
The central government has introduced the draft Digital Personal Data Protection (DPDP) Rules, mandating that children under 18 must secure parental consent to create social media accounts. Released on Friday, the draft stipulates that data fiduciaries adopt suitable technical and organizational measures to verify parental consent before handling a child’s personal data. It also emphasizes the importance of due diligence in this process.
While the draft outlines these requirements, it does not specify penalties for non-compliance. The notification states that the proposed rules are issued under the powers granted by sub-sections (1) and (2) of Section 40 of the Digital Personal Data Protection Act, 2023. Stakeholders have until February 18, 2025, to submit feedback via the government’s Mygov.in portal.
The draft further specifies that entities collecting data must ensure that individuals claiming to be parents are identifiable adults, verified through official identity documents or government-issued digital tokens. These safeguards aim to confirm the authenticity of parental consent, especially for platforms categorized as data fiduciaries, such as social media, e-commerce, and online gaming services.
Additionally, the draft includes provisions for enhanced consumer rights. It allows individuals to request the deletion of their data and seek transparency about how and why their data is collected. A maximum penalty of ₹250 crore is proposed for breaches by data fiduciaries, ensuring accountability.
A maximum penalty of ₹250 crore is proposed for breaches by data fiduciaries, ensuring accountability.
The rules categorize "e-commerce entities," "online gaming intermediaries," and "social media intermediaries" as key players in the digital ecosystem, each subject to specific guidelines. Social media platforms, for instance, are defined as intermediaries that enable user interactions, content sharing, and modifications.
To enforce compliance, the government plans to establish a Data Protection Board, a digital regulatory body that will conduct remote hearings, investigate breaches, impose fines, and oversee consent managers. These consent managers, responsible for managing data permissions, must register with the board and maintain a minimum net worth of ₹12 crore.
Recognizing the need for inclusivity, the draft also includes exemptions for educational institutions and child welfare organizations, reducing compliance burdens for entities that serve children’s needs.
The Ministry of Electronics and Information Technology (MeitY) encourages public participation in shaping the rules, highlighting their commitment to safeguarding personal data while fostering accountability among data-handling entities.
(Input from various sources)
(Rehash/Sai Sindhuja K/MSM)