Processing of Personal Data of Child in Data Privacy law in India
Definition of ‘Child’
The Digital Personal Data Protection Act,2023( DPDPA,2023) has brought the responsibility and sensitivity appended to processing of the personal data of children and has accordingly defined a ‘child’ under Section 2(f) of the DPDPA,2023 as under;
(f) “child” means an individual who has not completed the age of eighteen years;
The said definition is in line with the definition of a ‘major’ under the Indian Majority Act, 1875. For further clarification, it is to be noted that as per the Indian Majority Act, 1875, in computing the age of any person, the day on which she was born is to be included as a whole day and she shall be deemed to have attained majority at the beginning of the eighteenth anniversary of that day.
It is equally significant to refer to the definition fo Data Principal for betting understanding the position of the data of a child in terms of Section 2(j) of DPDPA,2023,
(j) “Data Principal” means the individual to whom the personal data relates and where such individual is—
(i) a child, includes the parents or lawful guardian of such a child;
(ii) a person with disability, includes her lawful guardian, acting on her behalf;
Hence, till a child does not completed the age of eighteen years, her parents or lawful guardian shall be consenting for processing of her data.
Processing of Personal Data of Children
The Data Fiduciary needs to necessarily obtain parental consent or lawful guardian, as the case may be, for the processing of personal data, and shall not undertake such processing of personal data that is likely to cause any detrimental effect to the child.
Additionally, the DPDPA,2023 also prohibits behavioural monitoring of children’s data for targeted advertising. Certain exemptions may be prescribed to the Data Fiduciary in terms of Section 9 of the DPDPA,2023.
For better understanding, Section 9 is reproduced herein below;
Section 9. Processing of personal data of Children
(1) The Data Fiduciary shall, before processing any personal data of a child or a person with disability who has a lawful guardian obtain verifiable consent of the parent of such child or the lawful guardian, as the case may be, in such manner as may be prescribed.
Explanation.—For the purpose of this sub-section, the expression “consent of the parent” includes the consent of lawful guardian, wherever applicable.
(2) A Data Fiduciary shall not undertake such processing of personal data that is likely to cause any detrimental effect on the well-being of a child.
(3) A Data Fiduciary shall not undertake tracking or behavioural monitoring of children or targeted advertising directed at children.
(4) The provisions of sub-sections (1) and (3) shall not be applicable to processing of personal data of a child by such classes of Data Fiduciaries or for such purposes, and subject to such conditions, as may be prescribed.
(5) The Central Government may, if satisfied that a Data Fiduciary has ensured that its processing of personal data of children is done in a manner that is verifiably safe, notify for such processing by such Data Fiduciary the age above which that Data Fiduciary shall be exempt from the applicability of all or any of the obligations under sub-sections (1) and (3) in respect of processing by that Data Fiduciary as the notification may specify.
Penalty for Breach
In terms of Sr.no.3 under the Schedule under Section 33(1) , on account of non-compliance with the mandatory requirement, the Data Fiduciary shall be subject to a penalty up to Rs. 200 crores.
Every due care should be taken while dealing with consent and/or processing the data of Child at any given point of time.
To know more about the issues discussed above, You may please connect with dataprivacy@amlegals.com or mridusha.guha@amlegals.com.
Navigation
Practice Areas
© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.
