






















Acting on a complaint filed by the Advanced Study Institute of Asia (ASIA), based on its research into children’s data practices by AI, social media, and edtech platforms, the NHRC has directed the Ministry of Electronics and Information Technology (MeitY) to inquire into the allegations and take regulatory, supervisory, and enforcement action against non-compliant platforms. The Commission has also directed MeitY to submit a detailed, point-wise Action Taken Report (ATR), covering compliance status, violations, and corrective steps, within 15 days of receiving the notice.
What did the research find?
Research paper author on findings:
MediaNama interviewed Shivani Singh, Program Coordinator for Law & Critical Emerging Technologies at ASIA, on the findings of its DPDP compliance report. This is what she said:
MediaNama: Your report assessed 14 major platforms against the DPDP framework. Which categories showed the deepest structural failures across platforms, and why?
Shivani Singh: Before identifying the failures, it is important to explain why we selected these 14 platforms. These are the platforms children and teenagers consistently mention in everyday contexts, schools, homes, and conversations. They use them for homework, socialising, and exam preparation. The report focuses on where children actually are.
The most significant structural failure lies in children’s data obligations, particularly age threshold alignment and verifiable parental consent. While gaps exist in notice, security safeguards, and data minimisation, those can theoretically be corrected through better implementation.
However, most platforms, Google, Meta, Canva, Grok, set minimum ages at 13, sometimes 16 for teen accounts, creating a regulatory gap with India’s definition of a child as under 18. Only Claude and Microsoft nominally align with 18.
If a platform does not recognise a 16-year-old as a child, it will not seek parental consent, restrict profiling, or apply stricter safeguards. This means non-compliance is embedded at the entry point, requiring a fundamental rethink of how platforms identify and treat users.
MediaNama: Your report identifies platforms at or near 100% non-compliance. What does a realistic compliance roadmap look like?
Shivani Singh: Platforms like Instagram, Grok, and Canva are at or near complete non-compliance, with ChatGPT and Perplexity somewhat lower. The path to compliance is not incremental policy updates but structural transformation within the DPDP timeline ending May 2027.
A realistic roadmap involves five priorities:
A key challenge is that minors often use SIM cards registered to adults, leading platforms to treat them as adult users.
MediaNama: Self-declaration is not a viable solution. What would a reasonable age verification mechanism look like without becoming overly intrusive?
Shivani Singh: If a platform cannot reliably distinguish between a child and an adult user, it will fail to apply the safeguards required by law. The report highlights the structural gap between 13-plus operational models and the 18-year legal threshold. This leaves users aged 13 to 17 unprotected.
A solution must be layered and proportionate, combining different mechanisms such as behavioural signals, government-recognised identity systems like Digilocker, and token-based frameworks. Consent managers and multilingual transparency must support this system.
MediaNama: If behavioural tracking is prohibited for children, how will AI chatbots detect risks like self-harm or violence?
Shivani Singh: This is one of the most complex tensions. There is a distinction between purpose-limited monitoring and generalised tracking. Restricting behavioural tracking does not weaken safety if platforms build dedicated monitoring systems limited to risk detection.
The real challenge is ensuring that safety mechanisms are not used for profiling. Children are increasingly treating chatbots as companions, which raises risks. Platforms must design systems where risk signals trigger appropriate interventions and parental alerts where necessary.
MediaNama: Can consent managers become a meaningful accountability layer?
Shivani Singh: Consent managers have potential but depend entirely on implementation. They must ensure interoperability, real-time functionality, and independent operation. They should simplify communication and make consent withdrawal easy.
MediaNama: How far are platforms from delivering informed consent?
Shivani Singh: Currently, platforms are far from delivering informed consent. Policies are long, complex, and mostly in English, making them inaccessible. The DPDP requires clear, plain language and accessibility. Consent must move beyond a checkbox to a meaningful understanding.
MediaNama: Which AI use cases are closest to breaching DPDP thresholds?
Shivani Singh: The most concerning use cases involve multimodal systems with data processing combining camera, voice, and inference systems. These generate sensitive insights beyond the original data, making them high risk and closest to breaching DPDP thresholds.
The interview was edited for clarity and brevity.
Also read
For You
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。