The DPDP Rules require verifiable parental consent for processing children's data, creating challenges for social media companies. While large companies like Google and Meta may have existing parent and child data, smaller players face difficulties establishing consent mechanisms. This could unintentionally favor larger companies by creating a data moat. Companies are exploring various consent methods, including third-party tokenisation and leveraging existing platforms like DigiLocker or APAAR ID, but challenges remain in terms of scalability and friction for users.