News Brief
Parental Consent Mandatory For Social Media Access By Minors: Centre In Draft Data Protection Rules
Logos of social media platforms. (Representative image).
The Centre on Friday (3 January) released draft rules under the Digital Personal Data Protection Act, 2023, mandating parental consent for children below 18 years to open social media accounts.
In its notification, the Ministry of Electronics and Information Technology (MeitY) has invited the public to submit objections and suggestions on the draft rules via MyGov.in, the government’s citizen engagement platform.
Feedback will be reviewed after 18 February 2025.
The draft rules emphasise stricter measures to protect the personal data of children and individuals with disabilities under lawful guardianship.
Data fiduciaries - entities entrusted with handling personal data - must ensure the consent of a parent or guardian before processing any personal data belonging to minors, India Today reported.
To verify consent, fiduciaries must use government-issued IDs or digital identity tokens, such as those linked to Digital Lockers.
Educational institutions and child welfare organisations, however, may be exempt from some provisions of the rules.
Beyond safeguarding children's data, the draft rules advocate enhanced consumer rights, empowering users to request data deletion and demand transparency regarding data collection purposes.
The draft proposes penalties of up to Rs 250 crore for breaches, ensuring stronger accountability for data fiduciaries.
Key digital intermediaries such as “e-commerce entities,” “online gaming intermediaries,” and “social media intermediaries” are distinctly outlined in the draft, each with tailored guidelines.
The draft identifies social media platforms as intermediaries facilitating online user interactions, encompassing information sharing, dissemination, and modification.
To oversee compliance with these rules, the government plans to establish a Data Protection Board, which will function as a fully digital regulatory body.
The Board will conduct remote hearings, investigate breaches, enforce penalties, and register consent managers - entities tasked with managing data permissions.
Consent managers will be required to register with the Board and maintain a minimum net worth of Rs 12 crore.
These comprehensive measures aim to ensure that data fiduciaries adopt robust technical and organisational safeguards, particularly concerning vulnerable groups like children.
Exemptions for scenarios like educational applications are included in the draft to mitigate excessive regulatory burdens on institutions catering to children.
