The Ministry of Electronics and Information Technology has announced new rules mandating parental consent for children to join social media platforms, as part of the Digital Personal Data Protection Act 2023. The proposed guidelines require data fiduciaries—entities such as e-commerce companies, social media intermediaries, and gaming platforms—to obtain verifiable parental consent before processing any personal data of children.
Under the act, data fiduciaries must provide clear and comprehensive information to users (referred to as data principals) about the processing of their personal data. This includes a detailed description of the personal data being collected, the purpose of processing, and the goods or services offered.
To ensure accountability, data fiduciaries must appoint a Data Protection Officer (DPO) or a designated individual to address queries from data principals regarding their personal data and establish a grievance redressal system to handle complaints from data principals effectively.
The rules specify that data fiduciaries must adopt technical and organisational measures to verify parental consent before processing a child’s personal data. These measures include ensuring that the individual identifying as a parent is an adult, verifiable through reliable identity and age details provided to or maintained by the data fiduciary. Alternatively, the verification can utilise a virtual token issued by a Digital Locker service or an authorised entity entrusted by the Central Government.
The guidelines also state that if a data fiduciary identifies a user as a child, the platform must enable the child’s parent to verify their identity through the app, website, or other means. Following verification, the parent must either confirm their association with the child’s account or provide the necessary identity and age details issued by an authorised entity.
In case of grievances, data fiduciaries are required to install a redressal mechanism to address complaints raised by data principals. The measures ensure that data principals, including parents, have an avenue to seek clarity and resolution regarding their personal data or that of their child.
The Ministry emphasised that these provisions aim to safeguard the personal data of children and ensure transparency and accountability in how data fiduciaries process such information. The initiative aligns with the broader objective of creating a secure digital environment that prioritises the rights and privacy of users, especially vulnerable groups such as children.
Also Read: SC Empowers Tribunals to Reclaim Property for Senior Citizens Under 2007 Act
