The government is reportedly planning to bring in new regulations for social media companies including Facebook, X (formerly Twitter), Instagram and others. According to a report in Ecoomic Times, the government may mandate permanent deletion of personal data of users who have been “completely away” from their accounts on social media and other internet platforms for at least three years in a row.
The proposal is reportedly part of draft executive rules of the Digital Personal Data Protection (DPDP) Act, which was ratified as a law in August this year.The draft rules will be floated for discussion among stakeholders shortly, before being notified.
The rules, which mandate the deletion of personal data after the specified period, are also likely to be extended to ecommerce companies, online marketplaces, gaming intermediaries and all social media intermediaries, irrespective of the number of users they have in India.
The draft rules are also said to likely to propose that allied healthcare professionals, clinical establishments, medical educational institutes, healthcare professionals, health services and mental healthcare establishments be allowed to use some publicly available personal and non-personal data “in the interest of public health or making of evidence-based research, archiving and statistical purposes”.
Educational institutes that are established, owned, controlled or recognised by the central government, state government or any local authority or academic institutes that have been established for “higher education” or research and scientific and technical education will also be given the exemption to process such data for research purposes, the draft has proposed.
“There will be safeguards such as what is the nature or quantum of data that can be used and what standards and procedures need to be followed by these institutes if they collect sensitive personal medical records from their patients. Given the nature of information, the safety standards for these institutes will also be proportionate,” the official said.
In cases of breach of personal data, the intermediary handling the data must within 72 hours of becoming aware of the attack, inform the Data Protection Board (DPB) of the “facts related to the event, the circumstances and the reasons for the breach”.
Such intermediaries, also called data fiduciaries, must inform their users and the DPB about the nature, description, date, and time at which the fiduciary became aware of the data breach.
Further, the timing, duration, location and extent of the breach in terms of the quantum of data involved and the potential impact of the breach must also be informed to both the user as well as the DPB within 72 hours of the intermediary being made aware or becoming aware of the breach, the draft rules have suggested.
The proposal is reportedly part of draft executive rules of the Digital Personal Data Protection (DPDP) Act, which was ratified as a law in August this year.The draft rules will be floated for discussion among stakeholders shortly, before being notified.
The rules, which mandate the deletion of personal data after the specified period, are also likely to be extended to ecommerce companies, online marketplaces, gaming intermediaries and all social media intermediaries, irrespective of the number of users they have in India.
The draft rules are also said to likely to propose that allied healthcare professionals, clinical establishments, medical educational institutes, healthcare professionals, health services and mental healthcare establishments be allowed to use some publicly available personal and non-personal data “in the interest of public health or making of evidence-based research, archiving and statistical purposes”.
Educational institutes that are established, owned, controlled or recognised by the central government, state government or any local authority or academic institutes that have been established for “higher education” or research and scientific and technical education will also be given the exemption to process such data for research purposes, the draft has proposed.
“There will be safeguards such as what is the nature or quantum of data that can be used and what standards and procedures need to be followed by these institutes if they collect sensitive personal medical records from their patients. Given the nature of information, the safety standards for these institutes will also be proportionate,” the official said.
In cases of breach of personal data, the intermediary handling the data must within 72 hours of becoming aware of the attack, inform the Data Protection Board (DPB) of the “facts related to the event, the circumstances and the reasons for the breach”.
Such intermediaries, also called data fiduciaries, must inform their users and the DPB about the nature, description, date, and time at which the fiduciary became aware of the data breach.
Further, the timing, duration, location and extent of the breach in terms of the quantum of data involved and the potential impact of the breach must also be informed to both the user as well as the DPB within 72 hours of the intermediary being made aware or becoming aware of the breach, the draft rules have suggested.
Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.