Users who have been "completely away" from their social media and other online accounts for three years or more may have their personal data permanently erased by the government.

The Digital Personal Data Protection (DPDP) Act, which was passed into law in August of this year, contains the idea as part of its proposed executive guidelines.

No matter how many customers they have in India, e-commerce businesses, online marketplaces, gaming intermediaries, and all social media intermediaries are likely to be covered by the laws, which require the erasure of personal data after a certain amount of time.

The Act that was notified in August requires the creation of at least 25 regulations, and the government is also able to create rules for any provision that it sees fit.

One of them is creating a framework for consent to confirm a child's age prior to allowing them to use an internet service.

According to the Act, businesses must obtain "verifiable parental consent" before granting access to their platform to users who are younger than 18 years old.

This has been a major source of contention for the business as the Act does not include recommendations for how platforms can implement age-gating.

It has been discovered that the guidelines should suggest two approaches. As this paper had previously reported, one option is to adopt a digital locker system supported by a government ID like Aadhaar.

The alternative is for the sector to develop an electronic token system that can only be used with government approval.

Healthcare and educational facilities are among the organizations that are exempt from the need to get verifiable parental consent and age-gating regulations.

It is also understood that certain organizations may have limited exemptions from the rules, based on the particular reason(s) for which they must process a child's data.