India’s data privacy bill to protect minors under 18 years old, the highest age coverage of all data protection regulations so far

Hot on the heels of China’s data privacy law, India has introduced its own data protection bill in parliament. Following last year’s Supreme Court landmark decision to uphold privacy as a fundamental right in India’s Constitution, the bill seeks  comprehensive data protection for the world’s second most populous country.

It is notable that it has a section covering minors under the age of 18, the highest age of children in all data protection laws thus far. COPPA in the United States protects children under 13 years of age, China’s Standard covers children under 14 years old while in Europe, GDPR-K covers those under 16 years old.

According to the bill, any company that uses information from minors would need to do so in “a manner that protects and advances the rights and best interests of the child”. That includes robust mechanisms for age verification and parental consent. In the accompanying white paper to the bill, it says “the processing of personal data of children ought to be subject to greater protection than regular processing of data”.

Companies that operate websites or other online services directed at children, or process large volumes of personal data relating to children, will be unable to profile, track, monitor behaviors of, or run targeted advertising on, children, nor will they be permitted to  extract personal data that could cause significant harm to the child.

The bill further proposes to:

  • Give data owners greater control over how their information is used, including the right to access, to be “forgotten”, and the transference of their dossier to other companies processing data;
  • Require companies that process sensitive and large amounts of personal data to submit under a Data Protection Officer who may ensure their compliance with data protection laws and liaise with the Data Protection Authority;
  • Create a “Data Protection Authority” able to issue penalties of up to 4% of the global turnover, should there be a data breach.

The Ministry of Electronics and Information Technology is currently reviewing the proposal and will submit the bill to parliament at its discretion.

It seems likely that countries in our region will move faster and be more protective of this very important demographic. We have already seen countries choose much higher ages and setting a high standard for privacy for child and teen audiences in Asia.