Digital Personal Data Protection Rules: Tokenisation for Child Age Verification
- January 8, 2025
- Posted by: OptimizeIAS Team
- Category: DPN Topics
No Comments
Digital Personal Data Protection Rules: Tokenisation for Child Age Verification
Sub: Sci
Sec: Awareness in IT AND COMPUTER
Why in News
- The Government of India released the draft Digital Personal Data Protection Rules, 2025, under the Digital Data Protection Act, 2023, outlining provisions for data privacy, compliance, and processing mechanisms.
- The said rules introduced tokenization of identity documents as a proposed solution for verifying the age of minors under the draft Digital Personal Data Protection Rules.
- This initiative aims to ensure minors do not access age-restricted online services or social media platforms without parental consent.
What is Tokenisation:
- Tokenisation is a process that replaces sensitive data (such as personal identity details or payment information) with a unique digital identifier, known as a “token.” This token retains the essential information for verification or authentication purposes but does not reveal the actual data.
- In short, Tokenisation involves creating a digital representation of identity documents to verify a user’s age or confirm parental consent for minors.
Features
- Data Substitution:
- The actual data (e.g., Aadhaar number or credit card details) is not shared.
- Instead, a randomly generated token represents the original data.
- Privacy Protection:
- Since tokens do not contain the actual data, even if they are intercepted, they cannot be reverse-engineered to extract sensitive information.
- Limited Use:
- Tokens are often created for specific purposes (e.g., age verification or a single transaction).
- They can be designed to expire or become invalid after their purpose is fulfilled.
- Enhanced Security:
- By using tokens, sensitive information remains secure in a protected database and is not exposed during transmission or processing.
Current Verification Practices
- Platforms typically rely on self-declared age verification (e.g., users declare they are at least 13).
- The proposed rules mandate age verification for all new applicants on platforms operating in India.
Concerns
- Privacy Issues: Critics argue the requirement might force all individuals (including adults) to verify their age, raising concerns over data privacy.