Centre releases draft of data protection rules; mandates parental consent for children’s social media accounts
According to the draft rules under the Digital Personal Data Protection Act, 2023, released by the Ministry of Electronics and Information Technology (MeitY) on Friday, children under 18 will now require parental consent to open social media accounts.
Public feedback invited
The government has invited public objections and suggestions on the draft rules via its citizen engagement platform, MyGov.in. Feedback will be accepted until February 18, 2025, and considered before finalizing the regulations.
Stricter safeguards for children and vulnerable groups
The draft emphasizes enhanced protections for children and individuals with disabilities under lawful guardianship. Data fiduciaries—entities responsible for handling personal data—are mandated to obtain parental or guardian consent before processing the personal data of minors. To verify consent, fiduciaries must utilize government-issued IDs or digital identity tokens, such as those linked to Digital Lockers.
Educational and welfare exemptions
Educational institutions and child welfare organizations may receive exemptions from certain provisions to reduce administrative burdens while ensuring continued service to children.
Strengthened consumer rights
The draft rules propose additional rights for consumers, including:
- The ability to request the deletion of personal data.
- Transparency from companies about the purpose of data collection.
- The right to challenge data collection practices and seek clarifications on data usage.
Accountability measures and penalties
To enforce compliance, the draft rules introduce penalties of up to Rs.250 crore for breaches. These penalties aim to strengthen accountability among data fiduciaries and safeguard user privacy.
Guidelines for Digital Intermediaries
The draft defines critical digital intermediaries, including:
- E-commerce platforms
- Online gaming intermediaries
- Social media platforms are identified as intermediaries facilitating user interaction, content sharing, and information dissemination.
Specific guidelines are outlined for each type of intermediary to ensure regulatory compliance.
Establishment of the Data Protection Board
A fully digital Data Protection Board will oversee the implementation and enforcement of these rules. Key responsibilities of the Board include:
- Conducting remote hearings
- Investigating data breaches
- Enforcing penalties
- Registering and overseeing consent managers
Consent managers, tasked with handling data permissions, must register with the Board and maintain a minimum net worth of Rs.12 crore.
Focus on technical and organizational safeguards
The rules mandate robust technical and organizational measures for data fiduciaries, particularly when handling data of vulnerable groups such as children.
Provisions for exemptions
Exemptions are included for specific scenarios, such as educational uses, to avoid imposing undue burdens on institutions serving children’s needs.
These comprehensive draft rules aim to enhance data privacy, protect vulnerable groups, and ensure transparency and accountability in the digital ecosystem.
For all the latest updates, download PGurus App.
Can that given approval can be cancelled ? Is there any provision ? For Instagram sells soft porn & vulgar content, to poison kids / youngster & adults (all included), does India has anything to STOP it ?
Instagram has content promoting same gender sex / transgender content, does govt of India know this ? or Babus themselves subscribing to it ?