The Centre may require online platforms to permanently delete personal data of users who have been “completely away” from their accounts for at least three years in a row. According to the yet-to-be-released data protection rules, the government could impose the data deletion rules on e-commerce companies, online marketplaces, gaming intermediaries and all social media intermediaries, irrespective of the number of users they have in India.
The preliminary version of the draft implies that the deletion of user data could be applicable to e-commerce, online gaming, and social media entities boasting registrations from over 20 million users in India. These platforms would need to notify users 48 hours before the conclusion of the three-year period, alerting them to the upcoming removal of data due to inactivity. Users will also receive information that logging into their accounts can prevent the deletion.
Additionally, the forthcoming rules might mandate any platform, whether private or government, processing user data to promptly inform the Data Protection Board (DPB) of any data breach upon awareness. The DPB, established under the DPDP Act, would require platforms to communicate breach details on a best-effort basis, including a description, date and time of awareness, breach location, extent, and potential impact.
According to a senior government official, as reported by IE, this rule could be applied universally to platforms, irrespective of their user base in India. At least 25 such rules are anticipated under this Act.
Other key aspects under consideration include the development of a "consent framework" to authenticate a child's age before accessing online services. The Act mandates "verifiable parental consent" for individuals under 18 years, posing a challenge for the industry as it lacks specific guidelines for age verification.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.