New Delhi: Policy advocacy groups and marketing professionals have expressed worry over Clause 10 of the latest draft Personal Data Protection Bill, which states that “data fiduciaries” will need to “obtain verifiable parental consent” to process the personal data of a child. Concerns have been raised about the definition of a child — anyone below the age of 18.
According to the draft bill, a “data fiduciary” is “any person who alone or in conjunction with other persons determines the purpose and means of processing personal data”. This would include most organisations that require a user to sign up for services or on which transactions take place, including social media platforms.
The draft doesn’t specify what steps will be taken to obtain “verifiable parental consent”.
The clause makes it so that marketing professionals and digital firms will be unable to display targeted ads for “children” below the age of 18, and will also be barred from undertaking “tracking or behavioural monitoring of children”.
Rohit Keshri, the founder of Digital Shinobiz, a Mumbai-based marketing agency, says ed-tech, fashion and educational institutions are the key sectors that will be affected by this policy. He foresees brand visibility to be the first problem.
Policy analysts opposed to the clause have also raised concerns about excessive parental control, while those in favour of it argue that it will keep children safe online.
Also Read: Activists raise concerns over ‘procedure of inviting feedback’ of new data protection bill
Financial autonomy
Let’s compare the clause in the draft bill to the situation in the US, where 13 is the legally specified “age gate”. According to Richa Singh, CEO and co-founder of Blogchatter, a micro-blogging platform, this is too low, and 16 is the healthier alternative.
“16-year-olds display decision-making abilities that are validated by their parents. Even from the perspective of financial autonomy, parents are handing them debit or credit cards. There are also companies like Fampay that are offering bank-like services for teens,” she says.
Keshri says ads that targeted teenagers travel within their own circles faster than those targeting other age groups.
“Word of mouth is faster in this age group and this policy will now make the mobility of messages difficult. We will now have to target their parents or people who are of 40-45 years of age instead,” he says.
Some in the industry believe that there is a need for this reevaluation. Jaideep Kewalramani, head of employability business and chief operating officer of Teamlease Edtech, a learning solutions company, is one of them. He argues that companies catering to children need to carve out a clear distinction between who the client — the one paying the money — is, and who the consumer of the service is.
“The person who is paying for the service should be well aware of what the product has to offer, what the intended outcomes are and what consumer protection they have. A child below 18 need not be liable for having this awareness,” he says.
Also Read: New data protection bill will improve ease of doing business, secure India’s tech leadership
Necessary or excessive?
The Advertising Standards Council of India (ASCI), a self-regulatory body for the sector, has said that data protection for children needs to be stringent since the internet has “explicit” content that is detrimental to those under 18.
“Age gating is crucial on digital platforms. With immense content available at the click of a button, there is a danger of children being exposed to content or advertising that is not suited to them,” says Manisha Kapoor, CEO and secretary general of ASCI.
She adds that while ASCI defines children as those individuals under the age of 12 in the context of ad consumption, other content online may be “disturbing, violent or explicit” and unsuitable for individuals under the age of 18.
“Kids may also not fully comprehend the consequences of sharing personal data. Hence, parental guidance and control, as well as age gating, are crucial components of keeping children safe online,” she says.
Defending the draft bill’s definition, policy experts have referenced India’s contract law, under which individuals under the age of 18 cannot enter into any formal contracts including opening a bank account or owning a debit or credit card.
Anushka Jain, policy counsel at the Internet Freedom Foundation, says, “The parental supervision clause is in a way practical, since the legal age at which a person can enter into contracts is 18 as per the Indian Contracts Act.”
However, she adds that it is necessary to steer the conversation towards the operations and nuances of how companies will ensure that targeted ads won’t be directed towards that age group. “How will they be operationalising the requirements under Clause 10 is the question we must ask.”
Critics have also referenced other laws that contradict the draft bill’s definition of a child.
According to Aparajita Bharti, co-founder of the Young Leaders for Active Citizenship, a public policy youth collective, “In the Indian child labour law, an individual beyond 14 years of age can participate in employment activities in non-hazardous situations. In family courts, the court allows a child above the age of 14 can give their view on matters of custody during divorce proceedings. You already have that kind of relaxation and recognition of different levels of maturity in other laws.”
She adds that the stakes here are much higher as teenagers are at a stage of life where they are exploring their identities, and much of this happens online. “Sometimes they are looking up sensitive issues like sexuality that they may not be comfortable sharing with their parents. Excessive parental control will curb this identity formation.”
(Edited by Theres Sudeep)
Also Read: Can telcos team up to offer Truecaller-like service? TRAI’s idea has takers, but concerns remain