There's a new code of practice in town and it's all about making online services safer for children, explains Alex Craig, partner and commercial lawyer at Muckle LLP.
How safe are children online? It’s a cause of some anxiety for many parents, especially now, when it seems like everything we do hinges on the ability to access the internet. The majority of us understand that websites, apps, etc. collate our data, and we adjust our privacy and cookie settings to reflect what we are comfortable sharing.
But of course, while teeny tots are often on a tablet or iPad by the age of one, this digital world was not made for kids. Children need to be helped to ensure that their digital experience is as safe as their real world experience.
At home, the onus is on parents to police data use, apply parental controls and set limits to prevent exposure to harmful material. Education provision has also increasingly been enhanced by online services, and many of us will be aware of schools’ efforts to increase child internet safety awareness; think Green Cross Code for online. But where are the speed bumps, the pelican crossings, the lollipop men and women? In other words, are there sufficient safeguards on the internet for children, and what are digital services doing to help?
The new Children’s Code
On 2 September the Information Commissioner’s Office (ICO) announced the arrival of the new Children’s Code (or Age Appropriate Design Code).
It addresses how data protection safeguards should be designed into online services so that they are age appropriate. It aims to make sure that online apps, games and other products ensure the security and privacy of children up to age 18.
Elizabeth Denham, Information Commissioner, says: “This code makes it clear that kids are not like adults online and their data needs greater protections. We want children to be online, learning and playing and experiencing the world, but with the right protections in place.” Organisations now have until 2 September 2021 to comply and put children’s privacy at the heart of their design.
How does it work?
The ICO highlights how the internet has not been designed for children. That’s why the code breaks new ground, as it is regulatory guidance focused on a ‘by design approach’. Applying the code means that the different needs of children, at different ages and stages of development, should be at the heart of how organisations design their digital experiences.
The code sets out 15 standards for designers of online services and products and how they should comply with data protection law. The code will require digital services to automatically provide children with a built-in baseline of data protection whenever they download a new app, game or visit a website. For example:
-High privacy settings need to be provided by default.
-Geolocation privacy settings should be switched off by default.
-Nudge techniques should not be used to encourage children to activate options that mean they turn off privacy protections.
Is your business affected?
The code is risk based and therefore will not affect all organisations in the same way. Businesses that design, develop or provide online services like apps; connected toys; social media platforms; online games; educational websites; or streaming services that use, analyse and profile children’s data, will likely have to do more to comply. The ICO says that: “Organisations should conform to the code and demonstrate that their services use children’s data fairly and in compliance with data protection law.”
Will the internet ever be childproof? Nobody is claiming the new code is a child internet safety catch-all, but it is a positive step in the right direction.
Remote learning has been just as important for children as remote working has been for adults throughout COVID-19. The last few months have amplified how important digital services are and that is set to continue for good.
So if you think your business might be affected by the code, it’s best to review your practices during the transition period and get ready for the new rules being enforced from next September.