Data>Nuance
All insights
GuideHeightened duties

Children's data under Section 9 of the DPDP Act

Heightened duties for teams building products that may process a child's personal data.

Data>Nuance

Section 9 addresses processing personal data of children. Products that are used by, aimed at, or reasonably likely to include children require deliberate assessment before launch.

Operational questions

  • Can the service identify whether the heightened duty applies?
  • What verifiable parental consent mechanism is appropriate?
  • Could tracking, monitoring or advertising create prohibited risk?
  • Are vendors and analytics tools aligned with the same restrictions?

A children's-data review should be built into product approval, not deferred until a complaint occurs.

This publication is general information and is not legal advice for a specific organisation or matter.

Continue reading

DPDP Act

DPDP Act readiness for technology businesses

A practical first-pass framework for product, legal and security teams deciding what to document and implement first.

Read insight

Notice and consent

Notice under Section 5 of the DPDP Act

What a Data Fiduciary should review before putting consent and notice experiences into production.

Read insight

Start with context

Book a focused DPDP Act consultation.

Bring an upcoming launch, notice review, data mapping question, incident readiness issue or implementation deadline. We will help identify the right next step.

Book consultation Submit a brief