The UK’s ‘Children’s Code’ is, globally, the first statutory code of practice for the data protection of young people online. The Age Appropriate Design Code, as it’s officially known, was introduced by the Information Commissioner’s Officer (ICO) in September 2020, granting businesses one year to adhere to its rules. Originating from concerns surrounding children’s privacy, inappropriate advertising, and strategies to keep children online, it offers children greater privacy for their personal data, and commands companies to amend features which take advantage of children’s data and, subsequently, expose them to risks online. This advanced legislation grants, for the first time, that the digital sphere must have different rules for children – it needs to honour their rights, guarantee their privacy and nurture their mental wellbeing, particularly in a time where more and more children are suffering online.
How does it work?
Online companies which target children must conform to a set of regulations to ensure online safety, including providing a high level of ‘privacy by default’ and they must monitor the personal data they collect from young people. Other rules include designing services to be age appropriate, and determining whether their own use of children’s data ensures child safety from both commercial and sexual exploitation.
The UK’s movements represent a broader scheme by global governments to try to limit the power of Big Tech and reduce their power. Ben Greenstone, founder of Taso Advisory, identifies the issue of online child safety as one which should’ve been tackled years ago, and now must be tackled worldwide, “if you’re already making changes in the UK, just do it globally – it doesn’t change your service.”
The ways in which different companies will adhere to the Children’s Code depend on the service they provide. YouTube will remove auto-play on videos, and block ad targeting and personalisation for all children, whilst Instagram will look to intercept adults messaging children who do not follow them, and will default all child accounts to private. Alternatively, TikTok will terminate sending notifications after 9pm to 13-15 year olds, and 10pm to 16-17 year olds, in a bid to reduce pressure to make children stay online.
Will there be penalties for not following the Children’s Code?
Companies found to be contradicting the Children’s Code will face the same penalties as those who breach the General Data Protection Regulation, including a fine of up to 4% of their global turnover. Furthermore, the watchdog can endow orders banning data processing, therefore apps that choose to defy the Children’s Code put themselves at risk of “regulatory bumps or worse”. As with GDPR, at first there will be assistance rather than sanctions, but the ICO will have the power to investigate companies which it deems to be non-compliant – and its powers are rather extensive. The ICO has the capacity to fine infringers up to 17.5 million, or, as previously mentioned, up to 4% of their annual turnover – whichever is higher.
The new Children’s Code looks to solve the problems caused by permitting young people total online freedom, in a environment not specifically designed for their use. Whether or not companies will quietly, straightforwardly comply with the ICO’s rules will be seen in due course.