31.1 C
New Delhi
Monday, October 14, 2024

DPDP May Propose Consent Framework Rather Than Specific Regulations, ET Telecom

More from Author

In Short:

The Digital Personal Data Protection (DPDP) Act will establish broad guidelines for companies on managing consent but won’t provide specific rules. It will require government-issued ID for age and consent verification, allowing firms to create their own systems. The rules are designed to support smaller organizations, like schools, which handle children’s data without needing extensive infrastructure. While schools may have some exemptions for parental consent, ed-tech firms don’t get the same leniency. Users under 18 must obtain verifiable parental consent to access social media and other online services, and targeted advertising toward these users is prohibited.


New Guidelines Under the Digital Personal Data Protection Act

Exciting changes are on the horizon for how companies manage consent under the **Digital Personal Data Protection (DPDP) Act**. According to sources familiar with the developments, the upcoming executive rules are set to offer a broader framework rather than issuing strict, detailed regulations. This means companies will have more flexibility in navigating compliance.

Focus on Age and Consent Verification

In a significant move, the rules will propose the use of government-issued identity cards for age and consent verification. However, companies will still have the opportunity to create their own age-verification systems in-house. One insider, who chose to remain anonymous, commented: “There will be broad prescriptions on the norms that institutions must follow while adhering to parental consent guidelines, including the types of identity cards that are acceptable.”

Supporting Smaller Entities

This approach is vital to ensure that smaller organizations, such as schools and universities, can comply without facing disruption. The insider added, “The rules will need to be followed even by smaller organisations like schools and, in some cases, universities which handle significant amounts of children’s data. These institutions may not always have the resources to invest heavily in complex consent management infrastructures.”

Exemptions for Educational Institutions

While the rules may offer certain leniencies to schools and higher education institutions regarding processing and securing parental consent for children’s data, **ed-tech companies** are unlikely to benefit from these exemptions. Another source shared that the provisions of the DPDP Act, 2023 classify all users under 18 as children, necessitating verifiable parental consent for social media usage and various online services.

Stakeholder Engagement

Back in July, the **Ministry of Electronics and Information Technology** held discussions with stakeholders, including social media platforms and internet companies, on how best to implement verifiable parental consent. During these meetings, many companies expressed uncertainty about tracking children’s activities for advertising purposes. It’s important to note that Section 9 of the DPDP Act prohibits the behavioral tracking of children on digital platforms and explicitly forbids targeted advertising for users under 18.

- Advertisement -spot_img

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

- Advertisement -spot_img

Latest article