How does DPDP protect children's data?
Section 9 requires verifiable parental consent before processing a child's personal data and prohibits behavioral tracking or targeted advertising directed at children.
The Act treats anyone under 18 as a child—stricter than GDPR's default age in many EU states.
Age-gating, parental verification, and separate privacy notices for minors are essential for edtech, gaming, and consumer apps.