New Delhi:
In a significant move to enhance data privacy, the Indian government has released draft rules under the Digital Personal Data Protection Act, 2023, which require social media platforms and other online services to obtain verifiable parental consent before processing the personal data of children. This development, announced on Friday, sets a new standard for protecting the digital rights of minors in India.
The draft Digital Personal Data Protection Rules, 2025, emphasize the importance of parental consent for children under 18 who wish to open social media accounts or use other online services. Data Fiduciaries, entities responsible for determining the purpose and means of processing personal data, must adopt stringent measures to ensure that parents’ consent is obtained and verified.
To implement this, the draft rules outline several scenarios where a child (C) seeks to create a user account on an online platform operated by a Data Fiduciary (DF). For instance, if a child informs the Data Fiduciary that she is a minor, the DF must enable the parent (P) to identify herself through the platform. The parent’s identity and age details must be verified either through previously registered information on the platform or by referencing identity and age details issued by a government-authorized entity or a virtual token mapped to the same.
The rules also specify that Data Fiduciaries must ensure due diligence in verifying the parent’s identity. This can be done through various means, including using services from a Digital Locker service provider. The draft rules provide four detailed scenarios to guide Data Fiduciaries in obtaining and verifying parental consent, ensuring that the process is robust and compliant with the new regulations.
The public has been invited to provide feedback on these draft rules until February 18, 2025. This period allows stakeholders to comment and suggest improvements before the rules are finalized and implemented. The Ministry of Electronics and Information Technology (MeitY) has made the draft rules available on its website, along with explanatory notes to facilitate understanding and ease of feedback submission.
In addition to the parental consent requirements, the draft rules mandate other significant data protection measures. These include the deletion of inactive user data after three years and the reporting of data breaches within 72 hours. Data Fiduciaries must also inform users about data breaches in a clear and concise manner, providing details such as the nature, extent, and impact of the breach, as well as the remedial measures being taken.
The Digital Personal Data Protection Act, 2023, which received presidential assent on August 11, 2023, aims to provide comprehensive protection for personal data in India. The Act and its accompanying rules are designed to ensure that individuals’ rights are respected and that data processing activities are conducted in a transparent and secure manner.
Trending
- Chicken Broilers: Supply Chain Disruption Causes Price Surge
- Vasco MLA urges resumption of Dev Darshan Yatra Scheme for Purna Mahakumbh
- Steve Jobs’ Wife Falls Ill At Maha Kumbh: “Never Been To Such Crowded Place”
- ‘In Difficult Times, India Always Willing To Help’: S Jaishankar In Spain
- Congress files complaint against former Chief Information Commissioner
- Councilors to come up with an unique Sign board showing availability of parking spaces/points at the congested Palolem beach
- Monty Panesar Calls For VVS Laxman To Take Over As Coach For Tests With Gautam Gambhir Continuing In ODIs and T20Is
- BCCI Implements Strict New Guidelines for Indian Cricketers and Their Families