Prohibition of Behavioral Tracking and Targeted Advertising for Children Under the DPDP Act, 2023

Aditi Pangotra and Neeraj Soni
Aditi Pangotra and Neeraj Soni
Policy Wing, CyberPeace
PUBLISHED ON
Jul 11, 2024
10

Introduction

In India, the rights of children with regard to protection of their personal data are enshrined under the Digital Personal Data Protection Act, 2023 which is the newly enacted digital personal data protection law of India. The DPDP Act requires that for the processing of children's personal data, verifiable consent of parents or legal guardians is a necessary requirement. If the consent of parents or legal guardians is not obtained then it constitutes a violation under the DPDP Act. Under section 2(f) of the DPDP act, a “child” means an individual who has not completed the age of eighteen years. 

Section 9 under the DPDP Act, 2023

With reference to the collection of children's data section 9 of the DPDP Act, 2023 provides that for children below 18 years of age, consent from Parents/Legal Guardians is required. The Data Fiduciary shall, before processing any personal data of a child or a person with a disability who has a lawful guardian, obtain verifiable consent from the parent or the lawful guardian. Section 9 aims to create a safer online environment for children by limiting the exploitation of their data for commercial purposes or otherwise. By virtue of this section, the parents and guardians will have more control over their children's data and privacy and they are empowered to make choices as to how they manage their children's online activities and the permissions they grant to various online services. 

Section 9 sub-section (3) specifies that a Data Fiduciary shall not undertake tracking or behavioural monitoring of children or targeted advertising directed at children. However, section 9 sub-section (5) further provides room for exemption from this prohibition by empowering the Central Government which may notify exemption to specific data fiduciaries or data processors from the behavioural tracking or target advertising prohibition under the future DPDP Rules which are yet to be announced or released. 

Impact on social media platforms

Social media companies are raising concerns about Section 9 of the DPDP Act and upcoming Rules for the DPDP Act. Section 9 prohibits behavioural tracking or targeted advertising directed at children on digital platforms. By prohibiting intermediaries from tracking a ‘child's internet activities’ and ‘targeted advertising’ - this law aims to preserve children's privacy. However, social media corporations contended that this limitation adversely affects the efficacy of safety measures intended to safeguard young users, highlighting the necessity of monitoring specific user signals, including from minors, to guarantee the efficacy of safety measures designed for them.

Social media companies assert that tracking teenagers' behaviour is essential for safeguarding them from predators and harmful interactions. They believe that a complete ban on behavioural tracking is counterproductive to the government's objectives of protecting children. The scope to grant exemption leaves the door open for further advocacy on this issue. Hence it necessitates coordination with the concerned ministry and relevant stakeholders to find a balanced approach that maintains both privacy and safety for young users.

Furthermore, the impact on social media platforms also extends to the user experience and the operational costs required to implement the functioning of the changes created by regulations. This also involves significant changes to their algorithms and data-handling processes. Implementing robust age verification systems to identify young users and protect their data will also be a technically challenging step for the various scales of platforms. Ensuring that children’s data is not used for targeted advertising or behavioural monitoring also requires sophisticated data management systems. The blanket ban on targeted advertising and behavioural tracking may also affect the personalisation of content for young users, which may reduce their engagement with the platform.

For globally operating platforms, aligning their practices with the DPDP Act in India while also complying with data protection laws in other countries (such as GDPR in Europe or COPPA in the US) can be complex and resource-intensive. Platforms might choose to implement uniform global policies for simplicity, which could impact their operations in regions not governed by similar laws. On the same page, competitive dynamics such as market shifts where smaller or niche platforms that cater specifically to children and comply with these regulations may gain a competitive edge. There may be a drive towards developing new, compliant ways of monetizing user interactions that do not rely on behavioural tracking.

CyberPeace Policy Recommendations

A balanced strategy should be taken into account which gives weightage to the contentions of social media companies as well as to the protection of children's personal information. Instead of a blanket ban, platforms can be obliged to follow and encourage openness in advertising practices, ensuring that children are not exposed to any misleading or manipulative marketing techniques. Self-regulation techniques can be implemented to support ethical behaviour, responsibility, and the safety of young users’ online personal information through the platform’s practices. Additionally, verifiable consent should be examined and put forward in a manner which is practical and the platforms have a say in designing the said verification. Ultimately, this should be dealt with in a manner that behavioural tracking and targeted advertising are not affecting the children's well-being, safety and data protection in any way. 

Final Words

Under section 9 of the DPDP Act, the prohibition of behavioural tracking and targeted advertising in case of processing children's personal data - will compel social media platforms to overhaul their data collection and advertising practices, ensuring compliance with stricter privacy regulations. The legislative intent behind this provision is to enhance and strengthen the protection of children's digital personal data security and privacy. As children are particularly vulnerable to digital threats due to their still-evolving maturity and cognitive capacities, the protection of their privacy stands as a priority. The innocence of children is a major cause for concern when it comes to digital access because children simply do not possess the discernment and caution required to be able to navigate the Internet safely. Furthermore, a balanced approach needs to be adopted which maintains both ‘privacy’ and ‘safety’ for young users.

References

PUBLISHED ON
Jul 11, 2024
Category
TAGS
No items found.

Related Blogs

TRAI Lowers Entry Fees for Telecoms
TRAI Lowers Entry Fees for Telecoms
10
October 12, 2023

Tech News overview

Recently, the TRAI has passed some recommendations that benefit the telecommunications industry in India. The suggestion is to lower the entry fees and bank guarantees on the 26th of July 20, 2022. Then wrote a few consulting papers, countering comments by the stakeholders of various companies. 

In a significant move, TRAI (Telecom Regulatory Authority of India) has proposed spacious changes in terms of entry fees and bank guarantees in the telecom sector. These endorsements have been abeyant to escort the new era of competition, investment, and innovation, reshaping India’s telecommunication landscape.

Proposal Points by TRAI to telecom companies:

As we dive into considering the recommendations by TRAI  into the crucial aspects of the telecom industry, deliberate about the significance of entry fees, the importance of banks, and the guarantees.

  1. Entry fees: Entry fees are the advance key point that upholds the charges that telecom companies pay to the government when they want to offer services to the civilians of the country. The amount they pay is quite hefty and usually non-refundable.
  2. Bank guarantee: An important factor that is also a type of security, the financial security that assures the telecom companies to fulfil their financial obligations and follow the regulations and policy conditions specified in their license agreement.
  3. TRAI roleplay: The Telecom Regulatory Authority of India is an authority responsible for supervising the telecom industry in the country. Making sure that the regulations and recommendations such as entry fees and bank guarantees are working in the proper way or not, a supervision of such things. 
  4. Expected outcomes: TRAI focuses on reducing the entry fees for various types of licenses in the other telecom sector. This step encourages other new telecom operators to enter the market and increase the fair price and investment, which leads to enhancing the competition.
  5. Consolidating Bank guarantees: TRAI also proposed an amalgamation of bank guarantees, which means telecom companies are required to maintain separate guarantees for different business licenses, which makes business doing sectors an easy environment.
  6. No entry fee at the time of License Renewal: Recommendations by TRAI by not charging any entry fees when telecom operators renew their licenses. This step can reduce the financial burden on both existing and new entrants,, specifically for UL(VNO)license shareholders.

Reshaping the telecom panorama:

Recommendation by TRAI that can potentially help in reshaping the Telecoms landscape in India in various aspects:

  • Increment in healthy Competition: By reducing the entry fees, TRAI would be creating a platform profitable and affordable for new market players in India.
  • Market enlargement: Lowering the entry fees might lead to the participation of new entrants, including regional and smaller players,, to get involved in the telecom industry. 
  • Due to the market expansion, the outcomes can potentially lead to improved access to telecom services in underdeveloped areas and regions and contribute to digital inclusion.
  • Job Recruitment: The evolution in the telecom industry due to new operators and increased investment can lead to job uplift in both telecom and industries related to technological infrastructure.
  • Choice of preference: As there is a rise in competition, consumers are likely to have many choices when it comes to telecom service providers. The consumers get to select from a wider range of services, leading to better value for money and quality of service.
  • Quality of service: With increased competition and a hefty amount of investment, telecom operators have a spur to enhance the quality of service.

Conclusion:

In conclusion, TRAIs proposal on lowering the entry fees and bank guarantee for financial services marks a significant milestone in India’s telecom industry. These essential changes hold the promise of fostering competition, investment, a platform for new entrants, quality of service, wider range of platforms for selection. As these advance suggestions take place, in telecom industry in India is on a new threshold of an existing transformation that could reevaluate the way we communicate and connect.

Reference:

https://www.gearrice.com/update/telecom-companies-will-get-a-sigh-of-relief-on-trais-recommendation-to-the-government-on-entry-fees-and-bank-guarantee/

Post Session Report
Post Session Report on Universal Acceptance and Multilingual Internet at Royal Global University under CyberPeace Center of Excellence (CCoE)
CyberPeace has always been engaged towards the aim of spreading awareness about the various developments, avenues, opportunities and threats regarding cyberspace.
10
November 18, 2022

18th November 2022 CyberPeace Foundation in association with Universal Acceptance has successfully conducted the workshop on Universal Acceptance and Multilingual Internet for the students and faculties of Royal Global University under CyberPeace Center of Excellence (CCoE). CyberPeace Foundation has always been engaged towards the aim of spreading awareness regarding the various developments, avenues, opportunities and threats regarding cyberspace. The same has  been the keen principle of the CyberPeace Centre of Excellence setup in collaboration with various esteemed educational institutes. We at CyberPeace Foundation would like to take the collaborations and our efforts to a new height of knowledge and awareness by proposing a workshop on UNIVERSAL ACCEPTANCE AND MULTILINGUAL INTERNET. This workshop was instrumental in providing the academia and research community a wholesome outlook towards the multilingual spectrum of internet including Internationalized domain names and email address Internationalization.

Date –18th November 2022

Time – 10:00 AM to 12:00 PM

Duration – 2 hours

Mode - Online

Audience – Academia and Research Community

Participants Joined- 130

Crowd Classification - Engineering students (1st and 4th year, all streams) and Faculties members

Organizer : Mr. Harish Chowdhary : UA Ambassador Moderator: Ms. Pooja Tomar, Project coordinator cum trainer

GuestSpeakers:Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG) ,Mr. Mahesh D Kulkarni: Director, Evaris Systems and Former Senior Director, CDAC, Government of India, Mr. Akshat Joshi, Founder Think Trans First session was delivered by Mr. Abdalmonem Galila, Abdalmonem: Vice Chair , Universal Acceptance Steering Group (UASG) “Universal Acceptance( UA) and why UA matters?”

  • What is universal acceptance?
  • UA is cornerstone to a digitally inclusive internet by ensuring all domain names and email addresses in all languages, script and character length.
  • Achieving UA ensures that every person has the ability to navigate the internet.
  • Different UA issues were also discussed and explained.
  • Tagated systems by the UA and implication were discussed in detail.

Second Session was delivered by Mr. Akshat Joshi, Founder Think Trans on “Universal Acceptance to the IDNsand the economic Landscape”

  • What is Universal Acceptance?
  • The internet has had standards that allow people to use domain names and email addresses in their native scripts. Software developers need to bring their applications up-to-date so that consumers can use their chosen identity.
  • A typical problem is that an IDN email address is not recognised by a website form as a valid email address.
  • The importance of adopting IDNs z Enable citizens to use their own identity online (correct spelling, native language) z Relates to language, culture and content z Promotes local and regional content z Allows businesses and politicians to better target their messages.

Third session was delivered by Mr. Mahesh D Kulkarni, ES Director Evaris on the topic of “IDNs in Indian languages perspective- challenges and solutions”.

  • The multilingual diversity of India was focused on and its impact.
  • Most students were not aware of what Unicode, IDNS is and their usage.
  • Students were briefed by giving real time examples on IDN, Domain name implementation using local language.
  • In depth knowledge of and practical exposure of Universal Acceptance and Multilingual Internet has been served to the students.
  • Tools and Resources for Domain Name and Domain Languages were explained.
  • Languages nuances of Multilingual diversity of India explained with real time facts and figures.
  • Given the idea of IDN Email,Homograph attack,Homographic variant with proper real time examples.
  • Explained about the security threats and IDNA protocols.
  • Given the explanation on ABNF.
  • Explained the stages of Universal Acceptance.
Quick SMS Header Information: A New Feature by the Ministry of Communications
Quick SMS Header Information: A New Feature by the Ministry of Communications
10
April 18, 2024

Introduction:

The Indian Ministry of Communications has come up with a feature known as "Quick SMS Header Information" to provide citizens with more control over their messaging services. This feature would help users access crucial information about the sender through text message, therefore making the details readily available at their fingertips.

The Quick SMS Header service is the key to providing users with the feature to ensure that they are receiving messages from the correct source. Users can instantly learn all the necessary data about the sender of a certain SMS. This data is invaluable for making the distinction between real messages and suspicious spam or phishing, so the user can have a higher level of defense against online threats and scam activities.

Importance of Checking the Header:

1. Authenticity Verification: SMS header data represents another way to confirm the sender. This feature keeps the end user from wrongly assuming that the SMS is from a trusted source or an unknown sender. Hence, the end user is able to make a choice about the authenticity of the message.

2. Mitigating Spam and Phishing: The rise of SMS and phishing scams has created some significant hurdles for users in the process of differentiating between real and fake messages. Through the Quick SMS Header Information service, people will be able to look up any suspicious messages in order to be able to take appropriate steps to prevent links that lead to malicious websites or requests for personal information.

3. Enhancing User Security: The SMS header information plays an important role in ensuring that the user is secure and has no privacy issues.  The checking of the message headers will help us limit the possibilities of bad activities and reduce the chances of being a victim of cybercriminals.

4. Empowering Consumer Awareness: This feature is designed to encourage the people involved  to take responsibility for the security of their devices and establish a safer and more dependable digital platform.

Benefits:

  • Enhanced Transparency: By giving access to the header information to the users, it is transparency that is promoted within the telecommunications ecosystem.
  • Empowered Decision-Making: Now that users have information about the SMS header, they can make informed decisions regarding their communications and privacy.
  • Efficient Resolution of Concerns: The Quick SMS Header Information serves the purpose of providing the needed resolution by telling us the message’s origin in cases where users come across any suspicious messages.
  • User-Friendly Interface: With its easy and clear process, this feature caters to users of all technical proficiency levels, ensuring accessibility for all.

Working:

1. Compose Your SMS: Write a message with the header you wish to find the information about. For example, if you want to know details about a header labeled "SBIINB," your SMS should be in the format "DETAILS OF SBIINB." Note, all letters are in capital only.

2. Send it to 1909: Once your message is ready, send it to: 1909. Please note, this may charge you depending upon your current plan. 

3. Receive Response: The response to your SMS will be sent to you by the concerned telecommunication service provider or directly by 1909, a few seconds after you have sent your message. This response will have the data associated with the header above.

Another method to find SMS header information:

TRAI (Telecom Regulatory Authority of India) has made a tool on the webpage (https://smsheader.trai.gov.in/) to check for the SMS header associated with the message. 

TRAI has also mandated header registration for messages pertaining to transactional or promotional purposes. This has helped people identify the SMS header by simply looking into the database as made by TRAI.

Steps:

1. Go to https://smsheader.trai.gov.in/. The page looks like as shown below:

2. Enter your Email, Name and complete the captcha under the Download/View Header Details and click on continue

3. Enter the OTP received on your email with the captcha and click on continue

4. Now enter your SMS header in the format of AA-AAAA, where “AA” is your prefix and “AAAA” is your header name. For example, we have taken “AX-HDFCBK” as our sample header, so “AX” is our prefix and “HDFCBK” is our header name.

5. As soon as we press enter, the site returns the query with the information of the header, as shown below

Conclusion:

The importance of checking SMS headers is something that simply cannot be overemphasized. This is the principal procedure for identifying incoming messages as authentic, and on that basis, the users are able to make informed choices about the messages they receive. It also contributes to the rise of user safety and privacy.

The development of more transparent controls and a stronger decision-making process will make it easier for users to handle their digital lives. The Quick SMS Header Information service is easy and convenient to use, as its interface is simple and understandable for users of all technical levels.

In addition to this, TRAI's attempt to make available an online tool for the maintenance of a comprehensive database of SMS headers strengthens its position towards ensuring security for its users in the telecommunications sector.

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
Facebook hit with fresh user data leak, claim researchers
State’s first ever eSports League Championship by CyberPeace
India-US CEO Forum Launches Bilateral Knowledge-Sharing Platform For Startups And MSMEs
Rise of Humanoids: The next great unfolding for the humanity

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now