The Code is a set of 15 standards that support an online service to build in privacy by design. Any service that is directed to children or likely to attract children needs to comply. This has caused some controversy amongst industry and confusion as to how to define if a service may attract a child. If your online services appeals to children under the age of 18, even if it's not designed for them, you should implement measures to protect them. Age verification, assurance and estimation are all tools to help you know your audience and industry is fast developing user friendly and privacy preserving methods. The GDPR and the Code are risk based so what measures you will need to implement to provide an appropriate experience for children will depend on the nature of the collection and processing of user's personal data. Conducting a data processing impact assessment will help you to understand what data your service collects, map it to a risk and then put the appropriate controls in place.
The UK's Children's Code came into force in September 2021. It has a statutory footing meaning that the UK's data protection authority, the Information Commissioner's Office (ICO) must take it into account when considering compliance with UK GDPR or the Privacy and Electronic Communications Regulations (PECR). A court must also take the Children's Codes into account where relevant, and it could be used in evidence. Fines for noncompliance with the GDPR can be up to 20 million Euros, UK £18.5 million, or 4% of global annual turnover.
The Code is having an impact. Platforms such as Instagram, TikTok and YouTube all implemented changes to comply with some of the Code but not all of it. TikTok turned off notifications for children past bedtime, Instagram disabled targeted adverts for under-18s and YouTube turned off autoplay for teen users.
It's also having an impact globally. In the US, Senator Edward Markey and Representatives Kathy Castor and Lori Trahan sent a letter to the CEOs of Amazon, Facebook, Google, Snapchat, TikTok and Twitter urging them to extend privacy protections required under the United Kingdom's Age Appropriate Design Code (AADC) to children and teens in the United States.
If you are an online service that is directed to children or is likely to attract children it is vital to take the necessary steps to be compliant or risk a hefty penalty, brand damage and a loss of trust and integrity.
Things to keep in mind..
If you follow the standards of the code and bake privacy into your design you will be building brand trust and integrity which in turn supports lifetime value and engagement, a win win.
To keep your business on the right track and avoid hefty penalties, contact our privacy experts today.
PRIVO will support your organization to navigate the complex challenges of the UK's Children's Code.
Work alongside our experts to ensure your services are compliant
while meeting your business or organizational needs.