As part of the two-step verification method for children’s online activities, the future Digital Personal Data Protection Act recommends an Aadhaar-based consent system in addition to parental guardianship.
According to reports, this crucial provision in the much-anticipated law on data privacy and security problems proposes utilizing an Aadhaar-based system to check children’s ages before accessing internet services and also to obtain their parents’ agreement before usage.
The plan also calls for the implementation of a two-stage notification system for IT businesses to notify users of data breaches. According to the Act, corporations must get “verifiable parental consent” before allowing minors to access their internet platform.
However, the plan has been stuck since the passage of the data bill since the Act itself does not specify how platforms might do age verification for youngsters. To solve this problem, two proposals are expected to be made: the first is to utilize parents’ DigiLocker app, which is based on their Aadhaar credentials, and the second is for the sector to develop an electronic token system that will only be authorized after government approval, according to the journal.
“Aadhaar-based authentication would be used.” The online platforms will not have access to the users’ Aadhaar data. “It’s as simple as a yes/no response from the Aadhaar database on a user’s age,” a senior government official said.
The Aadhaar-based consent is one of the 25 rules that must be developed for the Act to be operationalized, and the government has also been given the authority to enact regulations for any provision that it thinks appropriate.
What is the Digital Personal Data Protection Act?
The Digital Personal Data Protection (DPDP) Act, enacted by the parliament in August, intends to define a user’s rights surrounding data usage and lays out the responsibility of the corporation or government agency collecting and processing the data.
According to the government, the purpose of this legislation is to make businesses such as internet corporations, mobile applications, and business houses more accountable and answerable for the acquisition, storage, and processing of people’s data as part of the Right to Privacy.