What are the child protection measures tech firms must follow by next year?

2 September 2020, 00:04

Girl using a laptop
What are the child protection measures tech firms must follow by next year? Picture: PA

Companies have 12 months to ensure they adhere to the data regulator’s Age Appropriate Design Code.

Firms have been told they have a year to ensure their services make protection of children’s data a priority or face enforcement action including fines.

The Information Commissioner’s Office’s (ICO) Age Appropriate Design Code instructs companies to follow 15 measures, but what are they?

1. Best interests of the child

This should be a primary consideration when designing and developing online services likely to be accessed by a child.

2. Data protection impact assessments

Firms should “assess and mitigate risks to the rights and freedoms of children” who are likely to access an online service, which arise from data processing.

They should take into account ages, capacities and development needs.

Children
The Information Commissioner has called the measures ‘transformational’ (Ian West/PA)

3. Age-appropriate application

A “risk-based approach to recognising the age of individual users” should be taken.

This should either establish age with a level of certainty that is appropriate to the risks to the rights and freedoms of children that arise from data processing, or apply the standards in this code to all users instead.

4. Transparency

Privacy information provided to users “must be concise, prominent and in clear language suited to the age of the child”.

5. Detrimental use of data

Children’s personal data must not be used in ways that have been “shown to be detrimental to their wellbeing, or that go against industry codes of practice, other regulatory provisions or Government advice”.

6. Policies and community standards

Uphold published terms, policies and community standards.

ICO
Privacy settings should be set to high by default, the code states (Yui Mok/PA)

7. Default settings

Settings must be set to “high privacy” by default.

8. Data minimisation

Collect and retain “only the minimum amount of personal data” needed to provide the elements of the service in which a child is actively and knowingly engaged.

Give children choices over which elements they wish to activate.

9. Data sharing

Children’s data must not be disclosed, unless a compelling reason to do so can be shown.

10. Geolocation

Geolocation tracking features should be switched off by default.

Provide an “obvious sign for children when location tracking is active”.

Options which make a child’s location visible to others must default back to off at the end of each session.

11. Parental controls

Children should be provided age-appropriate information about parental controls.

If an online service allows a parent or carer to monitor their child’s online activity or track their location, provide an “obvious sign to the child when they are being monitored”.

12. Profiling

Switch options which use profiling off by default.

Profiling should only be allowed if there are “appropriate measures” in place to protect the child from any harmful effects, such as content that is detrimental to their health or wellbeing.

13. Nudge techniques

Do not use nudge techniques to “lead or encourage children to provide unnecessary personal data or weaken or turn off their privacy protections”.

14. Connected toys and devices

These should include effective tools to ensure they conform to the code.

15. Online tools

Children should be provided with prominent and accessible tools to exercise their data protection rights and report concerns.

By Press Association

More Technology News

See more More Technology News

Person in yellow coat using smartphone on a train

Spyware accessing phone audio and cameras for data ‘of use to China’, NCSC warns

A woman’s hands on a laptop keyboard.

Majority of AI firms working on unhelpful ‘generic’ tools, think tank says

Bafta Games Awards 2025

Astro Bot sweeps Bafta Game Awards with five wins

A detailed new scan of the Titanic has revealed the ship's haunting final hours.

Scan reveals Titanic's final hours in ground-breaking discovery

Sabrina Carpenter's Fortnite avatar (Epic Games/PA)

Sabrina Carpenter joins Fortnite universe as Festival icon

The tools mean the accounts of under-16s are heavily restricted by default (Alamy/PA)

Meta expands Instagram parental controls and brings them to Facebook

a biotech start-up has announced the animals had been brought back to life

Dire wolf extinct for 12,500 years 'brought back to life', scientists claim

A server room in a data centre

Energy and tech giants to meet Government over plans to power UK AI

A message on an iPhone in London warning that Apple can no longer offer Advanced Data Protection to its customers in the UK

Home Office loses bid to keep Apple legal challenge private

Metro Bank website

Metro Bank launches AI-powered scam detection tool

Esther Ghey

Brianna Ghey’s mother considers parent of her daughter’s killer ‘a friend’

Molly Russell

Meta and Pinterest understood to have made donations to Molly Russell charity

TikTok is set to be banned in the United States later this week unless a buyer emerges.

Trump grants TikTok another extension, avoiding US ban, as he says deal to sell app is 'very close'

A TikTok logo on a phone

Q&A: Will TikTok be banned in the US this weekend?

TikTok logo on a phone

Trump says TikTok deal ‘very close’ as deadline looms

A child’s hand pressing a key of a laptop keyboard

Charity ‘appalled’ at reports online safety laws could be cut for US trade deal