The National Human Rights Commission (NHRC) has acknowledged alleged violations of the Digital Personal Data Protection (DPDP) Act, focusing on issues like tracking children’s data transfers and inadequate grievance redressal systems on major digital platforms. NHRC member Priyank Kanoongo initiated action based on a complaint following a report by think tank ASIA. Key government bodies, including the Ministry of Electronics and Information Technology, Ministry of Education, and Ministry of Communications, have received notices from the Commission.
The NHRC has sought clarification from the Ministry of Communications regarding the process of providing SIM connections to children for internet and mobile usage. Concerns have been raised about the lack of clear information on registering SIM cards in minors’ names in India, highlighting potential regulatory gaps. The DPDP Act, established in 2023 and operationalized through rules in late 2025, aims to enhance India’s data protection framework, especially for vulnerable groups like children, women, and the elderly.
While some provisions like obtaining parental consent have an 18-month compliance window, immediate implementation is required for key aspects such as data tracking systems, server security, and effective grievance redressal mechanisms. Major platforms like Meta Platforms, Khan Academy, WhatsApp, Grok, Gemini, Perplexity AI, and Microsoft Math Solver are reported to be non-compliant with these regulations. The Commission has expressed concerns about the potential risks to children’s digital safety due to these lapses and has instructed entities to submit compliance reports within 15 days.
The NHRC, a statutory body safeguarding human rights in India, has powers akin to a civil court, with its members enjoying a status equivalent to that of a Supreme Court judge. The Commission has hinted at possible future actions to protect other vulnerable groups, including senior citizens.
