Situations where consent is legally presumed to exist based on the Data Principal's voluntary provision of data.
Deemed consent under DPDPA arises in specific situations where consent is legally presumed without requiring an explicit opt-in. This primarily applies when the Data Principal voluntarily provides their data to the Data Fiduciary for a specified purpose and has not withdrawn consent. Section 7 legitimate uses can also be viewed as deemed consent situations. The concept recognizes that certain processing activities are so naturally expected that explicit consent would be impractical or redundant.
Deemed consent reduces friction for genuinely expected processing (like using an email address someone voluntarily provides for correspondence). However, it is narrow and cannot be stretched to cover marketing, analytics, or secondary purposes without explicit consent.
A customer voluntarily provides their email address to receive order confirmation from a Jaipur e-commerce store. Consent to send order confirmations to that email is deemed — no separate consent banner is needed for transactional emails. But marketing emails to the same address require explicit opt-in consent.
Deemed consent does NOT mean "implied consent" for any purpose you want. It only covers the specific, obvious purpose for which data was voluntarily provided. Any additional processing requires explicit consent.
DPDPA Shield automates Consent Management. See how →