Children under 18 will now need permission from their parents to create social media accounts, as per the draft rules of the Digital Personal Data Protection Act, 2023, released by the government on Friday.

The Ministry of Electronics and Information Technology (MeitY) has issued a notification inviting the public to share their objections and suggestions on the draft rules via the government’s citizen engagement platform, MyGov.in. Feedback will be reviewed after February 18, 2025. Stricter measures are emphasised in the draft regulations to safeguard the personal information of minors and people with disabilities who are legally guarded. Entities tasked with managing personal data, known as data fiduciaries, are required to get parental or guardian approval before processing any personal information belonging to children. To verify consent, fiduciaries must use government-issued IDs or digital identity tokens, like those linked to Digital Lockers. However, educational institutions and child welfare organisations may not have to follow some of these rules.

The draft rules also emphasise protecting children’s data and introduce stronger consumer rights. Users will be able to request the deletion of their data and ask companies to explain why their data is being collected. To ensure greater accountability for data custodians, a fine of up to Rs 250 crore is suggested for violations. Additionally, consumers will be able to contest data-collecting procedures and request transparent justifications for data use. Social media platforms, as described in the draft, are online services that allow users to interact, share, spread, and change information. To ensure these platforms follow the rules, the government plans to set up a Data Protection Board. This Board will work entirely online and will be responsible for overseeing compliance.

The Board will hold virtual hearings, look into any violations, impose fines and register consent managers. Consent managers are responsible for handling data permissions. They must register with the Board and have a minimum net worth of Rs 12 crore. These extensive steps are intended to guarantee that data custodians implement strong organisational and technical safeguards, especially with regard to vulnerable populations like children. The draft rules also include exceptions for certain situations, like educational purposes, to prevent placing unnecessary burdens on institutions that cater to children’s needs.