✓ Link copied
DPDPA 2023 Compliance

Wedding Photos Need Written Consent Under DPDPA Section 6

17 May 2026 · DPDPAReady Editorial · ~5 MIN READ
Applies toWedding Photography operating in India
Primary lawDPDPA 2023 · Section 6
Penalty ceiling₹50 crore per violation
Enforcement statusData Protection Board accepting complaints — May 2026
SourceDPDPAReady Compliance Team

Under DPDPA Section 6, every photograph of a person’s face is personal data. The law contains no exception for “candid” shots, “background” guests, or “action” moments. You cannot post mehendi candids to Instagram, share baraat videos in WhatsApp family groups, or upload reception gallery links to Google Drive without specific, informed, freely given, and revocable consent from every identifiable person in the frame.

One unresolved complaint from a single guest—sent to India’s Data Protection Board—triggers a violation notice. That violation carries liability up to ₹50 crore. More critically, Section 6 permits no “legitimate interest” carve-out. A bride cannot consent on behalf of her baraatis, a wedding planner cannot consent on behalf of hired staff, and a studio cannot assume consent from a booking confirmation. You need written proof, signed or digitally acknowledged, before the shutter clicks.

This template ensures that proof exists—and that it covers every use case Indian wedding photographers face: Instagram Reels, Pinterest boards, Pixieset galleries, physical albums, WhatsApp shares, and Canvera proofs.

  • Photographer’s full identity and business address. Data Protection Board complaints reference the entity processing data. If you operate under a studio name, register that name; if you’re a freelancer, use your legal name and address.

  • Explicit list of uses. Don’t write “use your photos as needed.” Instead: “Instagram/Reels posting, Pinterest boards, physical album design, Pixieset/Google Drive gallery sharing, WhatsApp family group distribution, Canvera proof proofs, wedding website portfolio, print materials (thank-you cards, albums), and future marketing with your likeness.” If you plan to use a guest’s image later, name that use now.

  • Duration of processing. “Photos will be retained for [X] months/years after the wedding, after which they will be deleted unless you request otherwise.” Many Indian photographers store gallery links permanently; that’s lawful only if explicitly consented. Set a retention period or commit to indefinite retention only if the consent form states it.

  • Recipients of data. Name every third party: Pixieset (cloud host), Google Drive (if used for client proofs), the album designer (Canvera, Artifact Uprising, etc.), social media platforms (Instagram, Pinterest), and family members if the bride approves group WhatsApp sharing. Section 6 requires disclosure of who sees the data.

  • Revocation rights. “You may withdraw consent at any time by emailing [photographer email]. Withdrawal applies to future uses only; past posts or printed albums cannot be recalled.”

  • Right to erasure. “You may request deletion of your photos from digital galleries within [X] days of the event. Photos already printed or distributed to family members cannot be deleted from their devices.” This is honest and compliant.

  • Signature or digital acknowledgment. Handwritten signature, email reply saying “I agree,” or checkbox on a digital form (Google Form, Typeform, DocuSign). The consent must be affirmative—silence, assumption, or verbal agreement do not satisfy Section 6.

The Template

Below is a fill-in-the-blank consent form tailored to Indian wedding photography workflows. Copy, customize, and deploy.

CONSENT FOR PHOTOGRAPHY AND USE OF PERSONAL DATA
(Compliant with DPDPA 2023, Section 6)

1. Photographer Details
Name / Studio: ________________________
Address: ________________________
Email: ________________________
Phone: ________________________

2. Event Details
Event Date: ________________________
Event Location: ________________________
Client Name (Bride/Groom): ________________________

3. Consent to Photograph
I, ________________________ (your full name), hereby give my consent to be photographed by the above photographer during this wedding event.

4. Explicit Uses of Your Photos
Your photos will be used for the following purposes (tick all that apply):

  • ☐ Physical wedding album design and printing
  • ☐ Instagram, Reels, and social media posting (tag: @_____________)
  • ☐ Pinterest boards and wedding inspiration sharing
  • ☐ Pixieset / Google Drive gallery link (shared privately with family)
  • ☐ WhatsApp family group distribution by the bride/couple
  • ☐ Canvera/online proof galleries for client review
  • ☐ Photographer’s website portfolio and marketing materials
  • ☐ Print materials (thank-you cards, save-the-dates, calendars)
  • ☐ Wedding planning/vendor recommendations (with your permission)
  • ☐ Other (please specify): ________________________

5. Duration of Storage
Your photos will be stored and processed until ________________________ (date / e.g., “12 months after the wedding” or “indefinitely unless you request deletion”).

6. Who Can See Your Photos
Your photos may be shared with:

  • The couple/client
  • Family members (via WhatsApp, email, or shared gallery)
  • Album designers (Canvera, Artifact Uprising, etc.)
  • Social media platforms (Instagram, Pinterest, Facebook)
  • Cloud storage providers (Pixieset, Google Drive, Dropbox)
  • The photographer’s marketing team
  • Other: ________________________

7. Your Rights

  • You may withdraw consent for future uses by emailing ________________________.
  • You may request deletion of your photos from digital galleries by emailing the photographer within 30 days of the event. Photos already printed or shared with family members cannot be recalled.
  • You may request access to your photos at any time.
  • You have the right to lodge a complaint with India’s Data Protection Board if you believe your rights have been violated.

8. Your Signature / Consent
I have read the above and freely consent to the uses of my photos as marked above. I understand I can withdraw consent at any time for future uses.

________________________ (Signature or electronic approval)
________________________ (Printed Name)
________________________ (Date)
________________________ (Contact Email / Phone)

For guests under 18: Parent/guardian name and signature required.
________________________ (Parent/Guardian Signature)
________________________ (Printed Name & Relation)

How to Deploy This

Before the event (ideal): Send the consent form to the couple 2–3 weeks before the wedding. Request that they circulate it to all guests (baraatis, bridesmaids, close family) and collect signed copies. Explain that photography cannot proceed without signed consent from identifiable people in frames.

Day-of collection: If you haven’t collected consent pre-event, station a team member at each event stage (mehendi, sangeet, haldi, baraat, reception) with printed forms. Ask guests to sign before photographs begin. For spontaneous candids (e.g., dancing baraatis), approach subjects immediately after the photo, show them the image, and ask retroactive consent. Many will comply if you frame it as “I want to make sure you’re okay with this going to Instagram.”

Digital alternative: Use Google Forms, Typeform, or DocuSign to email the consent form. Set responses to mandatory fields (name, email, signature checkbox). Store responses in a spreadsheet or PDF folder labelled “[Wedding Date] - Consents.” A digital reply constitutes valid consent under Section 6.

Storage: Retain signed consent forms (physical or digital) for at least 3 years. If a Data Protection Board complaint lands, you need proof that you asked. File by wedding date and couple name.

If someone refuses: You cannot photograph their face. Legally, you must exclude them from shots or blur their identity. Practically, explain DPDPA compliance; most guests understand. If a VIP refuses (e.g., a celebrity guest), photograph the event but exclude that person from any public-facing gallery or post.

Post-event: Before posting to Instagram, sending Pixieset links, or sharing in WhatsApp groups, verify that consent forms cover those uses. If consent says “album only,” you cannot post to Instagram without new consent.

What Happens Without This Document

Scenario 1: One Guest, One Complaint.
You post 50 mehendi candids to Instagram without consent. A guest’s estranged family member reports the post to the Data Protection Board, claiming image misuse. The Board issues a violation notice under Section 6. You cannot prove consent. Fine: up to ₹50 crore. You also face de-listing pressure from Instagram and potential civil liability claims from the guest.

Scenario 2: Pixieset Gallery Shared Without Consent.
You create a Pixieset gallery for a couple and email the link to 200 wedding guests. Two guests email back saying they did not consent to cloud storage. You claim “family sharing is normal,” but Section 6 requires explicit consent for every third party (Pixieset, in this case). If both file complaints, that’s two violations: ₹50 crore + ₹50 crore = ₹100 crore exposure. Even settling one complaint costs months and reputational damage.

Scenario 3: Canvera Album + Instagram Post.
The bride consents to a physical album (Canvera) but the form does not mention Instagram. You post a frame anyway. A guest objects. Under Section 6, you’ve processed data for an unauthorized use. That’s a distinct violation. Fine: ₹50 crore. Canvera, as a processor, may also face liability if the couple sues them.

One unresolved Data Protection Board complaint = one violation notice = potential liability up to ₹50 crore. Without a signed consent form, you have no legal defense.

FAQ

Can the bride sign a single consent form that covers all her wedding guests?
No. Section 6 requires individual consent from each identifiable person in photos. A bride can consent for her own image; she cannot consent on behalf of her guests, baraatis, or hired staff. You must collect separate signatures from each guest or deploy a pre-event digital form asking guests to self-consent.

What if a guest’s face appears in the background of another guest’s photo—do I need their consent?
If the background guest is identifiable (face visible, clear enough to recognize), yes, you need consent. If they are a blur or silhouette, consent is not required because they are not meaningfully identifiable personal data. Document which photos require consent (e.g., via tags or a database) so you can justify which frames are safe to post.

Can I use a WhatsApp message saying “ok post it” as valid consent?
A WhatsApp text saying “I consent” or “post away” is technically valid because it’s written and affirmative. However, it’s weak evidence: no timestamp, no reference to specific uses, no proof the person who texted owns that number. Use the template form and ask for a reply or DocuSign signature instead. If the Board questions the WhatsApp proof, you’ll lose.

If I collect consent in a Google Form, do I need to print and file it, or is the digital response enough?
The digital response (timestamp, email, checkbox confirmation) is sufficient. Store the Google Sheet or export responses as PDFs and back them up to a secure folder (OneDrive, external drive, etc.). The Board accepts digital records; you do not need physical paper signatures provided the digital submission is clearly linked to the individual and the event date.

Can I update the consent form after the wedding if I think of new uses?
No. New uses require new consent. If you shot mehendi photos with consent only for “physical album,” and later want to post one to Instagram for portfolio purposes, you must email that guest, explain the new use, and ask them to sign an amended consent form. Silence or non-reply means no consent. Proceeding without it is a violation.

What if a guest requests deletion of their photos after the wedding, and I’ve already posted to Instagram?
Section 6 grants a right to erasure. You must delete the image from Instagram, your Pixieset gallery, and your server. You cannot delete it from family members’ phones or printed albums (they own those copies). Inform the guest: “I’ve removed your image from all digital platforms and galleries. Images already distributed to family or printed cannot be recalled.” Document the deletion (date, platform, confirmation) in case the Board asks.

According to DPDPAReady’s compliance team, Indian wedding photographers operating without signed consent forms face the highest complaint rate among all visual data processors—primarily because weddings are inherently social and guests’ expectations about photo sharing are often unspoken. A single unsigned consent gap can trigger multiple complaints if one guest reports and others follow suit, accelerating Board attention.

The template above is deployment-ready. Customize it with your studio details, event types, and third-party recipients. Collect signatures or digital confirmations before, during, or immediately after each event stage. Retain records for 3+ years. And remember: Section 6 permits no exceptions for “candid,” “background,” or “small-scale” photos. Every identifiable face requires explicit consent.

DPDPAReady’s Template Library deploys consent forms, privacy notices, and DPA agreements for wedding photographers and studios in 48 hours — start at dpdpaready.in.

DPDPA consent form wedding photographer India free templateSection 6 consent wedding photographywedding photographer DPDPA compliance Indiavisual personal data consent templatephotography consent form India DPDPA
VERIFIED DPDPAReady Editorial Desk 17 MAY 2026

Not sure if your media workflow is DPDPA-compliant?

DPDPAReady maps your entire workflow against the Act — free, in 48 hours.

Get your free compliance audit →