The Age Appropriate Design Code or Children’s Code came into force on the 2 September 2020. It has a twelve-month transition period which means organisations need to conform by 2 September 2021. The Code is a statutory code of practice under the Data Protection Act 2018.
Data protection law recognises that the personal data of children should be given extra care. Children are treated differently in the real world with age restrictions, film ratings, and car seats. They should also be treated differently in the digital world. The Children’s Code seeks to do this by providing a baseline of protection to protect children within the digital world instead of just from it. The Code has put the law relating to children’s personal data into fifteen standards.
In the United Kingdom (UK) one in five people who use the internet are children. Games, apps, and websites can collect data as soon as a child opens or accesses them. The data may include who is using it, when, how frequently, and where from. The data collected can then be used to tailor adverts, mould the material they are encouraged to use or persuade them to spend more time using a specific service.
When personal data can be used to influence the online material children see, it must be made clear by the service. When it comes to children, privacy settings should be set high by default and geo-location services that can reveal the child’s location should be turned off. Notifications and nudge techniques which encourage children to provide more personal data should not be used.
When the Information Commissioner’s Office (ICO) considers whether an online service has complied with its data protection obligations under the General Data Protection Regulation (GDPR), Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 it will take the Children’s Code into account. The Code will be considered when looking at fairness, lawfulness, transparency, and accountability under the GDPR. Services that fail to comply with the Children’s Code may struggle to show that the processing of data is fair under the GDPR which would mean the ICO could take action. The Children’s Code is part of UK data protection law which means it will continue to apply after Brexit.