The Data Protection Bill 2021 presented by the Joint Parliamentary Committee (JPC) has stated that data fiduciaries can process a child’s personal data only after verifying their age and obtaining the consent of their parent or guardian. Data fiduciaries are further barred from carrying out certain activities using children’s data. Age of consent remains at 18 Multiple stakeholders had requested that the bill lower the age of consent to either the US standard (13 years) or GDPR standard (13-16 years), but the committee decided to leave the age of consent at 18 citing the Contract Act as the basis for this. “We are aware that from the perspective of the full, autonomous development of the child, the age of 18 may appear too high. However, consistency with the existing legal framework demands this formulation. Were the age of consent for the contract to reduce, a similar amendment may be effected here too,” the committee wrote. Companies must protect child's rights, age verification, and consent from parent or guardian required “Every data fiduciary shall process personal data of a child in such manner that protects the rights of the child” and “the data fiduciary shall, before processing of any personal data of a child, verify his age and obtain the consent of his parent or guardian, in such manner as may be specified by regulations,” the Bill stated. Earlier draft: The Personal Data Protection (PDP) Bill 2019 stated: “Every data fiduciary shall process personal data of a child in such manner that…
