Draft Data Protection Rules 2025: Tokenisation in Age Verification for Minors

Recent Developments in Data Protection

The Indian Government has proposed the draft Digital Personal Data Protection Rules, 2025, as part of the Digital Data Protection Act, 2023. A significant focus of this initiative is the tokenisation of identity documents to regulate minors’ access to online platforms and ensure age-restricted services are utilized appropriately. Parental consent becomes a key aspect of this framework.

---

Understanding Tokenisation

Tokenisation is a security process where sensitive data is replaced with a unique digital identifier or token. This ensures that sensitive information, such as identity documents or payment data, remains private during verification.

Core Characteristics of Tokenisation

1. Data Masking: Sensitive information is replaced with tokens.
2. Privacy Safeguards: Original data remains secure and inaccessible.
3. Specificity: Tokens serve only for designated purposes.
4. Improved Security: The actual data remains encrypted and inaccessible during exchanges.

---

Significance of Tokenisation in Verifying Minors’ Age

The tokenisation process allows:

• Verification of minors’ ages without exposing sensitive details.
• Parental consent to be securely obtained and linked to these tokens.

This ensures minors are restricted from accessing services not designed for their age group.

---

Key Attributes of the Tokenisation Process

1. Secure Data Representation

• Tokens act as substitutes for original identity documents, such as Aadhaar numbers or birth certificates.
• Sensitive details are not directly shared with online platforms.

2. Privacy Emphasis

• Tokens are encrypted, rendering them irreversible and safe from exposure.
• Even if intercepted, tokens do not reveal meaningful information.

3. Purpose-Driven Creation

• Tokens are generated for specific uses, such as age or parental consent verification.
• Once their purpose is fulfilled, tokens are rendered invalid.

4. Enhanced Data Safety

• Sensitive information is stored securely in encrypted databases.
• During processing, only tokens are used, ensuring that sensitive data is never exposed.

---

Current Age Verification Methods and Their Limitations

Existing Practices:

• User-Declared Age: Platforms rely on users self-reporting their age.
  • Weakness: Users, especially minors, can easily falsify their age.
• Document-Based Checks: Some platforms demand direct uploads of documents.
  • Weakness: Privacy concerns arise due to the exposure of full identity details.

Proposed Tokenisation Approach:

• A mandatory system for all platforms in India.
• Minors can verify their age via tokenised identity documents.
• Parental consent is securely integrated into the process.

---

Advantages of Tokenisation for Age Verification

1. Preserving Privacy

• Sensitive data is not exposed during verification.
• Minors’ information remains secure and inaccessible.

2. Reducing Security Risks

• The token system minimizes the likelihood of data breaches.
• It reduces the chances of identity theft or unauthorized data access.

3. Streamlining Compliance

• Platforms can meet regulatory requirements while maintaining user trust.

4. Operational Efficiency

• The tokenisation process simplifies compliance for service providers.

---

Challenges and Considerations

1. User Privacy Concerns

• Mandating age verification for all users might lead to privacy issues for adults.
• Critics worry about the overreach of data collection under this system.

2. Implementation Costs

• Platforms must develop robust infrastructure to handle tokenisation.

3. Misuse Risks

• Improper management or malicious use of tokenised data could still occur.

4. Inclusivity Gaps

• Individuals without access to official identity documents could face exclusion from digital services.

---

Strategic Focus of the Government

The Government envisions a framework that prioritizes:

• Child Safety: Restricting minors’ access to inappropriate content.
• Privacy Assurance: Implementing secure verification mechanisms without breaching user privacy.

Tokenisation emerges as a pivotal solution, aligning with global best practices for data protection and security.

---

Conclusion: A Progressive Step for Data Privacy

The Government’s proposal for tokenisation in child age verification under the Digital Personal Data Protection Rules, 2025, is a landmark effort in enhancing digital safety and compliance. Success will hinge on robust implementation, user awareness, and transparent oversight mechanisms to address any unintended consequences or privacy concerns.

Explore More: For official updates on the Digital Personal Data Protection Act, 2023, visit the Ministry of Electronics and Information Technology.

---

FAQs

1. What does tokenisation involve?
Tokenisation replaces sensitive data with a digital identifier, ensuring secure and private processing.

2. How does tokenisation aid in child age verification?
It allows minors’ age to be verified securely, avoiding direct exposure of sensitive identity documents.

3. Why is tokenisation considered safer?
Tokens cannot be reverse-engineered to retrieve original data, providing robust protection against breaches.

4. What are the main challenges of tokenisation?
Infrastructure costs, inclusivity concerns, and potential misuse risks are key challenges.

5. Is age verification mandatory for all users?
Under the proposed rules, platforms in India must enforce mandatory age verification for all new users.

6. How does tokenisation benefit service providers?
It streamlines compliance, reduces the risk of breaches, and ensures user trust.