Practicality of Digital Data Protection Rules 2025 questioned
Draft rules promote parental control & minors’ safety
On January 3, the Union government released the draft Digital Personal Data Protection Rules 2025, requiring parental consent for children to create online accounts. While parents and professionals support the move, experts question the practicality of implementation of such a law.
Almost two years after the Digital Personal Data Protection Act 2023 was passed, the Ministry of Electronics and Information Technology has released the much-awaited draft of the Digital Personal Data Protection Act for public consultation. This draft will be open for feedback until February 18, 2025 on the ministry’s website.
This framework aims to operationalise the Act which was passed by the Indian Parliament and received Presidential assent on August 11, that same year.
The Act ostensibly aims to establish a legal framework for processing an individual’s data, whether online, offline, or later digitised, and to protect citizens’ data from potential misuse.
However, the government recently proposed a clause in its draft version mandating that a data fiduciary, referring to entities such as social media platforms, e-commerce companies, and others, must obtain the verifiable consent of a parent or lawful guardian to process the personal data of a child. It also requires conduct of due diligence by the fiduciaries to verify the details of individuals identifying as a child or guardian.
Under the Act, children under 18 years of age must obtain parental consent before creating an online account, particularly on social media platforms.
Union Minister of Electronics and Information Technology Ashwini Vaishnaw told media that the digital personal data rules will be further refined to establish a connection with children and prevent harm caused to them in the digital space.
The draft rules have sparked mixed reactions across various sectors of society. While many parents and working professionals are relieved to see steps toward safeguarding children’s online data, experts question the feasibility of enforcement.
Many have voiced concerns about the risks children face on social media and online platforms, worrying about their exposure to inappropriate content and the potential for misuse of their data.
Sandeep Rajurkar, a businessman from Thane, near Mumbai, and father of a 15-year-old son, expresses support for this policy, emphasising that not only should parental consent be required, but children under the age of 18 years should be completely banned from using social media.
Rajurkar says that the vast nature of social media exposes children to content they shouldn’t encounter at their age, which is harmful to their development. As a result, there has been a rise in cybercrimes across the country.
“Social media exposes young minds to an overwhelming amount of content, and those under 18 are not equipped to discern what is beneficial for their development. This age is naturally one where curiosity leads them to experiences that they should avoid. Since the Covid-19 outbreak, they have had the internet at their fingertips, wasting time on trivial pursuits like making reels. As cybercrimes increase, our younger generation is becoming more involved in these activities, wasting valuable potential in the process,” Rajurkar tells Media India Group.
Aman Narula, head of operations at Mad Influence, an influencer marketing agency based in Noida near Delhi, also supports the draft rules calling it a significant step toward protecting minors from cyber offences. However, he stresses the importance of striking a balance between ensuring safety and implementing the law practically and effectively.
India has one of the highest rates of cybercrimes in the world and minors, too, are frequently the victims of such crimes. According to National Crime Records Bureau (NCRB), in 2022, instances of cybercrimes against minors increased by 32 pc, with a total of 1,823 reported cases. According to Child Rights and You (CRY), an NGO advocating for child rights, cybercrimes against minors include several offences, such as dissemination of obscene materials involving children, cyberstalking, cyberbullying, and similar activities.
At times, cybercrimes lead to graver consequences as was seen in November, 2023, a 16-year-old makeup artist, Priyanshu Yadav from Ujjain, killed himself due to hateful comments he received on Instagram after posting a transition reel in a saree. There are hundreds of incidents of cyberbullying and hateful comments that children in India are exposed to every month.
Experts question enforcement feasibility
While the rules may have a broad support from large sections of the society, the experts question the feasibility of implementing the law efficiently and practically. Apar Gupta, Executive Director, Internet Freedom Foundation, an internet advocacy group, strongly criticises the proposal, calling it “unimplementable and an impractical clause’’.
“The provision for verifiable consent from guardians and parents of minors, if it does not rely on self-declaration, which means individuals explicitly state whether they are above or below the age of 18, would require every user of an online service to upload a government-issued ID to prove their age. This approach either casts an excessively wide surveillance net or becomes completely unimplementable. This is an impractical clause,” Gupta tells Media India Group.
Additionally, even with increased monitoring of children’s phones and awareness of their online activities, children could bypass the system by creating parallel accounts and falsely claiming to be adults. Hence, the only way to enforce this would be to mandate all users in India to upload government-issued IDs, thus, making it an unviable policy, adds Gupta.

Karnika Seth
Karnika Seth, a cyberlaw expert with 25 years of experience and an advocate at the Supreme Court of India, also expresses concerns about the proposal, emphasising that, while commendable, it faces several implementation challenges.
“It is a positive step to protect children’s safety online, but there are real implementation challenges. A child could easily provide false information about their age, and since the provision relies on self-declaration, it can’t be verified. Children cannot be asked to submit their ID proofs like Aadhaar or other government IDs. The rules only mention checking the parent’s ID, thus it creates issues in obtaining proper parental consent, especially if a child hides its true age,” Seth tells Media India Group.
Social media restrictions on children in other countries
Many other countries have already initiated steps to curb the exposure of minors to cybercrimes as well as to online activities like video games and social media platforms.
The Australian Parliament recently passed a law restricting social media access for children under 16. The legislation places the responsibility on social media companies to prevent minors from using their platforms, with non-compliance resulting in a USD 32 million fine. Set to take effect within a year, a trial will test age verification.
The law has heightened tensions with US-based tech companies, particularly Meta, which criticised what it said was a rushed process and lack of consultation. Australia also became the first country to require social media platforms to pay media outlets for their content. For many years now, China has already curbed the online activities of children limiting their gaming time to one hour per day as well as other measures to discourage the children from spending a lot of time on social media platforms.
As they begin to figure out how to put in place such restrictions, Indian authorities could indeed turn towards examples of Australia, China and other nations to take a leaf from their books.