# Processing of personal data and sensitive personal data of children

# Bare Act

# Section 16(1)

Every data fiduciary shall process personal data of a child in such manner that protects the rights of, and is in the best interests of, the child.

# Section 16(2)

The data fiduciary shall, before processing of any personal data of a child, verify his age and obtain the consent of his parent or guardian, in such manner as may be specified by regulations.

# Section 16(3)

The manner for verification of the age of child under sub-section (2) shall be specified by regulations, taking into consideration

(a) the volume of personal data processed;

(b) the proportion of such personal data likely to be that of child;

(c) possibility of harm to child arising out of processing of personal data; and

(d) such other factors as may be prescribed.

# Section 16(4)

The Authority shall, by regulations, classify any data fiduciary, as guardian data fiduciary, who—

(a) operate commercial websites or online services directed at children; or

(b) process large volumes of personal data of children.

# Section 16(5)

The guardian data fiduciary shall be barred from profiling, tracking or behaviouraly monitoring of, or targeted advertising directed at, children and undertaking any other processing of personal data that can cause significant harm to the child.

# Section 16(6)

The provisions of sub-section (5) shall apply in such modified form to the data fiduciary offering counselling or child protection services to a child as the Authority may by regulations specify.

# Section 16(7)

A guardian data fiduciary providing exclusive counselling or child protection services to a child shall not require to obtain the consent of parent or guardian of the child under sub-section (2).

# Secton 16 Explanation

For the purposes of this section, the expression "guardian data fiduciary" means any data fiduciary classified as a guardian data fiduciary under sub-section (4).

Last Updated: 11 Dec 2019