Digital Personal Data Protection Act: The proposal also highlights introducing a two-stage notification measure for tech companies to inform users about data breaches

Government’s New Proposal Under Digital Data Act: Introducing Aadhaar-Based Consent and Parental Verification for Children’s Online Usage

Febin MathewDecember 17, 23 data privacy

The upcoming digital personal data protection law proposes to introduce an Aadhaar-based consent system, in addition to parental supervision, as part of a two-step verification measure for children’s online activities.

According to a report in Indian Express, this key proposal of the much-awaited Privacy and Security Challenge Bill proposes to use an Aadhaar-based system to verify the age of children to access online services and also seek parental consent before use.

The proposal also highlights the introduction of a two-step notification procedure for tech companies to notify users of data breaches.

The law states that companies must obtain “verifiable parental consent” before allowing any minor to use their platform online.

However, the proposal has been deadlocked since the introduction of the Data Act, as the law itself does not propose ways for platforms to verify the age of children.

Two recommendations are likely to be made to address this concern. One is to use the parents’ DigiLocker app based on their Aadhaar data and the other is for the industry to create an electronic ID system that will only be allowed after the Govt. permission, the publication said.

“This would be Aadhaar-based authentication. Internet platforms don’t know users’ Aadhaar details. It’s a simple yes/no answer from the Aadhaar database about the user’s age, as simple as that,” a senior government official told IE.

Aadhaar-based consent is one of the 25 provisions to be framed to implement the Act, and the government is also empowered to make such provisions as it deems fit.

What is the Digital Personal Data Protection Act?

The Digital Personal Data Protection Act (DPDP), approved by Parliament in August, aims to strengthen the user’s rights to use data and determines the obligations of the company or government agency that collects and processes the data.

The government says the goal of this legislature is to make entities like Internet companies, mobile apps, and businesses more accountable and responsible for collecting, storing, and processing citizens’ data as part of the right to privacy.