The Joint Parliamentary Committee is currently examining the Personal Data Protection Bill, 2019 likely to be tabled during next budget session. It specifies the age of consent in order to protect children’s personal data. In spite ensuring safety for kids, there might be challenges in implementation, given the dynamic nature of the digital world.
"The PDP bill is the most significant policy decision regarding the Internet in India, though we have not been able to fully participate in its formation as citizens. I hope there will be some extensive discussions on it prior to its passing. As it will determine the future of the Internet in India." Amitabh Kumar founder Social Media Matters.
The PDP Bill classifies any person below 18 as a child. His/her data cannot be processed without parental consent and the verification of the child's age. The Srikrishna Committee, which conceptualized the Bill, explained that the age of 18 was chosen in order to ensure consistency with other domestic laws. It agreed that the cut-off age may be too high and may need to be revised, keeping in mind a child’s development. In contrast to India’s approach, the United State’s Children’s Online Privacy Protection Act has capped the age of consent at 13, and verifiable parental consent is needed only for those who are younger. Europe’s General Data Protection Regulation suggests a range between 13 and 16 years.
Social Media Matters has been conducting “Wranga Digital Parenting Workshops,” in order to clear misconceptions about online safety and privacy controls. SMM stresses upon creating awareness and more conversations regarding cyber bullying, internet security, and digital parenting instead of prohibiting children from accessing the internet.
The video game industry poses the dilemma of implementing consent-related provisions. Unless robust age verification measures are deployed, gaming platforms might have to entirely exclude under-age users, or incur significant costs to build separate child and adult versions of their products. The Interactive Software Federation of Europe, representing European gaming industry, has raised similar concerns against the United Kingdom’s Age Appropriate Design Code. It restricts the use of nudge techniques, and brings in other prohibitions related to data of children below the age of 18.
The regulations could impact the Edtech sector as many e – learning services are customized for 13 – 18 year olds.
The PDP Bill, 2019 does not distinguish between a 17-year-old and a 13-year-old. Such blanket restrictions could deprive children from meaningfully using the internet. Aaron Swartz, a computer programmer and internet freedom activist, exhibited a deep understanding of the internet and issues related to its access at the age of 14. Alex Cooney, CEO, CyberSafeIreland, a non – profit working to empower children, said, “The key message is if our kids are going to be active online, then we have to prepare them better for it. We are not actively, regularly, and consistently doing that with our kids when it comes to online and we absolutely need to.”
There needs to be a unified consensus in order to set parameters for a global age of consent. However, due to the diversity in culture and constitutional regimes there are bound to be variations. For instance, UK and China have fixed the online age of consent at 13 and 14 yrs respectively. In Brazil and Australia age of consent is 16 and 18 years respectively. Australian Information Commissioner and Privacy Commissioner Angeline Falk said, “While we want our children to be empowered to use the internet and online services, we also want their data privacy to be protected.”
Privacy means different things for kids of different ages. For a 17-year-old, privacy may mean privacy from parents as compared to a 13-year-old, who needs parental oversight. This may be even more important in conservative societies where the internet enables mature children to explore sensitive questions regarding gender and faith which cannot be freely discussed. These considerations make it crucial for the law to consider different requirements of various age groups.
America’s Children’s Online Privacy Protection Rule Act, on the other hand, requires mandatory age verification for only those websites that are directed at children. These online portals are required to ask for a parent’s government-issued ID, credit card details and provide a call-centre number, as evidence to verify consent. Since, India’s PDP Bill applies to all websites it would be both impossible and expensive to implement similar verification methods.
The bill needs to consider nuanced issues of maturity, content and privacy in order to bring the law at par with global standards.