The central government has released a draft of the Digital Personal Data Protection (DPDP) rules. They have introduced significant measures to safeguard children’s online activities. As per the proposed rules, parental consent for kids below 18 will be needed to create social media accounts. This step aims to enhance data privacy. It also ensures greater accountability for platforms handling sensitive personal information.
The Ministry of Electronics and Information Technology (MeitY) published the draft rules under the Digital Personal Data Protection Act, 2023. The Act, which was passed by Parliament last year, is designed to establish a robust data protection framework in India.
The draft notification reads, “Draft of rules proposed to be made by the central government in exercise of the powers conferred by sub-sections (1) and (2) of section 40 of the Digital Personal Data Protection Act, 2023 (22 of 2023), on or after the date of coming into force of the Act, are hereby published for the information of all persons likely to be affected thereby.”
Provisions for Parental Consent
Under the proposed rules, platforms must ensure that parental consent for kids below 18. It will be needed for social media, e-commerce, and gaming platforms. The rules require platforms to verify the parent’s identity and age before processing the child’s data. This verification can be conducted using reliable identity and age information available with the platform. Or it can be via through voluntarily provided details or a virtual token issued by a government body. The draft rules further specify that the parent must be an identifiable adult.
Broader Implications for Platforms
The rules categorise platforms, including social media, e-commerce, and gaming platforms, as data fiduciaries. These entities are responsible for determining the purpose and means of processing personal data. Platforms will need to incorporate systems to verify the identity of parents or guardians before processing children’s data.
The framework also outlines provisions related to consent processing, data collection procedures. Provisions are also given for functioning of authorities under the DPDPA. The rules emphasise a comprehensive approach to data security. It focuses on reliable verification mechanisms to protect children’s sensitive information.
Penalties for Non-Compliance
To ensure strict adherence, the DPDP Act includes a provision to impose penalties too. There can be a fine of up to ₹250 crore on data fiduciaries that fail to comply with rules. This provision underscores the government’s commitment to safeguarding personal data and holding platforms accountable for breaches.
Public Consultation and Feedback
The draft rules are open for public consultation until February 18, 2025. Following this period, the feedback will be reviewed. Consequently, the government will implement the final version of the rules.
Prime Minister Narendra Modi, speaking in Parliament, emphasised the importance of the DPDP Act, stating, “DPDP Act will safeguard future generations.” The draft rules reflect this vision by focusing on robust verification mechanisms and parental oversight, ensuring that platforms prioritise the safety and privacy of children in India’s growing digital ecosystem.
By implementing these measures, the government aims to create a more secure and transparent environment for processing personal data, especially for vulnerable users like children. This initiative marks a significant step in aligning India’s digital policies with global data protection standards.
