The National Human Rights Commission (NHRC) has issued a notice to the Ministry of Electronics and Information Technology (MeitY) over alleged lapses in safeguarding children’s personal data across digital platforms, raising serious concerns about systemic violations of data protection laws.
The action follows a complaint based on a research report highlighting widespread non-compliance by social media, ed-tech, and AI platforms widely used by minors in India.
Systemic Violations In Child Data Protection
According to the NHRC, the report flagged large-scale and systemic violations, including:
- Continuous tracking and profiling of children
- Sharing of data with third parties without proper safeguards
- Lack of transparency in how children’s data is processed
The Commission observed that such practices expose minors to risks like surveillance, exploitation, and misuse of personal data.
The notice specifically raises concerns regarding violations of the Digital Personal Data Protection (DPDP) Act, 2023, particularly:
- Absence of systems to track children’s data transfers
- Lack of effective grievance redressal mechanisms
- Failure to implement mandatory data protection safeguards
While some provisions like parental consent have a phased compliance window, key obligations such as data security and complaint systems are required to be implemented immediately.
Apart from MeitY, notices have also been sent to:
- Ministry of Home Affairs
- Ministry of Education
- Ministry of Communications (DoT)
The NHRC has sought a detailed Action Taken Report (ATR) within 15 days, asking authorities to clarify compliance measures and enforcement steps.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
SIM Card Issuance To Minors Raises Concerns
A key issue flagged by the Commission is the lack of clarity around SIM card registration for minors. Authorities have been asked to explain the regulatory framework governing issuance of SIM cards in children’s names, as current data on such registrations remains unclear.
The report cited several widely used platforms—including social media, AI tools, and ed-tech services—as potentially non-compliant with child data protection norms.
These platforms were found to be following global age standards (such as 13+) instead of stricter Indian legal requirements, leaving a significant segment of minors inadequately protected.
Legal Framework And Enforcement Push
The NHRC has directed authorities to ensure strict enforcement of multiple laws, including:
- Digital Personal Data Protection Act, 2023
- Information Technology Rules, 2021
- Juvenile Justice Act, 2015
- POCSO Act, 2012
- Right to Education Act, 2009
The Commission emphasised that failure to enforce these laws effectively could amount to a serious violation of children’s fundamental rights.
Growing Concern Over Children’s Digital Safety
The development reflects rising regulatory scrutiny over how digital platforms handle children’s data in India’s rapidly expanding online ecosystem.
Experts note that children are particularly vulnerable to data exploitation, algorithmic profiling, and targeted manipulation, making robust safeguards and enforcement mechanisms critical.
By issuing notices and seeking time-bound responses, the NHRC has signalled a stronger enforcement stance on child data protection and digital platform accountability.
The matter is expected to have wider implications for compliance standards across tech companies operating in India.
About the author – Rehan Khan is a law student and legal journalist with a keen interest in cybercrime, digital fraud, and emerging technology laws. He writes on the intersection of law, cybersecurity, and online safety, focusing on developments that impact individuals and institutions in India.
