The Indian government is considering a significant change in its digital personal data protection laws, potentially defining individuals below 18 years as minors in the online gaming sector for personal data processing. While this definition may be revised for sectors such as edtech and healthcare, it could remain at 18 for gaming, according to an anonymous senior official. Consultations with the industry will be conducted, and a timeframe for implementing these rules will be established to ensure compliance.
Section 9(5) of the Digital Personal Data Protection (DPDP) Bill addresses the “processing of personal data of children” and allows for a revised age limit for defining underage users if data processing is conducted in a verifiably safe manner. India has previously lacked specific legislation governing how companies collect and process personal data from underage users, with the Information Technology Act, 2000, offering limited provisions. Section 9 of the DPDP Bill aims to rectify this by preventing the collection and processing of personal data from underage users, except for specific exemptions detailed in Section 9(5).
Industry experts believe that this change may not significantly impact real-money gaming firms, as they already employ stringent age verification processes. However, e-sports companies may be more affected by these regulations, particularly if they have a substantial teenage user base. Stakeholders in the e-sports industry stress the importance of distinguishing between real-money games and e-sports within the online gaming sector.
Sudipta Bhattacharjee, a partner at the law firm Khaitan & Co., notes that real-money gaming platforms typically ensure users are over 18 through Know Your Customer (KYC) processes. While there could be some impact on data collection for e-sports and casual gaming companies with larger teenage user bases, the extent of this impact will depend on how these gaming categories are defined under the law.
The gaming industry is also seeking differentiation between real-money gaming and e-sports, particularly in relation to tax recommendations from the GST Council. This distinction could have implications for data collection regulations. Some experts suggest that underage exemptions should be nuanced, with specific rules applied on a case-by-case basis rather than a blanket norm for all firms in an industry.
Jay Sayta, a technology and gaming lawyer, points out that Section 9(5) of the DPDP Bill is likely to be applicable across the industry but emphasises that there may not be a uniform rule covering the entire sector. Future regulations will define how specific sections, such as underage user data collection, will be regulated in terms of personal data. The outcome for sectors with teenage users will depend on these forthcoming rules.