NewKerala.com

NHRC Cracks Down on AI, Social Media Giants Over Child Data Safety Lapses

The National Human Rights Commission has issued notices to several government ministries over alleged violations of the Digital Personal Data Protection Act by major digital platforms. The action follows a complaint based on a report highlighting the absence of systems to track children's data transfers and grievance redressal. Platforms cited include Meta, WhatsApp, and several AI and EdTech services like Khan Academy and Gemini. The NHRC has directed concerned entities to submit compliance reports within 15 days, expressing serious concern for children's digital safety.

Key Points: NHRC Notices Over DPDP Act Violations by Tech Platforms

  • NHRC acts on child data protection violations
  • Notices sent to key ministries & MHA
  • Major platforms like Meta, WhatsApp named
  • DPDP Act mandates immediate safety measures
2 min read

NHRC issues notices over alleged DPDP Act violations by AI, social media, EdTech platforms

NHRC issues notices to ministries over alleged DPDP Act violations by AI, social media, and EdTech platforms concerning children's data safety.

"such lapses pose a significant threat to children's digital safety - National Human Rights Commission"

New Delhi, March 25

The National Human Rights Commission has taken cognisance of alleged violations of the Digital Personal Data Protection Act, particularly concerning the absence of systems for tracking children's data transfers and grievance redressal mechanisms across major digital platforms.

A bench led by NHRC member Priyank Kanoongo initiated action following a complaint based on a report by think tank ASIA. The Commission has issued notices to key government bodies, including the Ministry of Electronics and Information Technology (MeitY), the Ministry of Education, and the Ministry of Communications. Copies of the notices have also been forwarded to the Ministry of Home Affairs.

The Commission has also sought clarification from the Ministry of Communications regarding the process for providing SIM connections to children for internet or mobile usage. Notably, there is a gap in the availability of information regarding registering SIM cards in the names of minors in India.

The DPDP Act, enacted in 2023 and operationalised through rules notified in late 2025, is considered one of the most advanced data protection frameworks globally. It aims to safeguard vulnerable groups, including children, women, and the elderly, from cyber risks.

While certain provisions, such as verifiable parental consent, have been granted an 18-month compliance window, several critical requirements, including data tracking, server security, and grievance redressal systems, are mandated for immediate implementation.

According to the report, major platforms such as Meta Platforms, Khan Academy, WhatsApp, Grok, Gemini, Perplexity AI, and Microsoft Math Solver have yet to fully comply with these provisions.

The Commission has expressed serious concern, stating that such lapses pose a significant threat to children's digital safety. It has directed the concerned entities to submit compliance reports within 15 days.

The NHRC, a statutory and independent body tasked with protecting human rights in India, holds powers comparable to those of a civil court, and its members have a status equivalent to that of a Supreme Court judge.

The Commission has also indicated that similar actions may be taken in the future to safeguard other vulnerable groups, including senior citizens.

- ANI

Share this article:

Reader Comments

R
Rohit P
About time! These EdTech platforms have been operating like a wild west. My nephew's coaching app asks for so much personal info. Where does it all go? The 15-day deadline is good, but we need permanent, strict monitoring.
A
Aman W
While I support the intent, I hope this doesn't become another bureaucratic hurdle that stifles innovation. Compliance costs for startups can be high. The government should provide clear guidelines and maybe a grace period for smaller Indian companies, not just the big foreign ones listed.
S
Sarah B
The SIM card point is very interesting. It's so easy to get a SIM in a child's name, often for their first phone. What's the process? Who is liable? This is a massive data privacy loophole that needs to be plugged immediately.
V
Vikram M
Good move. But the real question is about enforcement. What happens after 15 days if they don't comply? Fines? Banning the app? We have great laws but weak follow-through. Hope NHRC keeps the pressure on. Jai Hind!
K
Kavya N
Protecting children's data is non-negotiable. These AI platforms and social media sites are shaping young minds. If they can't follow our data protection rules, they shouldn't operate here. Bharat's digital sovereignty matters.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50