• news-banner

    Expert Insights

Age Appropriate Design Code - Are You Ready?

A brief reminder that there are six months left to comply with the Children’s Code and the ICO has issued an appeal for transparency champions.

Background

The Age Appropriate Design Code (Children's Code), which came into force on 2 September 2020 aims to help ensure that children’s privacy is protected online. The Children’s Code allowed for a 12 month transition period, meaning that organisations have until 2 September 2021 to ensure their compliance.

The Information Commissioner’s Office (ICO) recently undertook research into whether organisations are prepared and suggested that many are in the preparation phase. The initial findings were published on 2 March 2021, together with a reminder that there are only six months left to make changes to align your online services, operations and products with the Children’s Code. The full findings will be published in a few months’ time.

When does the Children’s Code apply?

The Children’s Code applies to “information society services likely to be accessed by children” in the UK. The ICO has noted that this includes many apps, programs, connected toys and devices, search engines, social media platforms, streaming services, online games, news or educational websites and websites offering other goods or services to users over the internet.

This will have a significant impact on website design and organisations may need to make substantial design and operational changes to existing sites. Importantly, it is not restricted to services specifically directed at children but those used by children.

Standards of Age Appropriate Design

The standards are, in summary:

  • Best interests of the child – website design and development should have the best interests of the child in mind.
  • Data protection impact assessments – assess and mitigate risks to the rights and freedoms of children who are likely to access the service, which arise from data processing. Consider ages, capacities and development needs.
  • Age appropriate application – risk-based approach to recognising the age of individual users and ensure you effectively apply the standards in this code to child users. Consider ways of establishing the age of the users or otherwise apply the standards to all users.
  • Transparency –privacy information and any other terms you provide must be easy to read and understand for the appropriate age group. Consider policies and notices drafted specifically for children and provide additional specific ‘bite-sized’ explanations at the point of use of their personal data. The aim is for children to easily understand how, when and why services use their data.
  • Detrimental use of data – do not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.
  • Policies and community standards –uphold your own published terms, policies and community standards (e.g. age restrictions and content policies).
  • Default settings –unless there is a compelling reason not to, website default settings must be ‘high privacy’ by design.
  • Data minimisation –only collect and retain the minimum amount of personal data needed to provide the elements of the service used by children. Offer children choices over which elements they wish to activate.
  • Data sharing – unless there is a compelling reason to do so, do not disclose children’s data.
  • Location tracking turned off –unless there is a compelling reason not to, geolocation options should be off by default. Provide an obvious sign for children when location tracking is active. Options which make a child’s location visible to others must default back to ‘off’ at the end of each session.
  • Parental controls – give child age appropriate information about parental controls being used, where applicable. Provide an obvious sign to the child if and when they are being monitored.
  • Profiling turned off –unless there is a compelling reason not to, options which use profiling should be off by default. Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (e.g. don’t feed content that is detrimental to their health or wellbeing).
  • Nudge techniques – do not use techniques aimed at encouraging children to provide unnecessary personal data.
  • Connected toys and devices –if you provide a connected toy or device ensure you include effective tools to enable conformance to the Children’s Code
  • Online tools – provide prominent and accessible tools to help children exercise their data protection rights and report concerns.
Transparency Champions

In addition to the reminder issued about compliance, the ICO has also opened a consultation calling for organisations to become so-called transparency champions. The consultation is open to anyone who is committed to designing projects using privacy information in ways that are easy for children to engage with, or has ideas or examples of privacy designs that meet the Children’s Code transparency standard.

The ICO would “like to hear from online services, children’s rights advocates, designers, academics and anyone else working to deliver our vision to place the best interests of children at the heart of the online world” and invite participants to submit ideas before 23.00 pm on Friday 30 April 2021.

In addition to consulting the market, the ICO is using feedback from organisations and sector-specific events and discussions, to assess whether there are further requirements for tailored guidance and support, to supplement existing resources on the Children’s Code.

Ensuring Trust in Innovation

Elizabeth Denham (ICO) spoke at the Oxford Internet Institute on 3 March 2021 and two particular comments highlight the importance of organisations’ compliance with the Children’s Code and the transformative impact it is likely to have:

The Code is an important piece of work in protecting children. In the coming decade, I believe children’s codes will be adopted by a great number of jurisdictions and we will look back and find it astonishing that there was ever a time that children did not have these mandated protections.”

“There is a more fundamental point here too: if we have a generation who grow up seeing digital services misuse their personal data, what does that do to their trust in innovation in the future?”

The Children's Code will be the first of its kind and is expected to become an international benchmark.

Our thinking

  • CTBUH Annual Conference: Mastering ESG Challenges and the Launch of the Global In-House Counsel Assembly

    Kerry Stares

    Events

  • Benoît Pasquier and Alex Needham write for City AM on ensuring a more equitable future at the Olympic Games

    Benoît Pasquier

    In the Press

  • Oasis and the Often Overlooked Benefit of Dynamic Pricing

    Nick White

    Quick Reads

  • Darren Bailey writes for City AM on the NFL’s decision to allow private equity investment

    Darren Bailey

    In the Press

  • Charles Russell Speechlys advises EMMA Systems on strategic reorganisation and investment

    Alex Reid

    News

  • Data Protection / The Swiss-U.S. Data Privacy Framework: Adequacy Decision, Implications, and Caution

    Serge Vittoz

    Insights

  • City AM quotes Keir Gordon on more law firms becoming increasingly interested in sport

    Keir Gordon

    In the Press

  • Based on a True Story: Disclaimers in Film and Television

    Mark Hill

    Quick Reads

  • Common Law v Civil Law Approach to Disclosure in International Arbitration

    Patrick Gearon FCIArb

    Insights

  • All change for UK immigration?

    Owen Chan

    Quick Reads

  • Short Reporting Rights: Clarifications from the Swiss Federal Administrative Court

    Remo Wagner

    Insights

  • From Manchester to the Metaverse: How United’s Roblox Rollout Could Help Drive Fan Engagement

    Dillon Ravikumar

    Insights

  • Darren Bailey and Frédéric Jeannin write for City AM on geopolitical risk and challenges posed to Paris by staging the Olympic Games

    Darren Bailey

    In the Press

  • Will 2024 be a record year for the number of insolvencies in France?

    Dimitri A. Sonier

    Quick Reads

  • Understanding the Impact of Bankruptcy on Contractual Relationships

    Remo Wagner

    Quick Reads

  • Nick White and Sarah Johnson write for City AM on how Rule 40 affects marketing around the 2024 Olympic Games

    Nick White

    In the Press

  • IFLR interviews Shirley Fu on her reasons for joining the Firm

    Shirley Fu

    In the Press

  • A Closer Look at the Current State of Artificial Intelligence Regulation in the Gulf

    Mark Hill

    Quick Reads

  • Is the horizon level? Current updates and predictions for Competition Law in the UAE

    William Reichert

    Insights

  • Lights, Camera, Rebates: A Closer Look at Film Financing in the Gulf

    Mark Hill

    Quick Reads

Back to top