Big techs seek relaxations from parental consent norm of data law

The provision was one of the most contentious issues during the public consultations on the bill

Big Tech platforms are likely to engage with the government on the issue of parental consent for processing children’s data under the Digital Personal Data Protection Act, 2023. According to sources, this provision has raised concern about  “unintended consequences” for digital inclusion, privacy, and children’s safety.
 

The law mandates platforms to obtain “verifiable consent” from a parent or legal guardian before processing personal data of users under the age of 18. This provision was one of the most contentious issues during the public consultations on the Bill.

While the clause is now enacted, tech majors are expected to seek relaxation in the rule book, with the Centre prescribing the methods of implementation and potential exemptions.  

“Verifiable parental consent is one of the most worrying obligations. It could expose the child and the parent to significant risks. It may burden Indian users with the demanding task of submitting ID documents to multiple applications (apps) with varying security practices. It’s a strange way to address safety concerns and appears to be a case of overregulation,” said a senior industry executive.
 

In the same Section addressing the processing of children’s personal data, the law also prohibits tracking or behavioural monitoring of children and targeted advertising aimed at them.
 

The executive said this could turn counterproductive by blocking some child safety features.

Certain social media platforms employ behavioural data tracking combined with artificial intelligence models to prevent unknown adults from messaging children and to thwart predators from approaching minors.

According to an executive, a blanket ban on monitoring could disable this functionality. He also noted that blocking targeted advertising might expose children to irrelevant and inappropriate advertisements.

He added that “hundreds of millions of teenagers are teaching their parents how to effectively use computers. Disempowering young people like this is a flawed idea, particularly harming girl children, who often have unequal access to information and communications technology. Overall, verifiable parental consent is an inappropriate approach to regulating the internet”.

“The parental consent provision would entail collecting huge amounts of personal data such as ID proofs to verify age of users and the relationship between a parent and child. This contradicts the fundamental objective of privacy laws, which is data minimisation,” said another industry source.

Email queries sent to Google, Meta Platforms (formerly Facebook), and Amazon did not yield any response until the time of going to press.

“We are committed to maintaining a trusted and professional platform, and we respect the laws applicable to us in the countries where we operate. As with any new legislation, we are reviewing it to grasp the implications for our members and businesses,” said Aditi Jha, director and country lead for legal, public policy, and economic graph at LinkedIn India.

During the public consultations, several stakeholders called for lowering the minimum age for consent for data processing to 16 years, aligning with laws in other jurisdictions.

In the US and the UK, individuals over the age of 13 can provide consent for personal data processing.

In the final version of the Bill, the government introduced a clause that could potentially exempt certain categories of platforms from the requirement of consent.

However, Rajeev Chandrasekhar, Union Minister of State for Electronics and Information Technology, stated that social media platforms will not qualify for such an exemption.

“We have stated that if there are platforms that are extraordinarily focused on creating child-safe zones on the internet, then they may apply for an exemption. None of the social media platforms will qualify for it because they don’t do any know-your-customer, and they are unaware of who’s using their apps, and anonymous use abounds,” the minister said in an interview with Business Standard.

The Concerns

• Verification maximises data collection, posing privacy risks
• Likely to decrease digital access to girl children
• A ban on monitoring could disable child safety functions
• Children could be exposed to inappropriate advertisements