The upcoming data protection Bill could empower the central government to lower the age of consent from 18, and also exempt certain companies from adhering to additional obligations for protecting kids’ privacy if they can process their data in a “verifiably safe” manner.
The government may get the power to lower the age restriction for users who can give consent under the proposed digital personal data protection law. The change is a major departure from the draft Digital Data Protection Bill, 2022 that was floated last November, under which the age of consent was hardcoded at 18 years – meaning that for processing data of individuals below the age of 18, companies were required to seek their parents’ consent. The upcoming Bill, it is understood, will take a graded approach to defining the age of consent on a case-by-case basis.
The change is a major departure from the draft of the Digital Data Protection Bill, 2022 that was floated last November, under which the age of consent was hardcoded at 18 years – meaning that for processing data of individuals below the age of 18, companies were required to seek their parents’ consent. The upcoming Bill, it is understood, will take a graded approach to defining the age of consent on a case-by-case basis.
This had been a key ask of the industry, especially social media companies, as a hardcoded age of consent would have meant business disruptions for them on account of setting up new systems for obtaining parental consent for users under 18 years of age — a key demographic for such services. However, it is in line with data protection regulations in the Western world, with regions like the European Union and the United States prescribing a lower age of consent.