If the DPDPA and the GDPR pursue the same goal of protecting personal data, why do they rely on fundamentally different assumptions about consent?
Unlike the GDPR, the DPDPA does not provide a broad menu of lawful bases, such as legitimate interests or contractual necessity, as independent grounds. Instead, consent is the default, and non-consensual processing is the exception.