Big Tech Sees Red on Parental Consent

Some days ago, we had put out a post about how the government could be seeking to put all the Big Tech companies on a leash through a separate digital anti-competition law. Looks like these companies are already up in arms around India’s new Digital Personal Data Protection Act that came into existence just recently. 

A report published by the Business Standard says these big tech companies are seeking to engage with the government over a clause relating to parental consent for processing data under the new law. They seem to be arguing that the provision could have some unintended consequences for digital inclusion, privacy and child safety. 

As per the new law, tech platforms need to obtain a verifiable consent from a parent or legal guardian of a child before processing personal data of users below the age of 18. Readers may recall that the provision generated some heat even before the Bill became law. Now the tech giants are seeking relaxation of this rule and its implementation methods. 

What’re the challenges of such a provision?

The publication quoted a senior industry source to suggest that variable parental consent was a worrisome obligation as it could expose the child and parent to risks. It could also burden users who need to submit verifiable identity documents to several applications that might have varying degrees of security in their systems. 

Industry experts we spoke to also termed it as over-regulation as the verification onus lies on the tech companies who would only automate it via documents such as Aadhar or PAN number. Furthermore, the law also prohibits tracking of behavioral monitoring of children and targeting advertisements at them. 

What happens to existing embedded solutions?

If this is the case, how would Google or Meta target ads at those below 17 years on their platforms? And even if they follow the rule book, it could turn counterproductive as it might end up blocking child safety features already embedded in the application. Which, in turn, might open up unsavory content for their consumption. 

Over the past few years, several of these platforms have deployed behavioral tracking mechanisms and artificial intelligence to prevent adult websites from messaging children as a precaution against predators approaching minors. Such a rule could virtually render these systems unviable while also opening up children to irrelevant or inappropriate ads. 

Even the demand for exemption brings ambiguity

Another challenge that the law could create is keeping away many teenagers from the process of helping their parents use the Internet. Some even argued that girl children in the rural areas, who already have unequal rights to information, may find it tougher to access it due to the verifiable parental consent approach.

It could also be a data collection nightmare as parental consent would bring in a bigger lot of personal data such as ID documents, relationship documents etc. which inherently contradicts the basic objective of privacy laws that includes data minimization. Of course, none of the Big Tech companies are expected to share their views in the open due to the ambiguity involved. 

However, the BS report quoted Aditi Jha, director and country head for legal, public policy and economic graph at LinkedIn to suggest that the company would respect the applicable laws in the geographies where they operate. “We are reviewing the legislation to grasp the implications for our members and businesses,” she said. 

Industry experts also raised the argument that the minimum age for consent should be lowered as is the case with the US where those above 13 years can provide consent to the usage of their personal data. While the law excludes certain categories from this requirement, the government had later clarified that social media platforms would not be exempted.