Listen to this article in summarized format
Loading...
××
Subscribe to
Unlock AI Briefing and Premium Content
New Year Offer 24 Hours Left
Subscribe NowAlready a member? Sign In
What's Included
- Exclusive Stories
- Daily ePaper Access
- Smart Market Tools
- Curated Investment Ideas
- Ad-lite Experience
Subscription
The National Human Rights Commission’s (NHRC) recent notice to the Ministry of Electronics and Information Technology (MeitY) over alleged data protection lapses by tech companies was rooted in its mandate—particularly protection of children online, a member of the statutory watchdog said.
The NHRC in its March 24 notice to the ministry had raised alleged non-compliance of the Digital Personal Data Protection (DPDP) Act by digital platforms. Digital services industry grouping Internet and Mobile Association of India (IAMAI), in a letter to the NHRC, argued that its intervention was premature, since several provisions of the DPDP Act would come into force only next year.
Referring to IAMAI’s letter, NHRC member Priyank Kanoongo told ET that the commission’s actions fall squarely within the Protection of Human Rights Act and are not contingent on the enforcement timeline of the DPDP Act.
The NHRC notice was based on a report by the Advanced Study Institute of Asia, which flagged gaps in how certain artificial intelligence tools handle children’s data. The report was based on a study of 14 widely used platforms across AI tools, social media, edtech and government services—Google's Gemini, NotebookLM, Khan Academy's Khanmigo, Photomath, IIT Kanpur's Sathee, Ministry of Education's DIKSHA, Microsoft Math Solver in OneNote, Meta's WhatsApp, Instagram, OpenAI's ChatGPT, Perplexity, Anthropic's Claude, Canva and xAI's Grok.
In its March 30 letter, which ET reported about on April 1, the industry association said key provisions governing children’s data under Section 9 of the DPDP Act were not yet in force. The industry group counts the likes of Google, Meta and Microsoft among its members.
Kanoongo said NHRC’s intervention was driven by broader concerns around child safety, including potential violations of the Protection of Children from Sexual Offences Act and the Juvenile Justice Act. “This is not just about compliance. We are dealing with environments that may expose children to sexual abuse, harmful content, and long-term psychological risks,” he said.
The commission pointed to a ruling in a Just Rights for Children Alliance case mandating reporting of child sexual abuse, and argued that platforms and intermediaries cannot defer responsibility until DPDP provisions are operational. It also cited instances where the ministry itself had written to law enforcement agencies to initiate action against platforms over alleged violations.
Rejecting IAMAI’s contention that the issue is purely a technical compliance matter under MeitY’s domain, the NHRC said technological harms often intersect with human rights. “When technology intervenes in human lives, human rights concerns arise,” Kanoongo said, adding that the commission has merely sought a response from the government, not imposed penalties or taken punitive action.
On the question of jurisdictional overlap, he maintained that it does not require legal validation to issue such notices. “If MeitY believes there is an overlap, it is free to seek legal remedies,” Kanoongo said.
The commission defended its reliance on external reports and media coverage to trigger action, stating that even preliminary findings indicating potential harm to children warrant scrutiny. Tt clarified that the technical assessment of such reports lies with MeitY.
The IAMAI had argued that the report that formed the basis of the NHRC notice was methodologically flawed and that companies should be given time until the DPDP deadline to build compliance systems. The human rights body countered that early intervention is necessary to prevent last-minute non-compliance and ensure preparedness. “If 18 months have been given, there must be a plan in place already,” Kanoongo said.
The commission reiterated that its primary objective is to ensure a safe digital environment for vulnerable groups, especially children. “This goes beyond data protection. If there is any violation of child protection laws, accountability will follow,” Kanoongo said.
The NHRC has sought detailed responses from MeitY on steps taken so far, timelines for establishing the proposed Data Protection Board and measures to safeguard children online.
The NHRC in its March 24 notice to the ministry had raised alleged non-compliance of the Digital Personal Data Protection (DPDP) Act by digital platforms. Digital services industry grouping Internet and Mobile Association of India (IAMAI), in a letter to the NHRC, argued that its intervention was premature, since several provisions of the DPDP Act would come into force only next year.
Referring to IAMAI’s letter, NHRC member Priyank Kanoongo told ET that the commission’s actions fall squarely within the Protection of Human Rights Act and are not contingent on the enforcement timeline of the DPDP Act.
The NHRC notice was based on a report by the Advanced Study Institute of Asia, which flagged gaps in how certain artificial intelligence tools handle children’s data. The report was based on a study of 14 widely used platforms across AI tools, social media, edtech and government services—Google's Gemini, NotebookLM, Khan Academy's Khanmigo, Photomath, IIT Kanpur's Sathee, Ministry of Education's DIKSHA, Microsoft Math Solver in OneNote, Meta's WhatsApp, Instagram, OpenAI's ChatGPT, Perplexity, Anthropic's Claude, Canva and xAI's Grok.
In its March 30 letter, which ET reported about on April 1, the industry association said key provisions governing children’s data under Section 9 of the DPDP Act were not yet in force. The industry group counts the likes of Google, Meta and Microsoft among its members.
Kanoongo said NHRC’s intervention was driven by broader concerns around child safety, including potential violations of the Protection of Children from Sexual Offences Act and the Juvenile Justice Act. “This is not just about compliance. We are dealing with environments that may expose children to sexual abuse, harmful content, and long-term psychological risks,” he said.
The commission pointed to a ruling in a Just Rights for Children Alliance case mandating reporting of child sexual abuse, and argued that platforms and intermediaries cannot defer responsibility until DPDP provisions are operational. It also cited instances where the ministry itself had written to law enforcement agencies to initiate action against platforms over alleged violations.
Rejecting IAMAI’s contention that the issue is purely a technical compliance matter under MeitY’s domain, the NHRC said technological harms often intersect with human rights. “When technology intervenes in human lives, human rights concerns arise,” Kanoongo said, adding that the commission has merely sought a response from the government, not imposed penalties or taken punitive action.
On the question of jurisdictional overlap, he maintained that it does not require legal validation to issue such notices. “If MeitY believes there is an overlap, it is free to seek legal remedies,” Kanoongo said.
The commission defended its reliance on external reports and media coverage to trigger action, stating that even preliminary findings indicating potential harm to children warrant scrutiny. Tt clarified that the technical assessment of such reports lies with MeitY.
The IAMAI had argued that the report that formed the basis of the NHRC notice was methodologically flawed and that companies should be given time until the DPDP deadline to build compliance systems. The human rights body countered that early intervention is necessary to prevent last-minute non-compliance and ensure preparedness. “If 18 months have been given, there must be a plan in place already,” Kanoongo said.
The commission reiterated that its primary objective is to ensure a safe digital environment for vulnerable groups, especially children. “This goes beyond data protection. If there is any violation of child protection laws, accountability will follow,” Kanoongo said.
The NHRC has sought detailed responses from MeitY on steps taken so far, timelines for establishing the proposed Data Protection Board and measures to safeguard children online.
