<p>New Delhi: The Union government has proposed mandatory and verifiable parental consent for children below 18 years to open social media accounts. </p>.<p>The long-awaited draft of Digital Personal Data Protection (DPDP) Rules, which was released by the The Ministry of Electronics and Information Technology on Friday, state that data fiduciaries shall make sure that verifiable consent of the parent is obtained before processing children's personal data. </p>.<p>Further, parents' identity and age will also have to be validated through voluntarily provided identity proof "issued by an entity entrusted by law or the government", as per the draft rules.</p>.How should India tackle social media addiction?.<p>Data fiduciaries are entities responsible for determining the purpose and means of processing personal data. E-commerce, social media and gaming platforms will fall under this category.</p>.<p>"A Data Fiduciary shall adopt appropriate technical and organisational measures to ensure that verifiable consent of the parent is obtained before the processing of any personal data of a child and shall observe due diligence, for checking that the individual identifying herself as the parent is an adult who is identifiable if required in connection with compliance with any law for the time being in force in India," the draft says.</p>.<p>If the draft rules are finalised, social media companies can't allow children to open accounts on their platforms or store children's personal data until they confirm that the parent has given approval.</p>.<p>The draft, which has been published for public consultations by the ministry, will be taken into consideration for making the final rules after February 18. </p>.<p>The feedback can be submitted on mygov.in. </p>.<p>The draft rules have been issued after 14 months of Parliament approving the Digital Data Protection Bill 2023.</p>.<p>Notably, the draft rules do not mention any penalties approved under the DPDP Act, 2023. The Act, which aims to provide safeguards against the processing of personal data, has the provision to impose a penalty of up to Rs 250 crore on data fiduciaries.</p>.<p>As per the draft, the data fiduciary will have to carry out due diligence to check that the individual identifying herself as the parent of a child is an adult and identifiable if required in connection with compliance with any law in force in India.</p>.<p>According to the draft rules, fiduciaries will have to keep the data only for the time being for which consent has been provided and delete it thereafter.</p>.<p>The draft rules have laid out provisions related to the consent processing of individuals and independent entities that will manage consents, data fiduciaries and the functioning of authorities under the Digital Data Protection Act 2023.</p>.<p>Certain data fiduciaries — including healthcare professionals and educational institutions — will be allowed to process the personal data of children with some restrictions. </p>.<p>In certain cases where a user is not using an e-commerce provider, social media platform or online gaming service anymore for an extended period of time, the rules say, their data must be deleted, after providing 48 hours of advance notice and time to stop deletion.</p>
<p>New Delhi: The Union government has proposed mandatory and verifiable parental consent for children below 18 years to open social media accounts. </p>.<p>The long-awaited draft of Digital Personal Data Protection (DPDP) Rules, which was released by the The Ministry of Electronics and Information Technology on Friday, state that data fiduciaries shall make sure that verifiable consent of the parent is obtained before processing children's personal data. </p>.<p>Further, parents' identity and age will also have to be validated through voluntarily provided identity proof "issued by an entity entrusted by law or the government", as per the draft rules.</p>.How should India tackle social media addiction?.<p>Data fiduciaries are entities responsible for determining the purpose and means of processing personal data. E-commerce, social media and gaming platforms will fall under this category.</p>.<p>"A Data Fiduciary shall adopt appropriate technical and organisational measures to ensure that verifiable consent of the parent is obtained before the processing of any personal data of a child and shall observe due diligence, for checking that the individual identifying herself as the parent is an adult who is identifiable if required in connection with compliance with any law for the time being in force in India," the draft says.</p>.<p>If the draft rules are finalised, social media companies can't allow children to open accounts on their platforms or store children's personal data until they confirm that the parent has given approval.</p>.<p>The draft, which has been published for public consultations by the ministry, will be taken into consideration for making the final rules after February 18. </p>.<p>The feedback can be submitted on mygov.in. </p>.<p>The draft rules have been issued after 14 months of Parliament approving the Digital Data Protection Bill 2023.</p>.<p>Notably, the draft rules do not mention any penalties approved under the DPDP Act, 2023. The Act, which aims to provide safeguards against the processing of personal data, has the provision to impose a penalty of up to Rs 250 crore on data fiduciaries.</p>.<p>As per the draft, the data fiduciary will have to carry out due diligence to check that the individual identifying herself as the parent of a child is an adult and identifiable if required in connection with compliance with any law in force in India.</p>.<p>According to the draft rules, fiduciaries will have to keep the data only for the time being for which consent has been provided and delete it thereafter.</p>.<p>The draft rules have laid out provisions related to the consent processing of individuals and independent entities that will manage consents, data fiduciaries and the functioning of authorities under the Digital Data Protection Act 2023.</p>.<p>Certain data fiduciaries — including healthcare professionals and educational institutions — will be allowed to process the personal data of children with some restrictions. </p>.<p>In certain cases where a user is not using an e-commerce provider, social media platform or online gaming service anymore for an extended period of time, the rules say, their data must be deleted, after providing 48 hours of advance notice and time to stop deletion.</p>
