Digitally Altered Photo of Rowan Atkinson Circulates on Social Media

Introduction

The Australian Parliament has passed the world’s first legislation regarding a ban on social media for children under 16. This was done citing risks to the mental and physical well-being of children and the need to contain misogynistic influence on them. The debate surrounding the legislation is raging strong, as it is the first proposal of its kind and would set precedence for how other countries can assess their laws regarding children and social media platforms and their priorities. 

The Legislation

Currently trailing an age-verification system (such as biometrics or government identification), the legislation mandates a complete ban on underage children using social media, setting the age limit to 16 or above. Further, the law does not provide exemptions of any kind, be it for pre-existing accounts or parental consent. With federal elections approaching, the law seeks to address parental concerns regarding measures to protect their children from threats lurking on social media platforms. Every step in this regard is being observed with keen interest. 

The Australian Prime Minister, Anthony Albanese, emphasised that the onus of taking responsible steps toward preventing access falls on the social media platforms, absolving parents and their children of the same. Social media platforms like TikTok, X, and Meta Platforms’ Facebook and Instagram all come under the purview of this legislation.

CyberPeace Overview

The issue of a complete age-based ban raises a few concerns:

1. It is challenging to enforce digitally as children might find a way to circumnavigate such restrictions. An example would be the Cinderella Law, formally known as the Shutdown Law, which the Government of South Korea had implemented back in 2011 to reduce online gaming and promote healthy sleeping habits among children. The law mandated the prohibition of access to online gaming for children under the age of 16 between 12 A.M. to 6 A.M. However, a few drawbacks rendered it less effective over time. Children were able to use the login IDs of adults, switch to VPN, and even switch to offline gaming. In addition, parents also felt the government was infringing on the right to privacy and the restrictions were only for online PC games and did not extend to mobile phones. Consequently, the law lost relevance and was repealed in 2021.  
2. The concept of age verification inherently requires collecting more personal data and inadvertently opens up concerns regarding individual privacy. 
3. A ban is likely to reduce the pressure on tech and social media companies to develop and work on areas that would make their services a safe child-friendly environment. 

Conclusion

Social media platforms can opt for an approach that focuses on how to create a safe environment online for children as they continue to deliberate on restrictions. An example of an impactful-yet-balanced step towards the protection of children on social media while respecting privacy is the U.K.'s Age-Appropriate Design Code (UK AADC). It is the U.K.’s implementation of the European Union’s General Data Protection Regulation (GDPR), prepared by the ICO (Information Commissioner's Office), the U.K. data protection regulator. It follows a safety-by-design approach for children. As we move towards a future that is predominantly online, we must continue to strive and create a safe space for children and address issues in innovative ways.

References

1. https://indianexpress.com/article/technology/social/australia-proposes-ban-on-social-media-for-children-under-16-9657544/
2. https://www.thehindu.com/opinion/op-ed/should-children-be-barred-from-social-media/article68661342.ece
3. https://forumias.com/blog/debates-on-whether-children-should-be-banned-from-social-media/
4. https://timesofindia.indiatimes.com/education/news/why-banning-kids-from-social-media-wont-solve-the-youth-mental-health-crisis/articleshow/113328111.cms
5. https://iapp.org/news/a/childrens-privacy-laws-and-freedom-of-expression-lessons-from-the-uk-age-appropriate-design-code
6. https://www.techinasia.com/s-koreas-cinderella-law-finally-growing-up-teens-may-soon-be-able-to-play-online-after-midnight-again
7. https://wp.towson.edu/iajournal/2021/12/13/video-gaming-addiction-a-case-study-of-china-and-south-korea/
8. https://www.dailysabah.com/world/asia-pacific/australia-passes-worlds-1st-total-social-media-ban-for-children

‍

Introduction

In an era where digitalization is transforming every facet of life, ensuring that personal data is protected becomes crucial. The enactment of the Digital Personal Data Protection Act, 2023 (DPDP Act) is a significant step that has been taken by the Indian Parliament which sets forth a comprehensive framework for Digital Personal Data. The Draft Digital Personal Data Protection Rules, 2025 has recently been released for public consultation to supplement the Act and ensure its smooth implementation once finalised. Though noting certain positive aspects, there is still room for addressing certain gaps and multiple aspects under the draft rules that require attention. The DPDP Act, 2023 recognises the individual’s right to protect their personal data providing control over the processing of personal data for lawful purposes. This Act applies to data which is available in digital form as well as data which is not in digital form but is digitalised subsequently. While the Act is intended to offer wide control to the individuals (Data Principal) over their personal information, its impact on vulnerable groups such as ‘Persons with Disabilities’ requires closer scrutiny. 

Person with Disabilities as data principal

The term ‘data principal’ has been defined under the DPDP Act under Section 2(j) as a person to whom the personal data is related to, which also includes a person with a disability. A lawful guardian acting on behalf of such person with disability has also been included under the ambit of this definition of Data Principal. As a result, a lawful guardian acting on behalf of a person with disability will have the same rights and responsibilities as a data principal under the Act. 

• Section 9 of the DPDP Act, 2023 states that before processing the personal data of a person with a disability who has a lawful guardian, the data fiduciary must obtain verifiable consent from that guardian, ensuring proper protection of the person with disability's data privacy.
• The data principal has the right to access information about personal data under Section 11 which is being processed by the data fiduciary.
• Section 12 provides the right to correction and erasure of personal data by making a request in a manner prescribed by the data fiduciary. 
• A right to grievance redressal must be provided to the data principal in respect of any act or omission of performance of obligations by the data fiduciary or the consent manager. 
• Under Section 14, the data principal has the right to nominate any other person to exercise the rights provided under the Act in case of death or incapacity. 

Provision of consent and its implication

The three key components of Consent that can be identified under the DPDP Act, are:

• Explicit and Informed Consent: Consent given for the processing of data by the data principal or a lawful guardian in case of persons with disabilities must be clear, free and informed as per section 6 of the Act. The data fiduciary must specify the itemised description of the personal data required along with the specified purpose and description of the goods or services that would be provided by such processing of data. (Rule 3 under Draft Digital Personal Data Protection Rules)

• Verifiable Consent: Section 9 of the DPDP Act provides that the data fiduciary needs to obtain verifiable consent of the lawful guardian before processing any personal data of such a person with a disability.  Rule 10 of the Draft Rules obligates the data fiduciary to adopt measures to ensure that the consent given by the lawful guardian is verifiable before the is processed. 
• Withdrawal of Consent: Data principal or such lawful guardian has the option to withdraw consent for the processing of data at any point by making a request to the data fiduciary.   

Although the Act includes certain provisions that focus on the inclusivity of persons with disability, the interpretation of such sections says otherwise. 

Concerns related to provisions for Persons with Disabilities under the DPDP Act:

• Lack of definition of ‘person with disabilities’: The DPDP Act or the Draft Rules does not define the term ‘persons with disabilities’. This will create confusion as to which categories of disability are included and up to what percentage.  The Rights of Persons with Disabilities Act, 2016 clearly defines ‘person with benchmark disability’, ‘person with disability’ and ‘person with disability having high support needs’. This categorisation is essential to determine up to what extent a person with disability needs a lawful guardian which is missing under the DPDP Act.   
• Lack of autonomy: Though the definition of data principal includes persons with disabilities however the decision-making authority has been given to the lawful guardian of such individuals. The section creates ambiguity for people who have a lower percentage of disability and are capable of making their own decisions and have no autonomy in making decisions related to the processing of their personal data because of the lack of clarity in the definition of ‘persons with disabilities’. 
• Safeguards for abuse of power by lawful guardian: The lawful guardian once verified by the data fiduciary can make decisions for the persons with disabilities. This raises concerns regarding the potential abuse of power by lawful guardians in relation to the handling of personal data. The DPDP Act does not provide any specific protection against such abuse.
• Difficulty in verification of consent: The consent obtained by the Data Fiduciary must be verified. The process that will be adopted for verification is at the discretion of the data fiduciary according to Rule 10 of the Draft Data Protection Rules. The authenticity of consent is difficult to determine as it is a complex process which lacks a standard format. Also, with the technological advancements, it would be challenging to identify whether the information given to verify the consent is actually true. 

CyberPeace Recommendations

The DPDP Act, 2023 is a major step towards making the data protection framework more comprehensive, however, the provisions related to persons with disabilities and powers given to lawful guardians acting on their behalf still need certain clarity and refinement within the DPDP Act framework. 

• Consonance of DPDP with Rights of Persons with Disabilities (RPWD) Act, 2016: The RPWD and DPDP Act should supplement each other and can be used to clear the existing ambiguities. Such as the definition of ‘persons with disabilities’ under the RPWD Act can be used in the context of the DPDP Act, 2023. 
• Also, there must be certain mechanisms and safeguards within the Act to prevent abuse of power by the lawful guardian. The affected individual in case of suspected abuse of power should have an option to file a complaint with the Data Protection Board and the Board can further take necessary actions to determine whether there is abuse of power or not. 
• Regulatory oversight and additional safeguards are required to ensure that consent is obtained in a manner that respects the rights of all individuals, including those with disabilities. 

References:

• https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Act%202023.pdf
• https://www.meity.gov.in/writereaddata/files/259889.pdf 
• https://www.indiacode.nic.in/bitstream/123456789/15939/1/the_rights_of_persons_with_disabilities_act%2C_2016.pdf 
• https://www.deccanherald.com/opinion/consent-disability-rights-and-data-protection-3143441
• https://www.pacta.in/digital-data-protection-consent-protocols-for-disability.pdf
• https://www.snrlaw.in/indias-new-data-protection-regime-tracking-updates-and-preparing-for-compliance/ 

‍

In the pulsating heart of the digitized era, our world is rapidly morphing into a tightly knit network of interconnections. Concurrently, the vast expanse of the cyber realm continues to broaden at an unparalleled pace. As we, denizens of the Information Revolution, pioneer this challenging new frontier, a novel notion is steadily gaining traction as an essential instrument for tackling the multifaceted predicaments and hazards emanating from our escalating dependency on digital technology. This novel notion is cyber diplomacy.

Recently, a riveting discourse unraveling the continually evolving topography of cyber diplomacy unfolded on the podcast 'Patching the System.' Two distinguished personalities graced the conversation - Benedikt Wechsler, Switzerland's Ambassador for Digitization, and Kaja Ciglic, Senior Director of Digital Diplomacy at Microsoft. This thought-provoking dialogue provides a mesmerizing peek into the intricate maze of this freshly minted diplomatic domain - a landscape still in the process of carving out its rules against an ever-escalating high stakes backdrop.

Call for Robust International Norms 

During their enlightening exchange, Wechsler and Ciglic shed light on the dire need of robust international norms and regulations in dynamic cyberspace. The drew comparison with well established norms governing maritime and airspace activities, suggesting a similar framework to maneuver the intricacies of the digital realm. The necessity of this mammoth task is accentuated by swift technological development and the unique nature of the internet where participation is diverse. 

Their discourse also underscores the critical argument that cyberspace cannot be commoditized. It has evolved into critical infrastructure that demands collective supervision. Wechsler also advocated for collaboration and the importance of a united front composed of big tech giants and the government working in tandem for creation of a resilient and secured digital landscape. 

Dual Edged Sword

Their conversation courageously plunged into the more sinister depths of the digital world and dissected the rising tide of cyberspace militarisation. Illustrative case point, recent cyber operations in Ukraine starkly underscore how malevolent elements have exploited digital tools to disastrous effect. Ciglic astutely pointed out the inherent dual nature of this scenario - while malignant entities will persistently manipulate technologies like AI, these identical tools can simultaneously serve as critical allies in reinforcing cyber defenses.

In finality, the dialogue unspools a potent call to arms. Both Wechsler and Ciglic fervently endorse the inception of a permanent body under the United Nations' purview specifically designed to tackle cyber-related quandaries. They also amplified the significance of an inclusive engagement process involving diverse stakeholders cutting across sectors - private entities, academia, civil society.

In India, this strategy is very practical. India has been making proactive investments in cybersecurity and digital resilience due to its rapidly developing digital ecosystem and strong IT industry. The government of the country, business executives, and academic institutions understand how strategically important it is to protect vital digital infrastructure and data. For example, India has seen a number of high-profile assaults on its vital infrastructure, like the Mumbai power outage in 2020, which emphasizes the necessity for extensive cybersecurity protections. The security components of the digital ecosystem have been given top priority by the Indian government's "Digital India" project, which aims to promote digital inclusion. This program has improved cybersecurity while simultaneously making great progress toward closing the nation's digital gap, especially in rural areas.

India's growing influence on global affairs and its prowess in the digital realm highlight how important it is to incorporate Indian viewpoints into the larger plan. By doing this, it guarantees a thorough and all-encompassing strategy that negotiates the intricacies of the Indian and global digital ecosystems. This strategy enhances cybersecurity at the national level and establishes India as a key global partner in the endeavor to make the internet a safer and more secure place for everyone. The whole community may benefit greatly from India's experiences and activities in combating cyber dangers and enhancing resilience in an increasingly interconnected world.

Conclusion 

As we meticulously chart our trajectory across the cyber wilderness, the wisdom disseminated by Wechsler and Ciglic emerges as a priceless navigational aid. They inspire us to remember that while the gauntlet we face may be daunting, the opportunities unfurling before us are equally, if not more, monumental in their potential. By embracing a multi-faceted, synergistic approach, we set the stage for a shared journey towards a safer, resilient digital habitat.

The timeless words of Albert Einstein echo these sentiments: 'Technology advances could have made human life carefree and happy if the development of the organizing power of men [and women] had been able to keep pace with its technical advances.' As we grapple with the perplexities and burstiness of the digital age, let these words guide our collective endeavor as we strive to balance our organizing prowess with our rapid technological advancements.

‍