(1)Every data fiduciary shall process the personal data of a child in
such manner that protects the rights of (***) the child.
(2)The data fiduciary shall, before processing of any personal data of a
child, verify his age and obtain the consent of his parent or guardian,
in such manner as may be specified by regulations;
(3) The manner for verification of the age of child under sub-section
(2) shall (***) take into consideration—
(a) the volume of personal data processed;
(b) the proportion of such personal data likely to be that of child;
(c) the possibility of harm to child arising out of processing of
personal data; and
(d) such other factors as may be prescribed.
(4) The (***) data fiduciary shall be barred from profiling, tracking,
or behavioural monitoring of, or targeted advertising directed at
children and undertaking any other processing of personal data that can
cause significant harm to the child.
(5)The provisions of sub-section (4) shall apply in such modified form
to the data fiduciary offering counselling or child protection services
to a child, as the Authority may by regulations specify.