Information Commissioner's Office
Blog: Protecting children online: update on progress of ICO code
Blog posted by: Elizabeth Denham, Information Commissioner, 07 August 2019.
In April, I blogged about the ICO’s work to help protect children online. I’m pleased to report that my team and I are making good progress on producing a code that will translate General Data Protection Regulation (GDPR) requirements into design standards for online services.
This is a crucial piece of work. Online services play an ever-growing part in our children’s lives, but the internet was not designed for children. Our code aims not to protect children from the digital world, but instead protect them within it.
Our consultation on the proposed code began in April, and prompted more than 450 written responses, as well more than 40 meetings with key stakeholders. We were pleased with the breadth of views we heard. Parents, schools and children’s campaign groups helped us better understand the problems young people can face online, whether using social media services or popular games, while developers, tech companies and online service providers gave us a crucial insight into the challenges industry faces to make this a reality.
It’s notable that for all the responses we had to our consultation, few argued against the need to have a code that truly supports and protects children’s online experiences.
Data sits at the heart of how we can do this. There are many examples of how children’s personal data is used to persuade and cajole them into staying online. It’s used to shape what they see when they’re playing and learning in the digital sphere.
The GDPR already sets out rules on how data can be used and the importance of protecting children. Our code will make the requirements clearer and help designers and developers understand what is expected of them.
We understand that delivering the standards set out in the code will bring challenges for the tech, e-gaming and interactive entertainment industries. There may be shifts in the design processes for online services which make greatest use of children’s data.
This consultation has helped us ensure our final code will be effective, proportionate and achievable.
It has also flagged the need for us to be clearer on some standards.
We do not want to see an age-gated internet, where visiting any digital service requires people to prove how old they are. Our aim has never been to keep children from online services, but to protect them within it. We want providers to set their privacy settings to ‘high’ as a default, and to have strategies in place for how children’s data is handled.
We do not want to prevent young people from engaging with the world around them, and we’ve been quick to respond to concerns that our code would affect news websites. This isn’t the case. As we told a DCMS Select Committee in July, we do not want to create any barriers to children accessing news content. The news media plays a fundamental role in children’s lives and the final version of the code will make that very clear.
That final version of the code will be delivered to the Secretary of State ahead of the statutory deadline of 23 November 2019.
We recognise the need to allow companies time to implement the standards and ensure they are complying with the law. The law allows for a transition period of up to a year and we’ll be considering the most appropriate approach to this, before making a final decision in the autumn. In addition to the code itself, my office is also preparing a significant package to ensure that organisations are supported through any transition period, including help and advice for designers and engineers.
There is no room for companies who decide children’s privacy is a problem that's simply too hard to solve. The standards we are setting out will better explain existing law. The code we are producing has been required by Parliament, and supported by members of Select Committees and the House of Lords. As noted in my previous blog and in the results of our annual track survey, it is clear that there is strong public support for better protection of children’s privacy.
Digital innovation has defined the past twenty years, and improved our lives immeasurably. We’re working hard to produce a code that encourages future creativity and improvement, while protecting the privacy of the tech innovators of tomorrow.
Elizabeth Denham was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.
Latest News from
Information Commissioner's Office
Statement: Live facial recognition technology in Kings Cross16/08/2019 10:10:00
Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in Kings Cross, London.
Blog: Three top issues for town and parish councils15/08/2019 10:15:00
The advent of the GDPR in May 2018 brought new data protection obligations for many organisations. Some of this presented a challenge, particularly for smaller organisations like parish and town councils, who we saw were keen to demonstrate their compliance but needed support to achieve this.
ICO launches consultation on the draft framework code of practice for the use of personal data in political campaigning09/08/2019 14:20:00
The Information Commissioner's Office (ICO) is consulting on a new framework code of practice for the use of personal data in political campaigning.
Fully automated decision making AI systems: the right to human intervention and other safeguards06/08/2019 10:25:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Valeria Gallo, Technology Policy Adviser, discuss some of the key safeguards organisations should implement when using solely automated AI systems to make decisions with significant impacts on data subjects.
ICO joins international signatories in raising Libra data protection concerns05/08/2019 16:25:00
The Information Commissioner’s Office (ICO) has joined data protection authorities from around the world in calling for more openness about the proposed Libra digital currency and infrastructure.
ICO fines boiler replacement company for thousands of nuisance calls made to TPS subscribers05/08/2019 09:10:00
Making it Easy Ltd has been fined £160,000 by the Information Commissioner’s Office (ICO) for making spam calls to people registered with the Telephone Preference Service (TPS).
Blog: People care more about how their personal data is used. But what aspects cause them most concern?01/08/2019 16:10:00
Blog posted by: Elizabeth Denham, Information Commissioner, 31 July 2019.
Royal Free NHS Foundation Trust update, July 201901/08/2019 12:20:00
In July 2017, following reports concerning the use of Google DeepMind’s Streams application at the Royal Free NHS Foundation Trust, the ICO announced that the processing of personal data within Streams was not compliant with the Data Protection Act 1998 – the relevant data protection law at the time.