Introduction:
What happens to your personal data after you die? Can someone else access it, delete it, or decide what should be done with it?
India's Digital Personal Data Protection Act (DPDPA), 2023, quietly introduces a game-changing concept: the Right to Nominate. Unlike many global laws that sidestep the issue of posthumous data control, DPDPA empowers individuals to decide who can act on their behalf after death — a nominee.
But how far does this right go? Can it be applied in government records? Do global laws like GDPR and CCPA allow similar posthumous control? Let’s decode it.
What is the Right to Nominate Under DPDPA?
Section 14 of the DPDPA introduces the concept of "Right to Nominate" — allowing a data principal (you and me) to nominate another individual to exercise rights on our behalf in the event of death or incapacity.
This means your nominee could:
- Request access to your data
- Request deletion or correction
- Withdraw previously given consent
- Even carry forward pending DSRs on your behalf
It’s a forward-thinking right that aligns personal data with legacy planning — much like wills, insurance beneficiaries, or digital asset access in modern estates.
Is the Right to Nominate Applicable to Government Data?
Here’s where things get murky.
The DPDPA doesn’t explicitly exempt government entities from honoring nominations — but there are broad carve-outs under Section 17 for “exemptions for the state.” In real terms:
- Nominees may not get access to data held by law enforcement, intelligence agencies, or records protected in national interest.
- For routine government databases like pension records, public health info, or education data, applicability will likely depend on delegated rules or internal data policies.
Bottom line: The Right to Nominate exists, but its execution in the government context is conditional and still evolving.
How Do Global Laws Compare?
GDPR (EU):
GDPR is silent on posthumous rights. Member states have discretion.
- France allows individuals to set posthumous data instructions (Article 85, French Data Protection Act).
- Germany and Denmark treat personal data as inheritable in some contexts.
GDPR does allow "authorized representatives" to act on behalf of a living data subject — but there’s no uniform right to nominate someone for after death unless local law allows it.
CCPA/CPRA (California):
Under CCPA, individuals can designate an authorized agent to act on their behalf — but again, only while alive.
Posthumous rights are not clearly defined, and enforcement is murky at best.
Why the DPDPA's Right to Nominate Is a Big Deal
India's move is subtle but significant. In a world where digital lives outlive physical ones, the Right to Nominate:
- Empowers families and legal heirs
- Respects autonomy beyond life
- Bridges the gap between digital rights and personal dignity
It’s also a compliance wake-up call for organizations — your privacy notices, DSR mechanisms, and user preference centers must now account for nominees.
Conclusion: Death Is Inevitable. Data Access Shouldn’t Be.
The Right to Nominate is India's answer to a deeply modern question: Who controls your data when you're no longer here to do it yourself?
As global laws slowly inch toward posthumous digital rights, India’s DPDPA might just set the precedent. Whether the government truly implements it in full spirit remains to be seen — but for the private sector, the message is clear: your DSR infrastructure must now live beyond the data principal.
