RIGHTS AND REMEDIES FOR INDIVIDUALS RELATING TO THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023

 

 RIGHTS AND REMEDIES FOR INDIVIDUALS RELATING TO THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 

                        

                                                                                                  By- RAJAN  GUPTA

 

“rights and duties are two wheels on which the chariot of life moves forward smoothly”

The Digital Personal Data Protection Act, of 2023 emerged as a historic milestone in the realm of digital rights after it was passed by the Lower House of Parliament (the Lok Sabha) and the Upper House of Parliament (the Rajya Sabha) followed by the Presidential assent making it a law of the land. With privacy at its core, this landmark legislation would empower individuals, redefine business practices, and usher in a new era of responsible data handling.

The act regulates the governance of personal data collected by organisations and aims at protecting the individual's privacy by empowering them with rights over how their data is processed. 

 

                                              Table of Content

 

1. INTRODUCTION………………………………………….    2
2. RIGHTS OF DATA PRINCIPAL………………………...    2 – 4
3. DUTIES OF DATA PRINCIPAL…………………………    5 
4. CONCLUSION…………………………………………….    6

 

 

                              

                                      INTRODUCTION

 

Rights are rules of interaction between people. They place constraints and obligations upon the actions of the state and individuals or groups. Rights are defined as claims of an individual that are essential for the development of his or her self and are recognized by society or state.

But rights have real meaning only if individuals perform duties. A duty is something that someone is expected or required to do. Life can become smoother if rights and duties go hand in hand and become complementary to each other.

Section 11 to 15, (Chapter III) of THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023 (No. 220 of 2023) contains provisions related to the Rights And Duties Of the Data Principal. 

 

RIGHTS OF DATA PRINCIPAL:

An individual whose data is being processed shall have certain rights as per Sections 11 to 14 which are-

• Section 11: Right to access information about personal data

1.  The Data principal shall have the right to obtain from the Data Fiduciary to whom she has previously given consent, including consent as referred to in clause (a) of Section 7 (hereinafter referred to as the said data Fiduciary), for processing of personal data, upon making to it a request in such a manner as may be prescribed-

1. A summary of personal data that is being processed by such Data Fiduciary and the processing activities undertaken by that Data Fiduciary concerning such personal data;
2. The identities of all other Data Fiduciaries and Data Processors with whom the personal data has been shared by such Data Fiduciary, along with a description of the personal data so shared; and
3. Any other information related to the personal data of such Data Personal and its processing, as may be prescribed.

2.  Nothing contained in clause (b) or clause (c) of sub-section (1) shall apply in respect of the sharing of any personal data by the said Data Fiduciary with any other Data Fiduciary authorised by law to obtain such personal data, where such sharing is according to a request made in writing by such other Data Fiduciary for prevention or detection or investigation of offences or cyber incidents, or prosecution or punishment of offences.

     

• Section 12: Right to correction and erasure of personal data

1. A Data Principal shall have the right to correction, completion, updating and erasure of her personal data for the processing of which she has previously given consent, including consent as referred to in clause (a) of Section 7, in accordance with any requirement or procedure under any law for the time being in force. 
2. A Data Fiduciary shall, upon receiving a request for correction, completion or updating from a Data Principal,- 

1.  correct the inaccurate or misleading personal data 
2. complete the incomplete personal data; and 
3.  update the personal data.

3. The Data Principal shall make a request in such manner as may be prescribed to the Data Fiduciary for the erasure of her personal data, and upon receipt of such a request, the Data Fiduciary shall erase her personal data unless retention of the same is necessary for the specified purpose or for compliance with any law for the time being in force.

 

 

• Section 13: Right of grievance redressal 

1. A data Principal shall have the right to have readily available means of grievance redressal provided by a Data Fiduciary or Consent Manager in respect of any act or omission of such data fiduciary or consent manager regarding the performance of its obligations in relation to the personal data of such Data Principal or the exercise of her rights under the provisions of this Act and the Rules made thereunder.
2. The Fiduciary or Consent Manager shall respond to any grievances referred to in sub-section (1) within such period as may be prescribed from the date of its receipt for all or any class of Data Fiduciaries. 
3. The Data Principal shall exhaust the opportunity of redressing her grievance under this section before approaching the Board. 

 

• Section 14: Right to nominate

1. A Data Principal shall have the Right to Nominate, in such manner as may be prescribed, any other individual, who shall, in the event of death or incapacity of the Data Principal, exercise the Rights of Data Principal in accordance with the provisions of this Act and the rules made thereunder.

For the purposes of this section, the expression ‘incapacity’ means the inability to exercise the Rights of the Data Principal under the provisions of this Act or the rules made thereunder due to unsoundness of mind or infirmity of body. 

 

DUTIES OF DATA PRINCIPAL:

 

Further, as per Section 15, a Data Principal shall perform the following duties, namely:-

1. Comply with the provisions of all applicable laws for the time being in force while exercising rights under the provisions of this Act;
2. To ensure not to impersonate another person while providing her data for a specified purpose;
3. To ensure not to suppress any material information while providing her data for any document, unique identifier, proof of identity or proof of address issued by the state or any of its instrumentalities;
4. To ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary or the Board; and
5. To furnish only such information as is verifiably authentic, while exercising the right to correction or erasure under the provisions of this act or the rules made thereunder.

 

                                             CONCLUSION

Rights are what we want others to do for us whereas the duties are those acts which we should perform for others. Without right there is no duty and vice-versa. they are dependent on each other in some way or another.