Are children using the Internet or are they using it? – ICO Age Appropriate Design Code – Privacy – UK

UK Are children using the Internet or are they using it? – Appropriate design code for ICO age

All you need to do is subscribe to to publish this article.

UK Information Privacy Regulator, ICO, has published the latest version of the appropriate age code (Children’s Code). This will already be known to those who will revise the draft after consulting with industry and consumers in 2019. Approved to celebrate 12 months transition period.

What and what?

The Children’s Code applies to information community services (under 18) for children to access. Recognizing the growing role of the digital world in the lives of young people, it puts them at risk. In some cases, it has been developed in accordance with the requirements of the 2018 Data Protection Act to develop a series of code of conduct to assist organizations enforce privacy laws.

Types of services that can be covered by children’s code include many types of websites, including apps, search engines, social media platforms, online messaging or Internet-based voice telephone services, online shopping, content streaming services (video, music or gaming services). , Online games, news or educational websites. If their services are directed to UK users or monitor their behavior, providers should not be UK-based.

The code does not apply to prevention or counseling services (although they include general health and fitness applications), distribution, and most online public services.

The boundaries are not always clear, and it is safer to assume that a service is covered where there is doubt.

Fifteen steps

Fifteen flexible standards are placed at the core of the Children’s Code.

These are:

  1. Of The best interests of the child It should be the first consideration when designing and developing online services that are accessible to a child. This concept is derived from international law and covers a wide range of topics regarding the safety and security of children. The Children’s Code recognizes conflicting interests and complexities, and may need the advice of outside experts.
  2. Data protection impact assessments. The Children’s Code recommends that organizations
    Must Enter the DPI in any new online service design that is accessible to children.
  3. Age-appropriate application. The Children’s Code divides children into five age groups and recommends that organizations analyze the impact on these groups individually. From self-declaration to low risk, there are a number of different methods for establishing age to use “strong identities” such as passports.
  4. Transparency. Privacy and other information provided to users must be concise, concise, and in plain language appropriate for the child’s age.
  5. Harmful use of data. Organizations are advised not to use children’s personal information in a manner that is detrimental to their safety or that violates industry rules, other regulations or government advice. This may include encouraging the use of drugs or alcohol, or using strategies such as self-play behaviors to prolong user involvement.
  6. Organizations must abide by their terms, Policies and community standards Such as privacy policies, age limits, code of conduct and content policies.
  7. Must be settings ‘High Privacy’
    By default, Unless an organization can justify a particular default setting considering the best interests of the child.
  8. Data reduction. Organizations must collect and retain only the small amount of personal information needed to provide the services that a child is actively and knowingly engaged in. For example, searching for music tracks for download is part of the service, and recommendations based on previous searches are different. Different choices must be made for each ingredient.
  9. Data sharing. Unless an organization can show good reason for doing so, disclosing the child’s information should be avoided.
  10. Topography Options must be turned off by default unless the organization can show a valid reason for the geolocation to be enabled by default. Children should be able to see when location tracking is active.
  11. Where Parental Controls Given, organizations must provide appropriate information to the child. If parents or caregivers are able to monitor the child’s online activity, the child should be able to see during the follow-up.
  12. Options to use Profile Unless there is a compelling reason to do so, it should be changed to “off” by default. For example, only identification should be used where it is necessary to protect the child – for example, to prevent them from consuming harmful substances.
  13. Organizations should stay away Melting methods To guide or encourage children to provide unnecessary personal information or to violate privacy practices.
  14. Providing organizations Connected toys or devices They need to make sure they include effective tools to enable respect for children’s code. Both the doll’s supplier and their business partners must respect the communication aspect of the product.
  15. Children should be able to use popular and accessible
    Online tools To help them exercise their data protection rights and report concerns. As with Standard 3, this is divided into age groups so that service providers can help design different user groups.

A big beast is coming – an online security draft

Those interested in this area will no doubt be aware of the draft online security draft currently being reviewed by the Parliamentary Joint Committee. This extends beyond information privacy issues to children and the general public by placing a wide range of care practices on online content sharing platforms and search service providers. The impact of children’s code on online services can help inform the ongoing debate about how effective online safety can be.

The content of this article is intended to provide general guidance on the subject. Specialist advice should be sought about your special circumstances.

Popular articles on – Privacy from UK

When to use a legal interest assessment


Employers often want to rely on legal interests when processing employee information. But many do not realize that this should include the completion of a legal interest assessment.


Leave a Comment