A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Download PDF Print page
Published 7 September 2021
On 2 September 2021, the ICO’s Age Appropriate Design Code for Online Services (the “Code”) came into force. Elizabeth Denham, the Information Commissioner, explains that its aim is to ensure that online providers create a safe space for children to learn, explore and play, not by seeking to protect children from the digital world, but by protecting them within it.
Those who are firmly within the scope of the Code, such as social media sites, will already be familiar with its requirements. However, it is important for all organisations to be aware of the Code’s scope as it is not restricted to services specifically aimed at children.
The Code applies to “information society services likely to be accessed by children” [emphasis added] in the UK (a child being anyone under the age of 18 years old). This includes the vast majority of online services used by children, including many apps, programs, connected toys and devices, search engines, social media platforms, streaming services, online games, news or educational websites and websites offering other goods or services to users over the internet. Therefore, organisations who do not target services at children may find themselves within its scope.
No doubt, you will already be aware if your organisation intends to target its services at children. But when will a service be deemed “likely” to be accessed by children? The Code states that “for a service to be ‘likely’ to be accessed, the possibility of this happening needs to be more probable than not”. When considering if your organisation meets this threshold, you should consider:
The Code is a “statutory code” prepared under the Data Protection Act 2018. As a statutory code, the ICO and courts must take it into account when considering enforcement action.
The Code is not new law, but sets out how the requirements of the UK GDPR (and other legislation such as PECR) apply in the context of information society services likely to be accessed by children. It requires those in scope to put the best interests of the child first when they are designing and developing services that are likely to be accessed by them.
The Code sets out 15 flexible standards:
We recommend that all online organisations review their operations and consider the scope of the Code.
For further information, please contact Jade Kowalski.
London - Walbrook
+44(0)20 7894 6744
By Jade Kowalski, Stuart Hunt
By Jade Kowalski, Florence Cathcart
By Alexander Dimitrov, Tim Ryan
By Jade Kowalski, Nadia Belkacemi
By Jade Kowalski, Christopher Air, Omar Kamal
By Jade Kowalski, Omar Kamal
By Jade Kowalski, Holly Eastwood
By Astrid Hardy, Alexander Dimitrov
By Charlotte Halford, Holly Eastwood
By Charlotte Halford
By Darryn Hale, David Hill, Sophie Devlin
By Aidan Healy, Christopher Air
By Jade Kowalski, Christophe Wucher-North, Christopher Air, Alexander Dimitrov
By Jade Kowalski, Pavan Trivedi
By Jade Kowalski, Charlotte Halford, Rebecca Morgan
By Jade Kowalski
By Jade Kowalski, Ceri Fuller, Khurram Shamsee, Sophie Devlin, Christopher Air
By Michael McMillen