Skip to main content
UrbanVakeel
Live wire
www.iconnectblog.comWhen Apex Courts Disown Their Watchdogs: India, Judicial Accountability, and the Proprietary TurnSCC OnlinePresident Appoints Four Chief Justices and One Senior Advocate to Supreme Court, Taking Working Strength Closer to New Sanctioned Strength of 38MoneylifeFrom First-generation Lawyer to Supreme Court Judge: Justice V Mohana’s Historic AscentIndian Television Dot ComBroadcasters to take Ad-Cap battle to Supreme Court soon after HC blowBar and BenchJudicial recognition of ‘transnational issue estoppel’ in India: Fortifying finality in International Commercial ArbitrationLawBeatSupreme Court Weekly Round Up [May 25- May 31, 2026]Business StandardSupreme Court swears in five new judges, strength increases to 37WIONMeet the lawyer who skipped High Court bench and went straight to India’s Supreme CourtDT Next5 things to know about newly appointed Supreme Court judge Venkita MohanaThe Indian ExpressSupreme Court gets 5 new judges, strength increases to 37The New Indian ExpressSovereignty of nation must prevail over personal liberty in narcotics cases: SCThePrintSubscriberWrites: Euthanasia for Dogs: The Supreme Court’s stance on public safety and animal welfare in IndiaAl Jazeera‘Cockroach Janta Party’: Top Indian judge’s comment sparks satire, protestRising KashmirHistoric & Welcome Judgement of the Supreme Court of India on SIRBar and BenchRailway staff are Central government employees: Supreme Court restores benefits to KSEB employee

Editorial

Children's data under DPDP: the verifiable consent puzzle

The Act treats anyone under eighteen as a child, prohibits behavioural tracking outright, and requires verifiable parental consent for processing. How any of this will actually work in practice remains an open question.

By Editorial Desk2 min read
Children's data under DPDP: the verifiable consent puzzle
Children's data under DPDP: the verifiable consent puzzle

Section 9 of the DPDP Act is the most ambitious provision in India's privacy framework — and the one most likely to produce litigation. It defines a child as any Data Principal under eighteen years of age, requires verifiable parental consent before processing children's data, and prohibits behavioural monitoring or targeted advertising directed at children. The drafting is short. The operational consequences are vast.

Who counts as a child

Eighteen is a high bar by international standards. The GDPR sets the threshold at sixteen, with member states allowed to lower it to thirteen. The US COPPA framework cuts off at thirteen. India's choice of eighteen means a much larger category of users are caught — and a much larger category of products will have to either age-gate or default to the stricter regime.

What 'verifiable' will mean

The Act does not define 'verifiable parental consent', and the draft rules under consultation have been the subject of intense industry comment. Three approaches have been proposed:

  • Government-ID verification of the parent, with a recorded consent against the parent's identity.

  • Aadhaar-based verification (with the parent's authentication, not the child's).

  • Third-party verification services that combine document checks with knowledge-based questions.

Each approach carries trade-offs. Aadhaar-based verification is operationally simplest but raises its own constitutional concerns under the Puttaswamy framework. Document-based verification scales poorly. Third-party services introduce a new chain of intermediaries who will themselves be data fiduciaries with their own compliance burden.

The behavioural monitoring ban

Section 9(3) flatly prohibits 'tracking or behavioural monitoring of children or targeted advertising directed at children.' The drafting admits no exception and no purpose-based override. For a platform that serves a mixed audience, the practical consequence is that personalisation must be turned off the moment a user is age-classified as under eighteen — including the implicit personalisation that comes from recency or popularity sorting if those signals derive from any other user's profile.

Industry has asked for a narrower reading; the Board has not yet weighed in. The cautious compliance position, for now, is to treat the prohibition as absolute and design product accordingly.

Share this storyLinkedInWhatsAppTelegramFacebookEmailCopy link

The Brief · the newsletter

Short legal explainers in your inbox.

Continue reading

court-verdict

Reading

Scheduled post Testing is being done on this one

MAY 25, 2026 · 2 min read

Shopping receipt and a complaint form

Consumer Law

Filing a Consumer Complaint Under the 2019 Act

MAY 25, 2026 · 1 min read

Industrial facility with steam rising at sunset

Law Firms

JSA Advisors Closes India's First Carbon Credit Trading Transaction Under New CCTS Rules

MAY 24, 2026 · 1 min read