Information Commissioner's Office
Children’s privacy – new standards for online services will help protect children
Today we’re setting out the standards expected of those responsible for designing, developing or providing online services likely to be accessed by children, when they process their personal data.
Parents worry about a lot of things. Are their children eating too much sugar, getting enough exercise or doing well at school. Are they happy?
In this digital age, they also worry about whether their children are protected online. You can log on to any news story, any day to see just how children are being affected by what they can access from the tiny computers in their pockets.
Last week the Government published its white paper covering online harms.
Its proposals reflect people’s growing mistrust of social media and online services. While we can all benefit from these services, we are also increasingly questioning how much control we have over what we see and how our information is used.
There has to be a balancing act: protecting people online while embracing the opportunities that digital innovation brings.
And when it comes to children, that’s more important than ever. In an age when children learn how to use a tablet before they can ride a bike, making sure they have the freedom to play, learn and explore in the digital world is of paramount importance.
The answer is not to protect children from the digital world, but to protect them within it.
So today we’re setting out the standards expected of those responsible for designing, developing or providing online services likely to be accessed by children, when they process their personal data. Age appropriate design: a code of practice for online services has been published for consultation.
When finalised, it will be the first of its kind and set an international benchmark.
It will leave online service providers in no doubt about what is expected of them when it comes to looking after children’s personal data. It will help create an open, transparent and protected place for children when they are online.
Organisations should follow the code and demonstrate that their services use children’s data fairly and in compliance with data protection law. Those that don’t, could face enforcement action including a fine or an order to stop processing data.
Introduced by the Data Protection Act 2018, the code sets out 16 standards of age appropriate design for online services like apps, connected toys, social media platforms, online games, educational websites and streaming services, when they process children’s personal data. It’s not restricted to services specifically directed at children.
The code says that the best interests of the child should be a primary consideration when designing and developing online services. It says that privacy must be built in and not bolted on.
Settings must be “high privacy” by default (unless there’s a compelling reason not to); only the minimum amount of personal data should be collected and retained; children’s data should not usually be shared; geolocation services should be switched off by default. Nudge techniques should not be used to encourage children to provide unnecessary personal data, weaken or turn off their privacy settings or keep on using the service. It also addresses issues of parental control and profiling.
The code is out for consultation until 31 May. We will draft a final version to be laid before Parliament and we expect it to come into effect before the end of the year.
The code was informed by views and evidence gathered from designers, app developers, academics and civil society. You can read the responses here.
We also sought views from parents and children by working with research company Revealing Reality. The findings from that work are published today here.
Our Code of Practice is a significant step, but it’s just part of the solution to online harms. We see our work as complementary to the current initiatives on online harms, and look forward to participating in discussions regarding the Government’s white paper.
Elizabeth Denham CBE was appointed UK Information Commissioner on 15 July 2016, having previously held the position of Information and Privacy Commissioner for British Columbia, Canada.
Latest News from
Information Commissioner's Office
Statement regarding the government’s initial response to Online Harms White Paper consultation13/02/2020 09:10:00
Elizabeth Denham, Information Commissioner, yesterday gave a statement regarding the government’s initial response to Online Harms White Paper consultation.
Joint statement warning FCA-authorised firms and insolvency practitioners to be responsible when dealing with personal data10/02/2020 09:10:00
Joint statement from the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS) (07 February 2020).
ICO celebrates excellence in data protection with third annual award for practitioners05/02/2020 12:25:00
The Information Commissioner is looking for data protection practitioners who have made an outstanding impact within their organisation.
Statement on data protection and Brexit implementation – what you need to do30/01/2020 12:25:00
The UK will leave the European Union on 31 January and enter a Brexit transition period.
ICO launches latest phase of privacy innovation grants programme29/01/2020 12:25:00
Applications are now open for the third round of funding from the Information Commissioner’s Office’s (ICO) grants programme.
Data Protection Day 202028/01/2020 11:43:00
The ICO marked this year’s annual Data Protection Day (27 January 2020) by highlighting data sharing resources and guidance.
ICO statement in response to an announcement made by the Metropolitan Police Service on the use of live facial recognition24/01/2020 15:15:00
In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places.
ICO's blog on its information rights work23/01/2020 16:10:00
Colleagues from the ICO’s access to information and compliance department share their experiences and involvement in raising awareness of our regulation of access to information legislation.