The committee headed by retired Supreme Court Judge, Justice BN Srikrishna has submitted its report on ‘Data Protection Framework’ to the Union Minister of Electronics and Information Technology, Ravi Shankar Prasad. The report especially emphasises on the protection of children’s data and hopes that it is ‘handled with care.’
“It is widely accepted that processing of personal data of children ought to be subject to greater protection than the regular processing of data,” the report mentions.
The Committee was constituted by the union government in July last year to deliberate on a data protection framework. The committee’s report recommends that ‘…the law should be applicable to the processing of personal data if such data has been used, shared, disclosed, collected or otherwise processed in India…’ However, it asserts that the law shall apply to those carrying on business in India or other activities such as profiling which could cause privacy harms to data principals in India.
In the case of the children, the committee has derived that more stringent norms should be prevailing in case of the children. With regard to this, it has barred companies from accessing certain types of data processing such as ‘behavioural monitoring, tracking, targeted advertising’ and ‘any other type of processing’ which is ‘not in the best interest of the child.’
“The justification for such differential treatment arises from the recognition that children are unable to fully understand the consequences of their actions. This is only exacerbated in the digital world where data collection and processing is largely opaque and mired in complex consent forms.” added the report in context to this issue.
To implement such a procedure the committee recommends that the Data Protection Authority will have the power to designate websites or online services that process large volumes of personal data of children as “guardian data fiduciaries”.
The committee also noted that this approach, of placing the responsibility of properly processing the data of a child on the company, is preferable ‘to the existing regulatory approach which is based solely on a system of parental consent.’