Code: Section 15 DPDP
A Data Principal shall perform the following duties, namely:—
(a) comply with the provisions of all applicable laws for the time being in force
while exercising rights under the provisions of this Act;
(b) to ensure not to impersonate another person while providing her personal
data for a specified purpose;
(c) to ensure not to suppress any material information while providing her
personal data for any document, unique identifier, proof of identity or proof of address
issued by the State or any of its instrumentalities;
(d) to ensure not to register a false or frivolous grievance or complaint with a
Data Fiduciary or the Board; and
(e) to furnish only such information as is verifiably authentic, while exercising
the right to correction or erasure under the provisions of this Act or the rules made
thereunder.
Explanation of Section 15 DPDP
Section 15 of the Digital Personal Data Protection Act (DPDP) outlines the duties that Data Principals are required to follow when engaging with Data Fiduciaries or exercising their rights under the Act. These duties aim to ensure that the Data Principal behaves responsibly, providing accurate and truthful information, while ensuring that their data rights are not misused.
Key Provisions:
- Duty to Comply with Applicable Laws (Sub-section a):
Data Principals are required to adhere to all relevant laws when exercising their rights under the DPDP Act. - Duty to Avoid Impersonation (Sub-section b):
The Data Principal must ensure that they do not impersonate someone else when providing their personal data. This ensures that the personal data being provided is legitimate. - Duty to Avoid Suppression of Material Information (Sub-section c):
The Data Principal must not conceal any material information when submitting personal data, especially for government-issued documents or identifiers. - Duty to Avoid False or Frivolous Grievances (Sub-section d):
A Data Principal is prohibited from filing false or frivolous complaints with the Data Fiduciary or the Board, ensuring that grievance redressal systems are used appropriately. - Duty to Provide Authentic Information (Sub-section e):
When requesting corrections or erasures of personal data, the Data Principal must provide only authentic and verifiable information to ensure that the process is carried out correctly.
Illustration
Example 1: Providing Accurate Personal Data
Raj, when submitting his personal data for an online service, ensures that he provides truthful and complete information, including his real identity and address, as required by the platform, to avoid any issues in the future.
Example 2: Avoiding False Grievances
Mina understands that filing a false grievance about a data breach would not only be unethical but could also lead to legal consequences. Therefore, she only raises genuine complaints about the mishandling of her data.
Common Questions and Answers on Section 15 DPDP
1. What happens if a Data Principal impersonates another person when providing personal data?
- Answer: Impersonating another person could lead to penalties for the Data Principal for providing false or misleading data. This could also lead to the invalidation of any agreements or services.
2. What is considered “material information” that should not be suppressed?
- Answer: Material information refers to any data that is essential to the verification of identity, legal compliance, or any document that could impact the use of personal data (e.g., national identification details).
3. Can a Data Principal file a complaint about inaccurate data even if it’s their own mistake?
- Answer: Yes, a Data Principal has the right to file a grievance or request for correction, but the information provided must be authentic and verifiable.
4. How can a Data Principal ensure they are providing authentic information?
- Answer: A Data Principal should ensure the accuracy of any personal data they submit, verify their identity or address, and provide true information when correcting or erasing personal data.
5. Can a Data Principal file a grievance against a Data Fiduciary for minor issues?
- Answer: The grievance must not be frivolous or false. The Data Principal is encouraged to file only genuine complaints that involve significant issues with the Data Fiduciary‘s handling of their personal data.
Conclusion
Section 15 of the Digital Personal Data Protection Act (DPDP) sets out essential duties that Data Principals must observe to ensure the responsible use of their personal data. These duties emphasize the importance of providing truthful and complete information, ensuring that the grievance redressal system is used appropriately, and maintaining the integrity of personal data in all circumstances.
