As part of the implementation of yet-to-be-released data protection rules, the government may soon mandate online platforms to permanently do away with the personal data of users who have been “completely away” from their accounts for at least three years straight, according to a report on The Indian Express.
The proposal comes as a part of the draft executive rules of the Digital Personal Data Protection (DPDP) Act, which was notified last August.
A minimum of 25 rules have to be formulated to operationalise the act and these rules will apply to e-commerce platforms, online marketplaces and social media intermediaries alike, a senior government official was quoted saying by the publication.
One key rule is to form a consent framework for verification of a child’s age before they can avail any online service. The act mandates that to grant access to those below 18, the companies will have to collect ‘verifiable parental consent’. However, healthcare and educational institutions may be exempted from obtaining this consent.
Further, the act does not elaborate on how this age-based gatekeeping can be carried out. It is learnt that the government is looking at mainly two methods to implement this. The first is the use of a digital locker system with the backing of a government ID proof like the Aadhar Card. The second is the creation of an electronic token system with proper authorisation.
The rules that come under the Digital Personal Data Protection Act (DPDP) are expected to be put out in the public domain soon.