The Ministry of Electronics and Information Technology (MeitY) recently released draft regulations to implement the digital privacy law, bringing about a change in how companies and government agencies handle personal data. Children’s data privacy is a rather important aspect of this, and has been emphasised several times in the Didigtal Personal Protection Data (DPDP) Act .
A report by Moneycontrol quoted a government official saying that among steps to escalate security for the youngsters, emerging digital identity frameworks such as the Apaar ID — a unified national digital ID for students — and state-level family IDs can be used to verify parents or guardians for processing children’s data under the draft Digital Personal Data Protection Rules.
The Automated Permanent Academic Account Registry (APAAR) ID is a student identification system that is part of the “One Nation, One Student ID” programme.
While a centralised family ID system does not yet exist at the national level, several states, including Haryana, Andhra Pradesh, Tamil Nadu and Rajasthan have already implemented state level local identification systems for families. These frameworks can be integrated into the verification process for parental consent under the DPDP Rules.
Adopting verifiable parental consent mechanisms to safeguard children’s personal data is an important aspect of the draft of the DPDP Act. Data fiduciaries store, collect and process personal data, and are now responsible for ensuring its protection under the DPDP Act. The draft says that the data fiduciaries must implement technical and organisational measures to verify the identity of parents or guardians. This also includes checks using government-issued IDs or digital tokens linked to trusted services such as digital locker providers.
There are still questions about how state-level systems will share data and protect privacy. The DPDP Rules aim to tackle these issues by requiring strong security measures and appointing consent managers to oversee data handling and ensure compliance with audit standards.
Union Minister Ashwini Vaishnaw assured on January 7, that privacy will remain central to the rules of the Act. He said that virtual tokens used for verifying children’s data will be temporary and deleted after a single use. The DPDP rules draft was released for consultation on January 3, and is open for people to send their feedback and suggestions till February 18.