New Data Protection Rules: Focus on Children’s Privacy and Cross-Border Data Transfers

The Draft Digital Personal Data Protection Rules, 2023, propose mandatory parental consent for processing children’s data by platforms like social media, gaming, and e-commerce. Public feedback is invited by February 18, 2025.

New Data Protection Rules: Focus on Children’s Privacy and Cross-Border Data Transfers

The Ministry of Electronics and Information Technology (MeitY) released the Draft Digital Personal Data Protection Rules, 2023, on January 3, 2025, for public consultation. These rules, issued under the Digital Personal Data Protection Act, 2023, propose significant measures to safeguard the personal data of children. Among other provisions, the rules mandate parental consent for data fiduciaries processing children’s personal data. The draft is open for objections and suggestions until February 18, 2025, on the MyGov website.


Key Provisions in the Draft Rules

  • Data fiduciaries, including social media platforms, gaming sites, and e-commerce companies, must secure verifiable parental consent before processing a child’s data.
  • Data fiduciaries are required to adopt technical and organizational measures to verify the identity and age of parents or guardians.
Illustrations Provided in the Rules

The draft rules offer practical scenarios to explain how data fiduciaries should ensure compliance:

  1. Scenario 1:
    • The child informs the platform of their status as a minor.
    • The parent identifies themselves as a registered user of the platform.
    • The platform must verify the parent’s identity and age before creating the child’s account.
  2. Scenario 2:
    • The parent is not a registered user.
    • The platform must verify the parent’s identity through Digital Locker services or details issued by an authorized entity.
  3. Scenario 3:
    • The parent is a registered user and has already provided age and identity details.
    • The platform confirms these details before processing the child’s data.
  4. Scenario 4:
    • The parent is not registered.
    • The platform uses authorized identity verification mechanisms to confirm the parent’s status.

Special Considerations for Guardians of Disabled Individuals

  • Guardians must provide proof of legal appointment by a court, designated authority, or local-level committee to process the data of disabled individuals.

Exemptions

  • Parental consent mandates do not apply to data fiduciaries who are:
    • Health professionals
    • Mental health professionals
    • Engaged by educational institutions.

  • Data fiduciaries must provide a clear and detailed notice to users, including:
    • An itemized description of the personal data being processed.
    • The purpose of processing.
    • communication link to withdraw consent.

Transparency Obligations

  • Data fiduciaries must prominently display contact details of their Data Protection Officer or other designated representatives for grievance redressal.
  • Platforms must publish timelines for addressing user grievances on their website or app.

Cross-Border Data Transfer

Regulations on Processing Personal Data Outside India

  • The transfer of personal data outside India is subject to restrictions imposed by the Central Government.
  • Data fiduciaries must comply with additional requirements for providing personal data to any foreign state or agency.

Submission of Feedback

Public objections and suggestions to the draft rules can be submitted until February 18, 2025, on the MyGov website.

Supreme Court Slams Centre, ED for Misusing PMLA in Bail Cases, Grants Relief to Accused Woman
Legal Wires
Supreme Court Slams Centre, ED for Misusing PMLA in Bail Cases, Grants Relief to Accused Woman
The Supreme Court rebuked the Centre and ED for arguing contrary to PMLA provisions in opposing bail pleas. The Court criticized the government’s intent to deny bail under all circumstances and granted bail to a woman accused, highlighting statutory exceptions under Section 45 of the PMLA.
Taxi Drivers Can’t Be Expected to Know Passenger Details: Supreme Court Acquits Driver in NDPS Case
Legal Wires
Taxi Drivers Can’t Be Expected to Know Passenger Details: Supreme Court Acquits Driver in NDPS Case
The Supreme Court acquitted a taxi driver accused under the NDPS Act, ruling that mere inability to provide passenger details is insufficient for conviction without clear evidence linking him to the contraband.
Rajasthan High Court Grants Interim Bail to Asaram Till March 31, Citing Medical Grounds in 2013 Rape Case
Legal Wires
Rajasthan High Court Grants Interim Bail to Asaram Till March 31, Citing Medical Grounds in 2013 Rape Case
The Rajasthan High Court has granted interim bail to Asaram Bapu, convicted in a 2013 rape case, till March 31, 2025. This follows a similar plea granted by the Supreme Court citing medical grounds.
Or
Powered by Lit Law
New Chat
Sources
No Sources Available
Ask AI