News

Nearing Public Consultation, DPDP May Offer Consent Framework For Firms Instead Of Exact Rules

Govt To Meet Industry Stakeholders Over Children Age Verification Under DPDP Act
SUMMARY

As per ET, the rules will likely mandate using a government-issued ID for age and consent verification, while allowing companies to develop their own systems in the future

The rules may exempt schools, colleges, and universities from obtaining parental consent for processing children’s data, but this exemption is unlikely to apply to ed-tech companies, according to a source

The DPDP Act classifies users under 18 as children and mandates social media or internet intermediaries, known as data fiduciaries, to obtain explicit parental consent before processing any data from children

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

With the rules to implement the Digital Personal Data Protection (DPDP) Act set to be released for public consultation by the end of this month, a report suggests that these may prescribe an umbrella framework for companies on consent management instead of issuing exact rules. 

As per ET, the rules will likely mandate using a government-issued ID for age and consent verification, while allowing companies to develop their own systems in the future.

“There will be broad prescriptions on the norms that institutions must follow while following parental consent guidelines, along with the different types of identity cards that can be used,” a source told ET.

This approach aims to prevent business disruptions for smaller entities while ensuring compliance with the Act, according to the source.

“The rules will need to be followed even by smaller organisations like schools and in some cases universities which deal with a lot of children’s data. These organisations may not always be willing to spend a lot to build a large infrastructure for consent management,” the person added.

The rules may exempt schools, colleges, and universities from obtaining parental consent for processing children’s data, but this exemption is unlikely to apply to ed-tech companies, according to a source.

The DPDP Act classifies users under 18 as children and mandates social media or internet intermediaries, known as data fiduciaries, to obtain explicit parental consent before processing any data from children.

In July, it was reported that the central government was looking to finalise the draft rules for the DPDP Act 2023 and planned to release them for public consultation in the second or third week of August.

Earlier, it was reported that social media platforms are exploring methods like QR codes, virtual Aadhaar IDs, or age verification at the app store level to comply with the DPDP Act of 2023. However, this provision encountered pushback from industry executives who were concerned about the privacy implications associated with these tools for establishing children’s ages and verifying parental connections.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Recommended Stories for You