- Children below the age of 18 will need parental consent to use social media in India as per the Digital Personal Data Protection Act 2023.
- The Act will require safeguarding the personal information of children and young adults to protect their privacy and avoid misuse of data.
- Social media applications will have to verify the age of the child using it and obtain parental consent to permit access.
- The Act places three conditions on entities for processing children’s data: obtaining “verifiable parental consent”, not causing harm to children, and not tracking or monitoring children or targeting ads at them.
In today’s interconnected world, “data” is omnipresent. It serves as the lifeblood of informed decision-making and innovation across various domains. By analysing data, organisations can gain a deeper understanding of customer preferences, market trends, and operational efficiencies. This in turn leads to more effective strategies and improved products and/or services. With the rapid digitization of the world, social media data is key for various stakeholders.
However, with its power comes the responsibility to handle and protect this data, and the user’s privacy, ethically and securely. The Digital Personal Data Protection (DPDP) Bill, 2023 was introduced to hold major implications for businesses dealing with substantial amounts of personal data, especially that of children. Now that President Draupadi Murmu has given her assent, the DPDP Bill, 2023 in effect is the law of the land. With the introduction of the Digital Personal Data Protection Act 2023, India is going to see a massive shift in its approach to privacy and data protection.
Whom It Concerns
The Act particularly targets the giants of the tech world such as Google, Meta (the parent company of WhatsApp and Instagram), and similar players. These companies will be handed additional responsibilities, such as appointing a data protection officer, enlisting an independent data auditor, conducting data security assessments, and adhering to other regulations. Although, companies that can demonstrate that they process data in a ‘verifiably safe manner,’ may get an exemption. All these changes are aimed at bolstering online data security, a critical move given recent instances of data breaches and misuse.
The Main Beneficiaries: Children
One of the key aims of this newly passed Act is the emphasis on safeguarding the personal information of children and young adults. They are the one demographic that often receives less attention in the conversation on data privacy, even though constitute a significant portion of customers for major social media platforms and tech firms in India. The act stipulates that these companies must obtain consent from parents or legal guardians prior to utilising the personal information of individuals under 18. It also curbs the use of data in ways that could be detrimental to children and allows the government to permit data processing for the younger ones if it’s deemed safe. This measure intends to ensure responsible and careful handling of user data from major tech products.
What The Act Entails
Children constitute over 15% of active internet users in India. Online activities that are popular amongst children are no longer limited to e-learning or gaming but also include content creation using popular social media platforms. With their increasing reliance on digital services, ensuring their online safety and privacy has become vital. This makes it crucial for India’s data protection law to tailor requirements to protect the interests and rights of children. The DPDP Act considers people under the age of 18 to be minors. It places three conditions on data processing entities for children’s data: obtaining “verifiable parental consent”, not causing harm to children, and not tracking or monitoring children or targeting ads at them.
Although, instead of adopting blanket age-gating of children, the government should lower the age for certain digital services which may not carry significant privacy risks. These could include services like web search, online encyclopedias, and other sites which children may access for educational purposes. While services like video-streaming or e-commerce platforms can carry a strict age restriction mechanism. The current text of the Bill is ambiguous about when and how entities would verify the age of a child. To protect against misuse, the Act should clarify that the mechanisms for age verification and parental consent must adhere to basic data protection principles and safeguards.
In the coming months and years, India will debate laws and policies to regulate different layers of the internet. The DPDP Act proves to be an important step in the right direction by creating these guardrails for an open, safe, trusted, and accountable internet for India’s younger generation.