Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

Verifiable Consent for Processing Personal Data of Children and Persons with Disabilities Under Rule 10 of the proposed DPDP Rules, 2025

Posted On - 10 January, 2025 • By - Rahul Sundaram

In the evolving landscape of digital privacy, the proposed Digital Personal Data Protection (DPDP) Rules, 2025, lays emphasis on the importance of safeguarding personal data, particularly for vulnerable groups such as children and persons with disabilities. Rule 10 of these rules provides explicit guidance on obtaining verifiable consent for processing the personal data of these groups, ensuring their rights and privacy are adequately protected.

Key Provisions of Rule 10

Rule 10 of the DPDP Rules establishes that:

  1. Children’s Personal Data: For individuals under the age of 18, the consent required for processing their personal data must be obtained from their lawful guardian.
  2. Persons with Disabilities: Where a person with disabilities has a lawful guardian, the guardian’s consent must be obtained for processing the individual’s personal data.
  3. Verifiability: The consent must be verifiable, meaning that organizations collecting and processing the data must ensure the authenticity of the consent provided.

The concept of verifiable consent under Rule 10 implies that the consent mechanism must satisfy the following conditions:

  • Informed Consent: The guardian must be fully aware of what data is being collected, the purpose of processing, and any associated risks.
  • Explicit and Affirmative Action: The guardian must take a clear and affirmative action to provide consent, such as signing a document, checking a box, or using an OTP-based system.
  • Traceability: The consent process must generate evidence that can be retained and audited to demonstrate compliance.
  • Granularity: Consent should be specific to the data processing activity, avoiding blanket or vague permissions.

A Data Fiduciary, while obtaining verifiable consent from an individual identifying herself as the lawful guardian of a person with disability, shall observe due diligence to verify that such guardian is appointed by a court of law, a designated authority or a local level committee, under the law applicable to guardianship.

While Rule 10 sets out clear guidelines, its implementation may present challenges:

  1. Digital Literacy: Guardians may lack the necessary literacy / digital literacy to comprehend the implications of consent, particularly in rural or underserved areas.
  2. Verification Mechanisms: Developing robust and foolproof systems to verify the identity of lawful guardians and ensure their consent can be resource-intensive.
  3. Balancing Innovation and Compliance: Businesses must navigate the fine line between innovation in data-driven services and strict adherence to data protection laws.

Best Practices for Compliance

To ensure compliance with Rule 10, data fiduciaries (entities processing personal data) should adopt the following best practices:

  • Use of Digital Tools: Employ advanced verification technologies like Aadhaar-based authentication or secure biometric systems to ensure the identity of lawful guardians.
  • Comprehensive Documentation: Maintain clear records of consent, including the guardian’s authority and identity, the data being processed, and the purpose of processing.
  • Regular Audits: Periodically audit consent processes to ensure compliance with legal standards and address any gaps.

Conclusion

Rule 10 of the  proposed DPDP Rules, 2025, is a significant step toward enhancing the protection of personal data for children and persons with disabilities. By emphasizing verifiable consent and stringent safeguards, it strikes a balance between technological advancement and ethical responsibility. However, its success hinges on the commitment of data fiduciaries to uphold these standards and the proactive enforcement by regulatory authorities. In a world increasingly reliant on data, protecting the most vulnerable is not just a legal obligation but a moral imperative.

For further details write to contact@indialaw.in

Related Posts

Bombay High Court Quashes Charges Against Bank Manager in Modesty Insult Case: Balancing Women's Rights and Fair TreatmentHigh Court of Chhattisgarh Upholds Women's Right to Child Adoption Leave: A Victory for Gender EqualityStrict Compliance with Timelines: The Supreme Court's Stance on Insolvency AppealsDelhi High Court Upholds Arbitral Award, Grants MSME Interest Rights and Affirms Liability: Shristi v. Scorpio