The Data Protection Bill 2021

(This Bill has since been withdrawn and a new Version is expected to be presented )



16 Processing of personal data (***) of children.


(1)Every data fiduciary shall process the personal data of a child in such manner that protects the rights of (***) the child.

(2)The data fiduciary shall, before processing of any personal data of a child, verify his age and obtain the consent of his parent or guardian, in such manner as may be specified by regulations;
(3) The manner for verification of the age of child under sub-section (2) shall (***) take into consideration—

(a) the volume of personal data processed;
(b) the proportion of such personal data likely to be that of child;
(c) the possibility of harm to child arising out of processing of personal data; and
(d) such other factors as may be prescribed.


(4) The (***) data fiduciary shall be barred from profiling, tracking, or behavioural monitoring of, or targeted advertising directed at children and undertaking any other processing of personal data that can cause significant harm to the child.
(5)The provisions of sub-section (4) shall apply in such modified form to the data fiduciary offering counselling or child protection services to a child, as the Authority may by regulations specify.
(7) (***)