The Children’s Code (the Code) comes into force on 2 September 2021 with the transition year expiring, and is set to change the way children access the internet. Specifically, the code seeks to make the internet and online services that children are likely to access to respect the rights and freedoms of children when using their personal data.
What is the Code?
The Children’s Code (or the Age Appropriate Design Code) is a code that contains standards that online services must follow. There are 15 standards and apply to online services children are more likely to access. The aim of the code is to protect children’s online data when using online services.
Online services is an umbrella term that can include several services ranging from games, to apps, to new services and devices that connect to the internet.
The 15 standards outline how compliance with the Code can be achieved and what to consider when providing online services that children are either accessing or likely to access. Measures must be implemented where applicable should an online service fall within the scope of the Code and meet the 15 standards.
Who and when does the Code apply?
As mentioned above, the Code is going to apply to those who provide online information services likely to be accessed by children. These can also be referred to as information society services (ISS). An ISS can be defined as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”
Therefore, ISS will include services like:
- Content streaming services (such as gaming, music, or video services)
- Online games
- News or educational websites
- Social media platforms
- Search engines
- General websites offering goods and services over the internet
If a service is likely to be accessed by a child, or if the service is targeted for children as the main user, then the Children’s Code is going to be applicable. For the purposes of the Children’s Code, an individual under the age of 18 shall be considered as a child.
The Code does not only apply to UK-based companies but any company that processes the personal data of UK children.
If the Code applies, how can compliance be demonstrated?
The Children’s Code adds an extra layer of protection for the personal data of children. It does not replace previous outstanding data protection measures or legislation in place. Compliance with the Code will be in conjunction with the Data Protection Act 2018, as well as the UK General Data Protection Regulation (UK GDPR). Therefore, an individual or organisation will have to comply with the obligations of each data protection legislation or measures in turn. There may however be an overlap.
In order to comply with the Code, an individual or organisation will have to consider implementing the following where appropriate:
- Checking the age of individuals who visit their website, download their app(s) or game(s)
- Mapping the amount of personal data that has been collected from UK children
- Switching off geolocation services that track where in the world the visitors of a certain ISS as a default
- Not using nudging techniques in an attempt to encourage children to provide more personal data than what is necessary
- Not using children’s personal data in a way that has been demonstrated as detrimental to their wellbeing or in ways that go against industry codes of practice
- Provisions in place in order to provide a higher level of privacy by default