Use case #0002

Consent withdrawal in real time: what Consent AI stops when a borrower opts out

The DPDP Act does not permit delayed consent withdrawal. When a borrower withdraws consent for a specific processing purpose, that processing must stop — not at the next system update, not at the next business day, but at the moment the withdrawal is recorded. The Consent Management Agent AI propagates a consent withdrawal to every connected system in real time, stops all processing activities that depended on that consent, preserves all processing that continues under a separate legal basis, and generates a timestamped withdrawal confirmation for the borrower and the compliance record.

The withdrawal challenge: what continues and what must stop

Consent withdrawal is technically more complex than consent capture because it requires the system to distinguish between processing activities that are consent-dependent and those that are not. A borrower who withdraws marketing consent still has a live loan — the institution must continue to send them account statements (contractual obligation), collect EMIs (contractual right), and report to CIBIL (regulatory obligation). Only the activities that were running on the withdrawn consent basis must stop. Getting this distinction wrong in either direction creates a problem: stopping too much disrupts the borrower's service; stopping too little violates the DPDP Act.

The Consent Management AI maintains a processing activity register — a list of every data processing activity, its legal basis (consent or legal obligation or legitimate interest), and which consent module it depends on. When a consent withdrawal arrives, the AI cross-references the withdrawal against this register and stops exactly the activities that were running on the withdrawn consent, leaving all others undisturbed. The borrower's loan account continues to function normally in every respect that is not consent-dependent.

"Withdrawing marketing consent should stop marketing. It should not, and must not, affect the borrower's loan account in any way. The Consent AI knows exactly which processing activities depend on which consent module — and stops precisely those."

What stops and what continues: the processing activity matrix

Processing Activity	Legal Basis	Module	On Module 5 withdrawal?	On Module 3 withdrawal?
EMI collection via NACH	Contract (Section 7b)	Mandatory	Continues	Continues
Monthly CIBIL reporting	Legal obligation (Section 7d)	Mandatory	Continues	Continues
Account statements and NOC	Contract (Section 7b)	Mandatory	Continues	Continues
Collections activity (phone, field)	Contract / legitimate interest	Mandatory	Continues	Continues
Grievance redressal	Legal obligation (FPC)	Mandatory	Continues	Continues
Sharing with collections LSP	Contract + consent (Module 3)	Module 3	Continues	Continues under contract — collections are contractual necessity
Sharing with analytics LSP	Consent only (Module 3)	Module 3	Continues	Stops immediately
Sharing with marketing partners (LSP)	Consent only (Module 3)	Module 3	Continues	Stops immediately
Email / WhatsApp marketing messages	Consent only (Module 5)	Module 5	Stops immediately	Continues if Module 5 still granted
Retargeting / digital ad audiences	Consent only (Module 5)	Module 5	Stops immediately · Audience segment deleted	Not affected
Individual-level credit model training	Consent only (Module 6)	Module 6	Not affected	Not affected
Third-party partner marketing contact	Consent only (Module 7)	Module 7	Not affected	Not affected

The real-time withdrawal cascade: what happens in the 4 minutes after a withdrawal

T+0

Immediate — at the moment of withdrawal submission

Consent record updated — module status flipped to withdrawn with timestamp and method

The borrower clicks "Withdraw consent" for Module 5 (marketing communications) in their account settings. The Consent Management AI updates the consent record: module 5 status = Withdrawn, timestamp = Nov 14, 2025 14:32:08, method = Self-service portal, IP address logged. The withdrawal is the authoritative record — every downstream stop action follows from this.

Consent DB updatedConfirmation sent to borrower

T+45s

Within 45 seconds — marketing suppression

Borrower added to global suppression list — all marketing channels stopped

The Consent AI propagates the suppression to every marketing system: the WhatsApp broadcast list (borrower removed), the email campaign platform (borrower suppressed), the SMS gateway (borrower suppressed), and the digital retargeting system (borrower's identifier flagged for audience removal). Any scheduled campaign that was queued to send to this borrower in the next 24 hours is automatically cancelled. The suppression is not a preference — it is a hard stop.

WhatsApp: suppressedEmail: suppressedSMS: suppressedDigital ads: flagged

T+2min

Within 2 minutes — retargeting audience removal

Digital ad audience segments updated — borrower's identifier removed from all marketing audiences

The borrower's hashed email and phone number are removed from every custom audience segment in every ad platform — Meta, Google, programmatic DSPs. This is an audience deletion, not just an opt-out flag. A deleted audience member will not receive ads even if a campaign is actively running. The audience update is propagated via each platform's API. Propagation across ad networks typically completes within 24–48 hours at the platform level — but the institution's obligation is met at the API submission, not at the platform's completion.

Meta audience: deletedGoogle audience: deleted

T+4min

Within 4 minutes — account continuity confirmed

Loan account systems verified as undisturbed — all non-marketing processing confirmed active

After executing all stops, the Consent AI runs a confirmation check: EMI collection scheduled for this borrower's next due date — confirmed active. NACH mandate — confirmed active. CIBIL reporting queue — confirmed active for this borrower's monthly submission. Collections activity flag — confirmed: borrower's DPD status is 0, no collection action relevant, but the collection system access to this borrower's data is confirmed not affected. The withdrawal did not affect any non-marketing processing.

EMI collection: activeCIBIL reporting: activeLoan account: undisturbed

The withdrawal event log: what the system records

Consent Withdrawal Event Log — Ananya Krishnamurthy · Module 5 Withdrawal

Nov 14, 2025 · 14:32:08 · Self-service portal · Application LA-2025-9841

14:32:08○Withdrawal received: Module 5 (Marketing communications) — self-service portal. Borrower: Ananya Krishnamurthy. Session: portal-session-9912. IP: [anonymised]. Withdrawal recorded in consent database.Consent DB

14:32:09✉Withdrawal confirmation sent to borrower: "Your marketing consent has been withdrawn. You will no longer receive promotional messages from us. Your loan account is not affected." Sent via WhatsApp and email.Comms AI

14:32:31⬛WhatsApp broadcast list: Ananya Krishnamurthy removed. 2 scheduled campaign messages (Nov 16 and Nov 22) cancelled for this recipient. Suppression confirmed.WhatsApp gateway

14:32:38⬛Email marketing platform: ananya.krishnamurthy@gmail.com suppressed. Next campaign scheduled Nov 18 — this recipient excluded. Suppression confirmed.Email platform

14:32:44⬛SMS gateway: +91-98XXXXXXXX added to marketing suppression list. Confirmed.SMS gateway

14:33:52⬛Digital ad audiences: hashed identifier submitted for deletion — Meta Custom Audience "NBFC_Home_Loan_Leads" and Google Customer Match "Oct25_HL_Pipeline." API submission confirmed. Platform-level propagation: 24–48 hours.Ad platforms

14:36:04✓Account continuity check complete: EMI collection (next date Dec 5) — active. NACH mandate — active. CIBIL December submission — queue confirmed. Collections access — DPD 0, no active collection, access rights unchanged. Loan account undisturbed by Module 5 withdrawal.Account systems

● Withdrawal recorded 14:32:08 · All marketing channels suppressed by 14:32:44 (36 seconds) · Ad audiences submitted for deletion 14:33:52 · Account continuity confirmed 14:36:04

● Withdrawal log immutable · Audit copy generated · Borrower confirmation sent · DPO dashboard updated

36sAll marketing channels suppressed — from withdrawal submission to final channel suppression confirmation

4 minFull cascade complete — withdrawal recorded, channels stopped, audiences queued, account continuity confirmed

ZeroEffect on loan account — EMI collection, CIBIL reporting, and account statements continue undisturbed

ImmutableWithdrawal event log — timestamped, hashed, and available for DPO inspection on demand

The withdrawal that stops the right things — and only the right things — is the compliance test

A consent withdrawal that stops too much (including the loan account) is a service failure. A consent withdrawal that stops too little (continuing to send marketing while claiming the consent was honoured) is a DPDP violation. The Consent Management AI's processing activity register is the mechanism that makes the distinction precise: every processing activity has a documented legal basis, and the withdrawal cascade stops exactly the activities whose basis was the withdrawn consent module. The borrower who withdraws marketing consent will not receive another marketing message. Their EMI will still be collected on its due date. Their loan will not be affected. And the DPO will have a complete, timestamped record of every system that was stopped and every system that continued — and why.