The "Account Aggregator" Blueprint: What Fintech Taught Us About Privacy

Looking at the Predecessor

While the DPDPA Consent Manager framework is being rolled out in 2026, we don't have to look far for a working prototype. India's Account Aggregator (AA) framework has been live for a few years, facilitating consent-based financial data sharing.

The AA ecosystem is the closest working model we have. It connects Financial Information Providers (FIPs) with Financial Information Users (FIUs) via an intermediary—the Account Aggregator.

Lessons from the AA Ecosystem

1. Trust is UI-Deep

The early adoption of AA showed that "Consent Artefacts"—the digital documents users sign—need to be readable. Complex legal jargon kills conversion. The most successful AAs designed flows that looked like UPI transactions: simple, PIN-based, and fast.

2. Consent Fatigue is Real

Users stop reading after the third screen. If every data request requires a complex 5-step approval flow, users will either drop off or blindly click "Accept All."

Key Insight: Smart companies will design "Consent Artefacts" that are easy to read. They will mimic the best UPI and AA flows, using visual cues (icons for data types) rather than walls of text.

3. Granularity vs. Friction

The AA framework allows for granular consent (e.g., share bank statement but not credit card history). However, too much granularity increases friction. Finding the "Goldilocks zone"—enough control to feel safe, but simple enough to be quick—is the UX challenge of 2026.

Designing for the Future

As we build for the broader DPDPA rollout, we should look at the "Consent Handle" concept from AA (e.g., user@aa). Will we see similar handles for general privacy? The blueprint exists; we just need to adapt it from Fintech to the rest of the internet.