Data Privacy and the Child

Context: As a reworked version of the Digital Personal Data Protection Bill, 2022 (DPDP Bill) reaches Parliament, it is prudent to talk about one demographic that often receives less attention in the conversation on data privacy — i.e. children. Why focus on children?
  • Significant mark-up population- Children constitute a significant portion – about of 15 per cent — of active internet users in India.
  • Wider scope of engagement– Online activities popular amongst children are no longer limited to e-learning or gaming, but also include activities such as content creation using popular social media platforms.
  • Ensuring safety – With children becoming increasingly reliant on digital services, ensuring their online safety and privacy has become vital. This makes it crucial for India’s data protection law to tailor requirements to protect the interests and rights of children.
Issues with the law in place:
  • Difficult to freely access- Obligating all entities to obtain parental consent for every individual below 18 years before processing their data will make it extremely onerous for young adults and adolescents to freely access the internet.
  • One rule for all principle – The DPDP’s formulation also disregards the nuance that children at different stages of their development may need varied supervision.
  • Questions on verification of age- There are questions about how data processing entities will verify the age of children and obtain parental consent, given that these have been left to future implementation guidelines to determine.
Way Ahead:
  • Graded and risk-based approach- The Bill should adopt a graded and risk-based approach to processing children’s data.
  • Twin obligations– The Bill must lay down twin obligations before entities process children’s data — the first being age verification, followed by obtaining parental consent.
  • Adhere to data protection principles- To protect against misuse, the text of the DPDP Bill should clarify that mechanisms for age verification and parental consent must adhere to basic data protection principles and safeguards.

Leave a Comment