NEW DELHI: The government has notified detailed norms under the Digital Personal Data Protection (DPDP) Act, introducing stringent data-retention rules for e-commerce platforms, social media intermediaries and online gaming companies. Under the new guidelines, platforms will be required to delete the personal data of any user who has not logged in or used the service for three consecutive years. The regulation applies to online gaming companies with more than 50 lakh users, as well as social media and e-commerce platforms with more than two crore registered users in India. Companies must give the inactive user 48 hours’ notice before deleting such data, warning them that their data will be deleted if they don’t use the platform within that time frame. For digital platforms with more than 50 lakh users, known as significant data fiduciaries, the Act also establishes a higher compliance threshold. To make sure that their systems, algorithms, and procedures do not endanger user rights, these organisations are required to perform an annual audit and a Data Protection Impact Assessment. They must additionally verify each year that their technical measures remain safe and compliant. Although the DPDP Act permits cross-border transfers of personal data, the government has made it clear that these transfers must follow rules that may be communicated regularly. To strengthen data governance and improve user protection throughout the quickly growing digital ecosystem, the new regulations are a part of the larger operationalisation of India’s first digital privacy law. The government notified the rules for the Digital Personal Data Protection (DPDP) Act, formally operationalising India’s first digital privacy law and setting the compliance clock ticking for companies handling user data. (IANS)
Also Read: Centre issues notices to e-commerce platforms over sale of Pak flags, merchandise