Online Platforms may Need to Delete Data of Users Inactive for 3yrs

Online platforms may need to delete data of users inactive for 3yrs

Indian government is considering a significant provision in the upcoming Digital Personal Data Protection (DPDP) rules, suggesting the permanent deletion of user data for accounts that have been inactive for a continuous three-year period. This proposal, which has yet to be officially released, is part of the draft executive rules outlined in the DPDP Act, which was signed into law in August 2023.

A MoneyControl report states that an early draft of the proposal suggests that companies engaged in e-commerce, online gaming, and social media with more than 20 million registered users in India may be subject to the deletion of user data.

Users would be notified by platforms 48 hours in advance of the three-year period ending that their data would be erased for lack of use. Additionally, users will be notified that by signing into their accounts, they can prevent the deletion.

------------------------------------------------------------------------------------------------------------------------------------------------------------------ Online platforms may need to delete data of users inactive

Furthermore, the upcoming rules may require any platform, private or public, that processes user data to notify the Data Protection Board (DPB) of any data breach as soon as it becomes aware of it. According to the DPDP Act, the DPB would require platforms to communicate breach details on a best-effort basis, including a description, date and time of awareness, breach location, extent, and potential impact.

According to a senior government official quoted by IE, this rule could apply to all platforms, regardless of their user base in India. This Act anticipates at least 25 such rules.

Other key aspects under consideration include the creation of a “consent framework” to verify a child’s age before granting access to online services. The Act requires “verifiable parental consent” for individuals under the age of 18, which presents a challenge for the industry because there are no specific guidelines for age verification.

A digital locker system supported by government ID, such as Aadhaar, and an electronic token system subject to government authorization are likely to be recommended. Certain organizations, particularly those in healthcare and education, may be exempt from strict age-gating requirements.

Follow and Connect with us on

 Facebook | Instagram  | Linkedin | Dribbble | Twitter | Tumblr | Pinterest


Please enter your comment!
Please enter your name here