Skip to main content

Q3 - Can individuals get compensation for harm caused by data misuse, or only the government collects penalties?

Answer
  • Under DPDPA, penalties are payable to the government, not directly to individuals.
  • However, individuals can still seek compensation for damages under other laws, such as the IT Act, Consumer Protection Act, or contract law.
Example

If Govind’s Aadhaar and PAN are leaked by an insurance company, and someone takes a fraudulent loan in his name:

  • The Data Protection Board may fine the insurer ₹50 crore (payable to the government).
  • Separately, Govind can file a civil case against the insurer for compensation of his financial losses.

So, penalties ensure enforcement at a national level, while compensation must be separately claimed by the individual.