Financial Express, February 27, 2025
According to CUTS, the DPDP rules could avoid specifying particular approaches to age assurance, methods, data sources, or technical solutions in order to reduce compliance costs, especially for smaller platforms.
The implementation of the verifiable parental consent mechanism under the Digital Personal Data Protection (DPDP) Act is estimated to cost around $35,000 (Rs 30 lakh) for infrastructure and up to $120,000 (Rs 1 crore) as annual operational expenses for firms, according to a report by Consumer Unity and Trust Society (CUTS) International.
CUTS said its analysis is based primarily on providers’ costs in the UK, the US and Europe. These regions already have laws mandating verifiable parental consent without prescribing specific technological tools.
The recently-released draft of DPDP Rules proposes that data fiduciaries must verify that individuals claiming to be parents are identifiable if required in connection with compliance with any law for the time being in force in India. The draft rules prescribe two verification methods: Using existing platform data for current users or verifying through government-authorised entities or virtual non-user tokens.
“The government’s prescribed approaches in the DPDP draft Rules — such as using existing platform data or authorised government entities like Digital Locker services — may not be optimal in terms of security, cost and efficiency,” CUTS said, adding that the compliance for the same would be costly for companies, especially startups.
Instead, CUTS has recommended alternative methods that could offer better solutions while maintaining the minors’ and parents’ security. Some of these methods include self-reporting, AI-based age estimation, using a credit or debit card, email-based consent systems, video conferencing and government or ID submission.
“A market-driven approach, where platforms can choose and transparently disclose their verification methods, would help parents make informed decisions about which platforms best protect their children while respecting their preferences,” CUTS said.
The report suggests that a uniform approach based on government ID or DigiLocker, as proposed in the draft rules, may fail to distinguish between low-risk and high-risk platforms, imposing excessive compliance burdens even on services that pose minimal privacy risks. For example, government ID-based verification, though highly accurate, can cost an average of $101,440 annually but may exclude users without official IDs, it said.
On the other hand, the DigiLocker-based consent process can cost up to $45,436 annually, but it is not the most efficient because of limited penetration and potential to reveal other sensitive personal details of the parents.
Nothing appoints co-founder Akis Evangelidis as India President ahead of Phone (3a) series launch
According to CUTS, the DPDP rules could avoid specifying particular approaches to age assurance, methods, data sources, or technical solutions in order to reduce compliance costs, especially for smaller platforms.
Besides, the consumer advocacy group has also recommended establishing an independent assessment group by bringing together consumer groups, technical experts, and child development specialists to balance innovation with protection.
The group can develop codes and standards, suggest mechanisms to pool resources for small businesses, manage grievances and resolve disputes.
This news item can also be viewed at:
https://www.financialexpress.com/