Indian Government Restricts Social Media Account Access for Children Under 15

The Government of India has approved new rules under the Digital Personal Data Protection (DPDP) framework, prohibiting children under the age of 15 from creating or operating personal social media accounts without verified parental consent. The regulation aims to protect minors from online profiling, targeted advertising, and data exploitation.

1. Key Provisions of the DPDP Act, 2023

The Digital Personal Data Protection (DPDP) Act, 2023, regulates the processing of digital personal data in India. Key concepts relevant to child data privacy include:

• Data Principal: The individual to whom the personal data relates. In the case of children, the parent or lawful guardian acts as the Data Principal.
• Data Fiduciary: The entity (such as a social media platform or company) that determines the purpose and means of processing personal data.
• Processing Child Data: The Act mandates that Data Fiduciaries must obtain verifiable parental consent before processing any personal data of a child. It explicitly prohibits processing data that is likely to cause harm to a child or tracking/behaviorally targeting children for commercial purposes.

2. International Digital Age-Gating Regimes

India’s decision aligns with international regulatory standards for children's online privacy:

• COPPA (Children's Online Privacy Protection Act - USA): A federal law that regulates the online collection of personal information from children under 13, requiring verifiable parental consent.
• GDPR Article 8 (General Data Protection Regulation - EU): Sets the age of consent for digital services at 16, though member states can lower it to 13. Processing data of children below this age requires parental authorization.