Code: Section 36 DPDP Act
The Central Government may, for the purposes of this Act, require the Board and
any Data Fiduciary or intermediary to furnish such information as it may call for.
Explanation of Section 36 DPDP
Section 36 of the Digital Personal Data Protection Act, 2023 empowers the Central Government to request any necessary information from the Data Protection Board, Data Fiduciaries, or intermediaries. This provision ensures that the Government has access to relevant data and insights to monitor compliance and enforce the provisions of the Act.
Key Highlights:
-
The authority lies solely with the Central Government.
-
Information can be demanded from:
-
The Data Protection Board,
-
Any Data Fiduciary (individuals or entities processing personal data),
-
Any intermediary (like social media platforms, ISPs, etc.).
-
-
The purpose must align with the implementation or oversight of the DPDP Act.
This section is essential for ensuring transparency, accountability, and regulatory oversight in data governance.
Illustration
Example 1: Request to a Social Media Company
The Central Government suspects non-compliance by a social media platform in handling user data. Under Section 36, it may formally request the platform (an intermediary) to furnish relevant records of data processing activities and security protocols.
Example 2: Inquiry from a Data Fiduciary
A healthcare company handling sensitive personal data is under investigation. The Central Government can invoke Section 36 to direct the company to provide internal compliance documentation and audit trails.
Common Questions & Answers on Section 36 DPDP
1. Who can demand the information under Section 36?
Only the Central Government has the authority to call for information under this provision.
2. What kind of information can be requested?
Any information deemed necessary for the enforcement or functioning of the Act—such as compliance reports, audit logs, data transfer details, or data breach records.
3. Can a Data Fiduciary refuse to provide the information?
No. Once directed, a Data Fiduciary is legally bound to provide the information requested. Failure to comply may attract penalties under other provisions of the DPDP Act.
4. Is there a limitation on how often the Government can ask for information?
The Act does not specify a frequency cap. However, the request must serve the objectives of the DPDP Act and should not be arbitrary.
Conclusion
Section 36 of the DPDP Act plays a crucial role in ensuring regulatory compliance and transparency in the data protection ecosystem. By granting the Central Government the authority to request critical information from the Board, Data Fiduciaries, or intermediaries, it reinforces accountability and allows proactive enforcement of digital privacy laws.
For more detailed explanations of the DPDP Act, visit ApniLaw — your trusted legal resource!
