惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
L
LINUX DO - 最新话题
C
Check Point Blog
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
J
Java Code Geeks
Apple Machine Learning Research
Apple Machine Learning Research
大猫的无限游戏
大猫的无限游戏
S
Security @ Cisco Blogs
IT之家
IT之家
T
The Exploit Database - CXSecurity.com
The GitHub Blog
The GitHub Blog
D
Docker
Engineering at Meta
Engineering at Meta
AWS News Blog
AWS News Blog
S
Security Affairs
U
Unit 42
P
Palo Alto Networks Blog
V
Visual Studio Blog
Y
Y Combinator Blog
D
DataBreaches.Net
Forbes - Security
Forbes - Security
阮一峰的网络日志
阮一峰的网络日志
美团技术团队
Security Latest
Security Latest
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
A
Arctic Wolf
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Hacker News: Front Page
博客园 - 司徒正美
博客园 - Franky
宝玉的分享
宝玉的分享
TaoSecurity Blog
TaoSecurity Blog
Latest news
Latest news
Scott Helme
Scott Helme
MongoDB | Blog
MongoDB | Blog
量子位
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog

Comments for MEDIANAMA

Sony and Jio oppose TRAI’s proposal seeking to regulate FAST services Instagram Hit With Cease And Desist Order Over PG-13 Ratings NHRC issues notice to MeitY over lapses in children’s data protection on major online platforms RTI: Sahyog Portal to Handle Data on Non-Consensual Intimate Images, But Privacy Measures Not Shared Explained: RBI’s Draft Amendments for Bank Policies and Customer Protection in Fraudulent Digital Transactions Explained: RBI’s Draft Amendments for Bank Policies and Customer Protection in Fraudulent Digital Transactions DPDP Rules And AI: How India’s Personal Data Framework Will Affect Data Collection And Retention Groww to Go Public as SEBI Approves IPO Proposal Groww to Go Public as SEBI Approves IPO Proposal US-Based Investment Management Firm Set To Acquire 23% Stake In Groww AMC For Rs 580 Crore US-Based Investment Management Firm Set To Acquire 23% Stake In Groww AMC For Rs 580 Crore Internet shutdown in 5 districts in Manipur for 3 days after bombing in Bishnupur district Event Announcement: Understanding Nepal’s Social Media Ban, September 12, #NAMA Event Announcement: Understanding Nepal’s Social Media Ban, September 12, #NAMA Reliance Q3FY26 Revenue Up 10%, Jio Subscribers Over 500 Mn RTI: Sahyog Portal to Handle Data on Non-Consensual Intimate Images, But Privacy Measures Not Shared Offshore Betting Platform Usage Increased Nearly 14% After Online Gambling Ban: CUTS Survey DPDP Rules And AI: How India’s Personal Data Framework Will Affect Data Collection And Retention Instagram Hit With Cease And Desist Order Over PG-13 Ratings How To Register Online Games Under Draft Online Gaming Rules Report Says 64% Instagram Safety Tools For Teens Are Ineffective Paytm Money & JioBlackRock Launch AI-Led Active Equity Fund IRDAI Blocks Insurance Underwriting for VC-Funded Fintechs Claude Opus 4 and 4.1 Can Now End Harmful Conversations
NHRC issues notice to MeitY over lapses in children’s data protection on major online platforms
Prabhanu Kumar Das · 2026-03-27 · via Comments for MEDIANAMA

Acting on a complaint filed by the Advanced Study Institute of Asia (ASIA), based on its research into children’s data practices by AI, social media, and edtech platforms, the NHRC has directed the Ministry of Electronics and Information Technology (MeitY) to inquire into the allegations and take regulatory, supervisory, and enforcement action against non-compliant platforms. The Commission has also directed MeitY to submit a detailed, point-wise Action Taken Report (ATR), covering compliance status, violations, and corrective steps, within 15 days of receiving the notice.

What did the research find?

  • The report evaluates 14 AI, social media, and edtech platforms widely used by minors in India: Gemini, NotebookLM, Khan Academy (Khanmigo), Photomath, SATHEE (IIT Kanpur), DIKSHA (Ministry of Education), Microsoft Math Solver (OneNote), WhatsApp, Instagram, ChatGPT, Perplexity, Claude (Anthropic), Canva, and xAI Grok.
  • It assesses each platform against 14 DPDP-based criteria: verifiable parental consent, processing harmful to child well-being, prohibition on behavioural tracking, data collection and purpose limitation, data retention and deletion, cross-border data transfer safeguards, grievance redressal, prohibition on targeted advertising to children, notice and language accessibility, age-threshold alignment, webcam/camera access consent, consent withdrawal mechanisms, third-party data sharing and parental control, and voice/audio recording consent.
  • Overall, 71% of assessments were non-compliant, 16% partially non-compliant, and only 13% relatively compliant.
  • 10 of 14 platforms fall into high or very high-risk categories, indicating widespread non-compliance with DPDP requirements.
  • Platforms such as Instagram, xAI Grok, and Canva scored 100% non-compliance, while ChatGPT and Perplexity scored 96%.
  • The report identifies parental consent and behavioural tracking as universal failures, with nearly all platforms lacking verifiable consent mechanisms.
  • It also finds that 13 of the 14 platforms fail five key obligations: parental consent, consent withdrawal, grievance redressal, third-party sharing, and age-threshold alignment.
  • All major platforms apply a minimum age of 13, creating a gap with India’s legal threshold of 18 under DPDP.
  • The report further flags systematic behavioural tracking, profiling, and data-sharing practices, including in AI-driven features such as personalisation and analytics.
  • Among platform categories, social media and general-purpose AI tools show the highest risk (around 88%), compared to edtech platforms (around 65%) and government platform DIKSHA (46%).

Research paper author on findings:

MediaNama interviewed Shivani Singh, Program Coordinator for Law & Critical Emerging Technologies at ASIA, on the findings of its DPDP compliance report. This is what she said:

MediaNama: Your report assessed 14 major platforms against the DPDP framework. Which categories showed the deepest structural failures across platforms, and why?

Shivani Singh: Before identifying the failures, it is important to explain why we selected these 14 platforms. These are the platforms children and teenagers consistently mention in everyday contexts, schools, homes, and conversations. They use them for homework, socialising, and exam preparation. The report focuses on where children actually are.

The most significant structural failure lies in children’s data obligations, particularly age threshold alignment and verifiable parental consent. While gaps exist in notice, security safeguards, and data minimisation, those can theoretically be corrected through better implementation.

However, most platforms, Google, Meta, Canva, Grok, set minimum ages at 13, sometimes 16 for teen accounts, creating a regulatory gap with India’s definition of a child as under 18. Only Claude and Microsoft nominally align with 18.

If a platform does not recognise a 16-year-old as a child, it will not seek parental consent, restrict profiling, or apply stricter safeguards. This means non-compliance is embedded at the entry point, requiring a fundamental rethink of how platforms identify and treat users.

MediaNama: Your report identifies platforms at or near 100% non-compliance. What does a realistic compliance roadmap look like?

Shivani Singh: Platforms like Instagram, Grok, and Canva are at or near complete non-compliance, with ChatGPT and Perplexity somewhat lower. The path to compliance is not incremental policy updates but structural transformation within the DPDP timeline ending May 2027.

A realistic roadmap involves five priorities:

  • Age verification reform: Move beyond self-declaration to systems that can distinguish minors, using identity credentials or token-based mechanisms.
  • Verifiable parental consent: Consent must be authenticated, traceable, and easily withdrawable; email-based consent is insufficient.
  • Resolving the tracking–personalisation conflict: Core features like personalisation must be separated from prohibited behavioural monitoring of children.
  • Data minimisation and retention controls: Limit excessive collection such as camera, microphone, and location data.
  • Governance and accountability: Establish grievance systems, audits, and consent managers.

A key challenge is that minors often use SIM cards registered to adults, leading platforms to treat them as adult users.

MediaNama: Self-declaration is not a viable solution. What would a reasonable age verification mechanism look like without becoming overly intrusive?

Shivani Singh: If a platform cannot reliably distinguish between a child and an adult user, it will fail to apply the safeguards required by law. The report highlights the structural gap between 13-plus operational models and the 18-year legal threshold. This leaves users aged 13 to 17 unprotected.

A solution must be layered and proportionate, combining different mechanisms such as behavioural signals, government-recognised identity systems like Digilocker, and token-based frameworks. Consent managers and multilingual transparency must support this system.

MediaNama: If behavioural tracking is prohibited for children, how will AI chatbots detect risks like self-harm or violence?

Shivani Singh: This is one of the most complex tensions. There is a distinction between purpose-limited monitoring and generalised tracking. Restricting behavioural tracking does not weaken safety if platforms build dedicated monitoring systems limited to risk detection.

The real challenge is ensuring that safety mechanisms are not used for profiling. Children are increasingly treating chatbots as companions, which raises risks. Platforms must design systems where risk signals trigger appropriate interventions and parental alerts where necessary.

MediaNama: Can consent managers become a meaningful accountability layer?

Shivani Singh: Consent managers have potential but depend entirely on implementation. They must ensure interoperability, real-time functionality, and independent operation. They should simplify communication and make consent withdrawal easy.

MediaNama: How far are platforms from delivering informed consent?

Shivani Singh: Currently, platforms are far from delivering informed consent. Policies are long, complex, and mostly in English, making them inaccessible. The DPDP requires clear, plain language and accessibility. Consent must move beyond a checkbox to a meaningful understanding.

MediaNama: Which AI use cases are closest to breaching DPDP thresholds?

Shivani Singh: The most concerning use cases involve multimodal systems with data processing combining camera, voice, and inference systems. These generate sensitive insights beyond the original data, making them high risk and closest to breaching DPDP thresholds.

The interview was edited for clarity and brevity. 

Also read