wordpress blog stats
Connect with us

Hi, what are you looking for?

UK enforces Children’s Code to protect kids’ privacy online, gives companies a year to comply

children, online, privacy, games

The United Kingdom’s Children’s Code — under its Data Protection Act 2018 — that outlines 15 standards of privacy and security that online services that cater to children must adhere to, came into force yesterday, the Information Commissioner’s Office (ICO) announced. This Code applies to social media platforms, streaming services, connected toys and all other services that process children’s data. Such organisations now have twelve months to get their services and products up to code or face audits, assessments, or fines up to 4% of global turnover or £17 million, whichever is higher.

The ICO had published the Children’s Code, formally called the Age Appropriate Design Code, in January. The code covers all services that design, develop or provide online services that are likely to be accessed by children and which process their data. Children are defined as people up to the age of 18 years.

To adhere with the code, services will have to automatically, or by design, provide children with a “built-in baseline of data protection” as per 15 standards which include:

  • Setting privacy settings to high by default
  • Not using nudge techniques to cajole children into weakening their privacy settings
  • Switching off location data by default
  • Minimising data collection and sharing
  • Not profiling children to serve them targeted content
  • Establishing age with a level of certainty so that the Code can be applied only to users who are under 18 years, or, if age verification mechanisms cannot be developed, applying the standards of this code to all users

What will happen in this transition period? During these twelve months, organisations can get in touch with the ICO to understand the code, and the office will develop a package to help them adapt their online products and services before September 2, 2021. This month, ICO is conducting webinars to advise members of trade associations in the gaming, video streaming, social media and connected toy sectors.

Will all online services be equally affected? No. Services such as apps, connected toys, social media platforms, online games, educational websites and streaming services that use, analyse and profile children’s data, are likely to have to do more to conform to the code.

  • The code will continue to apply post-Brexit. After Brexit, it will apply to services established in the European Economic Area (EEA) the same way as it applies to services outside it.

ICO is inviting organisations to participate in its regulatory sandbox. The regulatory sandbox is open to organisations that are looking at issues raised by the implementation of the Children’s Code, or those that are looking at data sharing in public interest.

Indian Data Protection Bill has something similar, but not quite

India’s Personal Data Protection Bill, 2019, has a similar concept of what it calls guardian data fiduciaries. These are data fiduciaries that “operate commercial websites or online services directed at children” or “process large volumes of personal data of children”. Such fiduciaries are prohibited from profiling, tracking, doing behavioural monitoring, or targeting advertisements at children. However, the bill does not define any penalties for violating guardian data fiduciaries that violate these standards.

Similarly, the bill also states that a child’s age must be verified before their data is processed and consent must be sought from their parent or guardian. The details of the age-verification mechanism have been left up to the Data Protection Authority to define once the bill is enacted. Unlike the British Children’s Code, that defined a transition period when it was finalised in January, the Indian equivalent has no transition period defined for any of its sections.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....


By Anand Venkatanarayanan                         There has been enough commentary about the Indian IT...


By Rahul Rai and Shruti Aji Murali The Indian antitrust regulator, the Competition Commission of India (CCI) has a little more than a decade...


By Stella Joseph, Prakhil Mishra, and Surabhi Prabhudesai The recent difference of opinions between the Government and Twitter brings to fore the increasing scrutiny...


This article is being posted here courtesy of The Wire, where it was originally published on June 17.  By Saksham Singh The St Petersburg paradox,...

You May Also Like


While these steps by the social media platform could improve the safety of children online, some of the updates will only be rolled out...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ