The Justice Srikrishna committee on data privacy has made specific mention of the need for separate and more stringent norms for protecting the data of children, recommending that companies be barred from certain types of data processing such as behavioural monitoring, tracking, targeted advertising and any other type of processing which is not in the best interest of the child.
“It is widely accepted that processing of personal data of children ought to be subject to greater protection than regular processing of data,” the report said.
“The justification for such differential treatment arises from the recognition that children are unable to fully understand the consequences of their actions. This is only exacerbated in the digital world where data collection and processing is largely opaque and mired in complex consent forms.”
“Safeguarding the best interests of the child should be the guiding principle for statutory regulation on protecting data of children,” the report said.
The committee noted that, at present, there were two types of entities processing the personal data of children. The first type were services offered primarily to children, such as YouTube Kids, Hot Wheels and Walt Disney, and the second were social media services such as Facebook and Instagram.
The committee’s recommends that the Data Protection Authority will have the power to designate websites or online services that process large volumes of personal data of children as “guardian data fiduciaries”.
“Certain types of data processing have been objectively found to be harmful for children,” the report said. “Harm, as used here, may be tangible [in terms of physical or reputational harm] or intangible [in terms of loss of autonomy]. These include: behavioural monitoring, tracking, targeted advertising and any other type of processing which is not in the best interest of the child. Guardian data fiduciaries must be barred from these practices insofar as it pertains to children.”
The committee noted that this approach, of placing the onus of properly processing the data of a child on the company, is preferable to the existing regulatory approach which is based solely on a system of parental consent.
“A dominant criticism against parental consent is that it is prone to circumvention, as it risks encouraging children to lie about their age, without achieving the intended purpose of protection,” the report said.