Every privacy law promises control; India's is building the control panel. The six consent-manager licences issued this week create something no other jurisdiction runs at scale: one dashboard where you see, grant and withdraw every data permission across every company that holds anything on you.

The mechanics: consent managers sit as licensed intermediaries — a payments major, two account-aggregator veterans, three startups — interoperating with data fiduciaries through standard APIs. Withdraw consent for one insurer's marketing at 11 pm; the fiduciary's clock starts then, not when its support queue wakes.

The precedent is the account-aggregator framework: same architecture in finance went from licence to two hundred million linked accounts in five years. The caution is the same story — that adoption ran on regulatory mandate, and DPDP stops short of mandating integration. Convenience will have to do the compelling.

The strategic layer: like UPI before it, the stack is exportable — and the central banks already studying India's rails are watching this module too.

Interoperability testing with large platforms begins next month. Your permissions are about to become visible. Whether that changes behaviour — yours or theirs — is the experiment. Follow it on our tech desk.