The Central Government is set to introduce stricter regulations for children using social media under the proposed Digital Personal Data Protection Rules. Unveiled by the Ministry of Electronics and Information Technology (MeitY), the draft rules—part of the Digital Personal Data Protection Act—were initially tabled in Parliament in August 2023. The government is now seeking public feedback on the draft via MyGov.in until February 18, 2025, after which the responses will be reviewed and further discussions will take place.
Mandatory Parental Consent for Minors
A key highlight of the draft is the mandatory parental consent requirement for minors under the age of 18 who wish to create social media accounts. This move is aimed at bolstering the protection of children’s personal data and enhancing safeguards against potential misuse. In addition to children, the draft also outlines specific protections for individuals with disabilities.
The government’s proposal reflects a growing global trend toward stricter regulations on how digital platforms handle personal data, particularly for vulnerable groups such as minors.
Confidentiality of Public Feedback
According to MeitY, all feedback provided during the public consultation period will remain confidential. The government is focused on ensuring transparency while safeguarding the privacy of individuals and institutions contributing to the discussion.
Institutional Obligations for Data Protection
The draft rules place significant responsibilities on institutions handling personal data, including social media platforms, financial organizations, and websites. Key obligations include:
- Notification of Data Breaches:
In case of a data breach, institutions will be required to inform affected individuals promptly. The notification must include details about the nature of the breach, the time and location of the incident, potential consequences, and recommended preventive measures. - Parental Consent Verification:
Organizations managing personal data for minors must implement a digital token-based consent mechanism to verify parental approval before allowing children to open social media accounts. - Flexibility for Educational and Child Welfare Institutions:
While stricter rules will apply to commercial platforms, the draft offers flexibility in compliance for educational institutions and child welfare organizations to avoid unnecessary regulatory burdens.
Consent Managers and Data Protection Board
The draft rules also introduce the concept of consent managers, who will act as intermediaries ensuring that user consent is obtained and managed securely. These consent managers will need to register with the Data Protection Board and meet a minimum net worth requirement of Rs 12 crore.
Furthermore, the framework for the Data Protection Board, including the roles and responsibilities of the Chairperson and members, will be outlined in subsequent regulations.