Data Protection for Minors
#GS-02 Governance, #GS-03 Cyber Security
The need for data protection for minors
- The current draft of Digital Personal Data Protection (DPDP) Bill, 2022 provides for mandatory parental consent for all data processing activities by any person aged under 18 years (children).
- However, this fails to address some concerns.
Low Digital Literacy
- The Bill relies on parents to grant consent on behalf of the child, however, is India a country with low digital literacy.
- This means that parents often rely on their children to help them navigate the Internet, which makes this measure ineffective.
Best Interests of The Child
- Best interests of the child is a standard originating in the Convention on the Rights of the Child, 1989, to which India is a signatory.
- India has enacted laws such as the Commissions for Protection of Child Rights Act, 2005, the Right of Children to Free and Compulsory Education Act, 2009, and the Protection of Children from Sexual Offences Act, 2012 to uphold this standard.
- However, this Bill does not factor in how teenagers use various Internet platforms for self-expression and personal development and its centrality to the experience of adolescents.
- While the Bill allows the government to provide exemptions in the future from strict parental consent requirements, profiling, tracking prohibitions, etc., it fails to acknowledge the multiple uses that a platform can be used for.
- The confirmation on who is a minor and who is not will make it necessary to verify the age of every user.
- This verification may be based on ID-proof, or facial recognition, or reference-based verification, or some other means.
- Regardless of the way verification is conducted, all platforms will have to now manage significantly more personal data than before.
- This will mean that citizens will be at greater risk of harms such as data breaches, identity thefts, etc.
What needs to be done
- We need to shift from a blanket ban on tracking, monitoring, etc. into adopting a risk-based approach to platform obligations.
- There should be a mandatory risk assessment for minors along with age-verification.
- Platforms must be designed with default settings and features that protect children from harm.
- The age of mandatory parental consent for all services should be lowered to 13 years in line with many similar jurisdictions around the world.
- This will help to minimise data collection.
For more updates, click here