Age appropriate design – the ICO consults on its new code aiming to protect children online
The Information Commissioner’s Office has released its new code on age-appropriate design (the “Code”) for consultation. The Code includes 16 standards, aimed at protecting children’s privacy, which must be met by online providers offering products or services.
The Code applies to all providers of online products or services that process personal data and that are likely to be accessed by children in the UK. Those who do not think their sites fall within scope will need verifiable evidence demonstrating that the site is not being used by under 18s or they must impose robust age-gating on their sites.
The Code imposes strict requirements which, if met, will help providers demonstrate their compliance with both the GDPR and PECR. Failure to comply may result in regulatory action.
The 16 standards of age-appropriate design imposed by the Code will have a significant impact on website design and many providers will need to make substantial design and operational changes to existing sites to ensure compliance. Standards include:
- Best interests: website design and development should have the child’s best interests in mind;
- Privacy information: the privacy information provided to users must be suitable to the anticipated audience age range (think privacy policies and notices drafted specifically for children);
- Data use: children’s personal data must not be used in ways that are detrimental to their wellbeing or that go against any recognised advice / regulatory requirements;
- High privacy default: website default settings must be ’high privacy’ by design;
- Tracking turned off: unless there is a compelling reason not to, geolocation options and profiling must be turned off by default;
- Nudging: nudge techniques aimed at encouraging children to provide unnecessary personal data are banned;
- Training: all staff involved in design and development of online services which may be accessed by children must be trained to ensure sufficient knowledge and compliance.
The Code is out for consultation until the end of May after which the final version will be presented to Parliament. It is expected to come into effect before the end of 2019. The Code will be the first of its kind and is expected to become an international benchmark.
For more information on this topic, please contact Caroline Swain on +44 (0)20 7203 5158 or at Caroline.Swain@crsblaw.com.