Q5 - Can government bodies also be Data Fiduciaries? If yes, do they follow the same rules as private companies?
Yes. Government departments and public authorities are also considered Data Fiduciaries when they process personal data of citizens.
However, the Act recognizes that the State needs to process personal data for governance purposes (such as subsidies, benefits, licences, or permits). For such functions, the government has some limited exemptions from seeking consent, but it must still comply with the standards of security, accountability, and proportionality prescribed in the Rules (see Schedule II).
The Transport Department acts as a Data Fiduciary when it processes your biometrics and address proof for issuing a driving licence.
The Income Tax Department acts as a Data Fiduciary when it collects PAN and bank account details for tax processing.
They must follow the same principles of fairness and security, though certain consent-related requirements may not apply in these cases.