The Information Commissioner’s Office (ICO) published the Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s privacy.

The code sets out the standards expected of those responsible for designing, developing or providing online services like apps, connected toys, social media platforms, online games, educational websites and streaming services. It covers services likely to be accessed by children.

The code requires digital services to automatically provide children with a built-in baseline of data protection whenever they download a new app, game or visit a website.

That means

• Privacy settings should be set to high by default.
• Location settings that allow the world to see where a child is, should also be switched off by default.
• Data collection and sharing should be minimised
• Profiling that can allow children to be served up targeted content should be switched off by default.

The code standard is based on the General Data Protection Regulation (GDPR) and the code was introduced by the Data Protection Act 2018. Organisations will have 12 months to update their practices before the code comes into full effect which is expected to be by autumn 2021.

The code is the first of its kind, but it reflects the global direction of travel with similar reform being considered in the USA, Europe and globally by the Organisation for Economic Co-operation and Development (OECD).

The regulator has powers to take action against organisations that break the law including tough sanctions like orders to stop processing data and fines of up to £17 million or 4% of global turnover.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.