- Annual Conference
- COVID-19 Guidance
- Agency Management
- Agency Remuneration
- Marcoms Procurement
- Marketing Transformation
- Influencer Marketing Management
- Digital & Media
- Policy & Regulation
- The New Normal Series
- Events and Training
- Contact Us
The ICO have published their age appropriate design code.
The code is a set of design standards for internet services intended to help protect the privacy of children online. The Government included provisions in the Data Protection Act 2018 to create world-leading standards that provide proper safeguards for children when they are online.
As part of that, the ICO is required to produce an Age Appropriate Design Code of practice to give guidance to organisations about the privacy standards they should adopt when offering online services and apps that children are likely to access and which will process their personal data. The Code will apply to a wide range of online services including toys which are connected to the internet, apps, social media platforms, online games, educational websites and streaming service and will come into force, subject to Parliamentary approval, by the end of 2021.
ISBA raised significant concerns – alongside organisations such as TechUK – with regard to the previous drafting of the Code both in our response to the previous consultation and in the media. As a result of that the following changes took place:
• Clarification of the need to adopt a risk-based and proportionate approach to age verification
• Clarification of what services are considered to fall within the code because they are “likely to be accessed by children”
• Clarified our approach to enforcement as risk-based and proportionate
• FAQs specific to the media industry
• The introduction of a 12 month transition period – the maximum allowed.
The Code stipulates that setting should be set by default to ‘high privacy’; that only the minimum amount of data needed to provide the service should be collected and retained; that children’s data should not be shared unless there’s a reason to do so that’s in their best interests; and that profiling should also be off by default.
We are working through the document, recognise the improvements made since the first draft, but are keen to further discuss with the ICO how these measures will impact a broad stakeholder base in practice.