Science & Tech Security Issues

Consent Age for Data Protection

  • Empowering the Central Government: In India, the impending data protection Bill may give the Centre the authority to lower the age of consent from 18 to allow access to Internet services without parental supervision.
  • Exemptions for Specific Companies: If a company can process data in a “verifiably safe” manner, the Bill may exempt it from further duties to protect children’s privacy.

Why is this in the news?

  • Departure from Previous Bill: This is a departure from the previous data protection Bill, which set the age limit at 18 years.
  • Adherence to international laws: The adjustment is in line with data protection standards in the Western world, such as the EU and the United States.

A Clause’s Journey: Changing the Definition of Child

  • Justice BN Report of the Srikrishna Committee: The committee’s 2018 report advocated getting parental consent for individuals under the age of 18, but stated that if adjustments were made, the age of consent may be reduced.
  • Personal Data Protection Bill, 2019: The recommendation was retained in the PDP Bill, 2019, which classified a kid as an individual under the age of 18.
  • Recommendations of the Joint Committee of Parliament: In its final recommendations in late 2021, the Joint Committee advocated lowering the age of consent to 13/14/16 years.
  • The drafted Digital Personal Data Protection Bill, 2022, classified children as those under the age of 18, which irritated social media corporations.
  • Final Change: According to reports, the data protection Bill headed to Parliament’s Monsoon session has amended the definition of a child to an individual who has not reached the age of eighteen or a lower age notified by the Central Government.

Global Children Definitions for Data Regulations

  • The General Data Protection Regulation (GDPR) of the European Union: The age of consent is fixed at 16, but member states can reduce it to as young as 13. There are specific safeguards in place for children’s personal data.
  • The Children’s Online Privacy Protection Act (COPPA) of the United States requires parental authorization to process personal data for children under the age of 13.
  • The Privacy Act of Australia, 1988: The Act protects personal information regardless of age, although organisations must evaluate an individual’s capacity to consent on an individual basis.
  • Personal Information Protection Law (PIPL) of China requires entities handling personal data of individuals under the age of 14 to acquire parental agreement, and children’s data is classified as sensitive.


  • The reduction of the consent age in India’s data protection Bill mirrors international developments in data protection rules.
  • Countries have diverse definitions of children and different processes for gaining parental approval.
  • The final amendment to the Bill reflects a series of conversations and deliberations on defining the age of minors in India’s data protection law, addressing business stakeholders’ concerns, and complying with international norms.
And get notified everytime we publish a new blog post.