The rise of online internet activities in modern time has brought a number of threats to the online privacy and data protection of children. It has been estimated that children and adolescents under the age of 18 account for one in three Internet users around the world. Adolescence is the transitional period during which children mature into young… Read More »

The rise of online internet activities in modern time has brought a number of threats to the online privacy and data protection of children.

It has been estimated that children and adolescents under the age of 18 account for one in three Internet users around the world. Adolescence is the transitional period during which children mature into young adults, and it is in this time that they acquire knowledge, develop attributes and skills, and, most important, learn to manage emotions and relationships. This also extends to their activity over the Internet and their digital identity. Most children and adolescents tend to use the Internet as a source for entertainment and information and believe that they have a right to access it.

In most cases, they are also aware of the risks of using the Internet and have a level of consciousness about their right to privacy. However, they seem to be more concerned about their right to privacy being infringed upon by their parents or peers, rather than the State or commercial actors.

I. Introduction

Lately, India has seen numerous deaths of children because of online gaming like Blue Whale and Pubg. The 21st-century period introduced quick changes in telephones and internet availability, came up with new social media sites where individuals can connect, associate and exchange their thoughts. The internet world boomed with different sorts of social media applications like Facebook, Instagram, gaming applications like Pubg and entertainment applications like Tiktok. The undisrupted high data speed of 4G (LTE) is answerable for all such changes.

As indicated by data published by the Internet and Mobile Association of India, children between 5-11 years represent 14% (71 million) of the overall active user internet base in India. In totality, internet clients between the age of 5-18 stand approx. 472 million. Nonetheless, new innovations continually bring new dangers. The children of such age groups go through physical and mental advancement where they don’t know about their data privacy rights and progressing dangers. The higher expanding internet use has uncovered the children’s online privacy into digital dangers like cyberbullying, fishing, and malware attacks.[1]

In the Aadhar judgment, the Apex Court perceived the “Right to Privacy” as a characteristic piece of the right to life and personal liberty gave under Article 21 of the Constitution of India. It factiously includes the “Online right to privacy” under the aforementioned article. Presently, a significant inquiry emerges: Does India have its online data privacy laws for children? The appropriate response is no, with the exception of a couple of arrangements gave under the Information Technology Act, 2000. The State has the obligation to guarantee the assurance of children’s right to privacy in the quickly developing world. The shortfall of such a law will uncover the children’s right straightforwardly to the cybercriminals from now on giving them sweeping well-being.[2]

Children in the modern world are severely exposed to the internet because of different activities framing a piece of their life. From online amusement like gaming and web series to studying online and social media collaboration, children leave their advanced impressions wherever unknowingly.

AI and online websites encourage children to participate to view and use various services which can ultimately aid their studies. Be that as it may, behind the computerized world, the children are not adequately experienced to comprehend the wide term of “online privacy”. They consider online privacy a term to get enclosed and become distant from their parents without telling them the websites and the stages they are visiting. In the midst of such issues, lawful complexities emerge.

The children are legally minors and hence are mentally prepared to provide consent to the big data stakeholders to store their “digital identities”. Parental consent is necessary for storing the children’s data. So the low consciousness, lack of knowledge about online data privacy let the children be exposed to cyber threats like data theft, cyberbullying, etc. In the growing digital environment and increasing participation of Children, it has become necessary to protect their “right to privacy”. Today, the state must ensure the right to participation of the children and ensure their right to privacy from commercial actors, peers without putting any kind of restrictions over them.[3]

II. Children’s Online Privacy Protection Act (USA)

Recently, in the United States, Youtube was fined 170 million dollars for unlawfully gathering children’s data without parental consent. The United States of America has instituted its children’s privacy protection laws back in 2000 by the name of the Children’s Online Privacy Protection Act (COPPA).

It engaged the Federal Trade Commission to make and institute guidelines for the protection and establishment of the guidelines managing Children’s online privacy. The COPPA directs the assortment of data from children who are under the age of 13.

The law ensures the children’s privacy by confining the administrators of online websites and business administration to gather any sort of data of the children going under the age of 13 without their parental consent. The said law likewise applies to the outsider promoting offices when they have “real information” about the collection of personal data of children under age 13 from some other online websites or online services.

However, the degree of COPPA doesn’t straightforwardly apply to the non-profitable organisation and educational institutes. In such conditions, the schools assume the role of fiduciaries and give access to any sort of data on the terms and conditions of COPPA.[4]

III. Digital protection of Children’s Personal Information (China)

The Cyberspace Administration of China instituted a law called “Digital Protection of Children’s Personal Information” for the protection of the online privacy of children. There are provisions in the Act where the network operators will need to keep up the righteousness, definite reason and guaranteed security while gathering, transferring or unveiling any sort of data.

The law is pertinent just to children under the age of 14 falling under the geographical area of mainland China. The “network operator” term is used under the Act includes all network operators, webpage, and application administrators. Under Article 9 of the Act, the network providers will need to get parental assent prior to collecting, utilizing, and transferring any sort of children’s personal data. The parent and the children are entitled to request the administrator for deletion and change in any sort of data if it is found to be wrong.

With the expansion, the Guardian will likewise reserve the option to not give their assent. In the event of any sort of danger of data breach, the network provider shall notify the guardian regarding such threat through email, telephone or push notification. If the network operator violates any kind of provisions in the Act, it will attract several criminal penalties.

IV. General Data Protection Regulation (GDPR) (EU)

General Data Protection Regulation or GDPR refers to the world’s most grounded set of data protection laws that controls the data shared by individuals to the associations and the security, privacy, concerns to be taken by them with respect to such data.

The US law COPPA and China’s children’s privacy protection laws are drawn based on the GDPR.[5] This guideline was established in the year across 28 European Union states in regards to the protection of data from any sort of breach.

GDPR gives the residents of the EU countries power over their data utilized for business purposes by the associations so the residents can thrive with the organizations in the European Union.

GDPR chips away at seven standards which are: legitimateness, reasonableness and straightforwardness; reason constraint; data minimisation; precision; stockpiling limit; trustworthiness and classification (security); and accountability.[3]

The GDPR sets the obligation over regulators and processors of data of an association to gather the data from the data proprietor lawfully and secure it from any sort of data breach.

V. Indian Scenario: The personal data protection bill 2019: Arrangements Securing Children’s Online Data

The government after a long period of time tabled its first Personal Data Protection Bill, 2019 in Parliament in December 2019. The personal data protection bill seeks to protect the personal data of the individual and establishment of a data protection authority for the same.

Chapter IV of the Personal Data Protection Bill, 2019 provides provisions for the processing of personal data and sensitive personal data of the children. It further provides that the personal data processing shall be done by the government, companies incorporated in India and foreign companies dealing with the personal data, collectively known as “data fiduciary”.

Section 16 of the bill lays down the grounds regarding the processing of data. It states that every fiduciary shall process the data in such a manner that serves the best interest of the children, protecting the rights of the children.[6] The data fiduciary shall verify the age of the children and in case of minors shall obtain parental consent before processing any kind of personal data.

This regulation brings the data fiduciaries like online commercial service or website directed to children for educational or large data processing purposes as the “guardian fiduciaries”. The guardian fiduciaries providing counselling or child protection shall be exempted from obtaining parental consent. The provision shall bring the educational institutions and the counselling institutions within the ambit of “guardian fiduciaries”.

The Data Protection Authority, a regulating body incorporated under the provisions of the Act shall have the right to protect the interest of individuals and prevent the misuse of data. In case the data fiduciary is found to have indulged in violation or irregularities while processing of data, it shall be punished with a fine of 15 crores or 4 per cent of the total annual turnover whichever is higher.

Presently, as the bill has struck because of the pandemic, and the bill passes and becomes a completely fledged Act, the children’s right to privacy will be ensured under the given arrangements of the Act.

Imperfections in the bill

The public authority’s progression of concocting the bill securing the right to the online privacy of people including the children is exceptionally exemplary however there are some lacunae in the arrangements directing the protection of “Children’s right to online privacy” gave under Part IV of the Act. The focuses which appear to be immaculate under the aforementioned part are given underneath:

  • Section 16(2) of the Act gives the age confirmation arrangement of the kid to get parental assent. The part does exhaustively talk over the age confirmation instrument that whether the age will be checked by the fiduciaries or the youngster himself.
  • The characterization of “Guardian fiduciaries” as under the Act is deciphered as those data fiduciaries who will handle the enormous data of children including the guidance and the protection administration giving associations. Such data fiduciaries will have the commitment of securing the children’s data having a bar on profiling, following or checking of, or designated promoting towards the children’s data. The characterization of the gatekeeper fiduciaries is simply restricted to specific commitments as a bar over them. Nonetheless, this bar is simply restricted to the “guardian fiduciaries” as given under the Act. The limitation restricted uniquely to the guardian fiduciaries shows that the other data trustees have been absolved from such sorts of acts which further may hurt the right to privacy of the children.

VI. Conclusion

The rise of online internet activities in modern time has brought a number of threats to the online privacy of children. In the absence of stringent legal provisions, the protection of such rights of children seems a daylight dream.[7] However, after the increase in online crimes like cyberbullying, phishing, stalking and data breaches the government became a little anxious and tabled a data protection bill for the protection of the right to the online privacy of the individual.

The provisions for the children’s online right was put under part IV of the Act having only one section. If bills seem too short to occupy the proper provisions for children’s online privacy protection, the government should have framed separate fully-fledged bill like COPPA and CPCPI. The data protection bill was tabled in the parliament in December 2019 and in January the Covid19 pandemic hit the Indian territory, so the data protection bill is under isolation. It shall be again tabled before the “Parliament” followed by presidential assent to become legislation.


[2] China Issues Provisions on Cyber Protection of Children’s Personal Information, Hunton Privacy blog, Available Here

[3] Matt Burgess, What is GDPR? The summary guide to GDPR compliance in the UK, Available Here

[4] Miyazaki, Anthony D., et al. “Self-Regulatory Safeguards and the Online Privacy of Preteen Children: Implications for the Advertising Industry.” Journal of Advertising, vol. 38, no. 4, 2009, pp. 79–91. JSTOR, Available Here. Accessed 22 June 2021.

[5] Miyazaki, Anthony D., et al. “Self-Regulatory Safeguards and the Online Privacy of Preteen Children: Implications for the Advertising Industry.” Journal of Advertising, vol. 38, no. 4, 2009, pp. 79–91. JSTOR, Available Here. Accessed 22 June 2021.

[6] YOUN, SEOUNMI. “Determinants of Online Privacy Concern and Its Influence on Privacy Protection Behaviors Among Young Adolescents.” The Journal of Consumer Affairs, vol. 43, no. 3, 2009, pp. 389–418. JSTOR, Available Here. Accessed 22 June 2021.

[7] “Porn, Privacy, and Kids: Congressional Attempts to Make the Internet Child-Friendly.” The New Atlantis, no. 2, 2003, pp. 100–102. JSTOR, Available Here. Accessed 22 June 2021.

  1. Law Library: Notes and Study Material for LLB, LLM, Judiciary and Entrance Exams
  2. Legal Bites Academy – Ultimate Test Prep Destination
Updated On 28 Jun 2021 12:45 PM GMT
Antariksh Anant

Antariksh Anant

Antariksh is an avid researcher. Institution: RGNUL - Rajiv Gandhi National University of Law Patiala, Punjab, India.

Next Story