ICO’s Children’s Code and Ethical Child Data Protection

In today's digital age, children are more connected than ever. While this connectivity opens doors to invaluable resources and opportunities, it also exposes young minds to risks concerning their personal data. For businesses operating or planning to operate in the UK, navigating the regulations surrounding children's data protection is not only essential for data protection compliance but also is an ethical responsibility. 

The UK's Information Commissioner’s Office (ICO) Children’s Code is at the forefront of these regulations. FIRST PRIVACY is here to provide comprehensive guidance and support, helping your business to thrive while respecting the privacy of the youngest members of society.

What is the ICO Children's Code?

Formally known as the Age Appropriate Design Code, the ICO Children's Code is a set of 15 standards designed to protect children’s personal data when they engage with online services. The code serves as an extension of the Data Protection Act 2018 and the GDPR, tailoring them to the context of children using digital services.

Noteworthy Provisions

Some of the key standards in the Children’s Code include:

  • Best interests of the child:
    When designing and developing online services that children may access, their best interests must be a primary consideration.
  • Age-appropriate application:
    Different age brackets have different needs, so businesses need to understand who are their users and how to effectively ensure their rights.
  • Data minimization:
    Collect and retain only the necessary personal data.
  • Geolocation:
    Geolocation features should be off by default in children’s accounts.
  • Transparency:
    Information regarding privacy must be clear and age-appropriate.
  • Nudge techniques:
    Refrain from using nudge techniques to push children towards providing unnecessary data or compromising privacy settings.

What Businesses Need to Keep in Mind

Complying with the Children's Code is essential for businesses that are likely to have children among their users. Here are three key points to bear in mind:

  • Scope:
    The code applies not only to services explicitly directed towards children but also to general services that are likely to be accessed by children. This might be broader than what you initially anticipate.
  • International relevance:
    Even if your company is based outside the UK, if you are providing services to users in the UK, compliance with the Children’s Code is obligatory.
  • Non-compliance consequences:
    The ICO can impose significant fines for non-compliance. Your reputation as a child-friendly service provider is also at stake.

Your Partner in Privacy Compliance 

FIRST PRIVACY understands the nuances of the Children’s Code and the significance it holds for businesses. Our team of experts is adept at tailoring strategies to ensure that your business is not only compliant but also positioned as a leader in child data protection.

We offer:

  • Comprehensive assessments of your current data protection practices;
  • Tailored action plans to ensure compliance;
  • Ongoing support to keep you abreast of regulatory changes.

Navigating the complexities of the ICO Children’s Code on top of the regular rules on data protection need not be a daunting challenge. With FIRST PRIVACY by your side, you can confidently offer your services in the UK, knowing that you are upholding the highest standards of data protection for children. This commitment will not only protect your business from regulatory repercussions but also earn the trust and loyalty of your customers.

Fábio Cavalcante

Fábio Cavalcante, LL.M.

Senior Privacy Counsel

Email: fcavalcante@re-move-this.first-privacy.com

Phone: +49 421 69 66 32-886