“Personal Digital Age” needs to be given a legal recognition

Information Technology Act 2000 (ITA 2000) defined Electronic Document as a “Binary Expression” and legally recognized a definition for  “Document in Electronic Form”.  It provided a legal recognition making such documents  as equivalent to “Paper documents”. Simultaneously the “Digital  Signature” and “Electronic Signature” were also defined and provided legal recognition. Even the “Computer”, “Computer Network” etc were provided legal definitions as devices that store and process binary expressions.

However, when it came to defining “Digital Contracts” though the electronic form of offer and acceptance were defined. the basic definition of “When does an agreement become a contract”, “What is the contractual capacity” etc were adopted from the Indian Contract Act.

Hence any contract entered into on the Digital space by a person with a physical age of less than 18 years( 21 years if a legal guardian has been appointed earlier) were voidable contracts.  The law did not provide any thought to the impossibility of determining the age of a person in a digital communication.

Though ITA 2000 made “Digital/Electronic Signature” mandatory and therefore any person without a valid digital certificate issued by a Registered Certifying authority cannot enter into a valid digital contract equivalent to a signed contract, the possibility of “Deemed Contract” is possible and is being widely used in all online “Click-Wrap” agreements.

When the Data Protection Act was introduced, the concept of “Consent” was also based on the definition of contract under the Contract Act and hence could not escape the need for a valid signature.

When “Nomination” was suggested in PDPB 2019 and DPDPB 2022, we therefore flagged the Jurisprudential point that a “Will” not being recognized under ITA 2000 and a “Contract” getting automatically extinguished on the death of a person required a paper written will for nominating a transfer of a digital asset on the death of a person.

However the problem of switching the consent from the parent to the erstwhile minor without a discontinuity of service at the stroke of a minor attaining the age of 18 years remained a problem.

Further one could argue that if a person is born at say 09.22 hours on 20th February 2004, then he would attain majority at 09.22 hrs on 20th February 2022 and not at the stroke of the midnight on 20th February 2022.

Additionally the problem of age verification becomes a challenge to every contractual transaction on the Internet. In the early days of Internet, the industry used to ask for credit card ownership as an indicator of adult hood. But with the current risks of credit card frauds, it is not possible to ask for credit card numbers or a nominal debit of Rs 1 etc to verify the age of a person.

In 2005, I had suggested an issue of “Adult Pass” for Pornographic websites (Refer this article: What is an adult pass?) . Recently it was pointed out that France is likely to adopt this thought and issue “Pornographic Passports”. Such documents provide an assurance of age which can be used for allowing entry to adult websites .

In India we already have the system of “Aadhar” which can be also used as an authentication of age. UIDAI can issue on request an “Adult” certificate. Since “Minors” also carry Aadhaar ID along with the Parental Aadhaar ID, we have a ready infrastructure to make UIDAI confirm whether a person is a minor or a major and if he or she is a minor, who should be considered as a “Valid Parent” to provide consent. We can leave it to the UIDAI authority to sort out special cases of single parents, divorced parents, surrogate parents etc so that the digital service provider will simply accept the UIDAI certificate of “Majority” or “Minority” as a valid document for his services.

This service can be introduced by UIDAI immediately and I urge them to do so.

Personal Digital Age

This apart, I am today raising another fundamental philosophical issue of what should be considered as the right age at which a person digitally transforms from a minor to a major for his Internet/digital activities.

Today we debate if under Privacy laws we should consider recognizing “Consent giving powers” to a person of 16 years of age or 13 years of age etc., and argue that a person of that age has the necessary maturity.

But it is difficult to link any physical age to digital maturity. If we accept that today’s younger generation are more computer savvy and hence they should attain “Digital Maturity” earlier than 18 years, the same argument can make a senior citizen as a person below the “Digital Maturity Age”.

Hence determining the “Digital Maturity Age” or “Personal Digital Minority” on the basis of physical age is completely unacceptable since it would be like comparing apples to mangoes.

We need to therefore find a way for finding out the “Digital Personal Age” of a person and incorporate it into the legal definitions.

For example, I took my first birth in the Internet when I got my first E-Mail ID from vsnl.com namely naavi@vsnl.com. This happened some time in 1994-95 and I need to dig into the old records to find out the date when I registered my VSNL account. Since then, I have been using different email accounts  of yahoo.com etc and now the gmail.com and other emails.

Though I might have started using computers earlier to the day of obtaining the digital email ID, I consider that I was digitally born on the  Internet with a unique ID when my first e-mail account was created. Can this be considered as a basis of “Digital Age”?

This means that every person can get a certificate of first creation of an email from any service provider which can be confirmed by some authority and that can be taken as the digital birth certificate.

Once this principle is established, determining whether digital maturity should be considered after 5 years, 10 years or any other time can be easy to determine.

I am therefore placing two suggestions through this article

  1. UIDAI to introduce a physical age certificate with parental tag for minors
  2. E-Mail service providers to introduce the first date of creation as a certificate on request subject to declaration of details such as name etc.

This system would be far better than simply using a self declaration “I am above 18 years of age” in the online contract creating documents or making special arrangement for verifying the age through supplementary enquiry etc.

I am sure that very soon we will have a reasonably acceptable AI algorithms that can assess the digital maturity and if a regulatory authority accredits different AI algorithms like they accredit the digital certificate issuing authorities, then the AI algorithm could make an assessment of “Digital Maturity Age” like we do in the case of Psychometric tests for identifying the mental age and IQ and use it for issue of “Digital Adulthood”.

I am aware that these are the first thoughts that have been floated for other professionals and regulators to consider. I hope unlike my other thoughts (eg: Adult pass) which took 15 to 20 years to get accepted  by the community the above suggestions will have a mush shorter gestation period.

Your views are welcome.


P.S: It is interesting to note that some organizations (eg: Infosys) have developed a Digital quotient  through which they try to objectively represent the maturity of their employees in the employment scenario. This parameter is used to determine the “Halflife” of the employees and how quickly their knowledge becomes obsolescent. In a way this is a model of “Depreciation of the financial value of the human capital”.

The Digital maturity from the Internet contracting perspective can use some of the parameters that have been identified for determining the Digital Quotient of employees.

There is also the “Digital Maturity of an organization” which is built into the Quality systems which is different.

What we are now discussing is the “Personal Internet maturity for the purpose of determining the right digital cut off for identifying digital minors from digital majors”

Our concept is simply based on the efflux of time after a person was digitally born and is not linked to an evaluation of his skill sets as is used in the Digital Quotient of employees or the Digital Maturity of an organization. Just as every adult above 18 years is not equally intelligent even under our concept of a “Personal Digital Adult”, there may be difference in the intelligence levels of different persons. But if our physical society including adult franchise is based simply on efflux of time, perhaps it becomes relevant even in the  digital society. If we were prepared to model our adult franchise on the basis of qualifications, then there would be an argument for determining the digital adulthood also on the basis of the skills of a Netizen. Skills are relevant for employment but may not be for online contracts for e-commerce or privacy permissions.

Probably we need to discuss this more in the coming days.




About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.