In late 2024, the niece of a colleague, a 13-year-old girl, received threats of rape and torture on WhatsApp from an anonymous sender. Her photos were lifted off Instagram and used to harass her. She confided in her parents, who approached the police. But the officers simply told the child to block the number. This was not just a violation of her privacy — it was trauma inflicted through inaction. When the police eventually investigated, they discovered that a classmate had hacked a phone number to send the threats. While the boy was reprimanded, her teachers continued to blame the girl for “provoking” him.

This is how the system fails a child.

Five years ago, the 13-year-old daughter of daily wage labourers in Kerala was sexually abused by a neighbour who filmed the act and used it to blackmail her into repeated abuse by dozens of others. The case came to light only recently, when the girl confided in a college counsellor. A total of 58 men and boys have been arrested, while two others have fled the country.

Online platforms designed for networking are increasingly being used for exploitation. Crime has become impersonal — one no longer needs physical proximity to inflict physical, mental or psychological harm. The virtual world enables anonymity, often bringing out violent behaviour. With digital spaces being more accessible than ever, the right to privacy cannot override a child’s right to protection — especially when the aggressor is anonymous and the victim is a child. 

A recent petition before the Supreme Court called for a statutory ban on social media for children under 13. The Court refused to entertain the plea, stating that such policy decisions fall within the legislature’s domain.

Children’s digital experiences today demand more than band-aid fixes or vague guidelines. We need safeguards rooted in the rule of law, with clear lines of accountability. The next era of global influence will not be shaped by conventional warfare, but by connectivity — by who leads in digital infrastructure, technology regulation and responsible governance.

Justice for children today must include justice online.

What are the threats?

Particularly since the Covid-19 pandemic, children’s lives have become deeply entangled with technology, exposing them to a broad range of digital harms. These include grooming on messaging apps, cyberbullying, impersonation, blackmail, exposure to child sexual exploitation and abuse material (CSEAM), and increasingly, AI-generated abuse content.

In addition, unsupervised access — particularly through shared or family devices — opens the door to pornography, violent content, gambling advertisements, and manipulation by algorithms. Social media use is also linked to anxiety, depression and body image issues. Harmful content often spreads through peer networks, influencing behaviour and normalising misogyny, especially among boys exposed to online subcultures.

In the law

There is currently no specific Indian law that prohibits children under a certain age from using social media. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the proposed Digital India Bill point to greater platform responsibility, but they stop short of enforcing hard age limits.

The Digital Personal Data Protection Act (DPDPA), 2023, made some progress by defining a child as anyone under 18. Yet, it simultaneously lowered the digital age of consent to 13 — a move aligned with international standards, but inconsistent with the Juvenile Justice (Care and Protection of Children) Act, 2015, and the POCSO Act, both of which also define a child as under 18.

While the DPDPA limits profiling, tracking and behavioural targeting of children, enforcement depends on digital platforms — which are poorly regulated. Age verification is weak; most platforms rely on self-declaration. Systems for biometric or verifiable parental consent are not in place.

Section 79 of the IT Act shields platforms from liability for third-party content, including CSEAM and cyberbullying. Section 21 of the POCSO Act makes platforms responsible for reporting abuse, but compliance is low. Many crimes go unreported. Digital forensics remains inadequate. Most parents and children are unaware of privacy settings or how to use reporting tools.

Platforms like Facebook and Instagram, which host millions of underage Indian users, are largely self-regulated, with minimal government oversight. This hands-off approach is grossly inadequate given the scale of harm.

Laws must fix accountability. If a platform hosts harmful content — or fails to implement age restrictions — it should not be protected by safe harbour provisions. Verification must go beyond a checkbox. Platforms should be required to use biometric ID or government-issued ID verification. Failure to comply with these standards should result in penalties, including fines or bans. Profit cannot come at the cost of protection.

Companies that monetise engagement and use AI to push content must also be held liable for the harm they enable. As with the Supreme Court’s doctrine of absolute liability in hazardous industries, tech companies must be held responsible for enabling child abuse — regardless of intent.

What needs to be done?

To safeguard children online, we need laws that cannot be diluted by hypertechnical interpretations. Laws must act preemptively, not just reactively. Children deserve digital spaces governed by law, not by algorithms.

The government must urgently strengthen the enforcement of laws related to online abuse, especially CSEAM. This includes expanding digital forensics capacity and establishing a dedicated task force to tackle online child exploitation.

However, legislation alone is not enough. Parents and schools must be equipped to recognise signs of abuse, grooming and other early indicators of harm. Schools should implement codes of conduct that govern social media use, while children must be taught digital responsibility, the concept of consent and the principles of positive masculinity. The shame must also switch sides — from the victim to the violator, and from the survivor to the system that failed to act.

An effective institutional response can be built around the ‘PICKET’ framework — prevention, identification, complaint, knowledge, enforcement, and tracking. Every case must trigger both a protective response for the child and a legal trial for the abuser, regardless of their age.

On September 23, 2024, the Supreme Court issued a landmark judgment on the handling of CSEAM in response to a petition by Just Rights for Children, a civil society network. The court clarified that the circulation of such material is a criminal offence and also ruled that social media platforms must monitor and report it. Platforms that fail to comply lose their "safe harbour" immunity and face stricter penalties.

But this must extend beyond CSEAM to all digital abuse — AI-generated images and content, which can now be used to create abuse material, require urgent regulation under the same legal lens as other forms of CSEAM.

India’s child labour laws distinguish between children below 14 and adolescents aged 14 –18. That same logic of graduated protection must be applied for digital safety. Children under 14 should be barred from social media. For those between 14 and 18, access must be tightly regulated.

Children are no longer safe even within their own homes. The time to act is now. Not when the next crisis goes viral, not when the next child becomes a headline. The role of the state is not just to respond after harm occurs, but to prevent it in the first place. That is the essence of justice.

(Bhuwan Ribhu is a child rights activist, advocate and author.)