Chapter I II III IV V VI VII VIII IX X
Sections 1-3 4-11 12-17 18-22 23 24-28 29-39 40-41 42-48 49-68
Title Preliminary Data Protection Obligations Grounds for Processing Personal Data Grounds for processing Sensitive personal Data Personal and Sensitive Personal Data of Children Data Principal Rights Transparency and Accountability Measures Transfer of Personal data outside India Exemptions Data Protection Authority of India
Chapter XI XII XIII XIV XV   Schedule 1 Schedule 2    
Sections 69-78 79-89 90-96 97 98-112          
Title Penalties and Remedies Appellate Tribunal Offences Transitional Provisions Miscellaneous Preamble Amendment to ITA 2000 Amendment to RTI Act 2005 PDF Copy of the Proposed Act Srikrishna Committee Report

CHAPTER V
 

PERSONAL AND SENSITIVE PERSONAL DATA OF CHILDREN

23. Processing of personal data and sensitive personal data of children. —

(1) Every data fiduciary shall process personal data of children in a manner that protects and advances the rights and best interests of the child.

(2) Appropriate mechanisms for age verification and parental consent shall be incorporated by data fiduciaries in order to process personal data of children.

(3) Appropriateness of an age verification mechanism incorporated by a data fiduciary shall be determined on the basis of—

(a) volume of personal data processed;
(b) proportion of such personal data likely to be that of children;
(c) possibility of harm to children arising out of processing of personal data; and
(d) such other factors as may be specified by the Authority.

(4) The Authority shall notify the following as guardian data fiduciaries—

(a) data fiduciaries who operate commercial websites or online services directed at children; or
(b) data fiduciaries who process large volumes of personal data of children.

(5) Guardian data fiduciaries shall be barred from profiling, tracking, or behavioural monitoring of, or targeted advertising directed at, children and undertaking any other processing of personal data that can cause significant harm to the child.

(6) Sub-section (5) may apply in such modified form, to data fiduciaries offering counseling or child protection services to a child, as the Authority may specify.

(7) Where a guardian data fiduciary notified under sub-section (4)exclusively provides counseling or child protection services to a child, as under sub-section (6), then such guardian data fiduciary will not be required to obtain parental consent as set out under sub-section (2).


Chapter I II III IV V VI VII VIII IX X
Sections 1-3 4-11 12-17 18-22 23 24-28 29-39 40-41 42-48 49-68
Title Preliminary Data Protection Obligations Grounds for Processing Personal Data Grounds for processing Sensitive personal Data Personal and Sensitive Personal Data of Children Data Principal Rights Transparency and Accountability Measures Transfer of Personal data outside India Exemptions Data Protection Authority of India
Chapter XI XII XIII XIV XV   Schedule 1 Schedule 2    
Sections 69-78 79-89 90-96 97 98-112          
Title Penalties and Remedies Appellate Tribunal Offences Transitional Provisions Miscellaneous Preamble Amendment to ITA 2000 Amendment to RTI Act 2005 PDF Copy of the Proposed Act Srikrishna Committee Report