At Royds Withy King we are still able to serve all your legal needs during the Coronavirus pandemic. Find out more.

Search our news, events & opinions

Digital security for under 18s: the Children’s Code explained

Author headshot image Posted by , Associate
Contributing authors: Yasmine Qasim

Associate Charlotte Ebbutt summarises the key points of the Children’s Code, the new statutory code of practice aimed at protecting children within the digital world.

Digital security for children

September 2020 marked the introduction of the Information Commissioner’s Office (ICO) Children’s Code (also known as The Age Appropriate Design Code).

This is a statutory code of practice which seeks to protect children within the digital world through the provision of additional safeguards, while still enabling them to benefit from the use of apps, games and websites, all of which routinely gather thousands of data points about them. With this year seeing a dramatic increase in screen time for children, the introduction of this Code is particularly timely.

The data gathered by these platforms can be used to shape the content children see, persuade them to spend more time using the platform, and to target advertisements based on their viewing history. Naturally, major concerns arise in relation to the privacy of children and the need for special protection in how their personal data is used.

The Children’s Code therefore provides additional protection for those under 18. It establishes a set of 15 flexible standards which seek to ensure that the best interests of the child are the primary consideration when designing and developing online services. Some of the key safeguards provided by the Code are:

  • settings must be “high privacy” by default, unless there is a compelling reason not to do so
  • the minimum amount of data should be collected and retained
  • location services should be switched off by default
  • children’s data should not be shared
  • nudge techniques (which encourage users to follow preferred paths) should not be used to encourage children to provide personal data or turn off their privacy settings
  • children who choose to change their default settings must be given the right information and advice before they do so, and their data usage must be protected afterwards.

Which organisations need to comply?

The application of the Code is wide, applying to all organisations providing online services and products likely to be accessed by children up to the age of 18. All major social media and online services used by children in the UK will need to conform. The Code is backed by the GDPR and Data Protection Act 2018 which are regulated and enforced by the ICO. Failure to comply with the Code means that a controller is unlikely to be able to demonstrate that the processing of personal data complies with such legislation. This could lead to enforcement action by the ICO, including the imposition of financial penalties up to 4% of global turnover.

What steps should organisations be taking now?

Although the Code came into force on 2 September 2020, there is a 12 month transition period to allow organisations to make changes to ensure that the 15 standards are incorporated into their design processes and development/upgrade processes. Organisations caught by the Code should review the way in which they use and collect personal data belonging to children and amend their processes to ensure compliance with the Code. This may not necessarily be a straightforward or quick fix, so organisations should be acting now to ensure compliance by the end of the transition period.

To assist organisations throughout the transition, the ICO has launched its Children’s Code Hub which will help and support developers to achieve compliance.

If you need advice on whether your organisation needs to comply with the Code and the steps to take, please contact us on:

0800 923 2073     Email usgdpr.enquiries@roydswithyking.com

Leave a comment

Thank you for choosing to leave a comment. Please keep in mind that comments are moderated and please do not use a spammy keyword or a domain as your name or it will be deleted.

*required*

**required*

*optional*

Corporate & Commercial

Our corporate lawyers will get you the right deal and protect your business, now and in the future.

Learn more

Associate

T: 01865 268 386 (DDI)
Email

Search our news, events & opinions