Source– The post is based on the article “Needed, a new approach to data protection for minors” published in The Hindu on 24th January 2023.
Syllabus: GS3- Awareness in the field of IT. GS2- Vulnerable sections of population
Relevance– Children in the emerging digital ecosystem
News– The article explains the child centric issues with the draft Digital Personal Data Protection Bill, 2022.
The Bill currently provides for mandatory parental consent for all data processing activities by children, aged under 18 years.
What are issues with the draft Bill?
The Bill relies on parents to grant consent on behalf of the child in all cases. It does not incentivise online platforms to proactively build safer and better services for minors.
India has low digital literacy. Parents in fact often rely on their children to use the Internet. This is an ineffective approach to keep children safe online.
It does not take into account the “best interests of the child”. It is a standard that originated in the Convention on the Rights of the Child, 1989, to which India is a signatory.
India has upheld this standard in laws such as the Commissions for Protection of Child Rights Act, 2005, the Right of Children to Free and Compulsory Education Act, 2009, and the POCSO Act, 2012. However, it has not been applied to the issue of data protection.
The Bill does not factor in how teenagers use various Internet platforms for self-expression and personal development. They use it for activities ranging from taking music lessons to preparing for examinations to forming communities with people of similar worldviews.
The Bill does allow the government to provide exemptions in the future from strict parental consent requirements, profiling, tracking prohibitions. This aspect does not acknowledge the blurring lines between what a platform can be used for.
For example, Instagram is called a social media platform. But is regularly used as an educational and professional development tool by millions of artists around the world.
Another issue is that each platform will have to obtain ‘verifiable parental consent’ in the case of minors. This provision can change the nature of the Internet.
It is not possible to tell if the user is a minor without confirming their age. So, the platforms will have to verify the age of every user.
All platforms will now have to manage significantly more personal data than before. Citizens will be at greater risk of harms such as data breaches, identity thefts.
What is the way forward to resolve the concerns related to children in the Bill?
First, we should move from a blanket ban on tracking, monitoring and adopt a risk-based approach to platform obligations. Platforms should be mandated to undertake a risk assessment for minors.
They should not only perform age-verification-related corresponding obligations but also design services with default settings and features that protect children from harm. This approach will bring in an element of co-regulation, by creating incentives for platforms to design better products for children.
There is a need to relax the age of mandatory parental consent for all services to 13 years. This is in line with many other jurisdictions around the world. It will minimize data collection. This relaxation in age of consent in tandem with the risk mitigation approach.
The government should also conduct large-scale surveys of both children and parents to find out more about their online habits, digital literacy, preferences and attitudes.
There is a need to design a policy in India that balances the safety and the agency of children online. The onus of keeping our young safe should not be put only on parents. It should be made a society-wide obligation.