• news-banner

    Expert Insights

Age Appropriate Design Code - Are You Ready?

A brief reminder that there are six months left to comply with the Children’s Code and the ICO has issued an appeal for transparency champions.

Background

The Age Appropriate Design Code (Children's Code), which came into force on 2 September 2020 aims to help ensure that children’s privacy is protected online. The Children’s Code allowed for a 12 month transition period, meaning that organisations have until 2 September 2021 to ensure their compliance.

The Information Commissioner’s Office (ICO) recently undertook research into whether organisations are prepared and suggested that many are in the preparation phase. The initial findings were published on 2 March 2021, together with a reminder that there are only six months left to make changes to align your online services, operations and products with the Children’s Code. The full findings will be published in a few months’ time.

When does the Children’s Code apply?

The Children’s Code applies to “information society services likely to be accessed by children” in the UK. The ICO has noted that this includes many apps, programs, connected toys and devices, search engines, social media platforms, streaming services, online games, news or educational websites and websites offering other goods or services to users over the internet.

This will have a significant impact on website design and organisations may need to make substantial design and operational changes to existing sites. Importantly, it is not restricted to services specifically directed at children but those used by children.

Standards of Age Appropriate Design

The standards are, in summary:

  • Best interests of the child – website design and development should have the best interests of the child in mind.
  • Data protection impact assessments – assess and mitigate risks to the rights and freedoms of children who are likely to access the service, which arise from data processing. Consider ages, capacities and development needs.
  • Age appropriate application – risk-based approach to recognising the age of individual users and ensure you effectively apply the standards in this code to child users. Consider ways of establishing the age of the users or otherwise apply the standards to all users.
  • Transparency –privacy information and any other terms you provide must be easy to read and understand for the appropriate age group. Consider policies and notices drafted specifically for children and provide additional specific ‘bite-sized’ explanations at the point of use of their personal data. The aim is for children to easily understand how, when and why services use their data.
  • Detrimental use of data – do not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.
  • Policies and community standards –uphold your own published terms, policies and community standards (e.g. age restrictions and content policies).
  • Default settings –unless there is a compelling reason not to, website default settings must be ‘high privacy’ by design.
  • Data minimisation –only collect and retain the minimum amount of personal data needed to provide the elements of the service used by children. Offer children choices over which elements they wish to activate.
  • Data sharing – unless there is a compelling reason to do so, do not disclose children’s data.
  • Location tracking turned off –unless there is a compelling reason not to, geolocation options should be off by default. Provide an obvious sign for children when location tracking is active. Options which make a child’s location visible to others must default back to ‘off’ at the end of each session.
  • Parental controls – give child age appropriate information about parental controls being used, where applicable. Provide an obvious sign to the child if and when they are being monitored.
  • Profiling turned off –unless there is a compelling reason not to, options which use profiling should be off by default. Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (e.g. don’t feed content that is detrimental to their health or wellbeing).
  • Nudge techniques – do not use techniques aimed at encouraging children to provide unnecessary personal data.
  • Connected toys and devices –if you provide a connected toy or device ensure you include effective tools to enable conformance to the Children’s Code
  • Online tools – provide prominent and accessible tools to help children exercise their data protection rights and report concerns.
Transparency Champions

In addition to the reminder issued about compliance, the ICO has also opened a consultation calling for organisations to become so-called transparency champions. The consultation is open to anyone who is committed to designing projects using privacy information in ways that are easy for children to engage with, or has ideas or examples of privacy designs that meet the Children’s Code transparency standard.

The ICO would “like to hear from online services, children’s rights advocates, designers, academics and anyone else working to deliver our vision to place the best interests of children at the heart of the online world” and invite participants to submit ideas before 23.00 pm on Friday 30 April 2021.

In addition to consulting the market, the ICO is using feedback from organisations and sector-specific events and discussions, to assess whether there are further requirements for tailored guidance and support, to supplement existing resources on the Children’s Code.

Ensuring Trust in Innovation

Elizabeth Denham (ICO) spoke at the Oxford Internet Institute on 3 March 2021 and two particular comments highlight the importance of organisations’ compliance with the Children’s Code and the transformative impact it is likely to have:

The Code is an important piece of work in protecting children. In the coming decade, I believe children’s codes will be adopted by a great number of jurisdictions and we will look back and find it astonishing that there was ever a time that children did not have these mandated protections.”

“There is a more fundamental point here too: if we have a generation who grow up seeing digital services misuse their personal data, what does that do to their trust in innovation in the future?”

The Children's Code will be the first of its kind and is expected to become an international benchmark.

Our thinking

  • Doing business in the UAE & Israel

    William Reichert

    Events

  • Drone deliveries: Be Prepared

    Emma Humphreys

    Quick Reads

  • Charles Russell Speechlys expands commercial offering with the appointment of Rebecca Steer

    Rebecca Steer

    News

  • The Times quotes Gareth Mills on the CMA’s preliminary approval of the Activision Blizzard-Microsoft deal

    Gareth Mills

    In the Press

  • City AM quotes Gareth Mills on the CMA’s new set of principles for regulating AI

    Gareth Mills

    In the Press

  • Silicon quotes Gareth Mills on the UK consumer lawsuit against Google

    Gareth Mills

    In the Press

  • Bloomberg and The Washington Post quote Richard Davies on multiclub ownership in world sports

    Richard Davies

    In the Press

  • Product compliance and Brexit - UK Government concedes to CE markings indefinite recognition

    Jamie Cartwright

    Quick Reads

  • UAE and the Grey List: Brief Update

    Karl Masi

    Insights

  • A Summer of Sport - Top 5 Legal Considerations

    Anna Sowerby

    Insights

  • Has the Orpéa plan impaired shareholder's consent? - Le plan de sauvegarde d'Orpéa n'a-t-il pas vicié le consentement des actionnaires historiques ?

    Dimitri-André Sonier

    Quick Reads

  • The Express quotes Gareth Mills on the CMA’s report on competition in the groceries sector

    Gareth Mills

    In the Press

  • Reuters quotes Gareth Mills on the CMA’s deadline extension of the Microsoft Activision Blizzard deal

    Gareth Mills

    In the Press

  • Les défaillances en France proches de leur niveau de 2019 - French insolvencies close to 2019 levels

    Dimitri-André Sonier

    Quick Reads

  • Law.com International quotes Simon Ridpath on the use of AI in the legal sector

    Simon Ridpath

    In the Press

  • Casino Group: An agreement with investors and debt holders is expected at the end of July

    Dimitri-André Sonier

    Quick Reads

  • Raconteur quotes Caroline Swain on misleading pricing practices

    Caroline Swain

    In the Press

  • DIAC Issues First Annual Report

    Georgia Fullarton

    Quick Reads

  • PE Hub quotes Richard Davies on private equity interest in football and sports

    Richard Davies

    In the Press

  • Payment Expert quotes Janine Regan on the record £1bn fine against Meta over EU data protection violations

    Janine Regan

    In the Press

  • The Guardian quotes Gareth Mills on Microsoft lodging an appeal against the CMA’s decision to block its Activision Blizzard deal

    Gareth Mills

    In the Press

  • The Times quotes Gareth Mills on the EU’s approval of the Microsoft-Activision deal

    Gareth Mills

    In the Press

  • One year on: "Influencer Culture: lights, camera, inaction" remains astonishingly accurate

    Caroline Swain

    Quick Reads

  • UKTN quotes Gareth Mills on the CMA's review of the UK AI market

    Gareth Mills

    In the Press

  • Saudi Center for Commercial Arbitration publishes new Arbitration Rules

    Peter Smith

    Quick Reads

  • The Financial Times quotes Nick White on risks to content creators promoting counterfeits

    Nick White

    In the Press

  • The Daily Telegraph quotes Nick White on AI and 'workplace displacement'

    Nick White

    In the Press

  • Charles Russell Speechlys achieves record success in The Legal 500 2023 EMEA directory

    Patrick Gearon FCIArb

    News

  • WhatsAppGate - Should businesses be reviewing their social media policies?

    Anna Rogers

    Quick Reads

  • Dubai announces its plan to streamline the enforcement of civil judgments and arbitral awards

    Peter Smith

    Quick Reads

  • Sign of the times - the British record football transfer which very nearly didn't happen

    Pei Li Kew

    Quick Reads

  • No love (island) lost for the #muffboss – #ad is great but don’t forget the other ad rules

    Caroline Swain

    Quick Reads

  • Is it really against the law to share your Netflix password?

    Quick Reads

  • Omnichannel innovation essential in the face of outlet decline

    Caroline Swain

    Quick Reads

  • Brand owners now required to police influencers

    Katie Bewick

    Quick Reads

  • Ten Years Since The 2012 Saudi Arbitration Law: Where Are We Now?

    Peter Smith

    Quick Reads

  • Strike a Pose - Usain Bolt files legendary victory celebration as a trademark

    Henry Cuthbert

    Quick Reads

  • ITV takes the plunge and “couples up” with Ebay to dress love island contestants in pre-loved clothing

    Natalie Batra

    Quick Reads

  • Constructing a Blue-print for Electronic Execution – New Guidance from the Industry Working Group on the Electronic Execution of Documents

    Quentin de la Bastide

    Quick Reads

  • To flex or not to flex: comparing traditional offices with flexible office space

    Emma Preece

    Quick Reads

Back to top