PROTECTING CHILDREN’S PRIVACY IN THE DIGITAL AGE: CHALLENGES UNDER CYBER LAW AND THE PDPA
Category: Cyber Crime Law
「 ✦ Content ✦ 」
ABSTRACT
Children's interactions with technology have changed greatly, through the good graces of the digital era, making sources of information and communication more accessible than ever. But these developments also pose serious privacy threats for children, which requires a good understanding of how to protect children's information. The study reviews the different legal frameworks, including, in the context of India, the Personal Data Protection Act (PDPA) and the Information Technology Act, 2000 (IT Act), in addressing the privacy menace posed to children in the digital world. The wider ramifications of technology on children's privacy are examined, and the study points out the problems that these pieces of legislation face in providing unyielding protection for children's data. By analyzing international standards on child data protection and the K.S. Puttaswamy judgment, which asserts the right to privacy as a fundamental right, the study provides a complete outline of the status of children's privacy. Towards the end, it provides recommendations for strengthening protection for children's data privacy in the digital age.
Keywords: technology, privacy, children, digital, threats, protect.
INTRODUCTION
Children have more opportunities to interact with technology, ranging from socialization to education. But at the same time urgent privacy issues arise. More and more children spend time online-imparting social, gaming, entertainment, and education activities. Unfortunately, they are probably also exploiting this to divulge, without even realizing it, personal information that can be exploited or abused. Hence, governments and agencies across the globe have embarked on a path to establish laws that will protect the rights of children regarding privacy in the digital realm. The protection of children's personal data in India is regulated by a mixture of the Information Technology Act, the proposed Personal Data Protection Act (PDPA), and, somewhat recently, changing judiciary decisions such as the K.S. Puttaswamy decision. In the course of adapting, these laws and regulations face many challenges to addressing the special vulnerabilities facing children in the digital age.
CHILDREN’S PRIVACY IN THE DIGITAL AGE
With the rampant use of digital platforms, children are facing numerous privacy hazards at their very tender ages. Several apps and websites marketed toward kids are collecting personal data, many times without proper parental consent or full disclosure. Alongside information such as names, ages, and addresses, the data also include intimate fragments on children's online interactions, interests, and behaviors. More so, children's online conduct is trillions of times tracked, analyzed, or used for commercial purposes or other causes, even when the children are not actively sharing personal information, because of the ubiquitous use of cookies and tracking technologies.
Such activities greatly raise concern for the guidelines in children's privacy. The child's age and stage of cognitive development do not allow for a full appreciation of what the disclosure of relevant personal information could mean within cyberspace. This, in large part, has created a breeding ground for abuses, particularly related to advertisement, selling of data, and even cyberbullying. The absence of informed consent, insufficiently strong institutive privacies, and the complex nature of data analytics all combine to make the protection of children's privacy extremely contentious.
LEGAL FRAMEWORKS: CYBER LAW AND DATA PROTECTION IN INDIA
1. THE INFORMATION TECHNOLOGY ACT, 2000 (IT ACT)
In India, the IT Act forms the very foundation of cyber law. It emphasizes issues of data protection, cyber-crimes, and e-commerce. Although it addresses privacy in general, the IT Act fails to adequately safeguard children's privacy. Important sections pertaining to children include Section 66E, which sets out the prohibition of invasions of privacy, and Section 43A, which mandates the protection of sensitive personal data. However, these sections do not reasonably and sufficiently counter specific issues related to children using digital media. Furthermore, the IT Act fails to specifically address any protective measures for minors in its provisions and does not offer prescribed guidelines regarding the management of children's data.
While the IT Act allows for the collection of personal data, there exists no explicit provision for the treatment of children's data any differently from that of adults. This loophole has created an opening for online platforms to exploit and even manipulate children's data.
2. THE PERSONAL DATA PROTECTION ACT (PDPA)
The Personal Data Protection Act seeks to guarantee privacy to Indian citizens and regulate personal data processing in India. Great as it is for protecting privacy, the PDPA fails to address specific vulnerabilities that affect children. Generally, processing of data under the PDPA is allowed only in the case of consent with the data subject. However, it explains very few conditions under which processing will allow children's data.
Another consolation will be seen in the PDPA's provisions for parental or guardian consent regarding children under 18. No requirement for platforms to ensure that the minors understand the consequences of sharing their data is articulated therein. Furthermore, implementation of the PDPA would only add to the limbo regarding children's privacy law protections.
3. THE K.S. PUTTASWAMY JUDGMENT AND ARTICLE 21 OF THE CONSTITUTION
In its landmark judgment of K.S. Puttaswamy v. Union of India, the Supreme Court of India, with reference to Article 21, laid down that the right to privacy is an inviolable right and is an intrinsic element of an individual's autonomy and dignity.
The Puttaswamy ruling has a significant impact on the privacy of children. Since minors are effectively noted to be entitled to privacy protection through Article 21, this is where the focus will go, remaining an individual under the age of 18 years. This means that the processing of children's personal data-whether it be for commercial, educational, or any other use-requires compliance with necessity, proportionality, and transparency requirements as laid out in the Constitution. While this ruling provides a solid foundation for privacy protection for children, the real challenge is going to be how the ruling is completely implemented in the face of internet platforms, which thrive on collecting tons of data on kids.
CHALLENGES IN PROTECTING CHILDREN’S PRIVACY
Parental Control and Parental Consent: The IT Act and PDPA require the consent of at least one parent for processing the child's data. Parental control is often not possible because parents may be unaware or have no control over the digital sites their minors use. In addition, the requirements for parental consents are fragmented across platforms, which presents another hurdle to compliance.
Data profiling-Children's information is subject to profiling and targeted advertising due to the growing reliance of data analytics and artificial intelligence on digital platforms. Besides infringing on the children's right of privacy, this technique takes advantage of them by promoting content that may not be best for them.
Cross-border data transfers-Children's data is mostly processed and stored on an international level, especially in countries with less stiff privacy rules. Such cross-border data movement raises questions over the safety of children's personally identifiable information and raises questions over how closely their government regulates such issues.
SUGGESTIONS FOR STRENGTHENING PROTECTION
India needs to craft distinct laws or guidelines devoted to the concerns of children's data. This would address its target advertising, online harassment, data profiling, and other aspects of risk. Children are the most engrossed and then helpless cohort to the dangers pertaining to the online space, thus emphasizing the dire need for responsive legal provisions toward the protection of their persona from being misused.
Apart from smart legislation, digital literacy and awareness programs must begin to educate children and parents alike about the dangers of online sharing of personal details and the need for data protection legislation. The government, along with the education and civil society, should raise funds for programming that would teach children safe surfing habits in order to equip them with tools to operate safely on the internet.
Furthermore, online services aimed at children must institute stricter consent regimes, including proper age verification systems. Their respective privacy policies must be easy to understand, spelling out how information is used. Added to this, tools for parental controls should be made even more effective to ensure that consent is sought and maintained at all times during online engagements. Only then will the effort to fortify these safeguards have a hope of ensuring children's privacy in a digitally connected world.
CONCLUSION
The issue of children's privacy in the digital world is hugely critical and necessitates an eclectic approach. While India has gone on to enact many, including the PDPA and IT Acts, providing children's protection continues to face challenges. While the K.S. Puttaswamy case provides a constitutional guarantee of privacy, it logically becomes apparent that other alternatives are sought to deal with the unique challenges posed by the internet to children. The restoration of children's privacy in a constantly changing digital environment will include strengthening of consent procedures, digital literacy, child-specific legislation, and enforcement. By implementing well thought out steps, India can help ensure that its children move on a secure and safe odyssey through the digital world.
OLQ is a Pan-India basis law firm connecting legal expertise nationwide.
WRITTEN BY: ADV ANIK
