Justice Srikrishna panel suggests need for protection of personal data of children
As per the Justice Srikrishna committee, an individual below the age of eighteen years will be considered a child for the purpose of data protection.
Rooting for stringent safeguards around children's personal data, the Justice Srikrishna panel has suggested that data collectors or users capable of causing "significant harm" to children be identified as 'guardian data fiduciaries' and be barred from any profiling, tracking, targeted advertising or processing of personal information that can be harmful for them.
Together, the recommendations of the committee along with the provisions of the draft personal data protection Bill seek to tackle the data-related issue concerning children, who interestingly account for a third of the total internet users, as per the report.
"Guardian data fiduciaries shall be barred from profiling, tracking, or behavioural monitoring of, or targeted advertising directed at, children and undertaking any other processing of personal data that can cause significant harm to the child," the draft Bill proposes.
The 'harm' may be tangible, that is physical or reputational harm, or intangible, in terms of loss of autonomy, the panel noted.
It said that planned Data Protection Authority of India (DPA) should be armed with powers to notify data fiduciaries who operate commercial websites or online services directed at children, or those who process large chunks of personal data of children as 'guardian data fiduciaries'.
Explaining the realm of data fiduciaries (loosely, data collectors) who have access to children-related information, it said, "At present, the Committee understands that there are two categories of data fiduciaries who may be processing personal data of children: first, services offered primarily to children (eg YouTube Kids app, Hot Wheels, Walt Disney); second, social media services (eg Facebook, Instagram)."
The panel underscored the need for greater protection of personal data of children, saying that the justification for such differential treatment arises from the recognition that children are unable to fully comprehend the consequences of their actions, and that matters are further compounded by complex consent forms and non-transparent data collection practices that occur in the digital world.
"All data fiduciaries (including guardian data fiduciaries) shall adopt appropriate age verification mechanism and obtain parental consent. Furthermore, guardian data fiduciaries, specifically, shall be barred from certain practices. Guardian data fiduciaries exclusively offering counselling services or other similar services will not be required to take parental consent," it said.
(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)