What are the standards designed to protect children’s data and privacy online?

2 September 2021, 00:04

Child using a laptop
Time children spend online. Picture: PA

We explain what the 15 Age Appropriate Design Code standards are.

Tech giants have had a year to ensure their platforms make protection of children’s data a priority or face enforcement action, including fines.

Now the deadline for complying has been reached, firms must follow 15 standards set out by the Information Commissioner’s Office’s (ICO) Age Appropriate Design Code – but what are they?

1. Best interests of the child

This should be a primary consideration when designing and developing online services likely to be accessed by a child.

So firms will have to consider how to keep children safe from exploitation risks, and support their health and wellbeing, among others.

2. Data protection impact assessments

Firms should “assess and mitigate risks to the rights and freedoms of children” who are likely to access an online service, which arise from data processing.

They should take into account ages, capacities and development needs.

The Information Commissioner has called the measures ‘transformational’ (Ian West/PA)

3. Age-appropriate application

A “risk-based approach to recognising the age of individual users” should be taken.

This means companies should establish the age range of the individual user, so that protections and safeguards can be tailored.

4. Transparency

Privacy information provided to users “must be concise, prominent and in clear language suited to the age of the child”.

5. Detrimental use of data

Children’s personal data must not be used in ways that have been “shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice”.

6. Policies and community standards

Companies must uphold their own published terms, policies and community standards.

Privacy settings should be set to high by default, the code states (Yui Mok/PA)

7. Default settings

Settings must be set to “high privacy” by default.

8. Data minimisation

Collect and retain “only the minimum amount of personal data” needed to provide the elements of the service in which a child is actively and knowingly engaged.

Give children choices over which elements they wish to activate.

9. Data sharing

Children’s data must not be disclosed, unless a compelling reason to do so can be shown.

10. Geolocation

Geolocation tracking features should be switched off by default.

An “obvious sign for children when location tracking is active” should also be provided.

Options which make a child’s location visible to others must default back to “off” at the end of each session.

11. Parental controls

Children should be provided age-appropriate information about parental controls.

If an online service allows a parent or carer to monitor their child’s online activity or track their location, provide an “obvious sign to the child when they are being monitored”.

12. Profiling

Profiling is used for things such as advertising and the code says that these should be switched off on accounts belonging to children by default.

It will only be allowed if there are “appropriate measures” in place to protect the child from any harmful effects, such as content that is detrimental to their health or wellbeing.

13. Nudge techniques

Do not use nudge techniques to “lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections”.

This means things like a pop-up asking whether a person wishes to proceed, making the “yes” button overly prominent while the “no thanks” button is much smaller.

14. Connected toys and devices

These should include effective tools to ensure they conform to the code.

15. Online tools

Children should be provided with prominent and accessible tools to exercise their data protection rights and report concerns.

By Press Association

More Technology News

See more More Technology News

Instagram Take A Break feature

Instagram will now tell users when to take a break from the app

Molly Russell

Molly Russell coroner challenges social media firms to help make internet safer

WhatsApp Disappearing Messages

WhatsApp expands disappearing messages tool

A young girl uses TikTok on a smartphone

Euro 2020 and sea shanties among TikTok’s highlights of the year

The Duke of Cambridge

William records audio walking tour for Apple

Virgin Media sign

Virgin Media TV services restored after power outage

Child on laptop

Social media a ‘conveyor belt’ for child abuse images, says NSPCC

Astronaut Tom Marshburn replaces a broken antenna (Nasa/AP)

Spacewalking astronauts avoid debris as they repair antenna

Virgin Media headquarters in Reading

Virgin Media customers unable to access some channels 10 hours after outage

Virgin Media sign

Virgin Media hit by TV service outage

Person using laptop

Christmas shoppers warned over fake online reviews

NHS app

NHS App is most downloaded free iPhone app this year


Tesla officially moves headquarters from California to Texas

Broadband research

Which street in the UK has the slowest broadband?

Laptop stock

Women’s safety campaigners launch petition to bolster Online Safety Bill

MI6 Chief Richard Moore speaks at the International Institute for Strategic Studies, London

Chinese spies are targeting the UK, warns MI6 chief