What are the standards designed to protect children’s data and privacy online?

2 September 2021, 00:04

Child using a laptop
Time children spend online. Picture: PA

We explain what the 15 Age Appropriate Design Code standards are.

Tech giants have had a year to ensure their platforms make protection of children’s data a priority or face enforcement action, including fines.

Now the deadline for complying has been reached, firms must follow 15 standards set out by the Information Commissioner’s Office’s (ICO) Age Appropriate Design Code – but what are they?

1. Best interests of the child

This should be a primary consideration when designing and developing online services likely to be accessed by a child.

So firms will have to consider how to keep children safe from exploitation risks, and support their health and wellbeing, among others.

2. Data protection impact assessments

Firms should “assess and mitigate risks to the rights and freedoms of children” who are likely to access an online service, which arise from data processing.

They should take into account ages, capacities and development needs.

Children
The Information Commissioner has called the measures ‘transformational’ (Ian West/PA)

3. Age-appropriate application

A “risk-based approach to recognising the age of individual users” should be taken.

This means companies should establish the age range of the individual user, so that protections and safeguards can be tailored.

4. Transparency

Privacy information provided to users “must be concise, prominent and in clear language suited to the age of the child”.

5. Detrimental use of data

Children’s personal data must not be used in ways that have been “shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice”.

6. Policies and community standards

Companies must uphold their own published terms, policies and community standards.

ICO
Privacy settings should be set to high by default, the code states (Yui Mok/PA)

7. Default settings

Settings must be set to “high privacy” by default.

8. Data minimisation

Collect and retain “only the minimum amount of personal data” needed to provide the elements of the service in which a child is actively and knowingly engaged.

Give children choices over which elements they wish to activate.

9. Data sharing

Children’s data must not be disclosed, unless a compelling reason to do so can be shown.

10. Geolocation

Geolocation tracking features should be switched off by default.

An “obvious sign for children when location tracking is active” should also be provided.

Options which make a child’s location visible to others must default back to “off” at the end of each session.

11. Parental controls

Children should be provided age-appropriate information about parental controls.

If an online service allows a parent or carer to monitor their child’s online activity or track their location, provide an “obvious sign to the child when they are being monitored”.

12. Profiling

Profiling is used for things such as advertising and the code says that these should be switched off on accounts belonging to children by default.

It will only be allowed if there are “appropriate measures” in place to protect the child from any harmful effects, such as content that is detrimental to their health or wellbeing.

13. Nudge techniques

Do not use nudge techniques to “lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections”.

This means things like a pop-up asking whether a person wishes to proceed, making the “yes” button overly prominent while the “no thanks” button is much smaller.

14. Connected toys and devices

These should include effective tools to ensure they conform to the code.

15. Online tools

Children should be provided with prominent and accessible tools to exercise their data protection rights and report concerns.

By Press Association

More Technology News

See more More Technology News

Sam Thompson using an Echo device to support living with ADHD

Amazon launches campaign to show how Alexa can support those with ADHD

Microsoft introduced the AI assistant button

More funding needed for women-led AI start-ups, report says

Westminster

MPs shown Scottish-made ‘unicorn’ satellite at committee meeting

Facebook staff lay offs

Former Meta HQ in London to become science and tech hub

A Nationwide Building Society sign

Nationwide Building Society launches British Sign Language service

Cyber threat report

UK in ‘better position’ against cyber attacks, but most businesses not resilient

Drone

Flying taxis could take off in two years under Government drones plan

Supermarket technical issues

Tesco and Sainsbury’s hit with technical issues on same day

Apple logo in window of store

Norfolk County Council secures settlement as Apple agrees £384m lawsuit payment

Civil Service roles to relocate

Whitehall lacks the skills to implement AI, says National Audit Office

Laptop under cyber attack

Health board hit by cyber attack with ‘significant quantity’ of data at risk

Children and violent online content

Encountering violent online content starts at primary school – Ofcom

Bitcoin

Australian computer scientist is not Bitcoin founder Satoshi, High Court rules

Google website

Google starts rollout of restrictions on AI as key global election year looms

The gov.uk website

NHS and Government websites should be made free of data charges, ministers told

Schools minister Damian Hinds

Getting a mobile phone ‘a rite of passage’ for children, says schools minister