India’s DPDP Rules Propose Three-Year Data Deletion Mandate
India’s DPDP draft rules propose a three-year data deletion mandate for platforms like e-commerce and gaming. Learn how these changes impact your privacy.
Deepanjali
The Ministry of Electronics and Information Technology (MeitY) has introduced draft regulations under the Digital Personal Data Protection (DPDP) Act, aiming to redefine how personal data is handled across India. Announced on January 3, these proposed rules target key sectors like e-commerce, online gaming, and social media platforms, mandating the deletion of personal data after three years of non-usage.
The DPDP Act, enacted last August, is India’s pioneering effort to safeguard digital privacy. For the first time, it categorises data fiduciaries based on their responsibilities in handling user information. According to the draft, these fiduciaries must delete personal data once its purpose has been fulfilled and no longer needed.
To ensure transparency, platforms will need to notify users at least 48 hours before data erasure, providing them the option to log in or request data retention. Affected data includes user accounts, profiles, email addresses, and phone numbers linked to accessing services.
The draft rules also focus on creating a robust consent framework. Companies will be required to inform users about data collection practices clearly and obtain explicit consent before processing sensitive information. Additionally, the rules introduce special safeguards for children’s personal data, underscoring the government’s commitment to protecting vulnerable users.
Another notable aspect is the plan to establish a Data Protection Board, which will oversee the implementation of these rules. The draft outlines the appointment process for the board’s chairperson and members, along with their service conditions.
Public consultation on these rules is open until February 18 via the MyGov portal, inviting feedback from stakeholders and individuals. The regulations are expected to significantly impact how businesses and government agencies handle personal data, ensuring greater accountability and user rights.
The DPDP Act is a game-changer for India’s data privacy landscape, aligning the country with global standards while addressing the growing concerns around data misuse. It aims to strike a balance between privacy protection and fostering innovation in the digital economy.
