Many Indian schools routinely post images and academic achievements of children online without obtaining verifiable parental consent, violating the Digital Personal Data Protection (DPDP) Act of 2023 and increasing risks of exploitation and harassment.
- Only a minority of Indian schools comply properly with children's data consent rules.
- Unauthorized sharing of children's data leads to privacy risks and online abuse.
- Global and regional laws increasingly restrict children's social media exposure.
What happened
Indian schools and education-related organizations are frequently posting photos and videos of children celebrating academic and extracurricular achievements on websites and social media without obtaining clear, verifiable parental consent. This practice conflicts with the requirements established by the Digital Personal Data Protection (DPDP) Act, 2023, which defines children as individuals under 18 and mandates parental permission for processing their personal data.
Compliance with these legal requirements remains inconsistent, with experts estimating that only about 30 to 35 percent of schools take data privacy seriously. Even among those, permissions are often collected through vague or blanket consent forms that do not clarify specific usage rights such as commercial or publicity purposes. This creates significant legal and privacy vulnerabilities for children across India.
Why it matters
Unauthorized sharing of children's data not only breaches their privacy but also exposes them to risks such as online abuse, bullying, identity misuse, and exploitation. A striking example involved a top-performing student in Uttar Pradesh whose publicly shared academic achievement led to viral mocking, memes, and trolling, with no prior parental consent obtained by her school. This incident highlights how unregulated data sharing can cause tangible harm to minors.
Globally, countries are tightening regulations to protect minors online, recognizing the growing threats of grooming, harmful content, scams, and misuse of children's identities. Laws in Australia, France, and the UK increasingly restrict children's access to social media platforms, while Indian states like Karnataka are considering similar measures. The legal and social environment underscores the urgent need for Indian institutions to improve compliance to safeguard children's digital rights.
What to watch next
Efforts to enhance enforcement of the DPDP Act concerning children's data protection will be critical in the coming months. Schools, edtech firms, and other organizations in India must develop clearer consent processes that explicitly define the scope of data use, including any commercial or publicity intentions. Stakeholders should also invest in awareness campaigns to educate parents and institutions on the legal obligations and risks involved.
Monitoring legislative developments in India, such as potential restrictions on social media access for minors and amendments to data privacy frameworks, will be important for anticipating changes in the regulatory environment. Additionally, scrutiny of high-profile cases of privacy breaches and online abuse linked to children's data could drive impetus for stronger protections and compliance mechanisms nationwide.