by Nayantara Ranganathan
Consent is a tender, fickle thing. Even in the best of circumstances, intentions shift under the pressure of enthusiasm, hesitation, and regret.
In data governance, consent has long appeared as an unresolved problem. What does it mean to agree to something you cannot fully anticipate — the processing, reuse, and repurposing of data that machines and institutions have captured .about you? In India, a publicly funded infrastructure for the data economy took shape well before these questions found legal footing: the construction of a biometric identification database, the linking of this database to mobile phone numbers and bank accounts, and the steady reshaping of regulatory and business practices to enable digital payments and other financial products. The legal foundations for these systems arrived slowly, often as an afterthought.
The build-out of massive digital infrastructures such as Aadhaar proceeded without a statutory basis from 2009 until the passage of the Aadhaar Act in 2016. Even then, the legislation was swiftly challenged in court on multiple grounds. Over these years, a particular logic took hold among the project’s proponents. If large and persistent socioeconomic problems—lack of access to banking, inefficiencies in welfare delivery, and widening inequality—were being recast as technical problems to be solved through digital systems, then consent for the extraction, circulation, and monetisation of data need not remain an intractable moral or legal question. It could, instead, be approached as a technical one.
This reframing drew on a broader exhaustion with consent in digital life. Online, consent is hollow: endless terms and conditions nobody reads, pop-ups engineered for compliance rather than choice, and dark patterns designed to wear users down. The result is hardly empowerment but fatigue. Elsewhere, legal systems are grappling—uneasily—with consent in more intimate domains, such as sexual relations within marriage, raising uncomfortable questions about whether formal status could ever substitute for ongoing agreement. Consent, in short, appears both everywhere and nowhere:invoked constantly and trusted little.
The difficulty, however, runs deeper than cultural fatigue. Research on sexual trauma has established that physiological arousal can occur as a survival response — that the body may produce signals that look, from the outside, indistinguishable from desire under conditions of fear or coercion. Consent, in other words, cannot be reliably read from any single observable indicator, however unambiguous it appears. It is something that lives in the interior of a person’s experience, not in the signal they emit.
Neither the exhaustion nor the epistemic instability diminished consent’s legal importance. Under data protection frameworks, consent is one of the primary bases on which personal data may be processed; it is the basis that most resembles a voluntary transaction, and the one that most neatly transfers responsibility for data use onto the individual who agreed to it. In India, consent was available as a practical basis before a data protection law even existed, which allowed the infrastructure to be built in the legal gap. When legislation arrived, the ecosystem was already speaking its language; consent is the basis that most flatters the idea of individual autonomy and data protection frameworks across jurisdictions tend to treat it favourably for exactly that reason. Building on consent meant building something that would survive legal scrutiny almost anywhere.
Consent technologies
Consent remained philosophically unsettled, and in India, the infrastructure couldn’t wait. A “techno-legal” approach– rhetorically positioned between the ‘rights-heavy’ European model and the laissez-faire American one– proposed to build regulation directly into technical architecture: to resolve through design what law and ethics had failed to settle. The ambition is genuine and the problems it addresses are real. What emerged, however, was a new class of intermediary tasked with making consent not more meaningful, but more manageable.
Financial data is not found — it is made. Every transaction is also a location, a time, a frequency, a pattern — an accumulation of traces that becomes an economic object when an institution decides to treat it as one. Account Aggregators, licensed by the Reserve Bank of India from 2016, are the infrastructure designed to make that object circulate. The framework creates defined roles for everyone involved: the institution holding your data becomes a Financial Information Provider; the institution requesting it becomes a Financial Information User; the Account Aggregator sits between them, holding neither the data nor the money, only the consent. Above all of them, a centralised registry maintained by an industry collective issues and validates the tokens that make the whole system interoperable. Everything passes through permission.
Consent Artefact, 2023, Reserve Bank Information Technology Private Limited, NBFC – Account Aggregator (AA) API Specification Version 2.0.0
Consent, famously susceptible to corruption, is broken down into attributes: purpose, duration, frequency, data type, and validity. What was once a qualitative and tentative judgement is translated into a specification. Industry-led template libraries define acceptable uses in advance, translating open-ended legal principles into bounded technical forms. Consent, in this setting, is no longer primarily something to be interpreted or negotiated. Ambiguity, once central to consent as a legal and ethical concept, becomes something to be minimised through design. In translating consent into parameters, the interface settles moral questions in advance, without ever appearing to ask them.
The promise underpinning this shift is that privacy can be built directly into the infrastructure of the data economy—that consent, once formalised, can unlock efficiencies without sacrificing rights. In this view privacy is no longer a social norm negotiated in context but a feature of system design. Yet as with changing cultural mores—whether it is acceptable to pinch the cheeks of a cute child, for instance—the breadth of experience surrounding an action collapses when it is fixed in advance. What remains is a narrow corridor of permissible behaviour, insulated from interpretation.
This suspicion of interpretation is explicit. Reflecting on the limits of older regulatory approaches, Rahul Matthan, one of the leading architects of the techno-legal model complains that because laws must be expressed in words, “no matter how carefully they are drafted, there is always room for interpretation.” The objectification of consent was the answer. Build the rules into the code and the uncertainty of language disappears.
This architecture of consent management has attracted attention well beyond Indian banking. The AA model is now positioned as a template for what its proponents call Digital Public Infrastructure : reusable, interoperable, consent-governed data-sharing systems that can be deployed across sectors and exported across borders. India has been actively promoting this framework internationally through initiatives like the Data Empowerment and Protection Architecture, or DEPA, which proposes to extend the same consent-manager logic into healthcare, telecommunications, and beyond. The language used — ‘data sharing,’ ‘data exchange,’ ‘digital empowerment’ — carries a particular optimism: that giving individuals programmatic control over their data is a form of redressal of the right to privacy, and beyond that, economic emancipation.
The use cases currently live or in development give a sense of what this ecosystem enables in practice. Sahamati, the industry collective governing the ecosystem, lists fifteen active applications:
| Use case | Who uses it |
| Loan underwriting | Banks, NBFCs — assessing eligibility, especially for first-time borrowers |
| Income verification | Life insurers — pricing policies, reducing fraud |
| Account monitoring | Lenders — watching borrower balances for early signs of default |
| Overdue account tracking | Banks — collections workflows |
| Personal finance management | Apps like Jupiter, INDMoney — aggregating a user’s accounts into one view |
| Wealth advisory | Portfolio managers, brokers — holistic view of client holdings |
| Vendor risk profiling | Lenders — assessing the financial health of business partners |
| KYC and onboarding | Across sectors — replacing penny drops with real-time account verification |
| Welfare scheme monitoring | Government — tracking whether beneficiaries are receiving and using funds |
| Recovery agent monitoring | Banks — ensuring agents have no financial entanglement with customers |
| Insider trading compliance | Merchant banks, fund managers — monitoring employees’ and their relatives’ trading activity |
Summarised from the table Prevalent Use Cases in the Account Aggregator Ecosystem, Sahamati
The range is instructive, but so is the open-endedness. These are not uses that were considered and sanctioned at the outset — they are applications being speculated, piloted, and gradually normalised as the infrastructure matures. The ecosystem generates its own demand: once consent-governed data sharing is technically possible at scale, the question of what it should be used for becomes an ongoing experiment rather than a settled policy question. Welfare scheme monitoring, recovery agent surveillance, the financial tracking of employees’ relatives are not aberrations, they are the frontier.
What makes this expansion possible is the formal element of consent itself. Uses that might once have been questioned on grounds of proportionality or intrusion arrive differently when they are consent-governed. This productive ambiguity of the techno-legal model means that consent does not merely enable data sharing, it continuously expands the boundary of what data sharing is considered acceptable to do.
Consent at scale via the interface
The interface, in the techno-legal model, is doing more than managing user experience. It is creating the conditions for a market. Beneath the consent screen, the toggle, the button, operates a programmable interface — the API — of a different order. It standardises the format of a data request, defines what can be asked and what will be returned, and makes financial information legible and transferable across institutions that would otherwise speak incompatible languages.Through this programmable interface, personal financial data becomes something that can circulate : requested, fetched, verified, acted upon, at scale. The API does not merely enable the data economy. It constitutes it.
The question is what kind of market is being constituted. The answer is visible in the architecture. The AA ecosystem was designed to solve an information problem that financial market services have: how to assess the creditworthiness of a borrower, the risk profile of an insurance applicant, the financial entanglements of an employee. The dominant use cases: loan underwriting, account monitoring, collections, and compliance are risk management tools for businesses. The infrastructure was optimised for the lender’s information problem, not the borrower’s. That it also enables customer self-access is real, but this is not what the system was built around. It is what legitimises it.
Consent, in this context, is less a protection than a precondition. A data market operating without consent would face legal challenge and public resistance. A data market operating with consent — properly captured, artefacted, timestamped, and archived — is legitimate, auditable, and scalable. The techno-legal model engineered consent for exactly this purpose: not to protect the individual from the market, but to make the market viable at the scale of millions of individual transactions. The AA ecosystem is not primarily a privacy infrastructure. It is a market infrastructure that requires privacy compliance in order to function.
What gets called digital empowerment is, from this angle, something more specific: the individual’s integration into a data market on terms the market designed. The programmable interface renders participation in this market a precondition for accessing and exercising civic entitlements.
What gets foreclosed
The API specifications that govern the AA ecosystem are not neutral technical documents. They are consequential interpretations of the legal concept of consent. Developed by industry bodies without public interest inputs, they translate an expansive legal concept into a narrow field of operations: a fixed set of purposes, enumerated data types, five possible states a consent artefact can occupy. The interpretation hasn’t been eliminated. It has been relocated — from courts and legislatures, where it is at least visible and contestable, into standard documents that most people affected by them will never read. What gets formalised in that relocation is something brittle: a version of consent stripped of the ambiguity that made it useful as a legal and ethical concept in the first place. Once consent has been narrowed in this way, the questions a richer account of privacy would have kept open are not so much answered as quietly closed.
What remains, once these questions are foreclosed, is a privacy framework that is internally coherent — well-specified, interoperable, auditable — but significantly thinner than the concept it replaced. The right to privacy, in its fuller articulation, was a claim against power: a limit on what institutions could know about you and do with that knowledge, regardless of whether you had technically agreed. In the AA model, that claim has been replaced by a transaction. You agreed. The system has the artefact to prove it.
There is a choice embedded in using transaction history for loan underwriting that tends to go unexamined because the use case has become so standard. It is not a technical choice but a political one: that financial inclusion is best approached as a risk management problem, to be solved by making inferences about individuals from their data. The alternative — that access to banking is something closer to an entitlement, grounded in a social commitment to dignity and livelihood — would not require your transaction history. It would require a different premise about what the financial system owes you. The data economy did not foreclose that alternative by arguing against it. It foreclosed it by building infrastructure.
In this system, the AA framework offers the bittersweet freedom of a well-specified transaction, but at the cost of a richer vision of privacy and the foreclosure of a fundamental political choice. This is the essence of the mixed feelings: the relief of an efficiency gained, and the ambiguous loss of a right undermined.
About the Author
This issue of Purée Mag was made possible through the support of the Generator Cooperative Art Production, 2025-26.