Part I: Definitions and Key Concepts
Part II: Important provisions part 1
This is the third part of the series.
Significant Data Fiduciary (SDF)
Some apps or websites may be called “Significant Data Fiduciary.” Currently, we don’t know which websites or apps, if any, will be on the list.
A SDF will have to take additional steps for protection of data. This includes:
A. Appointment of an India based Data Protection Officer
B. Appointment of an independent Data Auditor who will conduct periodic data audits.
Right to Nominate; Right to Correct and Erase personal data
Every user can ask the app to correct their data, if they have the wrong data, or to completely erase it.
Every user can also nominate someone to take decisions about their data if they themselves cannot take such decisions.
Civil Offences
If there is a complaint against an app, the investigation will be done by the Data Protection Board. The Board can fine the app. But there is no provision of remuneration to the affected user.
All cases under this Act will be Civil Cases. No criminal liability will be placed on the app if the data is misused, breached, or anything else done that is against this Act.
If a user or app is not happy with the decision of the Data Protection Board, they can file an appeal in the High Court.
The Board can also review and change its own orders, so long as the reviewing panel is bigger than the panel that took the original decision.
Which Act rules?
If there is a conflict between this Act and any other Act currently in force in India, the provions of this Act will apply.
Fines
And finally, we understand the fines under the Act. These fines can be increased later by the Parliament, but not more than twice the amounts mentioned in this table.
If a user puts a complaint that is found to be not right, the maximum fine that can be imposed on that user is 10,000. (S No. 5 in the table above).
The other fines apply to companies that hold user data.
What are rules?
Rules are made to implement a law. The rules relating to this Act will be announced later.
You can read the full text of the Act here.
Additional Reading
The Data Security Council of India has released a summary of the Act.
2 Replies to “Part III: India’s Data Protection Act, 2023”
Comments are closed.