DPDP Act: Online Companies May Delete Your Personal Data After 3 Years

The Digital Personal Data Protection (DPDP) Act, passed in August 2023, is bringing some new rules for social media, e-commerce, and gaming companies. The government plans to release these DPDP rules soon, and they might become official in January 2024.

Companies like Facebook, Amazon, and gaming platforms might have to delete your personal data if you haven’t used their services for three years. This rule could apply to companies with more than 2 crore users in India. They need to tell you 48 hours before they delete your data. If you log in again, your data won’t be deleted.

There’s a question about what happens if the police need this data after it’s been deleted. This was discussed in a meeting on December 20, but there’s no clear answer yet.

If there’s a data breach, companies have to tell the Data Protection Board immediately. They need to describe the breach, when they found out, where it happened, how big it was, and what impact it might have.

The government is working on at least 25 rules to make the DPDP Act fully workable. These include how to delete user data and how to verify a child’s age for online services.

The Act says companies need parental consent for users under 18. They might use a digital locker system like Aadhaar or an electronic token system, but this is still being decided. Some places like hospitals and schools might not need to do this. 

Also Read: AI Chatbot ‘Bluey-GPT’ Tells Personalized Bedtime Stories To Kids

These rules could affect all kinds of online platforms, not just the big ones. The idea is to protect your personal data and make sure it’s not misused or kept longer than necessary. This is a big change in the online world. 

The government seems very serious about digital privacy and safety, especially for children. But it remains to see how all these rules will be implemented.