Experts highlight challenges in implementation of recently proposed Digital Personal Data Protection rules for minors’ safety

The Ministry of Electronics and Information Technology recently released the draft of the Digital Personal Data Protection (DPDP) Rules mandating verifiable parental consent for minors to open social media accounts.

Though the thought of protecting children online is a positive step, the foundation of this rule seems shaky given the number of variables involved in ensuring that a child provides authentic information and how much the parents are digitally literate.

But all is not doom and gloom as this could be the best option.

According to the draft proposed on Jan 3, the Union government mandates verifiable parental consent for children under 18 to open social media accounts.

The rules are at present there for public consultation until Feb 18 which represents India’s most ambitious attempt yet to protect children.

However, experts are of the view that the effectiveness of these measures depends on the honesty of young children and whether they can be trusted with voluntary identification or not. Technology lawyer Gowree Gokhale raised the core flaw of the rule asking what happens if a child does not provide the correct age, reports Hindustan Times.

Under Section 9 of the Digital Personal Data Protection Act, data fiduciaries must obtain “verifiable consent” from parents or lawful guardians before processing the data of anyone under 18.

It also prohibits processing data that could harm children, targeting them with ads, or behavioral tracking. On non-compliance, the Data Protection Board can impose penalties up to ₹200 crore.

Although the framework of the rules is comprehensive, its implementation is dependent on ‘self-declaration.’

“This typically may not work as who will say no to it, thereby failing the government’s stated objective of providing a safe online environment for children,” Aprajita Rana, partner at AZB & Partners was quoted as saying.

“The only scenario where this works is if the parent is either sitting with the child as the account is created or creates the account on their behalf,” she added.

Siddharth P, co-founder of the Rati Foundation, noted that age-gating mechanisms may result in societal inequities.

“Our research shows that girls in India often have less access to digital services. Age-gating codifies permission-seeking behavior, potentially excluding them from digital spaces,” he said.

Compared to rules in countries like the USA, the draft appears to be one of the strictest for children’s data protection. In the United States, COPPA determines anyone under the age of 13 as children, while the European Union’s GDDPR allows the member states to set the digital age of consent between 13 and 16.

On the other hand, India considers anyone under the age of 18 a minor and mandates parental consent for the same. Despite the strict measures, age verification does remain challenging.

Social media platforms like Meta’s Instagram have also laid out features where one needs to declare age through photo IDs and video selfies. Still, these mechanisms do not prove to be foolproof.

The rules further raise concerns over data monetization as the age verification process creates a new database linking the online behaviors of children and parents. Moreover, the lack of clarity in defining what is harmful content for minors can risk preventing access to important educational and historical information.

Social media platforms often face logistical issues in implementing parental consent as big companies may use existing data for verification, but smaller ones would have to rely on government IDs or third-party digital locker services (DLSPs).

Furthermore, the rules do not impose restrictions on data collection on healthcare providers, educational institutions, and childcare centers, which may have unexpected consequences as any healthcare provider could collect parental consent for a minor which would allow inadvertent targeted advertising.

While the government’s consultation process aims to address the challenges, experts have also argued that this may be the only viable option.

“Linking child accounts to verified adult accounts erodes anonymity but may be the only viable option to protect minors without compromising privacy for all users,” Rana was quoted as saying.

Eventually, what’s important is balancing online safety with privacy and accessibility and the government has a tough road ahead to refine the rules to ensure they are both effective and equitable.