The new draft Digital Personal Data Protection Bill recognizes individuals as data principals and empowers them to make decisions with respect to their personal data. However, in the case of persons under 18 years of age, “data principal” is defined to include parents or legal guardians. Through section 10(1), parental consent becomes a key factor in the sharing of one’s data, its ownership, use and processing.
Age-fixing, or age-based restrictions, exist across all digital platforms and services to protect minors from inappropriate content, such as pornography or tobacco promotion, and the misuse of their personal data. An age gate of only 18, however, unreasonably treats all ages of adolescence alike, although each growing age may be unique in terms of age-appropriateness compared to different forms of content. Because immediate parental approval is rarely available, a one-get-for-all-kids approach may limit adolescents’ access to a broader digital community of peers that may be of educational value.
Seeking parental consent on personal data-processing is tedious as well as may not reflect the general difference observed in digital knowledge between children and their parents, as younger generations are often much more inclined to use technology. Is efficient A strict age-gate also ignores the special need for privacy in abusive family settings, where the child’s safety may depend on the child’s data being protected from the abuser.
Age-gating is conceptually present in all legislation to account for differences in the maturity of children and adults that impact on children’s ability to make certain decisions and understand the consequences of their actions. For example, child labor laws differentiate between children (under 14) and adolescents (14–18 years of age) and accordingly allow employment of adolescents under certain circumstances. The Juvenile Justice Act of 2015 also allows persons between 16 and 18 to be tried as adults in certain cases, depending on the circumstances.
Judicial precedent indicates a tendency of Indian courts to interpret the law liberally when it comes to determining whether a person is a minor. For example, in the Supreme Court case S. Varadarajan Vs. State of MadrasThe court noted that the girl, though not below 18 years of age, was not a child of “tender years” and had full capacity to act in her best interests. Legislative and judicial precedents thus advocate an assessment of mental capacity. Case.
Globally, many jurisdictions have flexible determinations of the age of digital consent. Under the EU’s General Data Protection Regulation, nine countries put the age of digital consent at 13, six countries at 14, three at 15 and 10 at 16. UK and US keep it at 13.
Thus, local and global jurisdictions set legal precedents that: a) recognize the differentiable capacities of those under the age of 18; and b) establish the merit of tiered edge-gating as an accepted standard for agreed data processing. The emphasis on informed consent in India’s bill can and should be translated into a nuanced system of gating according to well-defined age levels.
To this end, age-gating should resonate with the natural transition of responsibility over personal data to those under 18. For example, a teen aged 17 may be allowed to freely give an app consent for the uninterruptible processing of personal location data to be used. Taxi services like Uber or Ola, however, are less likely to get family approval for a 13- or 14-year-old child’s independence in urban mobility. By ignoring this distinction, the bill’s current age-gating proposal misses the nuances in the specific disadvantages that pre-adults are exposed to when they reach adulthood at different ages.
Some platforms already have policies that attempt to find a compromise between adequate restrictions and the protection of children’s online autonomy. For example, through its ‘Family Link’ settings, Google divides minors into 6-8, 9-12 and 13-17 age groups, giving parents different controls over their child’s online activity. Are being given. Similarly, Meta’s Messenger Kids application operates on the principle that children under 13 may have different personal data concerns than 13-18 year olds. It also allows parents to configure individual settings for those under 13.
These practices show how age gates can be set based on concerns or risks surrounding personal data. In order to preserve freedoms and balance them well with security, the Bill may require trustees to understand various personal data-related risks that different age groups of users are exposed to. In this way, the legal obligations imposed on the fiduciary can take flexible forms on all platforms that: a) react proportionately to different risks; and b) favorably align with the purpose of the data processing. Finally, the Bill may direct data fiduciaries to conduct independent risk assessments that may guide appropriate action on age-appropriate design, default settings, data collection, etc., to ensure the best possible outcome.
In the context of people under the age of 18 spending the majority of their time online, we need to create special protections for their personal data that respect their different and rapidly changing abilities. Thus, a risk-based framework for the processing of personal data that takes into account age differences will maximize the protection of trusted children while minimizing barriers to their educational and empowerment opportunities online.
Saryu Natarajan contributed to this article
Ava Haider and Aishani Rai are researchers at the Aapti Institute
catch all business News, market news, today’s fresh news events and Breaking News Update on Live Mint. download mint news app To get daily market updates.