Regulating Children’s Social Media in India: DPDP Act 2023, IT Act, POCSO and Digital Rights Explained for CLAT

CURRENT AFFAIRS | MARCH 23, 2026 | CLAT LEGAL + GK

India is grappling with how to protect children from the harms of social media — from behavioural manipulation by algorithms to exposure to inappropriate content and data harvesting. The Digital Personal Data Protection Act (DPDP Act), 2023 mandates verifiable parental consent before processing children’s data. But enforcement mechanisms, age verification infrastructure, and platform accountability remain works in progress.

Why CLAT 2027 Aspirants Must Know This

Digital law is an emerging high-priority CLAT Legal Reasoning area. The DPDP Act 2023 is India’s first comprehensive data protection law — expect passages on parental consent requirements, data fiduciary obligations, NCPCR’s role, and comparisons with GDPR. Section 67B IT Act (child sexual abuse material), POCSO, and IT Intermediary Guidelines are also regularly tested.

Key Facts at a Glance

• DPDP Act, 2023: India’s first comprehensive data protection law — passed August 2023
• Section 9, DPDP Act: Data fiduciaries must obtain verifiable parental consent before processing children’s (under 18) personal data
• DPDP Act prohibits targeted advertising and behavioural tracking of children
• MeitY (Ministry of Electronics and IT) is the nodal ministry for DPDP implementation
• NCPCR (National Commission for Protection of Child Rights) is the oversight body for online child safety
• India has ~500 million users under 25 — making child digital safety a massive policy challenge
• EU’s GDPR (2018) served as the global template for India’s DPDP Act framework
• IT (Intermediary Guidelines) Rules, 2021: Platforms must appoint Grievance Officers; remove harmful content within 24-72 hours
• POCSO Amendment Act, 2019: Enhanced punishments for sexual offences against children including online crimes
• Section 67B, IT Act: Criminalises publishing/transmitting child sexual abuse material (CSAM)

Key Terms and Definitions

Constitutional and Legal Framework

• DPDP Act, 2023 — Section 9: Verifiable parental/guardian consent required for processing children’s (under 18) data; no targeted ads or tracking of children
• IT Act, 2000 — Section 67B: Punishes publishing, transmitting, or browsing child sexual abuse material — imprisonment up to 5-7 years
• IT Act, 2000 — Section 79: Safe harbour for intermediaries — platforms not liable for third-party content if they follow due diligence norms
• IT (Intermediary Guidelines) Rules, 2021: Significant social media intermediaries must appoint Grievance Officer, Nodal Contact Person, Resident Grievance Officer; 24-hour takedown for CSAM
• POCSO Act, 2012 (amended 2019): Protection of Children from Sexual Offences — enhanced punishments for child sexual abuse including online offences
• Juvenile Justice Act, 2015: Protects children in need of care and protection — includes those facing online exploitation
• Article 21: Right to privacy includes digital privacy — K.S. Puttaswamy (2017) laid the constitutional foundation for data protection legislation

Quick Takeaways for CLAT 2027

1. DPDP Act 2023 = India’s first data protection law; child = under 18; parental consent mandatory
2. Section 9 = no targeted ads + no tracking of children; verifiable parental consent required
3. GDPR (EU, 2018) = global template; age of digital consent = 16 in EU vs 18 in India
4. Section 79, IT Act = Safe harbour for platforms (conditional on due diligence)
5. Section 67B, IT Act = CSAM criminalised; up to 7 years imprisonment
6. POCSO 2019 amendment = enhanced punishments including death penalty for aggravated offences
7. NCPCR = child rights watchdog; Puttaswamy 2017 = constitutional foundation for data protection