Legal Best Practices – To Protect Children from AI-based Identity Thefts

Online information privacy has always been a scarce commodity but today’s cyberspace and the rise in generative AI tech have made it remarkably easy and affordable to collect substantial and specific information about individuals, especially children without any risks or repercussions.
Identity theft is one of the prevalent digital crimes that has picked up pace targeting child artists and young kin of celebrated individuals. Although some privacy-enhancing technologies (PETs) are being deployed, the legal statutes that guarantee protection to children are far from little to make cyberspace more privacy-friendly. Even though the right to identity for adults is recognized under Article 24 of the International Covenant on Civil and Political Rights 1976 (ICCPR)). Children’s identity rights are enshrined under Article 8(1) of the Convention on the Rights of the Child 1989 (CRC) which mandates the addition of family relations to recognize this right to identity.
This duality has enabled cyberspace to target children especially celebrated children, making them vulnerable to global identity theft crises.

Most Common Signs of Child’s Identity Theft:

–       Unsecured ID documents: Keep periodic checks on your children’s identity documents if they show up in an online search or if an obscure app recognizes your child’s background without any efforts to engage with it, there is a probable breach in their ID -proof

–       Denied Government Benefits: If your child gets denied government benefits upon registration. Check for identity discrepancies.

–       Unknown Bills or Cards: If you receive unknown invoices or bills in your child’s name, this is a grave cause of concern and you must check with your child’s banks and report it to tax authorities

–       Elder Frauds: Report immediately, if you are aware a guardian is abusing their position due to the nature of their relationship with the child, this unfortunately is highly prevalent and an unreported crime.

–       Unknown transaction: Check your child’s bank statements periodically to notice any irregularities in transactions

–       Age-inappropriate emails, messages, or phone calls on your child’s devices: This suggests misuse of the identity of personal information registered in the child’s name.


Legal Do’s and Don’ts for Guardian’s: 

While identity thefts are becoming a rampant menace in the AI paradigm, it is an offshoot of the right to publicity and personal rights which is still not a trademark right. Even though a rise in debates on AI, personal and publicity rights and privacy are being discussed there remain significant regulatory gaps. For instance, India as the Chair of the Global Partnership on Artificial Intelligence (GPAI), and its latest Digital India Act (DIA), DPDA Clause 9 of Processing of personal data of children describes “Data Fiduciary” as the authorised organization responsible for the management of parental consent for using children’s data. However, clause 9(3) bars a Data Fiduciary from undertaking tracking or monitoring of targeted advertising directed at children. Whereas in the EU the GDPR-K employs similar parameters on parental consent and transparency in the collection of the data putting the onus of the burden of ethical parameters for children’s privacy on the internet providers. 

However, neither the regulatory statutes address the gaps that address as to

– What might constitute an acceptable method for obtaining verifiable parental consent? Or

– Any references to scientific studies or other evidence confirming that such decisions are indeed suitable in terms of the best interest of the child. 

Therefore what must be some dos and don’ts for guardians and next of kin for child influencers, artists, and celebrated parents for their children?


  • How can you determine if your digital apps fall under these laws?

  1. Be mindful above-mentioned laws apply to apps in your region, regardless of the physical location of your business, or area of service.
  2. If the child’s artists have a PR agency or a production house managing them. Then as guardians, it is essential to make sure the organisation’s apps are duly registered under national company laws and respect the age limit set by the local/applicable law(s) when you process the personal data of the children based there.
  3. Especially for India and some countries of the global south, due to the absence of legal statutes on child influencers and their role under labour laws, it is vital for guardians to actively pursue apps that have privacy and safety protocols. Besides, make sure you set limits on audience and customer engagement parameters; since privacy and responsibility of identity falls inevitably on the guardians; bound by the region’s laws.
  • How to determine the extent of your child’s publicity rights 

First, The right of publicity is not a trademark right unless you have registered trademarks on your child or child artist’s screen name. However, your children enjoy image rights under IP law in India and the EUIPO since, 2019 is open to trademark faces of celebrated artists in the European Union. Therefore, to ensure adequate publicity protection to safeguard your kids from identity theft one must ensure the following

  1. Confidentiality: Ensure that contracts drafted between child artists and publicity agencies have distinct mention of measures to manage publicity or privacy abuses.
  2. Notice the available range of due diligence measures: These are opted by the contracting partners. These should offer adequate technology and IP protection to your child or child artists’ works.
  3. IP protection: Prevention is better than cure. Hence, register your child as a business entity with legally registered copyrights for their art or the inclusion of image rights to their photos. This will grant an added layer of protection to your child’s identity.  
  4. Seek a publicity manhandling clause in your contracts: Reputational damages are hard to recover from even for adults but children are more vulnerable to them. Hence, for the long-term safety of your child’s reputation and identity, every publicity contract should be drafted with risk and liabilities in mind.
  5. Performance Guarantees: Many personal rights are tied to publicity performance guarantees. For children, these market requirements put added pressure due to more exposure online and offline. As a guardian make sure what type of contractual guarantees you expose your children to that will be aligned to their identity protection.
  6. Hire a Legal Partner: Legal documents are required to be formal and therefore their language is complex. This creates gaps in understanding. Hence guardians should consult a reputed legal representative to protect their child and his rights.  

Privacy regulation in India:

As per the latest amendments to privacy regulations, India has enacted the Digital Personal Data Protection Act (DPDA), 2023 a statutory framework for data privacy law in India. The regulations reside on consent before date uptake and offer a limited number of exceptions; enumerated in the law. While it provides consumers with the right to access, correct, update, and erasure of data, it offers additional safeguards for the processing of children’s data. Meanwhile, the law also enables its grievances redressal mechanism to breed a culture of compliance and social discipline.


Privacy regulation in the UK and Europe:

These regions are aligned to three important regulations.

–       GDPR: General Data Protection Regulation from the EU/EEA

–       UK GDPR: UK-specific legislation, that is very similar to the GDPR with a few distinct differences

–       DPA 2018: Data Protection Act, which is UK-specific legislation

In Europe, the GDPR mandates obtaining parental consent for apps collecting personal data, especially from children under 13. Consent age varies between EU/EEA member states and can range from 13 to 16 years old.

As a guardian make sure your service provider or an advertiser is obtaining verifiable consent from a parent or guardian and offering age-appropriate privacy notice for both the child and the adults. Besides, the right to erasure is important, when processing the data of children. Ensure that service providers have appropriate measures to ensure your data is safe.

Is your child an artist? Or are you a celebrated individual who wants to protect their children? Then get in touch with us here.

At Nicomedia IP our team of legal specialists will guide you through steps to protect your child and keep his rights intact.

Leave a Comment

Your email address will not be published. Required fields are marked *