Mumbai: The Ministry of Electronics and Information Technology (MeitY) has unveiled draft regulations to implement the Digital Personal Data Protection (DPDP) Act, marking a significant shift in the way companies and government agencies handle personal data. The regulations, released on January 3, propose key provisions to ensure greater privacy protection for users.
For the first time, the DPDP rules categorize various types of data fiduciaries, with a particular focus on e-commerce platforms, online gaming companies, and social media platforms. These platforms will now be required to delete users’ personal data within three years after it is no longer needed for its specified purpose.
The draft regulations stipulate that data fiduciaries must erase personal data once its purpose has been fulfilled. The rules also outline strict timelines for data erasure across various categories of data fiduciaries. These provisions emphasize transparency, mandating that platforms notify users at least 48 hours before data erasure. Users will have the option to log in or request data retention during this window.
Additionally, the regulations require platforms to take adequate steps to notify individuals about the data being collected and ensure a robust consent management framework. The rules also prioritize the protection of children’s personal information and the establishment of a Data Protection Board to enforce the provisions, with details regarding the appointment of its chairperson and members to be specified.
The draft DPDP rules are open for public consultation until February 18, 2025. Stakeholders are invited to submit their feedback via the government’s MyGov portal.
The release of these draft regulations follows the passage of the DPDP Act in Parliament last August, which aims to strengthen data privacy and protection for Indian citizens, bringing India in line with global data protection standards.
As India gears up to embrace more stringent data protection norms, these regulations are expected to have a significant impact on how digital platforms operate, particularly in terms of user data retention and privacy practices.
