DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

Glossary

Privacy & consent glossary

Plain-English definitions of the consent and data-protection terms you actually need.

In short
This glossary defines the consent and data-privacy terms behind ConsentX, from DPDPA roles like Data Fiduciary and Consent Manager to signals like Google Consent Mode v2 and GPC, and evidence concepts like the consent receipt. Each entry is written to answer the question directly.

Consent

Consent Management Platform · CMP

A consent management platform (CMP) is software that collects, stores and enforces a user's choices about cookies and personal-data processing, and proves those choices to regulators.

Cookie Consent

Cookie consent is the user's permission to set non-essential cookies and trackers, which most privacy laws require you to obtain before those cookies load.

Prior Consent (Prior Blocking)

Prior consent means non-essential trackers must stay inert until the user agrees, and prior blocking is the technical enforcement that keeps them from firing on the first page view.

India / DPDPA

Digital Personal Data Protection Act · DPDPA

The DPDPA (DPDP Act 2023) is India's national data-protection law, requiring clear notice and free, specific, informed consent before processing personal data, with the DPDP Rules notified on 13 November 2025.

Data Fiduciary

Under India's DPDPA, a Data Fiduciary is the entity that decides why and how personal data is processed, equivalent to a 'controller' under the GDPR.

Data Principal

Under India's DPDPA, a Data Principal is the individual whose personal data is being processed, equivalent to a 'data subject' under the GDPR.

Consent Manager (DPDPA)

Under India's DPDPA, a Consent Manager is a registered, interoperable platform through which a Data Principal can give, manage, review and withdraw consent across Data Fiduciaries.

Data Protection Board of India · DPB

The Data Protection Board of India is the body that enforces the DPDPA, investigates breaches and consent complaints, and imposes penalties of up to ₹250 crore per instance.

Global laws

General Data Protection Regulation · GDPR

The GDPR is the European Union's data-protection law, requiring a lawful basis (often consent) to process personal data, with fines up to €20 million or 4% of global turnover.

California Consumer Privacy Act · CCPA / CPRA

The CCPA, expanded by the CPRA, is California's privacy law giving consumers the right to opt out of the sale or sharing of their personal data and to access and delete it.

Signals & standards

Google Consent Mode v2

Google Consent Mode v2 is Google's framework for passing a user's consent choices to Google tags, which adjust their behaviour and (when consent is denied) use privacy-safe modelling instead.

Global Privacy Control · GPC

Global Privacy Control (GPC) is a browser signal that tells websites a user wants to opt out of the sale or sharing of their personal data, and several US state laws treat it as a legally binding opt-out.

IAB Transparency & Consent Framework · TCF

The IAB TCF is an ad-industry standard that captures and transmits user consent for advertising purposes and vendors in a structured 'TC string' across the programmatic supply chain.

Rights & evidence

Data Subject Access Request · DSAR

A DSAR is a request by an individual to access, correct, delete or port the personal data an organisation holds about them, which must be answered within a statutory deadline.

Consent Receipt

A consent receipt is a tamper-evident, time-stamped record of exactly what a user agreed to, including the purposes, the policy version and a verifiable hash, used as proof of valid consent.

Legitimate Interest

Legitimate interest is a lawful basis under the GDPR for processing personal data without consent when the organisation's interest is not overridden by the individual's rights, established through a balancing test.