Civilsdaily

Right To Privacy

Age of Consent for Data Protection

Bills/Act/Laws | Governance | Mains Paper 2: Governance, Transparency & Accountability, Citizens Charters

data

Central Idea

  • Empowering the Central Government: The upcoming data protection Bill in India could grant the Centre the authority to lower the age of consent from 18 for accessing Internet services without parental oversight.
  • Exemptions for Certain Companies: The Bill may exempt specific companies from additional obligations in protecting children’s privacy if they can process data in a “verifiably safe” manner.

Must read:

Data Protection Bill approved by Cabinet: Content, concerns

Why in news?

  • Departure from Previous Bill: This marks a departure from the previous data protection Bill, where the age threshold was hard-coded at 18 years.
  • Aligning with global laws: The change aligns with data protection regulations in the Western world, such as the EU and US.

Journey of a Clause: Changing Definition of a Child

  • Justice BN Srikrishna Committee Report: The committee’s 2018 report recommended seeking parental consent for individuals under 18 years but suggested that the age of consent could be reduced if amendments were made.
  • Personal Data Protection Bill, 2019: The PDP Bill, 2019 retained the recommendation and defined a child as an individual under the age of 18.
  • Joint Committee of Parliament Recommendations: The Joint Committee proposed reducing the age of consent to 13/14/16 years in its final recommendations in late 2021.
  • Digital Personal Data Protection Bill, 2022: The draft Bill defined children as those under 18 years of age, leading to dissatisfaction among social media companies.
  • Final Change: The data protection Bill headed to Parliament’s Monsoon session reportedly changed the definition of a child to an individual who has not completed the age of eighteen years or a lower age notified by the Central Government.

Global Definitions of Children for Data Regulations

  • EU’s General Data Protection Regulation (GDPR): The age of consent is set at 16 but allows member states to lower it to as low as 13. Specific protections for children’s personal data exist.
  • USA’s Children’s Online Privacy Protection Act (COPPA): Children are defined as under 13 years, and parental consent is required for processing their personal data.
  • Australia’s Privacy Act, 1988: The Act protects personal information regardless of age but requires organizations to assess an individual’s capacity to consent on a case-by-case basis.
  • China’s Personal Information Protection Law (PIPL): Entities handling personal data of individuals under 14 years must obtain parental consent, and children’s data is categorized as sensitive.

Conclusion

  • Lowering the age of consent in India’s data protection Bill reflects global trends seen in data protection regulations.
  • Countries have different age thresholds for defining children and varying requirements for obtaining parental consent.
  • The final change in the Bill represents a series of discussions and deliberations on determining the age of children in India’s data protection law, addressing concerns of industry stakeholders and aligning with international standards.

Get an IAS/IPS ranker as your 1: 1 personal mentor for UPSC 2024

Attend Now

Join the Community

Join us across Social Media platforms.