In today's world, almost every service and interaction takes place digitally. This shift offers remarkable advantages, but it also presents new challenges.
In Consider a new restaurant owner who illicitly accesses a rival's customer database. By learning diners' preferences, dining times, and feedback, the owner can target those customers with personalized invitations—essentially hijacking the trust built by the original restaurant. This isn't just a marketing tactic; it is "data theft" used to erode fair competition. When customers receive tailored offers like “We know you love pasta—enjoy 30% off tonight!” from a stranger, their autonomy is undermined. Such scenarios underscore why the Digital Personal Data Protection (DPDP) Act, 2023 is vital. It acts as a shield, ensuring that your personal information is only used with your clear permission. Just as a rival restaurant shouldn't be allowed to sneak into a database to steal customers, a person's digital life shouldn't be left 'unlocked' or open to misuse after they pass away. This is where the Right to Nominate becomes essential. It ensures that the person who built the 'digital restaurant' gets to choose who holds the keys to it next. The law treats the nominee as a 'Key-holder.' While the legal heir might inherit the money or the physical value of a digital business, the nominee is the person you trust to manage the 'door' to your private data. This ensures your digital legacy—the trust you built with your customers or the privacy of your personal life—is handled exactly how you wanted
Decoding Section 14 of the DPDP Act and Rule 13.
Section 14 states that data principal has the right to nominate another person on his behalf over his data in the event of his death or incapacity and that nominee can exercise the right to access, correction and erasure. So, it creates a legal pathway for a nominee to ensure that a person's digital identity and private data don't fall into the legal vacuum if they pass away.
Along with section 14 which empowers the nominee, Rule 13 of the DPDP Rules, 2025 ensures that Significant Data Fiduciaries identified by the volumes and risk of the data which they are handling are technically equipped to handle these rights. SDFs shall conduct annual data protection impact assessment and independent audits to verify they are effectively observing these rights, without mandatory audits and algorithmic reviews of as per rule 13, a nominee's request for access may be lost in a platform's automated systems.
When the principal makes the nominations in any app or site, they already give the permission for that so the nominee can go directly to the company like google or bank and show the death certificate then the company must open the access within the period of 90 days. Therefore, the nominee does not need to get an order from the Data Protection Board to start that process.
Can a Digital Nominee Override a Legal Heir?
In the landmark of Rhutikumari v. Zanmai Labs Pvt. Ltd. (2025)[1], the High Court of Madras declared “ Judging from the above two decisions, there can be no doubt that “crypto currency” is a property. It is not a tangible property nor is it a currency. However, it is a property, which is capable of being enjoyed and possessed (in a beneficial form). It is capable of being held in trust.[2]” It is not a tangible property nor is it a currency but it is a property which can be held in trust so it comes under article 300 A of the constitution. It means the digital data can act as a property and if it does then the old sarbati devi[3] rule will apply. It says that for any property, a nominee is just a Trustee not the owner. Therefore it will claimed by the legal heirs under the hindu succession act
but then what about the nominee where the data principle himself declared him as nominee.
A few weeks back in the case of 'Union of India vs. Paresh Chandra Mondal'[4] the hon'ble Supreme Court gave the ruling that funds like PF or digital balances, the government and any company give the money to Nominees immediately without asking for any succession certificate but since they are nominees they must hold it as a Trustee for the Legal Heir. Which means that if the digital data is considered as a property then the process of appointing the other person as a nominee by the data principle is just to make sure that it will be easy for his legal heir to claim those things from the nominee at the later stage.
As per the DPDP act, 2023 and 2025 rules, the nominee has the right to erase the data but what if the conflict arises between the legal heir and the nominee. For instance, if there is a websites and adsense then its domain name, customer database, and the source code are assets of a business so they are part of the deceased's estate like any physical property but what if the nominee refuses to give the login credentials to the heir because earlier principle wanted the data to be safe, the heir can argue that their right to property overrides the right to privacy.
Another example from a fictional novel, Secrets of Glowsky or any unpublished manuscript, where the drafts are copyrighted works and considered the right to publish to legal heir for 60 heirs after the death but if the nominee exercises the DPDP “Right to Erasure” and deleted the cloud folder containing these drafts which destroyed an inheritable property rights.
In simple terms if we divide this into two tracked where in the first case, Personal privacy contains things are Non-commercial data such as chats, private photos, search history which should follow the DPDP Nominee while in second case Property Value are commercial data such as Crypto, monetized website, IP drafts which should follow the legal heir as recognised in Rhutikumari precedent.
Therefore, there shall be a clear distinction between the Personal Digital Data, which follows the Nominee for privacy and commercial digital assets which follow from the side of the heir as property. A Nominee should have the right to erase 'chatter' but he should be legally barred from deleting 'value' without the prior consent of the heir but nominations should also be seen as Privacy will. The 2025 Rules need a "Conflict Resolution" clause to protect nominees who delete data according to the principal's wishes from being sued by heirs for "loss of property."