In the present digitally ushered world where the entire globe is dominated by digital interactions, the Indian government has taken a huge leap forward by introducing the Digital Personal Data Protection Rules protect and safeguard the online privacy of children as they are exposed to vast online ecosystems. The importance of safeguarding children’s data in today’s digital world cannot be overstated. The blog, Protecting Young Minds: The Role of Parental Consent under Draft DPDP Rules, delves into how these regulations aim to protect children’s online presence by ensuring parental oversight. The recent draft rules introduced on January 3rd, 2025 under the DPDP Act focus on parental consent as a cornerstone for protecting children under 18 from the potential pitfalls of unregulated digital engagement. The IT Ministry has released the draft rules and feedback from the public is sought by February 18, 2025. The draft is available on the MyGov website for public comments, with the Ministry of Electronics and Information Technology stating that all submissions will be held in a fiduciary capacity, treated as confidential, and not disclosed to anyone at any stage.
Under the draft rules, a data fiduciary has to verify that the person providing consent is a legitimate adult, acting in the best interest of the child. This verification will ensure compliance and accountability, and thus, the social media network and gaming apps will be more responsible in handling children’s data. These proposed rules signal a transformative shift in how data fiduciaries handle children’s personal information while balancing technological innovation and user safety.
Why Parental Consent Under Draft DPDP Rules Is Crucial?
Parental consent under draft DPDP Rules is important in light of a child’s vulnerabilities on the digital sphere due to various reasons such as:
Data Abuse: The collected personal information from a child can be exploited through ways such as unconsented and targeted advertising, behavioural profiling, or other commercial gains.
Online Security: There is a significant vulnerability to bullying, exploitation, and other harmful and explicit content on the internet, without the protection. Data Protection Impact Assessments are performed annually to determine risks in the processing of children’s data and reduce them.
Informed Decision-Making: Parental involvement ensures decisions to share personal data are thought through and protecting the child’s interest.
Hence, on a positive note the draft rules will empower parents as active participants in managing their children’s online presence, mitigating risks, and fostering safer digital experiences by requiring verifiable parental consent.
Key Provisions of the Draft Rules
The Draft Data Protection Rules Need Due Diligence and Explicit Parental Consent to Process Children’s Data. It proposes a number of crucial steps for executing the parental consent requirement including:
Extent and Scope
The rules apply to all online services processing children’s personal data, including social media, gaming platforms, e-commerce sites, and educational apps.
Verification Mechanisms
Data fiduciaries are to employ robust mechanisms to verify the identity and age of the individual providing parental consent. These mechanisms can include measures such as reliable identity verification through government-issued IDs along with the use of digital tokens or certificates from authorized entities like DigiLocker.
Defined Responsibilities for Data Fiduciaries
To ensure that the parental consent is verifiable and given by an adult, avoiding processing personal data beyond what is necessary for the provision of services, and respecting the child’s right to withdraw parental consent is required according to the draft rules.
“A Data Fiduciary shall take appropriate technical and organisational measures to ensure that verifiable consent of the parent is obtained before the processing of any personal data of a child”, the draft rule stated.
As stated in the rules, entities shall process and use personal data only when people have provided their consent to the consent managers that will be entities entrusted to manage records of consents of people and the data fiduciaries shall store the data only for such period of time as has been given by providing consent and after that, the same has to be deleted. The draft rules do mention the suspending or cancelling of a consent manager’s registration in cases of repeated offenses.
Challenges in Implementation
The draft rules, while designed to make a safer digital space for children, pose significant challenges such as:
Technical Feasibility- This implies that developing systems for accurately verifying the age and identity of a user in a way that can serve many users simultaneously might demand a lot of money, time, and technical resources. This may pose a big challenge to small firms or smaller-scale platforms since they have relatively more limited budgets and infrastructure as compared to the big organizations.
Parental Digital Literacy- In a country like India, with uneven levels of digital literacy, parents may not easily understand and enforce these rights.
Industry Readiness- This implies that the tech industry must find a method that allows it to stay within the law and comply with all regulations, yet still allow users to easily find their platforms convenient to use. Balancing both factors might require redesigning or modifying its system and processes to align with new legal requirements without making user experience complicated or frustrating.
Striking a Balance
To balance children’s privacy with seamless digital interactions, the draft rules emphasize cooperation among government, industry, and civil society for practical solutions, awareness campaigns for educating parents and children on data protection rights, innovation in technology like AI utilization for effective and user-friendly age verification and a constant review in light of challenges evolving with time.
When discussing the settlement of disputes in civil cases, understanding the Legal Implications under Order XXIII Rule 3 CPC is essential. This rule provides a comprehensive framework for resolving cases through compromise. For more insights, refer to our detailed blog on Legal Implications under Order XXIII Rule 3 CPC.
Conclusion
India’s DPDP Act takes a distinct approach by applying the law to everyone under 18 years, which means the protection is more or less uniform over a wider age group. This marks a landmark step in regulating children’s online presence in India. The Public and Industry reactions are that of mixed including that of parents, children, legal experts, tech companies etc, the cause of which are the practical challenges like mass user verification and questions regarding the restrictiveness of the 18-year age threshold given teenagers’ digital maturity. DPDP rules underpin India’s commitment to children’s digital rights. Their effectiveness is dependent on the strength of its implementation, cooperation, and balance, reminding that the young minds are something the society should protect.
