Processing of Children's Data

Paraphrased legal text

Before processing any personal data of a child or a person with disability, the Data Fiduciary must obtain verifiable consent of the parent or lawful guardian. The Fiduciary shall not undertake any processing that is likely to cause detrimental effect on the well-being of a child, and shall not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

What this means in plain English

• Verifiable parental consent before processing.
• No behavioural monitoring or tracking of minors.
• No targeted advertising aimed at children.
• Rule 9 specifies the modes of verification — Aadhaar, document, or other prescribed means.

Penalty if you get this wrong

Up to ₹200 crore for failure to fulfil obligations relating to children's personal data.

How ProtectComply solves it

Consent Management — children's flow

• Parental verification step in the consent flow
• Children's-mode policy auto-disables tracking and targeted ad pixels
• Notice template explicitly children-appropriate (per Rule 9)
• Audit trail captures the parental verification artefact