Rule 21: Appeals to Appellate Tribunal
Statutory Text — Rule 21:Appeal to Appellate Tribunal. (click to expand)
(1) An appeal, including any related documents, by a person aggrieved by an order or direction of the Board, shall be filed in digital form, following such procedure as may be specified by the Appellate Tribunal on its website.
(2) An appeal filed with the Appellate Tribunal shall be accompanied by fee of like amount as is applicable in respect of an appeal filed under the Telecom Regulatory Authority of India Act, 1997 (24 of 1997), unless reduced or waived by the Chairperson of the Appellate Tribunal at her discretion, and the same shall be payable digitally using the Unified Payments Interface or such other payment system authorised by the Reserve Bank of India as the Appellate Tribunal may specify on its website.
(3) The Appellate Tribunal—
(a) shall not be bound by the procedure laid down by the Code of Civil Procedure, 1908 (5 of 1908), but shall be guided by the principles of natural justice and, subject to the provisions of the Act, may regulate its own procedure; and
(b) shall function as a digital office which, without prejudice to its power to summon and enforce the attendance of any person and examine her on oath, may adopt techno-legal measures to conduct proceedings in a manner that does not require physical presence of any individual.
Rule 21 explains how a person or organisation that is not satisfied with a decision of the Data Protection Board of India (DPBI) can appeal that decision to the Appellate Tribunal. It outlines the process, fee payment method, and the digital nature of the Tribunal’s functioning.
The purpose of this rule is to ensure that appeals are accessible, fast, and paperless, while maintaining fairness and legal validity.
1. Filing an Appeal in Digital Form
Anyone aggrieved by a Board order — for example, a company penalised for a data breach, or an individual unhappy with how their complaint was decided — can file an appeal digitally.
This means the entire appeal process happens online through the Appellate Tribunal’s official website, where the Tribunal will publish clear instructions for:
- Uploading the appeal documents,
- Supporting evidence submission, and
- Digital acknowledgment or receipt.
The digital process avoids paperwork, travel, and delays. It allows parties from any part of India to seek justice quickly.
A fintech company fined by the Data Protection Board believes the penalty was excessive. It logs into the Appellate Tribunal’s portal, fills out the digital appeal form, uploads the Board’s order, and attaches relevant documents. The Tribunal sends a confirmation digitally — no physical submission is required.
2. Appeal Fees and Digital Payments
Every appeal must be accompanied by a filing fee, which is the same as that used under the Telecom Regulatory Authority of India (TRAI) Act, 1997. This maintains consistency with existing tribunal systems in India.
However, the Chairperson of the Appellate Tribunal has the power to reduce or waive the fee if necessary — for example, in genuine hardship cases or for individuals unable to pay.
All payments must be made digitally, using UPI or any other payment system authorised by the Reserve Bank of India (RBI).
If a small startup appeals against a DPBI order but faces financial difficulty, the Chairperson may allow a partial fee waiver. The payment can then be made securely using UPI or other RBI-approved methods directly on the Tribunal’s website.
3. Procedure for Hearing Appeals
The Appellate Tribunal functions with flexibility. It is not bound by the Code of Civil Procedure, 1908 — meaning it doesn’t follow lengthy court formalities. Instead, it is guided by the principles of natural justice, ensuring that both sides are heard fairly and that decisions are reasoned and unbiased. The Tribunal has the power to set its own internal procedures — for example, how evidence is submitted, how hearings are scheduled, and how orders are issued. This flexible approach ensures faster justice and avoids unnecessary technicalities that often delay cases in traditional courts.
4. Functioning as a Digital Office
Just like the Data Protection Board, the Appellate Tribunal is also a digital office. This means:
- Appeals and hearings happen online,
- Documents are exchanged electronically,
- Orders are digitally signed and uploaded, and
- Attendance can be virtual using secure video platforms.
This digital format ensures convenience for all parties while keeping the process legally valid and transparent.
Even though it operates digitally, the Tribunal retains its full powers — including the authority to summon anyone or examine them under oath when required.
An individual files an appeal from Pune against a Board order. The Tribunal schedules an online hearing where the individual, their lawyer, and the Board’s representative join via video conference. The final judgment is issued electronically and digitally signed by the Chairperson.
5. Importance of Techno-Legal Framework
The rule encourages the use of techno-legal measures — combining technology with legal safeguards to ensure data security, authenticity, and compliance.
This includes:
- Encrypted digital submissions to protect sensitive case data.
- Use of verified e-signatures for legal validity.
- Timestamping of documents for integrity and traceability.
- Maintaining digital logs for all interactions and orders.
These measures make sure the online appeal system is both secure and legally enforceable.
If an appeal contains sensitive customer information from a data breach, the Tribunal’s digital portal ensures it is encrypted, stored securely, and accessible only to authorised officers. This prevents leaks or tampering during the appeal process.
6. Overall Significance
Rule 21 modernises India’s appeal process for data protection by making it:
- Digital-first — reducing paperwork and travel.
- Affordable and accessible — using online payments and fee waivers.
- Fair and efficient — guided by principles of natural justice, not outdated procedures.
It helps both individuals and organisations resolve disputes with the Data Protection Board quickly, transparently, and securely — reflecting India’s move towards a fully digital justice system.
Rule 21 establishes the process for appealing against decisions of the Data Protection Board. It ensures that the Appellate Tribunal operates digitally, accepts online filings, uses digital payments, and follows flexible yet fair procedures. This approach supports fast, transparent, and inclusive justice — aligning with India’s vision of a tech-enabled governance and privacy protection ecosystem.