The draft rules of the Digital Personal Data Protection Act reaffirm that children under 18 will require the verifiable consent of parents or guardians before accessing social media platforms.
To be clear, the DPDP Act, which was passed in Parliament in August 2023, laid down this provision. However, the Act did not specify how the verification was to be done.
The draft rules, which are open for public consultation until February 18, require a child’s age to be verified against a government-mandated ID or a token verified and made available by a Digital Locker service provider.
An illustration provided in the DPDP Rules on the processing of children’s data goes like this: If a child (C) wants to create a user account, the Data Fiduciary (DF) must verify parental consent.
In this case, the parent (P) identifies herself and confirms she is a registered user with verified identity and age details already available with DF. Before processing the child’s data, DF must confirm the reliability of the parent’s identity and age records.