Naavi.org was born under the motto, “Let’s Build a Responsible Cyber Society”. In pursuance of this objective, special movements such as the Karnataka Cyber Laws Awareness Movement was undertaken to promote ITA 2000.
Now a time has come to take efforts to bring about compliance to DPDPA 2023 across the country.
We are aware that there are several organizations who are unhappy with DPDPA 2023 and even we may have some suggestions. But we believe that we need to implement what is on hand and improvements will follow.
Naavi is closely associated with FDPPI and through FDPPI several projects are being implemented for promotion of Data Protection Eco system in India.
Now Naavi.org has started a new campaign to drive home the concept of “Duty of a Data Principal”.
Under DPDPA 2023, Section 15, the following duties are imposed on Data Principals
(a) To comply with the provisions of all applicable laws for the time being in force while exercising rights under the provisions of this Act;
(b) To ensure not to impersonate another person while providing her personal data for a specified purpose;
(c) To ensure not to suppress any material information while providing her personal data for any document, unique identifier, proof of identity or proof of address issued by the State or any of its instrumentalities;
(d) To ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary or the Board; and
(e) To furnish only such information as is verifiably authentic, while exercising the right to correction or erasure under the provisions of this Act or the rules made thereunder.
It is therefore necessary for all members of public to understand the essence of the above duties and take measures to abide by them.
Naavi.org intends to add another voluntary duty to the above list namely
…..To report any observation of contravention of DPDPA 2023 to the DPB.
We are aware that DPDPA 2023 imposes obligations to Data Fiduciaries and non compliance to the provisions of the Act may be penalized to the extent of Rs 250 crores or more.
However it would be difficult for DPB to be aware of all contraventions by thousands of Data Fiduciaries in India. They may be able to take notice of data breaches when reported in the media but the real improvement in the protection of personal data of the public will come when every mobile app and every website is able to comply with the laws. Hence we are requesting all Data Principals to take up the responsibility of filing an appropriate complaint with the DPB.
At the same time we are aware that DPDPB 2023 does not provide for compensation payable to the Data Principal for any loss of privacy. Such compensation where feasible has to be claimed under ITA 2000 as a part of the adjudication mechanism. On the other hand DPDPB discourages filing of false complaints and can impose a fine of Rs 10000/- if false complaints are made.
In view of the remote possibility of the fine as well as the general apathy of our citizens, we anticipate that members of public may be reluctant to make complaints even if the procedure would be as simple as filling up an online form. Some may even feel, why they should file a complaint and DPB would impose a penalty and appropriate the penalty to the Consolidated fund of India.
In the midst of such general attitude, there will always be some dutiful citizens who would take the trouble of bringing DPDPA violations to the notice of DPB.
To recognize this sense of duty and to encourage that attitude, Naavi.org would be interested in providing a “Certificate of Appreciation” to those who register a valid complaint with the DPB. Periodically active participants will be provided additional recognition as may be appropriate. A “Hall of Fame” would be created to place on record consistent efforts of individuals who will take active steps to promote compliance of DPDPA 2023.
At the same time, Naavi and FDPPI will be always ready to provide support to Data Fiduciaries in achieving compliance either before or after a complaint is raised by a Data Principal or to assist them in proposing a Voluntary Undertaking program to DPB in case of any penalty being proposed.
This scheme would come into existence after DPB is established and a procedure for filing a complaint is established .
(P.S: An adhoc recognition has been separately announced for voluntary disclosure regarding Rashmika Mandanna Deep Fame creation in view of its urgency and criticality.)
sir this is a good move in right direction to drive home the responsibility of the citizen to beproactive to report violations in his/her personal data realm. Such a socially intended task is gpoimg to be recognised with an “Certificate of Appreciation” show the concern of our association in this mission of citizen awareness about protection of personal data and privacy. It is hightime that our Authorities subscribe to similar actions to bring awareness in the society.