The Digital Personal Data Protection Act 2023 revolves around the pivotal figure known as the "Data Principal." This legislation places paramount importance on the processing of digital personal data, emphasizing the recognition and preservation of individuals' rights, all while ensuring that data processing serves lawful purposes. In this comprehensive guide, we delve into the rights and duties that define the role of a Data Principal in this modern digital landscape. Before we delve into the rights and responsibilities, it is imperative to understand the various terms of the act.
As per the Act, the term "Data Principal" means:
The individual to whom the personal data relates:
- In case of a child, it includes parents or lawful guardian
- In case of person with disability, includes her lawful guardian, acting on her behalf
Further, the term, person means an individual; a HUF; a company; a firm; an AOP / BOI, whether operated or not; the State; and every artificial juristic person who is not falling within any of the above.
And child means any individual who has not completed the age of 18
Data Fiduciary is the person who alone or in conjunction with other persons determines the purpose and means of processing the personal data.
In this article, we are going to discuss the Rights and Duties of Data Principal
Rights
- Access to Personal Data Summary: Data principal has right to obtain summary of personal data being processed by Data Fiduciary.
- Disclosure of Data Sharing: Data principal has the right to know identities of all other data fiduciaries and data processor with whom the personal data has been shared by Data Fiduciary. However, this right does not apply if the sharing of the data is the requirement of law.
- Data correction and erasure: Data Principal retains the right of correction, completion, updating and erasure of personal data for which previous consent was given. Notably, personal data cannot be erased if its retention is necessary for a specified purpose as mandated by another law.
- Grievance Redressal: Data Principals are entitled to readily available means of grievance redressal and the exercise of their rights under various provisions of the Act.
- Nomination Rights: In the unfortunate event of the Data Principal's death or incapacity, they have the right to nominate a representative.
Duties
- Authenticity: Data Principals are obliged not to impersonate another person while providing the personal data.
- Complete Disclosure: Data Principals should refrain from suppressing any material information while providing personal data, ensuring that all relevant details are accurately presented.
- No false grievances: Data Principals must avoid registering false or frivolous grievances or complaints, upholding the integrity of the grievance resolution process.
- Authentic information: Data Principal must furnish only verifiable authentic information while exercising the right to correction or erasure.
Conclusion
The Digital Personal Data Protection Act 2023 places the Data Principal at the forefront, emphasizing their rights and responsibilities. By understanding and exercising these rights while adhering to their duties, individuals can actively participate in safeguarding their digital personal data in the ever-evolving digital landscape.