Submit the keyword or topic you are searching for

  1. Home
  2. Technology
  3. Meta Flags Key Gaps in India’s DPDP Act: Age Checks, Profiling Ban, and Cross-Border Transfers
Technology

Meta Flags Key Gaps in India’s DPDP Act: Age Checks, Profiling Ban, and Cross-Border Transfers

featured-image

Meta's Deputy Chief Privacy Officer said the DPDP Act fails to provide operational clarity to platforms due to the broad discretion of interpreting age verification and parental consent. The post Meta Flags Key Gaps in India’s DPDP Act: Age Checks, Profiling Ban, and Cross-Border Transfers appeared first on MEDIANAMA.

Meta has flagged key compliance uncertainties in India’s Digital Personal Data Protection (DPDP) Act, highlighting three unresolved areas: the absence of a clear system for verifying parental consent, the blanket ban on behavioural profiling of minors, and vague provisions on cross-border data transfers. In an interview with The Economic Times, Rob Sherman, Meta’s Vice President of Policy and Deputy Chief Privacy Officer, said the law leaves too much open to interpretation, which creates friction for platforms and fails to offer operational clarity.“The law gives the government a broad discretion to interpret what it looks like to verify the age of a teenager and then also to get their consent or their parents’ consent where that’s appropriate,” Sherman said.

“As a default matter, asking people to declare their age is a generally accepted way of doing it, and that’s what I would expect and hope that the Indian government would expect us to do.”Operational gaps in verifying parental consentThis issue took centre stage at MediaNama’s Understanding the Draft Data Protection Rules event in February 2025. Representatives pointed to a major gap in the law: how to verify a user’s age and the identity of their parent or guardian.



Most digital platforms don’t store that kind of demographic data, and the law doesn’t prescribe a standard method.Participants suggested one possible solution: the APAAR ID (Automated Permanent Academic Account Registry ID), a government-backed identity initiative originally developed to track academic progress. Some said APAAR could help verify age and family relationships in line with DPDP compliance.

Others raised serious concerns about privacy risks, potential misuse, and the burden of repeatedly pinging a government registry for every access request.They also discussed DigiLocker as an option, but it drew criticism. In shared-device environments or on jailbroken devices, DigiLocker often proves unreliable.

For newer platforms or those without large verified user bases, this creates a steep compliance curve and increases the risk of inconsistent enforcement.Behavioural profiling ban raises new challengesThe Act’s broad ban on behavioural profiling of minors adds another layer of complexity. Although it aims to protect privacy, the rule also prevents platforms from tracking engagement to deliver safer or more tailored user experiences, even when the goal is to surface age-appropriate or educational content.

Stakeholders at the event argued that the law doesn’t distinguish between invasive tracking and responsible personalisation. Platforms that rely on behavioural signals to improve safety or relevance may find the restriction does more harm than good.Sherman spoke directly about personalisation.

“You don’t see the same Facebook news feed that I see. We each get a personalised experience that’s based on what we’re interested in. And I think that’s an important part of using a service like Facebook or Instagram.

”He also noted the lack of nuance in how the law treats different age groups. It applies the same rules to six-year-olds and 17-year-olds. “It makes a lot of sense to recognise that what’s appropriate for a 13-year-old and what’s appropriate for a 17-year-old are not the same thing,” Sherman said.

He called for “a graded spectrum of protections” to reflect different maturity levels and digital habits.Access to educational tools at riskThe consent requirement, while well-intentioned, could unintentionally restrict children’s access to online services. Several speakers pointed out that students might not access learning platforms or career resources if they can’t immediately provide parental consent.

This risk increases in homes with limited digital literacy or poor connectivity.The issue isn’t just about access but also equity. Platforms that provide education or counselling may find the current framework unworkable for their use cases.

Many at the event recommended conditional exemptions or alternate compliance paths for services that deliver clear social value.Meta teen accounts in Messenger raise implementation questionsMeta recently expanded teen account features to Facebook Messenger, building on similar updates made to Instagram. These accounts include usage nudges, restrictions on contact from unknown adults, and parental supervision tools, all designed to create a safer experience for users aged 13–17.

In India, these features also aim to comply with the DPDP Act’s requirement for verifiable parental consent and the profiling ban. Meta manages parental controls through its Family Center, which lets parents approve interaction settings and receive alerts when their teen reports someone.Sherman acknowledged that the law gives the government wide discretion in interpreting compliance.

“The law gives the government discretion to interpret what verifiable parental consent looks like,” he said. Although Meta’s teen controls reflect global best practices, he said the company remains open to adapting them based on how Indian regulators interpret the law.Cross-border transfers: still in limboBeyond age verification and profiling, platforms also face uncertainty around how India will enforce cross-border data transfer restrictions under the Act.

The law gives the government the power to block certain transfers based on undefined criteria. Sherman warned that sweeping restrictions would conflict with how global platforms operate.“Adopting prohibitions on data transfer that are widespread, that affect people’s ability to communicate and do business would be problematic,” he said.

“It’s just not aligned with the way that people do business today and the way that people communicate in today’s economy.”He added, “Even though there is that provision in the rules that the government can do that, I’m hopeful that they’re going to use it in limited cases and not in ways that would interfere with our ability to run our service or people’s ability to use our services.”Speakers at the MediaNama event voiced similar concerns.

They flagged legal conflicts that could arise from laws like the US Reforming Intelligence and Securing America Act (RISAA), which compels companies to hand over user data to US authorities. They also pointed to the lack of guidance on what defines “trusted geographies” and how the Data Protection Board would coordinate with the proposed localisation committee.Why it mattersThe DPDP Act sets out to create stronger protections for children’s personal data, but its effectiveness depends on how it’s enforced.

The law asks platforms to verify parental consent without offering the tools or standards needed to do so. In response, companies may over-comply, blocking access to educational tools and services that children need.The ban on behavioural profiling, while protective in principle, removes a key layer of personalisation that platforms use to serve content responsibly.

Without differentiating between the needs of a six-year-old and a 17-year-old, the rules risk being too rigid to serve either group effectively.Cross-border data transfer rules also remain undefined, leaving platforms with international operations exposed to compliance risks.Without clear standards, tested verification systems, or nuance in enforcement, the Act could end up limiting access more than protecting the users it intends to safeguard.

Also read:Ex-Executive Reveals How Meta Used Teenagers’ Emotional States to Show AdsMeta Shared Revenue from Llama AI Hosts, Used Pirated Data to Train Them: Court FilingMeta’s Copyright Lawsuit in the US Highlights Complex Liability in AI Training Using Open Source DataWill The DPDP Rules Conflict With US Surveillance Law?The post Meta Flags Key Gaps in India’s DPDP Act: Age Checks, Profiling Ban, and Cross-Border Transfers appeared first on MEDIANAMA..

My Protein Germany

Myprotein UK

Menkind UK

Top News

FCT People Are Happy With Tinubu – Wike

The Minister of Federal Capital Territory (FCT), Nyesom Wike...

'Babar Azam needs one good innings to bounce back'

Bengaluru metro records highest-ever daily ridership despite recent fare hike

Celebrity Big Brother viewers left ‘disgusted’ at ‘attention-seeking’ Jojo Siwa and Chris Hughes

Related Posts

post-thumbnail
Technology

Meta's WhatsApp releasing new feature for channels

post-thumbnail
Technology

JBL Tour Pro 3 review: Excellent-sounding earphones with convenient controls

post-thumbnail
Technology

Deepseeks Self Learning Breakthrough That Could Outshine GPT-4

post-thumbnail
Technology

Open Source DMR Radio

post-thumbnail
Technology

Leo Horoscope Tomorrow, April 20, 2025: Day for bold steps and inspired action

post-thumbnail
Technology

Access Microsoft Office 2021 forever for just $69.97

post-thumbnail
Technology

Join the Challenge: The 2025 Gate.io WCTC S7 Trading Competition Awaits

post-thumbnail
Technology

Cancer Horoscope Tomorrow, April 20, 2025: Vulnerability in relationships may lead to misunderstandings