[ad_1]
An upcoming data protection law could enable the central government to lower the age of consent from 18, as well as exempt some companies from taking on additional obligations to protect children’s privacy if they can process their data in a “verifiable and secure” way, The Indian Express has learned.
The change is a significant departure from the Digital Data Protection Bill, 2022 introduced last November, under which the age of consent was coded at 18 — meaning that to process the data of individuals under the age of 18, companies would have had to do so. Ask for their parents’ consent. It is understood that the upcoming bill will take a tiered approach to setting the age of consent on a case-by-case basis.
This was a major request for the industry, especially social media companies, because an encrypted age of consent would have meant business turmoil for them due to the creation of new systems for obtaining parental consent for users under 18 – a key demographic for such services. However, it is in line with data protection regulations in the Western world, where regions such as the European Union and the United States impose a lower age of consent.
A senior government official told The Indian Express that the change was made based on considerations that children can be independent stakeholders on the internet, and may want to access services without always needing their parents’ consent.
Under the data protection law expected to be introduced in the seasonal session of Parliament, it is understood that the definition of a child has been changed to “an individual who has not completed the age of eighteen or such a lower age as may be notified by the central government.” In the 2022 draft, the definition of a child was “an individual who has not completed eighteen years of age.”
Certain entities that deal in the collection and processing of children’s data may also be exempted from requiring parental consent if they can ensure that “the processing of children’s personal data is carried out in a secure and verifiable manner”.
The central government can issue such exemptions to entities through notice, and the Ministry of Women and Child Development, along with the Ministry of Information Technology, is expected to assess the platform’s privacy standards for children to grant them exceptions.
“The changes will allow platforms that develop strong, proven safeguards for children, the option to handle children’s data without parental consent for, for example, services related to online education,” the official said.
Under the European Union’s General Data Protection Regulation (GDPR), the age of consent was kept at 16, but allows member states to lower it to 13. The age of majority is at 13, and verifiable parental consent is only required for those younger.
Other major changes to the upcoming bill include further easing of cross-border data flows into international jurisdictions – by moving away from a whitelist approach, to a blacklisting mechanism, as this paper previously reported.
Contentious provisions of the bill, such as broad exemptions for the central government and its agencies and a watered-down data protection board, were recognized in the final version of the bill approved by the Federal Cabinet on Wednesday (July 5).
[ad_2]
