MeitY may not prescribe tech measure for parental consent under data protection rules

MeitY May Not Prescribe Tech Measure for Parental Consent Under Data Protection Rules

With the government not prescribing a specific technical measure for the consent framework, India would follow global regulations where a particular technology is not specified for gathering the consent of a child’s parents or guardians.

As per the data protection Act, some entities can be exempted from obtaining verifiable parental consent and age gating requirements, including healthcare and educational institutions.

The IT Ministry may not prescribe a specific technological measure for tech companies to verifiably gather the consent of a child’s parents and is likely to leave it to the discretion of the companies on how they want to seek such consent under the upcoming data protection rules.

In a meeting with tech companies including Meta and Google, the ministry indicated its preference to avoid prescribing a set technology to prevent potential disruptions in the industry, according to a senior government official who requested anonymity.

Last year, as part of its internal deliberations on the data protection rules, the ministry considered two methods to establish the relationship between children and their parents: using parents’ DigiLocker app or creating an electronic token system authorized by the government. However, the ministry has dropped these ideas as they may not be feasible at scale.

The delay in releasing the data protection rules is primarily due to the lack of a conclusive decision on verifying parental consent. Without these rules, the Digital Personal Data Protection Act 2023 cannot be fully operationalized.

The Act requires tech companies to develop a consent framework to verify a child’s age and gather their parents’ consent before they can use an online service. This has been a significant challenge for the industry since the Act does not provide specific methods for age-gating.

During the meeting, tech companies also requested concessions on provisions that prohibit behavioural tracking of children and showing them targeted advertisements.

Globally, privacy legislations have typically not prescribed specific technologies for gathering verifiable parental consent, instead leaving it up to data collectors. For example, the United States’ Children’s Online Privacy Protection Act (COPPA) and the European Union’s General Data Protection Regulation (GDPR) both focus on ensuring reasonable efforts using available technology without specifying exact methods.

Source: MeitY may not prescribe tech measure for parental consent under data protection rules.

MeitY may not prescribe tech measure for parental consent under data protection rules

Yearly tech checkup: How to review your credit report, medical data and car recalls

Yearly tech checkup: How to review your credit report, medical data and car recalls

NTT DATA teams up with Lynx Tech

Ohio and its cities are throwing hundreds of millions at tech giants and their data centers

The Electronic Data of Nearly Every Russian Has Been Leaked – Moscow’s Tech Watchdog

About Us

Recent Posts

Yearly tech checkup: How to review your credit report, medical data and car recalls

Yearly tech checkup: How to review your credit report, medical data and car recalls

NTT DATA teams up with Lynx Tech

Master Data Management

Reltio Wins 2024 Top Rated TrustRadius Award from Positive Customer Reviews

Reltio Introduces AI-powered Capabilities that Strengthen Data Unification and Simplify the User Experience

Reltio Appoints Industry Veteran Mihir Shah to its Advisory Board

Yearly tech checkup: How to review your credit report, medical data and car recalls

Yearly tech checkup: How to review your credit report, medical data and car recalls

NTT DATA teams up with Lynx Tech

Ohio and its cities are throwing hundreds of millions at tech giants and their data centers