2025 年数字个人数据保护规则草案规定了“处理儿童和残疾人个人数据的可验证同意”

《数字个人数据保护规则-2025》(DPDPR-2025) 草案规定了“处理儿童和残疾人个人数据的可验证同意”，明确了在处理儿童和残疾人的个人数据之前获得父母或法定监护人可验证同意的要求。儿童或残疾人。

The draft Digital Personal Data Protection Rules-2025 (DPDPR-2025) includes provisions for obtaining 'Verifiable Consent for Processing Personal Data of Children and Persons with Disabilities', outlining the requirements for acquiring parental or legal guardian consent before processing the personal data of children or persons with disabilities.

《数字个人数据保护规则-2025》草案 (DPDPR-2025) 包括获得“处理儿童和残疾人个人数据的可验证同意”的规定，概述了在处理儿童个人数据之前获得父母或法定监护人同意的要求或残疾人士。

As per the draft rules, a 'Data Fiduciary' is required to implement measures to ensure that the person providing consent for a child's data processing is indeed the child's parent or legal guardian and that they can be properly identified.

根据草案规则，“数据受托人”必须采取措施，确保同意儿童数据处理的人确实是儿童的父母或法定监护人，并且可以正确识别他们的身份。

"To verify that the parent is an adult, the Data Fiduciary must use reliable identity details or a virtual token linked to such details. This verification is essential to ensure that consent is granted by a responsible adult, as defined by relevant laws," the rules state.

“为了验证父母是否是成年人，数据受托人必须使用可靠的身份详细信息或与此类详细信息相关联的虚拟令牌。这种验证对于确保相关法律所定义的负责任的成年人授予同意至关重要，”规则状态。

However, the draft rules also provide for exemptions from the obligations in processing the personal data of children. Section 9 of the Act outlines the standards required for processing the personal data of the children. It also laid down specific purposes and conditions for which the data has to be processed.

不过，规则草案还规定了处理儿童个人数据义务的豁免。该法第 9 条概述了处理儿童个人数据所需的标准。它还规定了处理数据的具体目的和条件。

"Specific classes of Data Fiduciaries, such as healthcare professionals, educational institutions, and childcare providers, are exempt from certain provisions related to children's data," the rules state.

规则规定：“特定类别的数据受托人，例如医疗保健专业人员、教育机构和儿童保育提供者，不受与儿童数据相关的某些规定的约束。”

These entities are permitted to process children's personal data, but this is limited to specific activities such as health services, educational activities, safety monitoring, and transportation tracking.

这些实体被允许处理儿童的个人数据，但这仅限于特定活动，例如医疗服务、教育活动、安全监控和交通跟踪。

These activities must be necessary for the well-being and safety of the child, ensuring that data processing is conducted within a defined and limited scope.

这些活动对于儿童的福祉和安全来说必须是必要的，确保数据处理在规定和有限的范围内进行。

The Act provides for Part A and Part B, and Part B of the schedule says what are the particular purposes for which the exemptions apply, including processing for legal duties, issuing subsidies or benefits to children, "creating user accounts for communication, or ensuring that a child does not access harmful information. In these cases, processing is restricted to what is necessary to perform the function, service, or duty, with a strong emphasis on protecting the child’s best interests."

该法案规定了 A 部分和 B 部分，附表的 B 部分说明了豁免适用的特定目的，包括处理法律义务、向儿童发放补贴或福利、“创建用于通信的用户帐户，或确保在这些情况下，处理仅限于履行职能、服务或职责所必需的信息，并重点保护儿童的最大利益。”

The provision also recognises that certain activities, such as verifying the age of a data subject to confirm they are not a child, fall under this exemption, as long as the processing remains limited to what is necessary.

该条款还承认，某些活动（例如验证数据主体的年龄以确认他们不是儿童）属于此豁免范围，只要处理仍然仅限于必要的范围。

These exemptions aim to strike a balance between safeguarding children's personal data and allowing essential activities for their health, education, and safety.

这些豁免旨在在保护儿童的个人数据和允许儿童健康、教育和安全的基本活动之间取得平衡。