Poland is set to tighten the digital net around social media giants. Education Minister Barbara Nowacka told news portals on Friday that the government plans to legislate a social media ban for children under 15, shifting the legal burden of age verification squarely onto the platforms. Under a draft outline presented by the ruling Civic Coalition, companies that fail to “gatekeep” effectively face significant financial penalties, with a target enforcement date of early 2027.
Poland’s new announcement enjoins it among the ranks of Australia, France, Denmark, and Greece in establishing the “digital age of majority. While France, Denmark, and Greece declare the the age of majority to be 15, Australia has set it at 16. UK is currently in consultation, looking to enact the restrictions.
The move marks a definitive shift in the global legal philosophy regarding the internet: moving away from “Notice and Consent” system, where the burden of safety lies with parents, toward a “Strict Liability” model, where the burden of exclusion has been imputed on the tech giants. This is because the Legislators, world-over, are increasingly prioritizing the collective safety of the demographic that makes up the bulk of future users, children, over the individual liberties of tech companies to innovate without guardrails.
India, is not behind the race. The Digital Personal Data Protection (DPDP) Act provides for one of the most stringent child-protection frameworks in the world, the section 9. Under this provision, social media companies are classified as “Data Fiduciaries” with extraordinary obligations toward minors (defined in India as anyone under 18). The first requirement is, “Verifiable Parental Consent” which mandates the platforms to obtain “verifiable” consent before processing any data of a minor. Second, “No Tracking or Profiling” enshrined in Section 9(3) strictly prohibits platforms from engaging in behavioral monitoring, targeted advertising, or any processing that tracks a child’s online movement. and last, the “Detrimental Effect” Test forbids any data processing that may cause a “detrimental effect” on the well-being of a child; this is a very broad legal standard that gives the government significant oversight power.
This digital mammoth, however, remains unenforced. Despite the DPDP Act being passed, Section 9 has yet to be fully notified by the Indian government. The delay highlights the massive technical and legal hurdle facing India, Age Verification.
To enforce Section 9, platforms would need to verify the age of every single user in India. This creates a “Privacy Paradox.” To protect a child’s privacy, a platform might demand a government ID (like Aadhaar) or facial recognition from all users, potentially creating a mass surveillance database that contradicts the very spirit of data protection.
Until the Indian government notifies the specific “Rules” governing how parental consent is verified without compromising adult privacy, Section 9 remains a “sleeping giant”, a law with immense power that has yet to be triggered.