The impending enactment of the Digital Personal Data Protection (DPDP) Act in India includes a groundbreaking proposal for the integration of an Aadhaar-based consent system, coupled with parental safeguards, as a pivotal component of a two-step verification process for children engaging in online activities.
As per a report by the Indian Express, this significant proposition within the eagerly awaited legislation addressing data privacy and security challenges suggests leveraging an Aadhaar-based mechanism to authenticate the ages of children utilizing online services. Additionally, it recommends obtaining parental consent before allowing minors to engage with these platforms.
The proposed legislation also emphasizes the implementation of a two-tier notification system for technology companies, mandating them to promptly inform users in the event of data breaches.
According to the Act, companies are required to secure “verifiable parental consent” prior to granting access to minors on their online platforms. However, the method of age verification for children has been a contentious issue since the introduction of the data bill, as the Act itself does not specify the procedures platforms should adopt.
In response to this concern, two potential recommendations are being considered. The first involves utilizing parents’ DigiLocker app, which is linked to their Aadhaar details. The second suggestion proposes the creation of an electronic token system by the industry, subject to government authorization. This would involve Aadhaar-based authentication, with internet platforms having no access to the users’ Aadhaar details. Instead, a simple yes/no response from the Aadhaar database regarding a user’s age would be the sole information transmitted, as explained by a senior government official to the Indian Express.
Aadhaar-based consent is just one of the 25 rules that need formulation to operationalize the Act. The government has been granted the authority to enact rules for any provision it deems necessary.
The DPDP Act, passed by the parliament in August, aims to define user rights concerning data use while establishing the obligations of companies and government agencies involved in collecting and processing data. The government asserts that this legislation is geared towards holding entities such as internet companies, mobile apps, and business entities more accountable and transparent in their practices related to the collection, storage, and processing of citizens’ data as part of the Right to Privacy.
In conclusion, the proposed DPDP Act in India presents a groundbreaking shift towards safeguarding the online privacy of children through the introduction of an Aadhaar-based consent system and two-step verification measures. The legislation also underscores the need for increased accountability among technology companies, mobile apps, and other entities involved in data collection and processing, marking a significant step forward in the protection of citizens’ right to privacy. The ongoing discussions and potential recommendations for age verification mechanisms underscore the evolving nature of the legislation as it moves towards operationalization.
