Service providers are exempt from obtaining verifiable parental consent and from the restrictions on tracking and behavioral monitoring for determining the real-time location of a child, as per the finalised Digital Personal Data Protection Rules, 2025 (DPDP Rules, 2025). This is one of the few additions to the rules regulating children’s data. This processing activity is limited to real-time location tracking in the interest of a child’s safety and protection.
The DPDP Rules operationalise the Digital Personal Data Protection Act, 2023. Under this Act, platforms must obtain verifiable parental consent before processing the data of anyone under the age of 18 (classified as children under the Act). Platforms must also implement technical and organisational measures before processing a child’s data, the rules state. The requirements for children’s data processing go into effect 18 months from now.
Besides restricting platforms from processing the data of users under 18 without parental consent, the DPDP Act also restricts platforms from carrying out tracking or behavioral monitoring of such users. If the central government believes that certain platforms are processing data in a “verifiably safe manner,” it can exempt them from seeking parental consent and also allow them to track children. The government can also exempt specific purposes for which data processing will be allowed.
How will platforms go about obtaining verifiable parental consent?
Platforms must observe due diligence to ensure that an individual providing verifiable parental consent is an adult. Companies can rely on the following methods to verify parents:
- Age and identity information already present with the platform: This applies when the parent is already a user of the platform the child wants to join. For instance, if a parent who is already a YouTube user wants to set up a YouTube Kids account for their child, the platform can rely on the information submitted during registration to verify age and identity. The platform must confirm that the person coming forward as a parent is an adult.
- Voluntarily provided age and identity information: If the parent is not already a user, the platform can ask them to voluntarily provide age and identity details.
- Token mapped to the age and identity of the parent: Another option is a token linked to the parent’s age and identity. This token will be issued by:
- An entity entrusted by law or by the Central or State Government with maintaining such details;
- A person appointed or permitted by such an entity to issue the token;
- Digital locker service providers, including corporate or government agencies.
What has changed with the parental consent process?
One of the key changes in the rules surrounding children’s data processing is that all the illustrations explaining how platforms will verify parents’ identities have been updated. For the first two methods—using age and identity…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
