Don’t miss the latest developments in business and finance.
Home / Industry / News / MeitY lets tech firms, data fiduciaries decide on parental consent methods
MeitY lets tech firms, data fiduciaries decide on parental consent methods
The Ministry of Electronics and Information Technology has urged tech firms to adopt advanced methods for obtaining parental consent while allowing them to determine the best practices independently
The Union Ministry of Electronics and Information Technology (MeitY) has asked big tech companies to follow the best possible technology to comply with the parental consent norm, according to a Financial Express report quoting sources. Similarly, data fiduciaries (those who determine the purpose and means of processing personal data) have also been asked to decide on the parental consent framework themselves for processing children’s personal data.
The development indicates that the government will not provide any modalities around the parental consent norm. This is in line with global norms as several developed nations, including the US, have left it to the data fiduciaries to use a relevant technology for the purpose. However, if any user complaint regarding parental consent comes to notice, the government may step in to assess what kind of steps were followed by the platforms to comply with the norm.
Parental consent mandate
Platforms were mandated to get parental consent before using the data of children below 18 years of age through the Digital Personal Data Protection (DPDP) Act, which was passed last year. The Act, however, did not specify what method could be adopted to comply with the parental consent norm.
Meanwhile, industry stakeholders have said that they could ask for additional time from the government to comply with the norm as it would require ‘architectural changes’. Notably, educational institutions, health establishments, and certain government entities have been exempted from the restrictions on the processing of children’s data, sources told FE.
The DPDP Act regulates the processing of the digital personal data of its citizens. According to the DPDP Act, companies can be booked for a data breach if they use data for any other purpose than for which it was originally collected. Under the Act, a penalty of up to Rs 250 crore can be levied on the company in case of any incidents of data breaches and non-compliance.