Are learning and gaming apps safe for your child under India’s data law?
At a glance
Under India’s DPDP Act, ed-tech and gaming apps must get your verifiable parental consent before collecting an under-18’s data — and, crucially, they can’t behaviourally track your child or target ads at them, even if you consented. A few tightly-defined education and safety uses are exempted, but that’s narrow. So these apps aren’t automatically unsafe; the law just draws hard lines around them, and knowing those lines tells you what to check before signing your child up.
Educational resource only. This explains how learning and gaming apps must handle children’s data under India’s Digital Personal Data Protection Act, 2023 (DPDP Act); it is not formal legal advice.
On this page
- What these apps can collect — with your consent
- The hard limits: no tracking, no targeting
- The ed-tech exemption — and how narrow it is
- How to judge an app before you sign your child up
- FAQ
The situation
Your child wants the maths app everyone at school uses, or a popular game with a chat feature. Both collect data — some to work, some to keep users engaged and monetised. The question isn’t whether they collect anything; it’s what the law lets them do with a child’s data, and where it stops them.
What these apps can collect — with your consent
They can collect what the service genuinely needs — but only after getting your verifiable parental consent. The DPDP Act treats under-18s as children (Section 9), and a learning or gaming app is a Data Fiduciary that must obtain a parent’s verifiable consent before processing a child’s personal data.
Within that, and limited to what the app actually needs to function, it may collect things like a name, a class or grade level, or progress data for a learning app; or a username and gameplay data for a game. The guardrails are the ordinary ones: a clear notice of what and why, use only for the stated purpose, and no quietly collecting extra data the service doesn’t need. Consent has to be yours, genuine, and specific — not a box your child clicked through.
The hard limits: no tracking, no targeting
Two things these apps cannot do to your child — full stop, even with your consent. This is where children’s data is protected more firmly than an adult’s:
- No behavioural tracking or monitoring. Cookie-based tracking, device fingerprinting, activity profiling, cross-app tracking — the kinds of engagement surveillance many apps rely on — are off-limits for children.
- No targeted advertising. Apps can’t aim behaviourally-targeted ads at your child.
The important nuance: these limits hold even if you consented. A parent’s yes lets an app collect what it needs to run; it does not unlock tracking or ad-targeting of a child. So a game that profiles your child to keep them playing, or serves interest-based ads, is crossing a line consent can’t authorise.
The ed-tech exemption — and how narrow it is
There are exemptions, but they’re for defined safety and health purposes — not a general pass for ed-tech. The Rules under the Act (notified November 2025) carve out specific, limited situations. The ones parents will meet:
- Educational institutions, day-cares and caretakers may track or monitor a child where it’s in the interest of the child’s safety — not for engagement or marketing.
- Clinical and healthcare providers are exempted where processing is limited to necessary health services for the child.
What this does not mean: it is not a blanket exemption that lets any “learning” app track, profile, or advertise. The exemption is tied to who the entity is and the narrow purpose (safety, health, education activity). A commercial ed-tech or gaming app leaning on “it’s educational” to justify behavioural tracking is stretching a narrow carve-out past what it covers.
How to judge an app before you sign your child up
A few checks tell you quickly whether an app respects the lines. Before your child installs it:
- Does it ask you? A real parental-consent step (identity or age confirmation) is a good sign; no parent step at all is a bad one.
- What does it want, and why? Match the permissions to the function. A learning app rarely needs contacts or precise location.
- Does it show targeted ads? Interest-based ads following your child signal profiling the Act prohibits.
- Can you withdraw and delete easily? A clear route to pull consent and erase data is both a legal duty and a trust signal.
- Read the age rating and privacy notice — vague or missing notices are themselves a warning.
FAQ
Do learning and gaming apps need my consent for my child? Yes — an under-18’s data generally needs your verifiable parental consent before an ed-tech or gaming app can process it.
Can a kids’ game show my child targeted ads? No. The Act prohibits targeted advertising directed at children and behavioural tracking of them — and that holds even if you gave consent.
Isn’t ed-tech exempt from these rules? Only narrowly. Educational institutions and caretakers are exempted for tracking done in the interest of a child’s safety — not a general licence for commercial apps to profile or advertise.
What data can these apps legitimately collect? What the service genuinely needs to work — a name, grade level, or progress for learning; a username and gameplay data for games — under a clear notice, and nothing extra.
How do I know if an app is safe? Check that it seeks your consent, requests only permissions it needs, shows no targeted ads to your child, and lets you withdraw and delete easily.
Related Articles
Reviewed by Confidential Dispatch Editorial Team
Last updated 15 July 2026
Not legal advice.