Rights and Duties of Data Principal
11.Right to access information about personal data.
(1) The Data Principal shall have the right to
obtain from the Data Fiduciary to whom she has previously given consent,
including consent as referred to in clause (a) of section 7 (hereinafter
referred to as the said Data Fiduciary), for processing of personal data, upon
making to it a request in such manner as may be prescribed,—
(a) a summary of personal data which is being processed
by such Data Fiduciary and the processing activities undertaken by that Data
Fiduciary with respect to such
(b) the identities of all other Data Fiduciaries and
Data Processors with whom the personal data has been shared by such Data
Fiduciary, along with a description of the personal data so shared; and
(c) any other information related to the personal data
of such Data Principal and its processing, as may be prescribed.
(2) Nothing contained in clause (b) or clause (c) of sub-section (1) shall apply in respect of the sharing of any personal data by the said Data Fiduciary with any other Data Fiduciary authorised by law to obtain such personal data, where such sharing is pursuant to a request made in writing by such other Data Fiduciary for the purpose of prevention or detection or investigation of offences or cyber incidents, or for prosecution or punishment of offences.
12. Right to correction and erasure of personal data
(1) A Data Principal shall have the right to correction,
completion, updating and erasure of her personal data for the processing of
which she has previously given consent, including consent as referred to in
clause (a) of section 7, in accordance with any requirement or procedure under
any law for the time being in force.
(2) A Data Fiduciary shall, upon receiving a request for
correction, completion or updating from a Data Principal,—
(a) correct the inaccurate or misleading personal data;
(b) complete the incomplete personal data; and
(c) update the personal data.
(3) A Data Principal shall make a request in such manner as may be prescribed to the Data Fiduciary for erasure of her personal data, and upon receipt of such a request, the Data Fiduciary shall erase her personal data unless retention of the same is necessary for the specified purpose or for compliance with any law for the time being in force.
13. Right of grievance redressal
(1) A Data Principal shall have the right to have readily
available means of grievance redressal provided by a Data Fiduciary or Consent
Manager in respect of any act or omission of such Data Fiduciary or Consent
Manager regarding the performance of its obligations in relation to the personal
data of such Data Principal or the exercise of her rights under the provisions
of this Act and the rules made thereunder.
(2) The Data Fiduciary or Consent Manager shall respond
to any grievances referred to in sub-section (1) within such period as may be
prescribed from the date of its receipt for all or any class of Data
(3) The Data Principal shall exhaust the opportunity of redressing her grievance under this section before approaching the Board.
14. Right to nominate.
(1) A Data Principal shall have the right to nominate, in
such manner as may be prescribed, any other individual, who shall, in the event
of death or incapacity of the Data Principal, exercise the rights of the Data
Principal in accordance with the provisions of this Act and the rules made
(2) For the purposes of this section, the expression “incapacity” means inability to exercise the rights of the Data Principal under the provisions of this Act or the rules made thereunder due to unsoundness of mind or infirmity of body.
15. Duties of Data Principal.
A Data Principal shall perform the following duties,
(a) comply with the provisions of all applicable laws
for the time being in force while exercising rights under the provisions of this
(b) to ensure not to impersonate another person while
providing her personal data for a specified purpose;
(c) to ensure not to suppress any material information
while providing her personal data for any document, unique identifier, proof of
identity or proof of address issued by the State or any of its
(d) to ensure not to register a false or frivolous
grievance or complaint with a Data Fiduciary or the Board; and
(e) to furnish only such information as is verifiably
authentic, while exercising the right to correction or erasure under the
provisions of this Act or the rules made thereunder.