In a first, the rules for the Digital Personal Data Protection Act has classified different kinds of data fiduciaries and has proposed that fiduciaries such as e-commerce, online gaming and social media platforms will have to erase personal data of a user 3 years after it is no longer required.
These provisions pertain to Section 8 of the draft rules which say data fiduciaries must erase personal data if it is no longer required for its specified purpose. The Third Schedule of the draft rules define the timelines of erasure of data for various types of data fiduciaries, namely - social media platform, online gaming platform and e-commerce entity.
Such platforms will have to notify users at least 48 hours before erasure, allowing her to log in or initiate contact to retain the data. A user account includes profiles, email addresses, or phone numbers linked to the user Principal for accessing services.
The draft rules were released on January 3 for public consultation till February 18, 2025.
The draft has classified an e-commerce platform as an entity not having less than 2 crore registered users in India; an online gaming intermediary should have 50 lakh or more users in the country, and a social media intermediary as having 2 crore or more users in India.
The draft rules further said that such data fiduciaries should enable a user to access their account; provide access to any virutal taken which can be used to get money, goods and services.
Also read: Children under 18 will require parental consent for accessing social media
The schedule also defines an e-commerce entitiy as, "..as any person who owns, operates or manages a digital facility or platform for e-commerce as defined in the Consumer Protection Act, 2019 (35 of 2019), but does not include a seller offering her goods or services for sale on a marketplace e-commerce entity as defined in the said Act."
The definition of online gaming intermediary said, "..any intermediary who enables the users of its computer resource to access one or more online games;"
Lastly, the draft rules define social media intermediary as, "“..means an intermediary as defined in the Information Technology Act, 2000 (21 of 2000) who primarily or solely enables online interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using her services."
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
