Trending Now

08/06/2025
  1. Home
  2. National
  3. DPDP rules: E-com, gaming, social media platforms to delete personal user data after 3 years

DPDP Regulations: E-commerce, Gaming, and Social Media Platforms Required to Delete User Data After 3 Years

By NationPress 04/01/2025
Click to start listening
DPDP Regulations: E-commerce, Gaming, and Social Media Platforms Required to Delete User Data After 3 Years

New Delhi, Jan 4 (NationPress) Data fiduciaries including e-commerce, online gaming, and social media platforms must erase users' personal data three years after it is no longer needed, based on the draft provisions of the Digital Personal Data Protection (DPDP) Act.

The draft regulations target e-commerce entities with a minimum of 2 crore registered users in India, online gaming intermediaries with at least 50 lakh registered users, and social media intermediaries with not fewer than 2 crore registered users within the nation. These stipulations are outlined in Section 8 of the draft rules.

These data fiduciaries are required to notify users at least 48 hours prior to the deletion of their data. This notification allows users the opportunity to request the retention of information such as their profiles, email addresses, and phone numbers, which may be necessary for accessing goods, services, or funds.

“At least forty-eight hours before the time limit for erasing personal data under this rule, the Data Fiduciary shall inform the Data Principal that such personal data will be erased upon the completion of the period unless she logs into her user account or otherwise contacts the Data Fiduciary for the specified purpose or exercises her rights concerning the processing of such personal data,” according to the draft regulations.

A data fiduciary must safeguard personal data in its possession or under its control, including any processing performed by it or a data processor acting on its behalf, by implementing reasonable security measures to avert personal data breaches.

“Upon becoming aware of any personal data breach, the Data Fiduciary must, to the best of its knowledge, inform each affected Data Principal in a concise, clear, and straightforward manner without delay, either through her user account or any communication mode registered with the Data Fiduciary,” the draft regulations state.

They are obligated to inform users about the specifics of the data breach, including its nature, scope, timing, and location of occurrence, the potential consequences for the user, the measures taken and being taken to mitigate risks, the safety precautions the user may adopt to protect her interests, and the business contact details of a representative who can respond to queries on behalf of the Data Fiduciary.

The DPDP Act received parliamentary approval in August 2023, and the government is currently gathering feedback on the draft rules through the MyGov portal until February 18, 2025.

Tags: Digital Personal Data Protection data erasure compliance user data retention policy e-commerce data regulations online gaming data protection DPDP Act details personal data breach notification social media data management data fiduciary responsibilities user privacy rights

Related Posts

How are Manipur MLAs urging the Governor to resolve the ethnic crisis?

How are Manipur MLAs urging the Governor to resolve the ethnic crisis?

08/06/2025
How is NIFTEM-K Enhancing Food Safety for Street Vendors?

How is NIFTEM-K Enhancing Food Safety for Street Vendors?

08/06/2025
Will the BJP-AIADMK Alliance Really Govern Tamil Nadu in 2026?

Will the BJP-AIADMK Alliance Really Govern Tamil Nadu in 2026?

08/06/2025
Did Sri Sri Ravi Shankar Praise the Modi Government for J&K's Rail Connectivity?

Did Sri Sri Ravi Shankar Praise the Modi Government for J&K's Rail Connectivity?

08/06/2025

Follow Us

Popular Posts

Categories

Newsletter

Tags

Pahalgam attack Caste census Modi News IPL 2025 Sensex News Technology News Health News Sports News Rahul Gandhi News