Policy Watch
Protecting Children Online: DPDP Draft Mandates Parental Consent for Social Media and Gaming Access
The draft rules mandate parental consent for children to access social media and gaming platforms, aiming to protect minors’ data privacy. Key highlights include measures for secure data handling and verification systems for parental authorization.
The Ministry of Electronics and Information Technology (MeitY) has released draft rules for the Digital Personal Data Protection (DPDP) Act 2023, focusing on protecting children’s privacy and ensuring strict data governance.
These draft rules, now open for public consultation, focus heavily on safeguarding children’s personal data on digital platforms such as social media and gaming applications.
Key Proposals:
- Parental Consent for Minors: Social media intermediaries, e-commerce platforms, and gaming companies, categorized as data fiduciaries, are required to obtain verified parental consent before processing minors’ data. A parent or legal guardian must provide reliable proof of their identity and age through government-approved mechanisms or Digital Locker services.
- Illustrative Scenarios for Compliance: The rules outline specific cases where data fiduciaries must verify parental consent. For example:
- If a minor directly informs the platform about their age, the platform must enable the parent to verify their identity through an app or website.
- The parent must provide verifiable credentials, either through government-authorized tokens or other digital methods.
- Exceptions: Educational institutions, healthcare providers, and mental health professionals are exempt from obtaining parental consent under certain conditions, ensuring smooth and necessary access to services for minors.
- Transparency in Consent: Data fiduciaries must provide clear, easy-to-understand notices regarding the purpose of data collection, including withdrawal options for parents.
Rights and Responsibilities:
The draft rules empower users—referred to as “Data Principals”—with the right to know how their data is collected and used. Additionally, fiduciaries are obligated to publish grievance redressal mechanisms on their platforms, ensuring accountability and quick responses to user concerns.
Cross-Border Data Transfer:
The draft specifies that data transfer outside India is restricted. Only countries approved by the Central Government will be allowed to receive such data, ensuring compliance with stringent security and privacy standards.
Public Participation:
The government has invited citizens and stakeholders to provide feedback on these draft rules through the MyGov platform by February 18, 2025. This step is aimed at making the regulatory framework inclusive and effective.
International Context:
India’s move aligns with global trends in enhancing online safety for minors. Notably, Australia recently passed the Online Safety Amendment (Social Media Minimum Age) Bill 2024, which bans children under 16 from accessing social media platforms like Facebook, Instagram, TikTok, Snapchat, Reddit, and X. The legislation, effective from late 2025, aims to protect young people’s mental and physical health during crucial developmental years. Social media companies are required to comply within 12 months, facing significant fines for non-compliance.
Implications:
Once implemented, these rules promise enhanced digital security for minors, empowering parents to protect their children’s online presence. They also place accountability on platforms to ensure ethical handling of personal data.
The DPDP Act and its associated rules are expected to set new benchmarks for data privacy in India, bringing the country in line with global best practices while addressing the unique challenges posed by its digital ecosystem.
