By Abhinav Parashar, Co-founder and CEO, Digio
We do it half a dozen times a day. You download a new food delivery app, sign up for a quick loan, or book a cab, and a screen pops up blocking your way. Without a second thought, you scroll to the bottom and tap “I Agree.”
It feels like a meaningless digital chore. But in the eyes of the law, every one of those taps is a binding contract. You are handing over the keys to your digital life, often in perpetuity.
Today, India has nearly 750 million smartphone users, and the volume of personal data being circulated every second is staggering. But what exactly happens in the background after you hit that button? And more importantly, as India rolls out its new data protection laws, how is the balance of power finally shifting back to you?
The invisible web of data
Historically, the digital economy operated on a simple, unspoken trade: you get free or highly convenient services, and in exchange, companies get your data.
But what platforms collect is rarely limited to what you type into the sign-up box. When you grant permission, an app might track your location, your device details, how long you linger on a specific screen, and even request access to your SMS inbox or call logs.
On the internet, this tracking is supercharged by something called “cookies”, tiny digital trackers placed in your browser. This is why you can spend ten minutes reading about home loans on one website and suddenly find loan advertisements chasing you across every other app you open for the next two weeks.
Often, this data doesn’t just stay with the app you downloaded. Buried in the complex legal jargon of privacy policy is usually a clause allowing the company to share your information with “third-party affiliates.”
This is exactly why your own data rarely feels like it is in your control. It is the reason your phone buzzes several times a day with promotional calls for personal loans or credit cards you never asked for, from banks you have never interacted with. Once you tap “I Agree,” your phone number and profile can be passed along to marketing agencies, data brokers, or financial institutions in a chain that is nearly impossible to trace.
The broken architecture of consent
For years, the tech industry operated on an architecture of data hoarding. Storage was cheap, and the mindset was to collect as much information as possible just in case it became useful later.
When data breaches inevitably happened, the damage went far beyond a leaked password. Exposed KYC documents, phone numbers, and financial habits lead directly to identity fraud, SIM swapping, and sophisticated scams.
For a long time, the tech industry’s defense was: “Well, the user agreed to the terms and conditions.”
But let’s be brutally honest: expecting the average citizen to read and comprehend a 40-page legal document just to order dinner or check their bank balance is a broken system. Blaming “customer awareness” has become a convenient crutch for an industry that failed to build better, safer infrastructure.
The DPDP Act: Shifting the burden
The good news is that the era of the wild west is ending. With the operationalisation of India’s Digital Personal Data Protection (DPDP) Act, the fundamental rules of the internet are being rewritten.
The new laws introduce a concept called digital dignity. Here is what it means for the average user:
– The end of blanket consent: No, company can ask for access to your entire digital life with one checkbox. They must ask for data specifically tied to a single purpose. If a flashlight app asks for your GPS location, it is now illegal for them to force you to hand it over.
– The right to be forgotten: You finally have a formal mechanism to take your data back. After deleting an app, you have a right to request the company to erase all data from their server and put an end to continuous tracking.
– True accountability: Companies are now legally bound to report data breaches and face massive penalties can up to ₹250 crore for no safeguarding your information.
The future is two-way trust
Trust is the only currency that counts as we enter a new age of artificial intelligence.
The burden of data privacy should never fall on the consumer. You should not need a law degree to protect your identity online. The obligation falls on technology platforms and financial organisations to develop more transparent frameworks – environments where privacy is straightforward, consent is unambiguous, and respect for data sovereignty is the default standard.
So, the next time you are asked to click “I Agree,” know that the landscape behind that button is actively changing. The days of companies taking your data forever are getting over. The future of India’s internet relies on two-way trust, and for the first time, you have the power to demand it.