The ICO announced the launch of the “Children’s Code” earlier this year, aimed at protecting their data. For the purposes of this code, children are deemed to be aged under 18 (previous age limits under the GDPR have been 13 or, in some countries, 16).
The code sets out 15 standards for designers of online services and products aimed at children, setting out how they should comply with data protection law in a way that is age-appropriate for the children using their services. The code will require digital services to automatically provide children with a built-in baseline of data protection whenever they download a new app, game or visit a website. Businesses providing services to children online have a year to comply with the code and put children’s data protection “at the heart” of their online platform design.
The code is risk-based, so that it does not apply in the same way to each business, service or platform. Some of the businesses likely to be affected will be trade associations in the gaming, video streaming, social media and connected toys sectors, as well as social media platforms. The ICO is encouraging businesses providing online services aimed at children to get in touch and apply for places in its free regulatory sandbox so that they benefit from the ideas and mechanisms discussed and trialled and are helped to develop age appropriate practices and technological or design safeguards.
This is the first action taken by the ICO to formalise a code relating to children’s personal data and by the Information Commissioner’s own admission; “A generation from now, we will all be astonished that there was ever a time when there wasn’t specific regulation to protect kids online. It will be as normal as putting on a seatbelt.”