Code: Section 13 DPDP
(1) A Data Principal shall have the right to have readily available means of grievance
redressal provided by a Data Fiduciary or Consent Manager in respect of any act or omission
of such Data Fiduciary or Consent Manager regarding the performance of its obligations in
relation to the personal data of such Data Principal or the exercise of her rights under the
provisions of this Act and the rules made thereunder.
(2) The Data Fiduciary or Consent Manager shall respond to any grievances referred
to in sub-section (1) within such period as may be prescribed from the date of its receipt for
all or any class of Data Fiduciaries.
(3) The Data Principal shall exhaust the opportunity of redressing her grievance
under this section before approaching the Board.
Explanation of Section 13 DPDP
Section 13 of the Digital Personal Data Protection Act (DPDP) ensures that Data Principals can easily resolve any issues regarding their personal data processing. It mandates that Data Fiduciaries and Consent Managers provide clear, accessible ways to address complaints, ensuring transparency and accountability.
Key Provisions:
- Grievance Redressal Mechanism (Sub-section 1):
Every Data Fiduciary or Consent Manager must offer a simple, accessible grievance redressal mechanism. This ensures Data Principals can address concerns related to personal data processing or violations of rights. - Response Time (Sub-section 2):
The Data Fiduciary or Consent Manager is obligated to address grievances promptly. They must provide a response within a prescribed time, ensuring that complaints are handled efficiently. - Exhausting the Grievance Process (Sub-section 3):
Before escalating issues to the Board, the Data Principal must first use the grievance redressal system provided by the Data Fiduciary or Consent Manager.
Illustration
Example 1: Grievance Submission
Ravi notices that his personal information is shared without consent by an online service. He submits a grievance to the service’s Data Fiduciary, and the company addresses his complaint within the prescribed time.
Example 2: Escalating to the Board
After unsuccessfully resolving his grievance with a Data Fiduciary, Aditi escalates her issue to the Board for further resolution.
Common Questions and Answers on Section 13 DPDP
1. How can a Data Principal file a grievance?
- Answer: A Data Principal can file a grievance by contacting the Data Fiduciary or Consent Manager through their designated grievance redressal platform.
2. What happens if the Data Fiduciary doesn’t respond in time?
- Answer: If the Data Fiduciary doesn’t respond within the prescribed time, the Data Principal can escalate the matter to the Board.
3. Can a Data Principal directly approach the Board?
- Answer: No, the Data Principal must first exhaust the grievance redressal process provided by the Data Fiduciary or Consent Manager before seeking help from the Board.
4. How long does a Data Fiduciary have to respond to a grievance?
- Answer: A Data Fiduciary or Consent Manager must respond within the prescribed time frame set by the regulations.
5. Who provides the grievance redressal mechanism?
- Answer: The Data Fiduciary or Consent Manager is responsible for providing a grievance redressal mechanism.
Conclusion
Section 13 of the Digital Personal Data Protection Act (DPDP) ensures that Data Principals have access to an effective grievance redressal process. By requiring Data Fiduciaries and Consent Managers to address grievances promptly, the Act promotes accountability. If issues are not resolved at this level, the Data Principal can approach the Board.
