The recently proposed draft rules of India’s Digital Personal Data Protection Act (DPDPA) have sparked a debate. The discussion focuses on how parental consent should be obtained for children’s data. The DPDP Act aims to protect children’s personal data by ensuring platforms gain verifiable parental consent. However, concerns arise about its practicality and potential negative impact on privacy and security.
Understanding the Parental Consent Requirement
The DPDP Act acknowledges that children under 18 need extra protection when it comes to their personal data, as they might not be fully capable of managing digital risks. To address this, the law requires platforms to obtain verifiable parental consent before collecting data from minors. However, the draft rules have raised several issues regarding the process and its implications for both minors and adults.
Concerns Over the Draft Rule’s Approach
The main concern with the draft rules is its rigid approach to obtaining the consent of parents. Rule 10 outlines only two methods: if parents are already registered users, platforms can use their existing data to confirm consent. Alternatively, they must use a digital locker service or other government-approved entities. This aims to streamline the process but leaves room for confusion. It could expose platforms to liabilities when verifying parental claims.
Moreover, the lack of clarity on how to establish a parent-child relationship for this process only adds to the confusion. Platforms may be held responsible if a minor accesses services without appropriate parental consent, raising concerns about compliance and the extra burden on digital service providers.
Challenges for Platforms and Minors
Additionally, these regulations might push platforms to implement age verification measures for all users, as part of the due diligence required to ensure that no minors access content without parental consent. This requirement could impact user experience, complicating access to online services and raising questions about privacy.
While the DPDP Act’s intention to safeguard children’s data is clear, the current draft rules might need to be revisited to address the complexities surrounding parental consent. More flexible and clear guidelines could help balance safety with ease of access to services for all users.
Source: The Hindu