Data Protection for Minors

3
Data Protection for Minors

News Highlight

The principles of the ‘best interests of children’ and ‘more responsibility on platforms’ should inform India’s approach to data protection for minors.

Key Takeaway

  • The drafted Digital Personal Data Protection (DPDP) Bill, 2022 currently requires parental approval for any data processing activities conducted by children, defined as anyone under 18.

Personal Data Protection Bill, 2019

  • About
    • The Personal Data Protection Bill 2019 was introduced in Lok Sabha by the Minister of Electronics and Information Technology.
    • The Bill seeks to provide for the protection of the personal data of individuals.
    • The Bill governs the processing of personal data by:
      • Government
      • Companies incorporated in India
      • Foreign companies dealing with the personal data of individuals in India

Current regulatory framework

  • Classification of minors
    • The age of the majority in India is 18 years, according to the Indian Majority Act of 1875.
    • A person under 18 is considered a minor, and the term “minor” is used in most legal concepts in India.
  • United Nations Convention on the Rights of the Child
    • India has ratified the United Nations Convention on the Rights of the Child (UNCRC).
    • Article 16 of the UN Convention on the Rights of the Child prohibits arbitrary or unlawful interference with a child’s privacy, family, home, or correspondence.
    • Because India is a signatory to the UNCRC, it has undertaken to incorporate these principles into its legislation.
  • Privacy laws
    • In India, there is currently no comprehensive data privacy law.
    • However, there are restrictions governing the sharing and processing of personal data, including sensitive personal data, under the Information Technology Act of 2002 (i.e. the Information Technology Rules, 2011 (SPDR)). 
    • Compared to other data privacy legislation, such as the GDPR of the European Union, the SPDR is less extensive.

Provisions in the Bill

  • The protection offered to minors under the PDP Bill is in addition to the PDP Bill’s normal data privacy controls.
  • A data fiduciary is described in the PDP Bill as a person in charge of determining the purpose and means of processing another person’s personal data.
  • Data fiduciaries are regulated regarding children’s personal data under the provisions of the PDP Bill.
  • The important protections granted to children are outlined below:
    • a. Children’s interests: The PDP Bill requires the data fiduciary to process a child’s personal data in a way that preserves the child’s rights and is in the child’s best interests.
    • b. Consent: The PDP Bill requires a data fiduciary to obtain the consent of a child’s parent/guardian.
      • In addition, verify the child’s age before processing the child’s personal data.
    • c. Restrictions: The PDP Bill bans data fiduciaries from profiling, tracking, behaviorally monitoring, or advertising to children.
      • It also typically bans any other processing of personal data that could endanger a kid.
    • d. Guardian data fiduciary: The PDP Bill further states that a data fiduciary that maintains commercial websites or online services directed towards children, or processes large volumes of personal data of children, can be categorised as a ‘guardian data fiduciary’.

Criticism and drawbacks

  • Concerning preserving children’s rights, the PDP Bill distinguishes between minors and non-minors.
    • The PDP Bill has linked the idea of a minor with that of a child, so there is no distinction under the PDP Bill’s provisions between a toddler, a pre-teen, and a young adult.
    • Although this approach is consistent with the UN Convention on the Rights of the Child, which classifies anybody under 18 as a child.
    • It may be necessary to reconsider today’s digital environment.
  • The PDP Bill mentions an age verification system for youngsters.
    • While the particular technique of age verification has yet to be established, its execution would undoubtedly be challenging.
    • An age verification system, for example, may demand the submission of identity proof or other sensitive documentation, which must be securely stored online.
  • The PDP Bill also restricts the handling of children’s personal data.
    • However, the nature and scope of these limits must be determined.
    • A blanket ban on all types of data processing could generate problems in business, particularly for services geared at minors.

Conclusion

  • There has been a massive surge in applications aimed towards youngsters during the last two years.
  • There has been a surge of EduTech apps, which should theoretically bear more accountability because they process children’s data.
  • Instead of creating a new category, we recommend that such fiduciaries collecting children’s data or delivering services to children be regarded as significant data fiduciaries’ who must implement additional compliance procedures.

Pic Courtesy: The Hindu

Content Source: The Hindu

Read More…

0
Created on By Pavithra

Let's Take a Quiz

1 / 1

Consider the following statements:

1. The Minister of Science and Technology introduced the Personal Data Protection Bill 2019 in Lok Sabha.

2. The age of the majority in India is 21 years, according to the Indian Majority Act of 1875.

3. India has ratified the United Nations Convention on the Rights of the Child (UNCRC).

Which of the given statements is/are correct?

Your score is

The average score is 0%

0%

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *