Duties of Data Principal
Plain English Translation
Under Section 15 of the Act, privacy is a two-way street; it assigns specific duties of data principal DPDP alongside rights. Users are legally obligated to not impersonate others, to not suppress material information when providing data for government IDs, and to ensure they do not register a false or frivolous complaint DPDP style with the Data Fiduciary or the Board. This section establishes data principal obligations India, enforcing responsible data sharing India by mandating that users furnish only verifiably authentic information when exercising their right to correction or erasure.
Technical Implementation
Use the tabs below to select your organization size.
Required Actions (startup)
- Include a clause in the Terms of Service referencing Section 15 duties.
- Add a simple declaration of accuracy on profile forms.
- Manually review suspicious grievances.
Required Actions (scaleup)
- Automate identity verification steps for sensitive data changes.
- Implement rate-limiting on grievance submissions to prevent spam.
- Track false grievance penalty India warnings in user activity logs.
Required Actions (enterprise)
- Deploy AI-driven fraud detection for responsible data sharing India analysis.
- Integrate with government ID APIs for real-time authenticity checks where applicable.
- Automated reporting of repeated offenders to the legal team for potential Board referral.
They must comply with laws, not impersonate others, not suppress material info for State documents, not register false/frivolous grievances, and furnish only authentic info when correcting/erasing data (Section 15).
Yes. The Schedule to the Act specifies that a breach in observance of the duties under Section 15 can attract a penalty which may extend to ten thousand rupees.
Section 15(d) lists the duty not to register a false or frivolous grievance or complaint. While 'frivolous' isn't defined, Section 28(12) allows the Board to issue a warning or impose costs if a complaint is found to be false or frivolous.
Providing false information violates the duty to furnish verifiably authentic info (Section 15(e)) or not to suppress material info (Section 15(c)). The penalty for breaching these duties is up to INR 10,000.
Section 15(b) mandates that a Data Principal must ensure not to impersonate another person while providing her personal data for a specified purpose.
The Act creates a reciprocal relationship. While DPs have rights (access, erasure), they also have accountability to use those rights responsibly and honestly to prevent abuse of the legal framework.
Yes. The Data Protection Board has the power to inquire into non-compliance and impose the scheduled penalty of up to 10,000 rupees on the Data Principal.
The Schedule explicitly lists the penalty for 'Breach in observance of the duties under section 15' as 'May extend to ten thousand rupees'.
"A Data Principal shall perform the following duties, namely:— (a) comply with the provisions of all applicable laws for the time being in force while exercising rights under the provisions of this Act; (b) to ensure not to impersonate another person while providing her personal data for a specified purpose; (c) to ensure not to suppress any material information while providing her personal data for any document, unique identifier, proof of identity or proof of address issued by the State or any of its instrumentalities; (d) to ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary or the Board; and (e) to furnish only such information as is verifiably authentic, while exercising the right to correction or erasure under the provisions of this Act or the rules made thereunder."
| Version | Date | Author | Description |
|---|---|---|---|
| 1.0.0 | 2026-02-08 | WatchDog Security GRC Wiki Team | Initial publication from DPDP Workbook |
