Disclaimer

By clicking, "I Accept" below, you accept and acknowledge the following:

The purpose of this website is to provide general information and insights about TLH, Advocates & Solicitors, and not to advertise or solicit work in any manner whatsoever.

Please note that as per the Bar Council of India Rules, advocates in India are prohibited from advertising or soliciting work in any form or manner. You acknowledge that you are visiting this website at your discretion and that there has been no solicitation, invitation, or inducement of any sort whatsoever from TLH, Advocates & Solicitors or any of its professionals in relation to this website.

The content available on this website does not constitute legal or other professional advice and should not be substituted for advice relevant to particular circumstances.

The access and use of this website does not establish any fiduciary or other relationship between you and TLH, Advocates & Solicitors or any of its advocates.

Please read the ‘Terms of Use’ and our ‘Privacy Policy’ before accessing this website.

I Accept
I Reject
Blog default background
Blog
Corporate Law

Navigating Child Personal Data Protection: A Comparative Analysis of the Indian DPDP Regime and the GDPR

Authors:
Anirudh Krishna
March 31, 2025
5 min read
Share this post
Copied!

Introduction

Children’s data is the most susceptible to misuse and exploitation in the current digital world. In India, the Digital Personal Data Protection Act, 2023 read with the draft Digital Personal Data Protection Rules, 2025 (collectively “Indian DPDP Regime”) proposes to establish strict safeguards to protect the data of children, ensuring that their data is handled ethically and responsibly. As we await the draft Digital Personal Data Protection Rules, 2025 to be notified, it becomes crucial to understand India’s stance on protection of data of children, in comparison with the standards laid down in the General Data Protection Regulation (“GDPR”) regime. This article outlines the key differences between the Indian DPDP Regime and the GDPR regarding consent requirements and data processing exemptions, applicable to children’s data.

Consent Requirements

Under both the proposed Indian DPDP Regime and the GDPR, personal data can only be processed with the individual’s consent. However, for processing children’s personal data, consent must be obtained from a parent or guardian. While both the regimes enforce this requirement, they set different age thresholds. Under the GDPR, parental or guardian consent is required only if the child is below 16 years of age [1] . Additionally, the GDPR allows EU member states to amend the regulations to lower the age of a child for applicability of parental consent regulations to as low as 13 years. In contrast, the proposed Indian DPDP Regime sets a higher age limit of 18 years, meaning for access, process and storage of data of individuals under the age of 18 years requires parental or guardian consent [2] . India proposes to establish a higher and stricter age requirement for parental consent as compared to the GDPR.

Consent Verification

In addition to obtaining parental or guardian consent to process a child’s personal data, under both the proposed Indian DPDP Regime and the GDPR, data processors must also take reasonable steps to verify the identity of the parent or guardian giving the consent. Under the GDPR, there are no prescribed methods for verification of the individuals giving parental or guardian consent, leaving it up to data processors to determine the verification process. In contrast, the Indian DPDP Regime requires data processors to adopt technical and organizational measures to verify the identity of the individuals providing consent, such as the usage of reliable identity and age verification methods, like government-issued credentials [3] . The GDPR allows for flexibility, but the proposed Indian DPDP Regime enforces a structured verification process to ensure compliance for parental or guardian consent for data usage of children. For example, a company handling children’s personal data in the European Union, may only need an email confirmation from a parent or a guardian, but in India, the company may have to use an Adhaar or a PAN card to verify the parent’s identity.

Exemptions from Parental Consent Requirements

Parental consent is not required under the GDPR, when processing a child’s personal data for counselling or preventive services [4] . Whereas, the proposed Indian DPDP Regime provides specific exemptions where parental consent is not required, such as for healthcare services, behavioral monitoring by educational institutions for educational activities, or for the safety of the child. Further, processing of a child’s personal data by daycare centers for their safety has also been exempted [5] .

Additionally, the Indian DPDP Regime allows processing of a child’s personal data for certain circumstances without parental or guardian consent, which are referred to as ‘legitimate uses’. These legitimate uses include providing government benefits and subsidies, blocking access to harmful content, and fulfilling legal obligations in the child’s interest [6] . A key distinction is that the Indian DPDP Regime explicitly lists the exempted sectors, while the GDPR provides broad exemptions.

Conclusion

As digital platforms continue to grow, protecting children’s personal data has become more crucial than ever. The proposed Indian DPDP Regime implements stronger safeguards that directly address the growing risks that children face online, whereas the GDPR takes a more flexible approach to the requirements of parental consent. Strict laws help prevent the misuse and exploitation of children’s personal data, but it is also important to ensure they do not place needless restrictions on companies that collect such data. As the Indian DPDP Regime develops, it remains to be seen how companies adjust and operate within this framework, balancing their commercial interests with the need to protect children's rights.

References
[1] Global Data Protection Regulation, Article 8, Acts of European Union.

[2] Digital Personal Data Protection, 2023, Section 9(1), No. 22, Acts of Parliament, 2023 (India).

[3] Draft Digital Personal Data Protection Rules, 2025, Rule 10.

[4] Global Data Protection Regulation, Recital 38, Acts of European Union.

[5] Draft Digital Personal Data Protection Rules, 2025, Rule 11.

[6] Digital Personal Data Protection, 2023, Section 7, No. 22, Acts of Parliament, 2023 (India).

No items found.
tatva legal , legal services hyderabad, Telangana legal services, corporate law hyderabad, corporate law Telangana

Footnotes

Share this post
Copied!

Latest posts

Corporate Law
June 14, 2025
The Finfluencer Effect: Unravelling Market Manipulation
Recently, the Indian stock market regulator, Securities and Exchange Board of India (SEBI) published a discussion paper addressing the growing concern pertaining to financial influencers, or finfluencers, providing financial advice. These influencers often lack the requisite qualifications and accountability for their recommendations.
Read more
Arrow Right
Employment Law
June 14, 2025
Contract Labour Deployment in India - Demystifying the Future Conceived by the Code on Occupational Safety, Health & Working Conditions, 2020
The business of human resource deployment by contractors for their clients has grown and evolved globally. In India, the contractor-sourced industrial workforce grew by about 293% between 2002-03 and 2021-22.[1] Recently, India has unfurled four labour codes that revamp its existing labour laws to meet the needs of the Indian workforce such as contract labour deployment.
Read more
Arrow Right
Corporate Law
June 14, 2025
Exploring Unchartered Territory? Laws for the Void
What can the Indian space sector learn from the Avengers? Besides, the incredible budget and scale, the key takeaway would be - bringing experts together to achieve phenomenal results. We all remember the fascinating back stories, the strength of and the role each member plays to fill an essential need under the able guidance of a strong leader.
Read more
Arrow Right
Corporate Law
June 14, 2025
The 100% FDI Debate: Insurance for All or a Market for Few?
While the Union Budget for Financial Year 2025-26 (���2025 Budget�۝) was successful in drawing attention of the whole nation through the personal tax exemption on incomes up to ��_12 lakh under the new tax regime [1], a critical announcement pertaining to the insurance sector was eclipsed. The 2025 Budget also introduced a key reform to reshape the ownership structure of the Indian insurance industry.
Read more
Arrow Right
Dispute Resolution
June 14, 2025
Right to Speedy Trial and its Application in Cases Involving Economic Offences
This article examines the judicial precedents that paved the way in recognising and upholding the right to a speedy trial as a fundamental right and the recent developments in cases involving economic offences in India wherein bails were granted to accused persons on the ground of the right to a speedy trial.
Read more
Arrow Right
Corporate Law
June 12, 2025
Liability Shift: The Impact of RBI’s Directive on PE/VC Appointed Observers in the Board of NBFCs
The article explores the regulatory implications of RBI's recent directive and its potential impact on private equity and venture capital-appointed board observers in NBFCs — a timely and significant development for the financial sector.
Read more
Arrow Right
View All Blogs
Arrow Right