India’s new Digital Personal Data Protection (DPDP) Rules put parental consent at the centre of online safety for children. It’s a major regulatory shift, and the first time companies must obtain verifiable parental consent (VPC) before processing a minor’s data, with narrow exceptions for education, healthcare, and emergencies.

But the global record is clear: parental-consent systems routinely intervene with real-world behaviour, technical limits, and political pressure. If India wants meaningful protection without crushing innovation, excluding users, or triggering privacy backfires, its implementation rules must be grounded in evidence, not aspiration.

Australia demonstrates a highly ambitious approach. Its recent mandate to age-gate under-16s pushed platforms into ID checks, biometric scans, and document-based verification through accredited third parties, raising privacy concerns. Critics warn of “centralised data honeypots" and excessive data collection. Teens quickly finding workarounds such as VPNs, shared accounts, and fake profiles, often pushing them into even less regulated spaces.

Japan took the opposite path. The Act on the Protection of Personal Information (APPI) Guidelines require consent from a minor’s legal representative when the child cannot meaningfully assess consequences (typically 12–15). Regulators call for “appropriate" confirmation steps but avoid mandating specific methods. The 2024 interim review noted that strict checks risk overburdening families, while flexible declarations offer limited assurance, highlighting even mature privacy regimes struggle to strike balance.

In the US, rising anxiety about youth mental health has driven calls for stronger age-gating and parental consent systems. But several state laws mandating........

© News18