Social Media Sites bound to delete data of users away for three years in India, Latest Laws +
The upcoming Digital Personal Data Protection (DPDP) rules in India promise significant changes, from cleaning up inactive accounts to safeguarding against data breaches and protecting children online.
Highlights:
- Inactive Accounts Face Deletion: Accounts dormant for 3 years on platforms with over 20 million users in India might be permanently deleted after a 48-hour inactivity warning.
- Mandatory Data Breach Reports: Platforms, both private and government, must promptly notify the Data Protection Board (DPB) of any data breaches, detailing the incident and potential impact.
- Age Verification for Children: A "consent framework" is underway to ensure verifiable parental consent for online services accessed by children under 18.
Cleaning Up the Digital Landscape: The DPDP draft rules propose automatic deletion of user data from inactive accounts on major platforms. This aims to curb data hoarding and protect user privacy. E-commerce, online gaming, and social media giants with over 20 million Indian users may be subject to this rule. Platforms will be required to notify users beforehand and offer an option to retain their data by logging in.
Data Breaches: Promptness and Transparency: Any data breach, regardless of the platform's user base in India, must be reported promptly to the DPB. Platforms will need to provide details like the nature of the breach, date and time of discovery, affected location, extent of the leak, and potential consequences. This mandatory reporting aims to enhance breach response and user protection.
Protecting Young Users: Verifying a child's age before granting access to online services is a key concern. The DPDP Act mandates "verifiable parental consent" for minors, but specific guidelines for age verification are lacking. The draft rules suggest two potential methods: a government ID-linked digital locker system and an electronic token system with government authorization. However, exemptions might be considered for sectors like healthcare and education due to their nature of service.
Beyond these highlights, at least 25 rules are anticipated under the DPDP Act, covering various aspects of data privacy and protection in India. The upcoming regulations promise a significant revamp of the digital landscape, with a focus on user control, platform accountability, and responsible data handling.