The Information Commissioner’s Office (ICO) Age Appropriate Design Code (Code) applies to “relevant information society services which are likely to be accessed by children” in the UK.
Examples of such services include apps, programs, connected toys and devices, search engines, social media platforms, streaming services, online games, news or educational websites and websites offering other goods or services to users over the internet. The Code contains 15 key standards of age appropriate design that must be followed by companies to support the safeguarding and fair processing of any child's personal data when using such services.
The Code is one of four statutory codes that the Information Commissioner is required to prepare under the Data Protection Act 2018 (DPA). The ICO's website provides background to the Code and sets out each of the 15 key standards in further detail. Having been laid before Parliament, the Department of Digital, Culture, Media and Sport has now published an explanatory memorandum in respect of the Code (Memorandum).
The Memorandum describes the 15 key standards set out in the Code as not being “technical standards”, but rather “a set of technology-neutral design principles and practical privacy features”. The aim of the standards is to provide “default settings” that minimise data collection and use, by default, whilst still providing children with the “best possible access” to information society services. Whilst children's best interests are the primary focus of the Code, the standards will seek to “respect the rights and duties of parents and the child’s evolving capacity to make their own choices.”
The Memorandum includes information as to the implementation and ongoing review of the Code. In particular, the Memorandum states that:
- There will be a 12-month transition period from the date the Code comes into force
- The ICO is currently preparing appropriate support for online service providers to assist them in complying with the incoming Code
- An assessment by the ICO as to the economic impact that the introduction of the Code is likely to have is also taking place prior to the Code passing through Parliament and
- Under the DPA, the Information Commissioner is required to keep the Code under review and so the ICO has also committed to undertaking a review of the efficacy of the Code one year after it comes into force
Following a significant upturn in the use of online services by children as a result of the COVID-19 pandemic, the Code will play an important role in ensuring that children's personal data is safeguarded and processed fairly when using such services. Businesses that offer online services accessed by children should continue to monitor the Code’s progress and be prepared to make necessary changes to ensure that such services comply with the Code’s headline standards.
Beverley Flynn