It appears that the delay in the announcement of rules under DPDPA2023 is partly due to the hesitancy of the Government to take the lead in defining the rules but depend on the BigTech to tell how they are to be regulated.
It appears that the Government is holding closed door discussions with the industry an euphemism for the Big Tech lobby before finalizing the rules.
As per this report in Indian Express Government is likely to adopt an Aadhaar based age determination system to identify minors and the need for parental consent. However this may have a conflict with the Supreme Court decision which restricted the sharing of the Aadhaar information with private sector.
The proposed regulation of using Aadhaar may require both the aadhaar of the minor and their parent/s to be shared with the private sector.
We need to wait how the rules will overcome this conflict.
It may be easier to use “Consent Managers” as the gate keepers for minor’s data and regulate the Consent Manager in accordance with the Supreme Court regulation.
We may however caution that it is inappropriate for the Government to depend on the industry for advice on the implementation of DPDPA 2023 knowing fully well that the industry would only look at their self interest first.
Industry will be happy to be permitted to collect Aadhaar information of every user so that they can identify who is a minor and who is not so that they can thereafter decide who has to give consent.
It may be possible to make this a “Voluntary” proposal from the user but is fraught with risks of complete aadhaar data base being officially coming to be disclosed to the private sector data fiduciaries.
Instead, developing a Consent Manager who could use Virtual Aadhaar and provide Minor Consent mandatorily through such consent managers would be a more meaningful proposition.
Naavi
