Authors of GDPR set out new rules for child privacy
The Information Commissioner’s Office has revealed new guidelines for online services which it hopes will better protect children online.
The new document, ‘Age appropriate design: a code of practice for online services’ sets out 16 ‘standards’ for age-appropriate design.
These include broad new guidance such as considering the ‘best interests of the child’, and only using children’s personal ways that do not prove detrimental.
It also includes more specific guidelines, including an end to ‘nudge techniques’, which encourage children to provide unnecessary personal data or extend their use, and geolocation being off by default.
The full code was informed by views and evidence gathered from designers, app developers, academics and civil society. The ICO also sought views from parents and children by working with research company Revealing Reality.
The code will be out for consultation until 31 May, after which the ICO will draft a final version to be laid before Parliament which is expected to be in effect within the year.
“In an age when children learn how to use a tablet before they can ride a bike, making sure they have the freedom to play, learn and explore in the digital world is of paramount importance,” said UK Information Commissioner Elizabeth Denham CBE.
As with the GDPR, the ICO said that companies which do not comply with the code would find it “difficult to demonstrate” that their processing is fair and complies with the new regulation and PECR (Privacy and Electronic Communications Regulations).
Those companies found in serious breach would face a similar fine.
“For serious breaches of the data protection principles, we have the power to issue fines of up to €20 million or 4 per cent of your annual worldwide turnover, whichever is higher,” it warned in the document.