Code: Section 32
(1) The Board may accept a voluntary undertaking in respect of any matter related
to observance of the provisions of this Act from any person at any stage of a proceeding
under section 28.
(2) The voluntary undertaking referred to in sub-section (1) may include an
undertaking to take such action within such time as may be determined by the Board, or
refrain from taking such action, and or publicising such undertaking.
(3) The Board may, after accepting the voluntary undertaking and with the consent of
the person who gave the voluntary undertaking vary the terms included in the voluntary
undertaking.
(4) The acceptance of the voluntary undertaking by the Board shall constitute a bar
on proceedings under the provisions of this Act as regards the contents of the voluntary
undertaking, except in cases covered by sub-section (5).
(5) Where a person fails to adhere to any term of the voluntary undertaking accepted
by the Board, such breach shall be deemed to be breach of the provisions of this Act and
the Board may, after giving such person an opportunity of being heard, proceed in accordance
with the provisions of section 33.
Explanation of Section 32 – DPDP Act
Section 32 introduces a flexible way to resolve compliance issues. It allows individuals or organizations to voluntarily commit to fixing data protection issues without facing immediate penalties. The Board can accept these commitments, known as voluntary undertakings, at any time during a legal proceeding under Section 28.
This process offers a faster and more collaborative approach. Instead of going through a full investigation, the organization can agree to correct its actions and avoid further legal steps.
Key Points
- Individuals or organizations can offer a voluntary undertaking to the Board.
- This can happen at any stage during proceedings under Section 28.
- The undertaking might include promises to take or avoid certain actions.
- Once accepted, this agreement stops further legal action—unless the person breaks the terms.
- If there is a breach, the Board can take further steps under Section 33 after a hearing.
Illustration
Example 1: Proactive Correction
A company is under investigation for collecting personal data without clear consent. The company offers to update its consent process within 30 days. The Board accepts this as a voluntary undertaking. No further legal steps are taken, provided the company meets its promise.
Example 2: Public Commitment
A mobile app shares user data with advertisers. A complaint is filed. The app’s developer agrees to stop this practice and publicly commit to protecting data. The Board accepts this voluntary undertaking. The case is resolved without formal punishment.
Common Questions and Answers on Section 32 DPDP
1. What is a voluntary undertaking?
It is a written promise by a person or organization to take specific actions to follow the law. It’s submitted to the Board during a legal process.
2. Can the Board change the terms later?
Yes. If both the Board and the person who gave the undertaking agree, the terms can be changed.
3. What happens if someone breaks their promise?
If a person fails to follow through on the voluntary undertaking, the Board can treat it as a legal breach. Then, it may take further action under Section 33 after giving them a chance to explain.
4. Is this process available in all cases?
The Board decides whether to accept a voluntary undertaking. It may not be suitable in serious or repeated violations.
5. Does this mean the person avoids all punishment?
Yes—if the person keeps their promise. However, if they fail to follow the terms, they face legal consequences.
Conclusion
Section 32 of the DPDP Act creates a smart, flexible tool for compliance. It encourages organizations to take responsibility before penalties are imposed. This not only saves time but also builds a culture of accountability. When used properly, voluntary undertakings can prevent long investigations and foster a better data protection environment.
To learn more about digital privacy laws in India, visit ApniLaw.
