NHRC Issues Notice to MeitY Over Children’s Data Protection Failures

The National Human Rights Commission has issued a notice to the Ministry of Electronics and Information Technology following a complaint by the Advanced Study Institute of Asia (ASIA). The complaint, backed by a research report, alleges large-scale and systemic violations of the Digital Personal Data Protection Act, 2023 by digital, social media, edtech, and AI platforms widely accessed by children in India.

The report assigns a high- to medium-risk exposure rating to platforms including Instagram, ChatGPT, Grok, Perplexity AI, WhatsApp, Gemini, Claude, Canva, Microsoft Math Solver, Photomath, Khan Academy, and SATHEE. These platforms are failing their statutory duties as data fiduciaries under the DPDP Act. Children are being profiled, tracked, and their data shared with third-party analytics and AI systems without informed authorisation. Some platforms showed a 100% breakdown in compliance. The report also notes that platforms adopting the international 13+ age threshold instead of Indian law leave children aged 13 to 18 without protection.

The NHRC has directed MeitY to submit an Action Taken Report within 15 days. The report must cover platform-wise compliance status, enforcement action against defaulting data fiduciaries, steps to eliminate behavioural tracking and algorithmic manipulation of minors, mechanisms for data erasure and transparency in data-sharing chains, and oversight of third-party data processors and AI systems. The Commission also ordered time-bound enforcement of the DPDP Act alongside the Juvenile Justice Act (2015), POCSO Act (2012), Right to Education Act (2009), and IT Rules (2021).

This is the first instance of the NHRC treating children's digital privacy as a human rights concern, not merely a regulatory compliance question. The 15-day deadline for the ATR signals urgency, though whether MeitY can produce a meaningful platform-by-platform audit in that timeframe remains to be seen. For organisations operating digital platforms accessible to Indian children, DPDP Act obligations toward minors are moving from aspirational to enforceable.