’s also a deeper imbalance at play. In today’s data economy, the people who give up the most data often get the least protection. The same systems that track consumer preferences with precision struggle to prevent data breaches or unauthorized surveillance. Privacy becomes a luxury, something you need the language, resources, and leverage to demand. For most users, especially from marginalised communities, the architecture of platforms is tilted against them.

So what would meaningful consent look like? It would start with simplicity. Interfaces that explain what’s being collected, and why. Systems that allow refusal without penalty. Transparency not just about data use, but about where it travels, who profits, and what rights the user has when something goes wrong. Most importantly, it would require a shift in power, from the collector to the individual. From opt-in by default to opt-out with dignity.

We often think of consent as a checkbox. But real consent is context. It’s language. It’s time. It’s the ability to say no, and still be served. Until that becomes the norm, “terms and conditions” won’t be protection. They’ll be permission.

Note: This piece was written with support from an AI tool, used as part of an iterative writing process. The ideas, structure, and reflections are my own.