CORPORATE LIABILITY FOR BIOMETRIC DATA MISUSE: RECONCEPTUALISING DIRECTOR-SPECIFIC DUTIES IN INDIAN COMPANY LAW

AUTHOR – SARIGA S KUMAR, VELURATHNAKARAN K S, GAYATHRI S R

PG SCHOLARS OF CENTRAL UNIVERSITY OF TAMIL NADU, THIRUVARUR

BEST CITATION – SARIGA S KUMAR, VELURATHNAKARAN K S, GAYATHRI S R, CORPORATE LIABILITY FOR BIOMETRIC DATA MISUSE: RECONCEPTUALISING DIRECTOR-SPECIFIC DUTIES IN INDIAN COMPANY LAW, INDIAN JOURNAL OF LEGAL REVIEW (IJLR), 5 (14) OF 2025, PG. 451-457, APIS – 3920 – 0001 & ISSN – 2583-2344

Introduction

The emergence of biometric data as a critical organizational asset has fundamentally altered the landscape of corporate accountability. India’s Digital Personal Data Protection Act, 2023 (DPDP Act) represents a watershed moment in data protection jurisprudence, yet a critical lacuna remains: the absence of explicit director-specific duties regarding biometric data stewardship within the Companies Act, 2013. This paper argues that the intersection of increasingly stringent data protection obligations and the doctrine of directors’ fiduciary duties necessitate the formalization of biometric data protection as a distinct director duty, enforceable through both civil and criminal mechanisms under Indian company law.

The normative foundation for this argument rests on three pillars: (the Supreme Court’s recognition of privacy as a fundamental right in K.S. Puttaswamy v. Union of India (2017);  the statutory framework established by the DPDP Act creating liability for data fiduciaries; and the common law doctrine of directors’ duties of care and diligence under Section 166 of the Companies Act, 2013. Yet courts and regulators have hesitated to articulate a crystallized director-specific duty regarding biometric data safeguarding. This paper fills that gap through doctrinal analysis, comparative jurisprudence, recommendations for statutory reform.