The Information Commissioner’s Office (ICO) has recently closed its consultation on a draft code of practice for online services accessed by children (the Code).
What is the Code?
The Code provide practical guidance to online service providers on how they can appropriately safeguard children’s personal data in line with data protection law. Online services covered include many apps, programs, search engines, social media platforms, streaming services, news or educational websites and websites offering other goods or services to users over the internet. It is not restricted to services specifically directed at children.
In its current form the Code contains 16 standards of age appropriate design which the ICO describes as “cumulative and interdependent” meaning that all of them must be implemented in order to demonstrate compliance with the Code and the law on which it is based, i.e. the Data Protection Act 2018. The standards cover by way of example: the best interests of the child; transparency; detrimental use of data; default settings; data sharing; and profiling.
How important is it?
As data relating to children is afforded special protection in the GDPR, the ICO makes it clear that monitoring compliance with the Code will be a regulatory priority for them. It will also be taken into account by the courts and tribunals when it is relevant to the proceedings brought before them.
The ICO is currently considering responses to the draft Code before it is sent to the Secretary of State for parliamentary approval. Once in place it will be interesting to see how providers of online resources and apps used by schools will respond to the Code. The threat of ICO regulatory action as well as customer demands for compliance may lead to significant improvements to online services for children.
Although schools are unlikely to be required to comply with this Code, it is important that they check that the apps and websites they use in the classroom will meet the design standards in the Code (where possible). This will ensure that pupils’ data is safeguarded. This could involve looking at the provider’s website which may refer to their preparations to comply with the Code or contacting them directly for assurances.
We will provide a further update on this Code once it is finalised and approved.