For today’s children, the internet is the first playground – a space where they learn, explore, and leave their first digital footprints. Yet, as parents eagerly document these moments with love and pride, an unintended digital shadow begins to follow their children, a shadow they neither chose nor control. In this delicate balance between parental pride and privacy lies the urgent need for a rights-based approach to safeguard children’s rights in the digital age.

The Digital Personal Data Protection Rules, 2025, announced last week require parental consent before processing the personal data of children. While this approach ensures oversight, it risks excluding children from decisions about their data and overlooks the challenges parents face in navigating digital environments.

The approach to verifiable consent exclusively through parents or guardians risks falling short of recognising the realities of modern digital parenting and children’s evolving capacities.

Legal scholar Georgina Dimopoulos has criticised the notion that children are incapable of making rational decisions, arguing that this perspective undermines their agency. Just as adults have a right to “decisional privacy”, so too should children. It is crucial that children are involved in decisions that affect their privacy and rights.

This reflection is deeply informed by my research on digital parenting behaviour in India, conducted through a structured survey and interviews of more than 150 Indian parents of diverse socioeconomic backgrounds.

The study explored how parents interact with the digital world, their awareness of online risks, and their behaviour concerning the privacy of their children. It revealed startling gaps between parental intentions and practices, highlighting the urgent need for a child-centric approach to digital rights and data protection.

Sharenting, parental practices in India

The digital age has introduced a phenomenon known as sharenting – parents sharing their children’s lives online. While this practice is often driven by love and pride, it carries significant risks for children, including identity theft, loss of privacy or “digital kidnapping” – misusing photos of a child to get others to reveal sensitive information.

My research into these behaviours found the following critical trends:

Platforms of choice: Unlike global trends favouring Instagram or YouTube, 36% of Indian parents primarily use WhatsApp to share child-related content. This creates a false sense of security, as the perceived privacy of encrypted platforms often leads parents to share identifiable details like names, birthdates and locations.

Types of content shared: Over 58% of parents admitted to sharing milestone moments – birthdays, vacations and school events. These posts frequently included identifiers such as school uniforms or geographic locations, making them vulnerable to exploitation. Such sharing inadvertently exposes children to risks such as digital impersonation or other kinds of misuse.

Parental awareness vs action: While 60% of parents claimed awareness of risks like digital kidnapping, only 42.7% consistently adjusted privacy settings and 28.1% never used them at all. This underscored a lack of practical knowledge and technical skills among parents.

Consent and agency: Although 71.9% of parents believed children should have a say in their digital presence, only 38.5% actively sought their consent before posting. This discrepancy reveals a failure to acknowledge children’s evolving capacities and rights to autonomy.

Social media validation: Nearly 45.3% of parents felt compelled to share content due to social media validation, prioritising “likes” and comments over privacy considerations. This societal pressure exacerbates the risks of oversharing, turning children into digital commodities for validation.

These findings paint a complex picture of digital parenting in India, one where good intentions are often undermined by gaps in awareness, societal pressures, and inadequate digital literacy. They challenge the assumption that parents are inherently the best arbiters of their children’s digital rights.

However, many parents lack the technical knowledge to evaluate the implications of sharing their children’s data, leaving children exposed to risks despite the intent to safeguard them.

Today’s children are active participants in the digital world. According to some studies, one in three internet users is a child. They possess a nuanced understanding of technology and can often navigate it better than their parents.

The United Nations Convention on the Rights of the Child, particularly General Comment No. 25, emphasises recognising children as rights-holders in the digital space. Excluding them from consent processes undermines their rights to privacy, participation, and autonomy.

The godmother of children’s rights on the internet and a leading authority on the subject, Sonia Livingstone, has been consistently arguing for a child-centric approach to digital policy. In her groundbreaking work, she emphasises that age assurance mechanisms online must respect children’s rights, striking a balance between protection and autonomy.

For instance, adolescents aged 13-18 are capable of making informed decisions about their digital presence. A tiered approach to consent, where younger children’s data is managed by parents but older children can consent independently, strikes a balance between protection and empowerment.

The way forward

To address the gaps in the current framework, the Digital Personal Data Protection Rules, 2025, should incorporate enhancements that prioritise children’s rights and their evolving capacities.

First, the introduction of Child-Centric Data Protection Impact Assessments should ensure that individuals or organisations that process children’s data should conduct rigorous evaluations to minimise risks.

A report by international nonprofit 5Rights Foundation recommends privacy-by-design principles, mandating that platforms that target children should limit data collection and default to the highest privacy settings. This would prioritise children’s best interests while mitigating potential harms.

In addition, a collaborative consent mechanism is essential to balance protection with autonomy. For children below 13, parents would provide consent with the mandatory involvement of the child in understanding how their data is used.

Adolescents aged 13-18, however, should be empowered to provide their own consent, supported by age-appropriate privacy disclosures and safeguards. This approach acknowledges the digital literacy and evolving maturity of older children, enabling them to participate in decisions about their online presence.

Finally, to ensure children and parents navigate digital spaces responsibly, mandatory digital literacy programmes must be introduced. These programmes, integrated into school curricula and supported by collaborations with social media platforms, would educate families on privacy risks, responsible sharing and data protection tools.

Coupled with an enhanced right to erasure, allowing children to request the deletion of content shared by guardians that compromises their privacy, these measures would empower children to reclaim control over their digital identities and foster a safer, more equitable online environment.

The Digital Personal Data Protection Rules, 2025, represent an important step in safeguarding children’s data, but they must evolve to reflect the realities of modern digital parenting and children’s rights.

By recognising children as active participants in the digital ecosystem and addressing the limitations of parental arbitration, the rules could create a safer, more equitable digital landscape.

Salik Khan is Tech Policy Consultant and founder of PIIR Foundation, working with law enforcement advocating children's rights on the Internet.