Live
- Udupi Gears Up for Grand Annual Saptotsava; Australian MP to Attend
- Minister M B Patil launches MSIL tour package
- Adani Electricity, Adani Foundation provide 74 BMC schools with 12,000 books
- Told Kohli, 'I idolise him': Konstas reveals chat with India star after shoulder-bump incident
- Apple iPhone SE 4 May Launch in April 2025 with Major Upgrades
- Mahindra unveils new manufacturing, battery assembly facility
- PM Modi moved nation from ‘chalta hai’ to ‘hoga kaise nahin' attitude: EAM Jaishankar at 18th PBD meet
- AIADMK expels party leader arrested in POCSO case
- Clarke hails Bumrah as 'best fast bowler ever' across all three formats
- Marcus Rashford’s camp opens talk with AC Milan for loan move: Report
Draft DPDP rules focus on children’s data in digital space
Hyderabad: The draft Digital Personal Data Protection Rules-2025 (DPDPR-2025) provides for the ‘Verifiable Consent for Processing Personal Data of...
Hyderabad: The draft Digital Personal Data Protection Rules-2025 (DPDPR-2025) provides for the ‘Verifiable Consent for Processing Personal Data of Children and Persons with Disabilities’ spelling out the requirements for obtaining verifiable consent from parents or legal guardians before processing the personal data of children or persons with disabilities.
Accordingly, a ‘Data Fiduciary’ must implement measures to ensure that the person providing consent for a child’s data processing is really the child's parent or legal guardian and that they can be properly identified.
“To verify that the parent is an adult, the Data Fiduciary must use reliable identity details or a virtual token linked to such details. This verification is essential to ensure that consent is granted by a responsible adult, by relevant laws”, it says.
However, the draft rules provide exemptions from the obligations in processing the personal data of children. Section 9 of the Act outlines the standards required for processing the personal data of the children. It also laid down specific purposes and conditions for which the data has to be processed. They include, “specific classes of Data Fiduciaries, such as healthcare professionals, educational institutions, and childcare providers, are exempt from certain provisions related to children's data”. These entities are permitted to process children's personal data, but this is limited to specific activities such as health services, educational activities, safety monitoring, and transportation tracking.
These activities must be necessary for the well-being and safety of the child, ensuring that data processing is conducted within a defined and limited scope. The Act provides for Part A and Part B, and Part B of the schedule says what are the particular purposes for which the exemptions apply, including processing for legal duties, issuing subsidies or benefits to children, “creating user accounts for communication, or ensuring that a child does not access harmful information. In these cases, processing is restricted to what is necessary to perform the function, service, or duty, with a strong emphasis on protecting the child’s best interests”.
The provision also recognises that certain activities, such as verifying the age of a data subject to confirm they are not a child, fall under this exemption, as long as the processing remains limited to what is necessary. These exemptions aim to strike a balance between safeguarding children's personal data and allowing essential activities for their health, education, and safety.
