New Delhi: The Ministry of Electronics and Information Technology (MeitY) has released the draft rules for the Digital Personal Data Protection (DPDP) Act, 2023, passed by Parliament last year.
These rules, now open for public consultation until February 18, 2025, aim to establish a comprehensive framework for data protection in India’s growing digital ecosystem.
A key focus of these draft rules is to ensure that digital platforms can verify the identification and age details of users, especially when processing the personal data of children. Below are the various scenarios in which data fiduciaries (DF) must verify the identity and age details of parents or guardians before processing a child’s data:
Verification of Parents’ Identity
When a child (C) is using a platform, their parent (P) must authenticate their identity before the child’s personal data can be processed. The platform (DF) will allow P to authenticate through its website, app, or other means. DF will ensure that P is a registered user who has already provided their identity and age details.
Before processing the child’s data, DF will verify that it has reliable identification and age information for P.
Verification by a Trustworthy Authority
In this case, DF will enable P to authenticate their identity through the platform. Before processing C’s personal data, DF must ensure that the parent’s identification and age details are provided by a trustworthy source, such as a legal or government body or a verified digital token. P may voluntarily provide these details using digital locker services.