|We all agree for the need to protect children online|
The Information Commissioner’s Office has opened consultation on 16 standards that online services must meet to protect children’s privacy.
Age appropriate design: a code of practice for online services sets out the standards expected of those responsible for designing, developing or providing online services likely to be accessed by children and which process their data. When finalised, it will be the first of its kind and become an international benchmark.
Introduced by the Data Protection Act 2018, the draft code sets out 16 standards of age appropriate design for online services like apps, connected toys, social media platforms, online games, educational websites & streaming services. It is not restricted to services specifically directed at children.
The draft code says that the best interests of the child should be a primary consideration when designing and developing online services. It says that privacy must be built in and not bolted on. The code is out for consultation until 31 May. The final version will be laid before Parliament and is expected to come into effect before the end of 2019.
Settings must be “high privacy” by default (unless there’s a compelling reason not to); only the minimum amount of personal data should be collected and retained; children’s data should not usually be shared; and geolocation services should be switched off by default in most circumstances. So-called “nudge techniques” should not be used to encourage children to provide unnecessary personal data, to weaken their privacy settings or carry on using the service longer than they had intended. It also addresses issues of parental control and profiling.Organisations should follow the code and demonstrate that their services use children’s data fairly and in compliance with data protection law. Those that don’t could face enforcement action including fines of up to £17m or 4% of global turnover or orders to stop processing data.