rewrite this content and keep HTML tags
In a global moral panic keep children safe onlineNations appear to be struggling for solutions, adopting measures that address perceived harms without fully understanding the ongoing complexities.
For example, Australia recently passed legislation in November 2024 that bans social media use for all children under 16, with no exemptions even for children with parental consent. , which is an extreme example.
Meanwhile, India implemented it Digital Personal Data Protection Act2023 (Data Protection Act) in August 2023, but we had to wait for 16 months before we got the Digital Personal Data Protection Rules, 2025 (Draft Data Protection Rules) to operationalize the Act.
The draft data protection rules attempt to offer some solutions, yet raise significant concerns – particularly regarding the need for verifiable parental consent for users under 18.
This reflects a broader trend of one-size-fits-all measures that ignore the complexities of online security rather than encourage more thoughtful discussion of the real issues.
Either/Or Situation: Challenges in Parental Consent and Age Verification
The Data Protection Act states that platforms cannot process the data of individuals under the age of 18, classified as ‘children’ under the Act, without obtaining verifiable consent from a parent or legal guardian.
The draft data protection rules mention that platforms must implement “appropriate technical and organizational measures” to ensure that this consent is obtained before processing a child’s data.
However, they do not provide any clarity on the exact mechanism of identifying and collecting children parental consent Will work.
They rely on self-declaration for consent, but this approach is inherently flawed because it creates an either/or situation. Either individuals circumvent the system by falsifying their age, or there is widespread age restriction on the Internet, where every service provider demands an ID.
This forces people into a situation where they either have to lie or hand over more personal information than necessary, both of which undermine privacy and security.
Children, who are often more tech-savvy, can easily lie about their age or provide false information, bypassing any age verification. Furthermore, when processing a child’s personal data, the Platform has no way to verify the parent or guardian relationship. Consent can be easily given by an elder sibling or friend.
The confusion has been further increased by the statements made by Electronics and Information Technology Minister Ashwini Vaishnav and senior officials of the ministry.
Vaishnav, in an interview with ndtvSaid that platforms would be required to obtain parental consent before processing the data of minors.
To do this, they must also verify the parent’s credentials, which can be accomplished using verified data points or virtual tokens from existing platforms like banks and schools.
Additionally, Information Technology (IT) Secretary S Krishnan said in an interview Hindustan TimesAcknowledged the fundamental challenges in enforcing parental consent requirements and recognized that relying on self-declarations by children could put them at risk of abuse.
“The problem is really that by wanting security, you’re actually being forced to share more data. So, you have to be very careful,” he said.
These statements reflect a broader trend of the government still attempting to resolve implementation issues, despite having approximately 16 months to resolve them.
Now, if we zoom out a bit, apart from the enforceability concerns, the rule related to parental consent has broader implications.
Apparently, in a panic bid to offer some solutions to protect minors on the interwebs, unintended consequences were overlooked.
First, according to Oxfam’s India Inequality Report 2022, only 38 percent of Indian households are digitally literate. Asking parents/guardians to provide “free” and “informed” consent, who may not understand the seriousness of the consequences, defeats the intended purpose of parental consent.
Either minors, who are more digitally savvy, will fake consent, find workarounds, or provide false information, not to forget the high instances of device sharing in Indian households.
Option? Children may be denied entry digital devices Which are necessary in today’s world.
Requiring parental consent hinders children’s opportunities and the flow of information. This is true, especially in a country like India, where the country’s social conditions are more layered and complex than its Western counterparts.
Trading parental privacy for children’s safety?
Ultimately, the catch-22 remains for all parents and guardians, who must provide their own identifiable sensitive data to provide consent for the processing of their children’s data.
This is a huge compromise, not backed by any additional security.
government pressure for digital identification system Such as Aadhaar ID, APAR ID, and state-specific IDs such as Haryana’s Parivar Pehchan Patra only encourage data collection by both internet intermediaries and the state, raising serious concerns over data security and surveillance.
Not only will Internet intermediaries have access to your sensitive identifiable information, but the government will also have data on your Internet activity.
This raises serious privacy concerns Promotes surveillanceUndermines data minimization, and increases the risk of data breaches. Excessive collection of personal information increases the potential for misuse, and strips individuals of control over their data.
The Data Protection Act as well as the draft data protection rules fail to address one of the key issues: how does parental consent guarantee protection from harmful content?
For example, while parents can consent to their child using Facebook to still easily access harmful content, the law focuses only on data processing.
This one-dimensional approach ignores the broader issue of online content moderation.
Security requires a collaborative approach
The government appears to be dealing with the issue at hand rather than the broader issue of privacy.
This either/or approach – requiring parental consent while limiting children’s digital opportunities – is counter-intuitive because it undermines both privacy and children’s autonomy.
Instead of adopting a nuanced strategy to deal with the multifaceted challenge of online safety, the government has opted for a more expedient solution – placing the entire onus of protecting children on parents by mandating their consent for minors’ access to the Internet. Is.
The challenge of ensuring online safety for children cannot be solved with a single solution, and any solution will only provide one layer of protection.
Relying only on tech companies or the government is insufficient. It is essential to promote broader awareness, engage civil society and empower parents to play an active role in their children’s digital lives.
Although it’s not flawless, platforms like Instagram already offer valuable tools – including parental controls on Instagram – that give parents the ability to guide their children’s online experiences without imposing blanket restrictions.
These efforts can be expanded, not replaced by blanket, shoddy laws.
We must focus on a collaborative approach that balances safety with children’s autonomy and access to valuable digital opportunities.
By focusing on the removal of technology, the main issue is ignored: the need to hold tech companies accountable and redesign platforms to prioritize children’s development and safety. Have we, most importantly, asked children for their input?
(Medha Garg and Shravani Nag are lawyers and Freedom Innovation Fellows at the Lanka Internet Freedom Foundation. This is an opinion. The views expressed above are those of the author. The Quint Neither endorses nor is responsible for it.)
