Industry bodies, consumer representatives and social impact groups, taking a closer look at the Digital Personal Data Protection Rules, 2025 have asked the government to consider alterations to the provisions relating to the processing of children’s data to allow for an easier and more inclusive experience.
Allowing partial processing of children’s data
Nasscom has recommended an alteration to the provision prohibiting the use of a child’s data for “tracking or behavioural monitoring or targeted advertising.” It pointed out that such terms, if interpreted broadly, can degrade the child’s online experience, giving the example of a website that is unable to process a child’s location data and thus cannot to provide the most relevant content or services.
Nasscom suggested that “targeted advertising” not include contextual advertising, which is based on the online content a child is visiting or the keyword the child has used or segmented advertising based on a child’s characteristics (such as sex, age, or location), provided by the child as part of user registration or use of online services. It also asked that the law allow for tracking of necessary personal data solely for measuring or reporting advertising performance, reach, or frequency.
However, Akshayy S Nanda, Partner – Data Privacy and Competition laws at Saraf & Partners told businessline that there is no specific need to seek an exemption for contextual advertising in the Rules as rven without the specific exemption, data fiduciaries carrying out contextual advertising aimed at children will not run afoul of the DPDPA. The law only prohibits targeted advertising.
Ease of verification
Consumer Unity and Trust Society (CUTS) said the rules should only require age verification as opposed to age and identity verification. The body said that platforms will be hard-pressed to reliably determine users’ ages as even self-declaration by a user will have to be verified by the platform by behaviour monitoring.
“This assumption is also reinforced by the requirement for platforms to exercise due diligence and ensure that information likely to harm children is not accessible to them. This could also result in the collection of data from adults that isn’t essential,” said CUTS, citing insights from its research ofhow methods like Digital Lockers risk revealing sensitive details.
CUTS also batted interoperability in verification mechanisms (allowing platforms to share verified parental consent). Without this, each service would have to conduct independent verification, creating administrative and technical, increasing costs. It also recommended allowing data fiduciaries to implement verification methods that align with their specific context, based on three primary factors: the nature of the use case, the level of associated risks, the scope of implementation costs.
Inclusion of Children in CCIs and Aftercare Homes
Space2Grow, a consultancy invested in digital safety, said that the Rules do not explain how children in Child Care Institutions (CCIs), aftercare homes, or those who are homeless but still have internet access can obtain parental consent.
“ Many such children lack identifiable parents or guardians, making them vulnerable to exclusion or exploitation. The Rules should establish alternative verification mechanisms, such as allowing trusted institutions or government-appointed representatives to provide consent on behalf of these children. Additionally, platforms should take responsibility for age assurance, shifting the burden away from users,” said Space2Grow in its recommendations.
Need for Standardisation in Consent Mechanisms
Space2Grow said that the absence of a uniform parental consent verification system may lead to confusion and inconsistencies across platforms.
“Standardising verification processes will enhance transparency, eciency, and trust among parents managing multiple platforms. Implementing a single, regulated framework will ensure that all platforms follow consistent, legally compliant verification procedures, reducing regulatory uncertainty and improving enforcement. Consultations revealed that Aadhaar and OTP-based verification are the most favoured methods due to their simplicity and government-backed credibility,” said Space2Grow.