Digital Personal Data Protection Act (India DPDPA)
Complete ban on behavioral monitoring and targeted advertising directed at children. Verifiable parental consent required.
What India DPDPA Requires
Key provisions of Digital Personal Data Protection Act
Complete Ban on Behavioral Monitoring
Data fiduciaries must not undertake tracking, behavioral monitoring, or targeted advertising directed at children. This is one of the most comprehensive behavioral advertising bans globally.
Verifiable Parental Consent
Processing any personal data of a child requires verifiable consent from the parent or lawful guardian. The data fiduciary must make reasonable efforts to verify that consent is given by an authorized adult.
Best Interest Principle
Processing of children's data must not be likely to cause any detrimental effect on the well-being of a child. The best interests of the child must be the primary consideration.
Prohibition on Profiling Children
Data fiduciaries must not profile children or track their online behavior. Any form of personalized content delivery based on behavioral data is prohibited for minor users.
Significant Financial Penalties
Violations carry penalties up to INR 250 crore (approximately $30 million USD). The Data Protection Board of India has enforcement authority with powers to investigate and impose penalties.
How Phosra Helps
India DPDPA provisions mapped to Phosra features
Each India DPDPA requirement is addressed by a specific Phosra capability. Integrate once, and your platform is covered.
Ban on behavioral advertising
Targeted Ad Block
targeted_ad_blockThe targeted_ad_block rule disables all behavioral advertising and ad profiling for minor users across YouTube, Instagram, and TikTok, directly satisfying the DPDPA's advertising ban.
curl -X POST https://api.phosra.com/v1/enforcement \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"child_id": "ch_arjun_07",
"rules": ["targeted_ad_block"],
"platforms": ["youtube", "instagram", "tiktok"]
}'
Parental consent model
Parent Account Ownership
Phosra's parent-managed account model ensures all child profiles are created by a verified adult, providing verifiable parental consent as required by the DPDPA.
curl -G https://api.phosra.com/v1/families/fam_9kL3m/consent-status \
-H "Authorization: Bearer sk_live_..." \
-d "regulation=dpdpa"
Prohibition on profiling
Algorithm Feed Control
algo_feed_controlThe algo_feed_control rule switches feeds to chronological mode, preventing platforms from profiling children through AI-driven content recommendations.
curl -X POST https://api.phosra.com/v1/enforcement \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"child_id": "ch_arjun_07",
"rules": ["algo_feed_control"],
"platforms": ["youtube", "instagram", "tiktok"]
}'
Data minimization
Minimal Child Profiles
Phosra stores only first name, birth date, and age group — no behavioral data, browsing history, or activity profiles are retained, supporting the DPDPA's data minimization requirements.
curl -G https://api.phosra.com/v1/children/ch_arjun_07 \
-H "Authorization: Bearer sk_live_..."
Enforcement documentation
Compliance Audit Trail
Complete enforcement logging with timestamped records provides documentary evidence for Data Protection Board reviews and compliance demonstrations.
curl -G https://api.phosra.com/v1/enforcement/audit \
-H "Authorization: Bearer sk_live_..." \
-d "regulation=india_dpdpa" \
-d "format=dpb_report"
Coverage Assessment
India DPDPA compliance checklist
Compliance Coverage
Start building India DPDPA-compliant features today
Phosra handles the complexity of multi-platform compliance so you can focus on building great products for families.