The government should exempt minors aged 16–18 from the verifiable parental consent requirement under the Digital Personal Data Protection Act (DPDP Act, 2023) for SIM acquisition, the Cellular Operators Association of India (COAI) has argued in a recent statement. This comes after the government notified the Digital Personal Data Protection Rules earlier this month. These rules operationalise India’s data protection regime, with some sections coming into effect immediately.
One of the provisions of the DPDP Act states that companies must obtain verifiable parental consent before processing the data of anyone under the age of 18. Certain service providers, such as medical care providers and educational institutions, are exempt from this requirement. “With respect to minors (Rule 10), establishing verifiable consent for users below 18 years of age presents practical challenges and does not adequately reflect India’s diverse household structures or the digital autonomy encouraged under various government initiatives,” COAI highlights, urging the government to exempt SIM acquisition from this requirement.
The industry body mentions that it had demanded this exemption, and had highlighted several areas requiring further clarity during public consultations. It added that it is compiling detailed inputs on the DPDP Rules for the Ministry of Electronics and Information Technology (MeitY).
Other key telco concerns with the DPDP Rules:
Adopting a proportionate breach reporting model:
COAI argues that India should adopt a proportionate breach-reporting model, similar to the one used in Japan and several EU jurisdictions. It also emphasised the multiplicity of reporting requirements under the Information Technology Act (IT Act, 2000), the CERT-In directions, the DoT guidelines, and now the DPDP Act.
“CERT-In and the Data Protection Board may consider adopting a unified breach-reporting timeline, with a single trigger and a harmonised reporting window applicable across all digital and telecom entities,” the industry body suggests.
It adds that harmonised timelines and procedures would help avoid unnecessary duplication. A standardised reporting format, it explains, would also align with the “recent recommendations by the NITI Aayog panel, which has proposed overhauling the nation’s regulatory framework to promote ease of living and ease of doing business.”
Using a risk-based approach to access reasonable security:
Under Rule 6, companies must implement reasonable security safeguards to protect personal data from breaches, through measures such as access controls, encryption, and obfuscation. COAI suggests that, in the telecom context, the government should assess the effectiveness of these safeguards in a layered, risk-based manner.
“From a sectoral standpoint, mature network and system security controls already deployed by telecom service providers reduce the risk of unauthorised access,…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
