data protection India: DPDP rules: Ecommerce, gaming, social media platforms to delete personal user data after three years

Share This Post

[ad_1]

Data fiduciaries such as ecommerce, online gaming and social media platforms will have to erase personal data of a user three years after it is no longer required, according to the draft rules of the Digital Personal Data Protection (DPDP) Act.The draft rules apply to ecommerce entities having not less than 2 crore registered users in India, online gaming intermediary having not less than 50 lakh registered users in India and social media intermediary having not less than 2 crore registered users in the country. These provisions pertain to Section 8 of the draft rules.

These data fiduciaries have to notify users at least 48 hours before erasing their data, allowing them to request for retaining the data if they wish to, like their profiles, email addresses and phone numbers, to access money, goods or services.

“At least forty-eight hours before completion of the time period for erasure of personal data under this rule, the Data Fiduciary shall inform the Data Principal that such personal data shall be erased upon completion of such period, unless she logs into her user account or otherwise initiates contact with the Data Fiduciary for the performance of the specified purpose or exercises her rights in relation to the processing of such personal data,” according to draft rules.

A data fiduciary will protect personal data in its possession or under its control, including in respect of any processing undertaken by it or on its behalf by a data processor, by taking reasonable security safeguards to prevent personal data breach.


“On becoming aware of any personal data breach, the Data Fiduciary shall, to the best of its knowledge, intimate to each affected Data Principal, in a concise, clear and plain manner and without delay, through her user account or any mode of communication registered by her with the Data Fiduciary,” the draft rules read.

Discover the stories of your interest


They need to inform users about the description of the data breach, including its nature, extent and the timing and location of its occurrence, the consequences relevant to her, that are likely to arise from the breach, the measures implemented and being implemented by the Data Fiduciary, if any, to mitigate risk, the safety measures that she may take to protect her interests; and business contact information of a person who is able to respond on behalf of the Data Fiduciary, to queries, if any, of the Data Principal.The DPDP Act was passed in Parliament in August 2023 and the government is seeking feedback on the draft rules through the MyGov portal till February 18, 2025.

[ad_2]

Source link

spot_img

Related Posts

WitchSpin Casino’s Magical Theme: A Unique Gaming Experience

Online casinos today are not just about winning money....

Norwegian Tourists’ Favorite Online Gaming Destinations for Vacation

As the world becomes increasingly interconnected, many Norwegian tourists...

Non-Disclosure Agreement for Franchise Opportunity Discussions

When discussing franchise opportunities, both the franchisor and potential...

ZF 8HP50 Vaidmuo Hibridiniuose ir Elektriniuose Automobiliuose

ZF 8HP50 yra pažangiausia aštuonių pavarų automatinė transmisija, kuri...

Dating Men in Their 30s: What Changes and What Stays the Same

Navigating the world of relationships can be a unique...

The Calorie-a-Day Strategy: Balancing Nutrition and Weight Loss

When it comes to weight loss, the approach to...
spot_img