How to protect children’s privacy in the limitless world of the Internet
Vijay Garg
The Indian Parliament finally passed the Digital Personal Data Protection Bill, 2023 after a decade-long nationwide discussion on data protection law. This was the third time, the previous two drafts of the bill were released in 2019 and 2022. However, there was no clear vision on protecting the privacy of children in any of the drafts. In short, the new law fixes the age of consent for online services at 18 years. Online if you are under The platform will have to take parental consent, failing which a hefty fine of up to Rs 200 crore can be imposed on it. However, the platform is prohibited from tracking the consumption behavior of the child when he/she uses the Internet after obtaining parental consent. This is where the difficulty lies. After all, how can an online platform prevent a child from being exposed to harmful or illegal content without monitoring their internet behaviour?
If the child is putting herself at risk of injury or other danger If this is happening, how will the platform be able to take preventive steps like informing parents or law enforcement agencies? The law sees parental consent as the last resort for verification. This thinking is, then, data from the National Sample Survey show that less than 40 per cent of Indians are digitally literate. As such, it is possible for children to give consent without their parents’ knowledge using their phone or e-mail. Not only this, rules like parental consent are not mandatory for some online forums are, and this exemption can be given to platforms like ‘education, skill, music websites, which take all kinds of precautions’ and ‘which are not social media platforms’.
But there is a problem with this too. First, the rule appears to run counter to the data minimization principle (platforms should only keep data for as long as is necessary to fulfill that purpose). But here it is not clear that how taking the ID of the parents will ensure the safety of the children while using the internet. Verification exemption by platform This law can increase red tapism in the growing digital economy in order to obtain the certificate. It is also not clear whether online platforms will have to apply to government authorities for every change to make their services more valuable to children. Furthermore, the rationale for singling out certain categories of online forums is not understood at the moment. The purpose of any online platform today is not entirely clear. For example, YouTube is probably the world’s largest provider of technical education platform, but the government can classify it as social media. As such, the law will not differentiate between entities that may offer equally strong protections when processing children’s data, but have either closed their doors or are unable to secure them for any other reason. Related verification certificate has not been taken. Its loss will also ultimately be to the young internet users of the country. In this case, steps could have been taken under the standards accepted by the United Nations Convention on the Rights of the Child which India has also signed.
The platform will have to be prepared for efforts such as default setting, location monitoring, risk awareness, issuing directives on harmful use of data. Then, the government is also free to blacklist platforms that violate the rules. Of course, children’s privacy in the world of the Internet is a global debate with no easy answers. But the stand we have taken on this issue is neither according to the reality of the country nor the challenges of the Internet.