banner image banner image
 

New rules tighten child data privacy on social media

The Indian government has recently unveiled draft rules under the Digital Personal Data Protection Act 2023, placing a strong emphasis on safeguarding children's online privacy. A key provision mandates that companies must obtain verifiable consent from a child's parent or legal guardian before processing any of their personal data. This measure aims to enhance data security across various platforms, including social media and other online services.

The draft rules, once finalized and officially notified, will come into effect. The government has provided a public comment period until February 18, 2025, inviting feedback on the proposed regulations.

To ensure compliance, the draft rules require Data Fiduciaries – entities responsible for handling personal data – to implement robust technical and organizational measures. These measures must guarantee that the consent obtained from parents is verifiable and that the individual claiming to be the parent is indeed an identifiable adult.

The draft rules outline four specific scenarios to illustrate the process:

Case 1:

If a child (C) informs the Data Fiduciary (DF) about their age, the DF must enable the child's parent (P) to verify their identity through the platform's website, app, or other suitable channels.
If the parent identifies themselves as an existing registered user on the DF's platform and has previously provided their identity and age details, the DF must verify the authenticity of these previously submitted details before processing the child's personal data for account creation.
Case 2:

If a child (C) informs the DF about their age, the DF must enable the child's parent (P) to verify their identity through the platform's website, app, or other suitable channels.
If the parent identifies themselves as a new user on the DF's platform, the DF must verify their identity and age using reliable sources such as:
Identity and age details issued by a government entity or an entity legally authorized to maintain such records.
A virtual token linked to the aforementioned identity and age details.
The parent may optionally provide these details through a Digital Locker service provider.


Case 3:

If a parent (P) identifies themselves as the parent of a child (C) and informs the DF that they are an existing registered user on the platform, the DF must verify the authenticity of the parent's previously submitted identity and age details before processing the child's personal data for account creation.
Case 4:

If a parent (P) identifies themselves as the parent of a child (C) and states they are not a registered user on the DF's platform, the following steps must be taken before processing the child's personal data for account creation:
Verification of Parental Identity: The DF shall verify P's identity and age. This can be done by referencing:
Identity and age details issued by a government entity or an entity legally entrusted with maintaining such records.
A virtual token mapped to the aforementioned identity and age details.
Optional Use of Digital Locker: P may voluntarily provide the necessary identity and age details through a Digital Locker service provider.

Also Read: Zenith Digital Unplugged: New rules for Influencer engagement – Know Hows

Related Items
Media
2 MINUTES TO READ
@adgully

News in the domain of Advertising, Marketing, Media and Business of Entertainment

Related Items