Code: Section 37 DPDP Act
(1) The Central Government or any of its officers specially authorised by it in this
behalf may, upon receipt of a reference in writing from the Board that—
(a) intimates the imposition of monetary penalty by the Board on a Data Fiduciary
in two or more instances; and
(b) advises, in the interests of the general public, the blocking for access by the
public to any information generated, transmitted, received, stored or hosted, in any
computer resource that enables such Data Fiduciary to carry on any activity relating
to offering of goods or services to Data Principals within the territory of India,
after giving an opportunity of being heard to that Data Fiduciary, on being satisfied that it
is necessary or expedient so to do, in the interests of the general public, for reasons to be
recorded in writing, by order, direct any agency of the Central Government or any intermediary
to block for access by the public or cause to be blocked for access by the public any such
information.
(2) Every intermediary who receives a direction issued under sub-section (1) shall be
bound to comply with the same.
(3) For the purposes of this section, the expressions “computer resource”,
“information” and “intermediary” shall have the meanings respectively assigned to them in
the Information Technology Act, 2000.
Explanation of Section 37 DPDP
Section 37 of the Digital Personal Data Protection Act (DPDP) gives the Central Government the authority to block access to certain data when necessary to protect the public interest. This section focuses on Data Fiduciaries who repeatedly violate the rules and continue to present risks to data protection.
Key Provisions:
- Triggering Event: The Central Government’s power is activated when the Board refers a Data Fiduciary that:
- Has been penalized multiple times.
- Requires access to its data to be blocked for the public’s safety.
- Central Government’s Authority: Upon receiving the Board’s reference, the government can order the blocking of specific data. However, it must provide the Data Fiduciary with a chance to respond before taking action.
- Intermediary’s Role: Any intermediary (e.g., internet service providers) must comply with the Central Government’s directive to block access.
- Definitions: The terms used in this section, like “computer resource,” “information,” and “intermediary,” are explained in the Information Technology Act, 2000.
Illustration
Example 1: Blocking Fraudulent E-commerce Data
A well-known e-commerce website faces repeated penalties for mishandling personal data. As a result, the Data Protection Board suggests blocking access to the site to protect the public. The Central Government can issue an order to prevent public access to the platform’s data, ensuring consumer safety.
Example 2: Data Blocking in Financial Services
A financial services company continually mishandles personal data despite penalties. The Board recommends blocking its website and related data services. The Central Government issues a directive to block access, and intermediaries are tasked with enforcing this order.
Common Questions & Answers on Section 37 DPDP
1. What triggers the Central Government’s power to block data?
- Answer: The Central Government may block data access if the Board references a Data Fiduciary that has been penalized multiple times and recommends blocking data in the public interest.
2. Who must comply with the blocking order?
- Answer: Intermediaries, such as internet service providers, must comply with the government’s blocking directive.
3. What if the Data Fiduciary disagrees with the government’s order?
- Answer: The Data Fiduciary is given an opportunity to be heard. If the government is satisfied with the reasons, the order will be enforced.
4. What is meant by “computer resource” in this section?
- Answer: “Computer resource” refers to any device or software system used for generating, storing, or transmitting data, as per the Information Technology Act, 2000.
Conclusion
Section 37 of the Digital Personal Data Protection Act (DPDP) allows the Central Government to block access to certain data when a Data Fiduciary repeatedly violates data protection regulations. This section aims to protect the public interest and ensures that companies comply with legal standards.
For more information on the DPDP Act, visit ApniLaw, your trusted legal resource!
