In the coming days, social media companies, e-commerce platforms, and online gaming services might be required to delete the personal data of users who have been inactive on these platforms for three years, as per an unreleased version of the draft rules of the Digital Personal Data Protection Act.
Even though the DPDP (Digital Personal Data Protection) Act was passed in August 2023, certain clauses of the legislation require additional provisions to define the framework's details. The government is likely to release these rules for consultation soon, with plans to officially notify them in January 2024.
According to a version of this draft seen by Moneycontrol, the requirement to delete user data may apply to e-commerce entities, online gaming intermediaries, and social media companies that have more than 2 crore users registered in India.
Before, the expiry of this 3-year time period, platforms will have to inform users within 48 hours, that their personal data will be erased from the platform since they have not been active for the specific time period.
Platforms will also have to intimate users that the deletion will not be carried out if the user logs into their account again.
This provision of erasure of user data was discussed on December 20 during a meeting Ministry of Electronics and Information Technology (MeitY) held with industry regarding the upcoming DPDP Rules. Stakeholders had then questioned what platforms should do if law enforcement agencies ask for such user data after deletion.
Also read: Verify parents through govt ID: Draft DPDP Rules on avoiding self verification by children
Apart from this, the upcoming rules may also mandate that any platform processing personal data of users, whether a private or government entity, to immediately notify the Data Protection Board (DPB) of any data breach upon becoming aware. The DPB is an adjudicating body set up under the DPDP Act.
The details that a platform will need to communicate to the Digital Protection Board (DPB), on a best-effort basis, should encompass a description of the breach, the date and time when the platform became aware of the breach, the location of the breach, its extent, and potential impact.
Check Free Credit Score on Moneycontrol: Easily track your loans, get insights, and enjoy a ₹100 cashback on your first check!
