Q5 - How does DPDPA apply to educational institutions handling minors’ data?

Answer

Schools and universities are Fiduciaries and must get verifiable parental consent before processing children’s personal data (Rule 10).
Exemptions may apply if processing is limited to safe, educational purposes (Rule 11).

Example

A coaching institute offering online courses must obtain parental consent for a 15-year-old student.
If it shares the student’s data with advertisers without consent, penalties apply.