惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
小众软件
小众软件
博客园_首页
博客园 - 聂微东
V
V2EX
WordPress大学
WordPress大学
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 司徒正美
博客园 - 三生石上(FineUI控件)
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
S
SegmentFault 最新的问题
J
Java Code Geeks
Last Week in AI
Last Week in AI
The Cloudflare Blog
月光博客
月光博客
雷峰网
雷峰网
宝玉的分享
宝玉的分享
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Hugging Face - Blog
Hugging Face - Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
有赞技术团队
有赞技术团队
人人都是产品经理
人人都是产品经理
博客园 - Franky
腾讯CDC
Jina AI
Jina AI
博客园 - 叶小钗
大猫的无限游戏
大猫的无限游戏
阮一峰的网络日志
阮一峰的网络日志
量子位
爱范儿
爱范儿
美团技术团队
T
Tailwind CSS Blog
博客园 - 【当耐特】
D
Docker
IT之家
IT之家
V
Visual Studio Blog
P
Proofpoint News Feed
L
LangChain Blog
Engineering at Meta
Engineering at Meta
C
Check Point Blog
G
Google Developers Blog
Google DeepMind News
Google DeepMind News
云风的 BLOG
云风的 BLOG
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Microsoft Azure Blog
Microsoft Azure Blog
B
Blog RSS Feed
Recorded Future
Recorded Future

Comments for MEDIANAMA

Sony and Jio oppose TRAI’s proposal seeking to regulate FAST services Instagram Hit With Cease And Desist Order Over PG-13 Ratings RTI: Sahyog Portal to Handle Data on Non-Consensual Intimate Images, But Privacy Measures Not Shared Explained: RBI’s Draft Amendments for Bank Policies and Customer Protection in Fraudulent Digital Transactions Explained: RBI’s Draft Amendments for Bank Policies and Customer Protection in Fraudulent Digital Transactions DPDP Rules And AI: How India’s Personal Data Framework Will Affect Data Collection And Retention Groww to Go Public as SEBI Approves IPO Proposal Groww to Go Public as SEBI Approves IPO Proposal US-Based Investment Management Firm Set To Acquire 23% Stake In Groww AMC For Rs 580 Crore US-Based Investment Management Firm Set To Acquire 23% Stake In Groww AMC For Rs 580 Crore Internet shutdown in 5 districts in Manipur for 3 days after bombing in Bishnupur district Event Announcement: Understanding Nepal’s Social Media Ban, September 12, #NAMA Event Announcement: Understanding Nepal’s Social Media Ban, September 12, #NAMA NHRC issues notice to MeitY over lapses in children’s data protection on major online platforms Reliance Q3FY26 Revenue Up 10%, Jio Subscribers Over 500 Mn RTI: Sahyog Portal to Handle Data on Non-Consensual Intimate Images, But Privacy Measures Not Shared Offshore Betting Platform Usage Increased Nearly 14% After Online Gambling Ban: CUTS Survey DPDP Rules And AI: How India’s Personal Data Framework Will Affect Data Collection And Retention Instagram Hit With Cease And Desist Order Over PG-13 Ratings How To Register Online Games Under Draft Online Gaming Rules Report Says 64% Instagram Safety Tools For Teens Are Ineffective Paytm Money & JioBlackRock Launch AI-Led Active Equity Fund IRDAI Blocks Insurance Underwriting for VC-Funded Fintechs Claude Opus 4 and 4.1 Can Now End Harmful Conversations
NHRC issues notice to MeitY over lapses in children’s data protection on major online platforms
2026-04-10 · via Comments for MEDIANAMA

Acting on a complaint filed by the Advanced Study Institute of Asia (ASIA), based on its research into children’s data practices by AI, social media, and edtech platforms, the NHRC has directed the Ministry of Electronics and Information Technology (MeitY) to inquire into the allegations and take regulatory, supervisory, and enforcement action against non-compliant platforms. The Commission has also directed MeitY to submit a detailed, point-wise Action Taken Report (ATR), covering compliance status, violations, and corrective steps, within 15 days of receiving the notice.

What did the research find?

  • The report evaluates 14 AI, social media, and edtech platforms widely used by minors in India: Gemini, NotebookLM, Khan Academy (Khanmigo), Photomath, SATHEE (IIT Kanpur), DIKSHA (Ministry of Education), Microsoft Math Solver (OneNote), WhatsApp, Instagram, ChatGPT, Perplexity, Claude (Anthropic), Canva, and xAI Grok.
  • It assesses each platform against 14 DPDP-based criteria: verifiable parental consent, processing harmful to child well-being, prohibition on behavioural tracking, data collection and purpose limitation, data retention and deletion, cross-border data transfer safeguards, grievance redressal, prohibition on targeted advertising to children, notice and language accessibility, age-threshold alignment, webcam/camera access consent, consent withdrawal mechanisms, third-party data sharing and parental control, and voice/audio recording consent.
  • Overall, 71% of assessments were non-compliant, 16% partially non-compliant, and only 13% relatively compliant.
  • 10 of 14 platforms fall into high or very high-risk categories, indicating widespread non-compliance with DPDP requirements.
  • Platforms such as Instagram, xAI Grok, and Canva scored 100% non-compliance, while ChatGPT and Perplexity scored 96%.
  • The report identifies parental consent and behavioural tracking as universal failures, with nearly all platforms lacking verifiable consent mechanisms.
  • It also finds that 13 of the 14 platforms fail five key obligations: parental consent, consent withdrawal, grievance redressal, third-party sharing, and age-threshold alignment.
  • All major platforms apply a minimum age of 13, creating a gap with India’s legal threshold of 18 under DPDP.
  • The report further flags systematic behavioural tracking, profiling, and data-sharing practices, including in AI-driven features such as personalisation and analytics.
  • Among platform categories, social media and general-purpose AI tools show the highest risk (around 88%), compared to edtech platforms (around 65%) and government platform DIKSHA (46%).

Research paper author on findings:

MediaNama interviewed Shivani Singh, Program Coordinator for Law & Critical Emerging Technologies at ASIA, on the findings of its DPDP compliance report. This is what she said:

MediaNama: Your report assessed 14 major platforms against the DPDP framework. Which categories showed the deepest structural failures across platforms, and why?

Shivani Singh: Before identifying the failures, it is important to explain why we selected these 14 platforms. These are the platforms children and teenagers consistently mention in everyday contexts, schools, homes, and conversations. They use them for homework, socialising, and exam preparation. The report focuses on where children actually are.

The most significant structural failure lies in children’s data obligations, particularly age threshold alignment and verifiable parental consent. While gaps exist in notice, security safeguards, and data minimisation, those can theoretically be corrected through better implementation.

However, most platforms, Google, Meta, Canva, Grok, set minimum ages at 13, sometimes 16 for teen accounts, creating a regulatory gap with India’s definition of a child as under 18. Only Claude and Microsoft nominally align with 18.

If a platform does not recognise a 16-year-old as a child, it will not seek parental consent, restrict profiling, or apply stricter safeguards. This means non-compliance is embedded at the entry point, requiring a fundamental rethink of how platforms identify and treat users.

MediaNama: Your report identifies platforms at or near 100% non-compliance. What does a realistic compliance roadmap look like?

Shivani Singh: Platforms like Instagram, Grok, and Canva are at or near complete non-compliance, with ChatGPT and Perplexity somewhat lower. The path to compliance is not incremental policy updates but structural transformation within the DPDP timeline ending May 2027.

A realistic roadmap involves five priorities:

  • Age verification reform: Move beyond self-declaration to systems that can distinguish minors, using identity credentials or token-based mechanisms.
  • Verifiable parental consent: Consent must be authenticated, traceable, and easily withdrawable; email-based consent is insufficient.
  • Resolving the tracking–personalisation conflict: Core features like personalisation must be separated from prohibited behavioural monitoring of children.
  • Data minimisation and retention controls: Limit excessive collection such as camera, microphone, and location data.
  • Governance and accountability: Establish grievance systems, audits, and consent managers.

A key challenge is that minors often use SIM cards registered to adults, leading platforms to treat them as adult users.

MediaNama: Self-declaration is not a viable solution. What would a reasonable age verification mechanism look like without becoming overly intrusive?

Shivani Singh: If a platform cannot reliably distinguish between a child and an adult user, it will fail to apply the safeguards required by law. The report highlights the structural gap between 13-plus operational models and the 18-year legal threshold. This leaves users aged 13 to 17 unprotected.

A solution must be layered and proportionate, combining different mechanisms such as behavioural signals, government-recognised identity systems like Digilocker, and token-based frameworks. Consent managers and multilingual transparency must support this system.

MediaNama: If behavioural tracking is prohibited for children, how will AI chatbots detect risks like self-harm or violence?

Shivani Singh: This is one of the most complex tensions. There is a distinction between purpose-limited monitoring and generalised tracking. Restricting behavioural tracking does not weaken safety if platforms build dedicated monitoring systems limited to risk detection.

The real challenge is ensuring that safety mechanisms are not used for profiling. Children are increasingly treating chatbots as companions, which raises risks. Platforms must design systems where risk signals trigger appropriate interventions and parental alerts where necessary.

MediaNama: Can consent managers become a meaningful accountability layer?

Shivani Singh: Consent managers have potential but depend entirely on implementation. They must ensure interoperability, real-time functionality, and independent operation. They should simplify communication and make consent withdrawal easy.

MediaNama: How far are platforms from delivering informed consent?

Shivani Singh: Currently, platforms are far from delivering informed consent. Policies are long, complex, and mostly in English, making them inaccessible. The DPDP requires clear, plain language and accessibility. Consent must move beyond a checkbox to a meaningful understanding.

MediaNama: Which AI use cases are closest to breaching DPDP thresholds?

Shivani Singh: The most concerning use cases involve multimodal systems with data processing combining camera, voice, and inference systems. These generate sensitive insights beyond the original data, making them high risk and closest to breaching DPDP thresholds.

The interview was edited for clarity and brevity. 

Also read