Age Appropriate Design Code - Are You Ready?
A brief reminder that there are six months left to comply with the Children’s Code and the ICO has issued an appeal for transparency champions.
The Age Appropriate Design Code (Children's Code), which came into force on 2 September 2020 aims to help ensure that children’s privacy is protected online. The Children’s Code allowed for a 12 month transition period, meaning that organisations have until 2 September 2021 to ensure their compliance.
The Information Commissioner’s Office (ICO) recently undertook research into whether organisations are prepared and suggested that many are in the preparation phase. The initial findings were published on 2 March 2021, together with a reminder that there are only six months left to make changes to align your online services, operations and products with the Children’s Code. The full findings will be published in a few months’ time.
When does the Children’s Code apply?
The Children’s Code applies to “information society services likely to be accessed by children” in the UK. The ICO has noted that this includes many apps, programs, connected toys and devices, search engines, social media platforms, streaming services, online games, news or educational websites and websites offering other goods or services to users over the internet.
This will have a significant impact on website design and organisations may need to make substantial design and operational changes to existing sites. Importantly, it is not restricted to services specifically directed at children but those used by children.
Standards of Age Appropriate Design
The standards are, in summary:
- Best interests of the child – website design and development should have the best interests of the child in mind.
- Data protection impact assessments – assess and mitigate risks to the rights and freedoms of children who are likely to access the service, which arise from data processing. Consider ages, capacities and development needs.
- Age appropriate application – risk-based approach to recognising the age of individual users and ensure you effectively apply the standards in this code to child users. Consider ways of establishing the age of the users or otherwise apply the standards to all users.
- Transparency –privacy information and any other terms you provide must be easy to read and understand for the appropriate age group. Consider policies and notices drafted specifically for children and provide additional specific ‘bite-sized’ explanations at the point of use of their personal data. The aim is for children to easily understand how, when and why services use their data.
- Detrimental use of data – do not use children’s personal data in ways that have been shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice.
- Policies and community standards –uphold your own published terms, policies and community standards (e.g. age restrictions and content policies).
- Default settings –unless there is a compelling reason not to, website default settings must be ‘high privacy’ by design.
- Data minimisation –only collect and retain the minimum amount of personal data needed to provide the elements of the service used by children. Offer children choices over which elements they wish to activate.
- Data sharing – unless there is a compelling reason to do so, do not disclose children’s data.
- Location tracking turned off –unless there is a compelling reason not to, geolocation options should be off by default. Provide an obvious sign for children when location tracking is active. Options which make a child’s location visible to others must default back to ‘off’ at the end of each session.
- Parental controls – give child age appropriate information about parental controls being used, where applicable. Provide an obvious sign to the child if and when they are being monitored.
- Profiling turned off –unless there is a compelling reason not to, options which use profiling should be off by default. Only allow profiling if you have appropriate measures in place to protect the child from any harmful effects (e.g. don’t feed content that is detrimental to their health or wellbeing).
- Nudge techniques – do not use techniques aimed at encouraging children to provide unnecessary personal data.
- Connected toys and devices –if you provide a connected toy or device ensure you include effective tools to enable conformance to the Children’s Code
- Online tools – provide prominent and accessible tools to help children exercise their data protection rights and report concerns.
In addition to the reminder issued about compliance, the ICO has also opened a consultation calling for organisations to become so-called transparency champions. The consultation is open to anyone who is committed to designing projects using privacy information in ways that are easy for children to engage with, or has ideas or examples of privacy designs that meet the Children’s Code transparency standard.
The ICO would “like to hear from online services, children’s rights advocates, designers, academics and anyone else working to deliver our vision to place the best interests of children at the heart of the online world” and invite participants to submit ideas before 23.00 pm on Friday 30 April 2021.
In addition to consulting the market, the ICO is using feedback from organisations and sector-specific events and discussions, to assess whether there are further requirements for tailored guidance and support, to supplement existing resources on the Children’s Code.
Ensuring Trust in Innovation
Elizabeth Denham (ICO) spoke at the Oxford Internet Institute on 3 March 2021 and two particular comments highlight the importance of organisations’ compliance with the Children’s Code and the transformative impact it is likely to have:
“The Code is an important piece of work in protecting children. In the coming decade, I believe children’s codes will be adopted by a great number of jurisdictions and we will look back and find it astonishing that there was ever a time that children did not have these mandated protections.”
“There is a more fundamental point here too: if we have a generation who grow up seeing digital services misuse their personal data, what does that do to their trust in innovation in the future?”
The Children's Code will be the first of its kind and is expected to become an international benchmark.
For more information, please contact Tanya Wilkie.
2020: Influencer, 2021: Creative Director – what could go wrong?
Coded messages for landlords and tenants
“What does the code of practice mean for landlords and tenants? Read more here”
Jason Saiban writes for Food Manufacture on the food industry's climate change challenge
The key challenge will be how the environmental targets are actually met.
Grab the tail by the horns - Why is tail spend so critical in today’s outsourced portfolio?
It’s usually invisible, but in all likelihood, you’ve got tail spend.
Mark Hill writes for In-House Community Magazine on solutions templating, a new priority for in-house legal teams
Removing the burden from legal teams, contract managers and administrators.
Olivia Crane quoted by SoGlos on the increasing issue of cyber fraud being faced by businesses in Gloucestershire
Cyber fraud has cost Gloucestershire businesses around £369,800 in the last 13 months.
Tattoos, athletes and image rights
Campaigns featuring athletes often include visible tattoos and a number of recent legal cases demonstrate the issues that may arise.
Food Sector steps up on climate goals
Blue Sky Linking
Daniel looks at Sky's recent success in obtaining interim protection from infringement of their broadcast rights
Don’t Gamble on Bingo Ads, Warns ASA
The ASA has issued a reminder to advertisers that bingo adverts will be treated as gambling ads for the purpose of standards regulation.
Recording Phone Calls: Don’t take Consent for Granted
What if an interviewee who is being called and interviewed “live” does not actually know he/she is on live television?
Continuing Progress in the Sphere of Inclusive and Non-Discriminatory Advertising
The latest developments from the ASA, CAP and BCAP relating to the advertising regulators’ attempts to tackle discrimination in advertising.
eCommerce and the Post-Brexit State of Play
Key UK and EU legislation governing how online platforms deal with consumers and their business users.
UK and EU launch two-pronged attack into whether Facebook is abusing a dominant market position
The CMA and the European Commission have said that they intend to work together closely as their respective investigations develop.
Jason Saiban and Caroline Swain among contributors to the ICLG Guide on Digital Business Laws and Regulations in the UK
An overview of the laws and regulations for digital businesses operating in the UK.
Draft Online Safety Bill: Regulating the online world
On 12 May 2021, the UK government published the draft Online Safety Bill...
Counterfeit goods – online platforms and luxury brands take a new collaborative approach
Online retail has been increasing for the best part of a decade due to a shift in consumer behaviour.
Charles Russell Speechlys proud to sponsor the ‘Outstanding Achievement’ award at the final Sunday Times Virgin Fast Track 100 awards
The awards celebrated the successes of Britain’s 100 private companies with the fastest-growing sales.
New foreign ownership rules take effect on 1 June 2021
Trade Marks - what is bad faith?
In any legal dispute, the term ‘bad faith’ is often banded about.