Companies operating in the UK, including big tech and social media companies, will now need to follow tough new child data and privacy protection codes of practice brought into force with the introduction of The Age Appropriate Design Code. The new code lays out standards that companies are now expected to build into any online services used by children, making the protection of young people a priority from the design up.
Under the new code of practice, digital technologies such as location tracking, profiling, and use of nudge techniques that encourage users to provide unnecessary personal data are among the tech features that must be switched off or limited by default to protect younger users.
The new changes will apply to any online service that tracks or collates children's data, including social media, online games, messaging apps, news outlets, educational services, live streaming platforms, and search engines, as well as any website offering goods or services to users, and will be applicable to UK-based companies as well as non-UK companies that process the personal data of UK children.
The internet was not designed with children in mind and I think the Age Appropriate Design Code will go a long way to ensure that kids have the right kind of experience online. I think it will be astonishing when we look back to ever think of a time when we didn't have protections for children online because I think they need to be protected in the online world in the same way that they're protected in the offline world.
Elizabeth Denham, CBE, UK Information Commissioner, ICO
Companies that do not comply with the new rules risk being fined up to £17.5 million, or 4% of their annual worldwide turnover, for serious failures, with a warning from the Information Commissioner's Office (ICO) that it will take more severe action against breaches involving children where it sees harm or potential harm.
Companies were given a year to ensure compliance with the new codes of practice, which has already prompted a number of recent changes. These include Instagram announcing all users now being required to provide their date of birth, Google introducing a number of privacy policy changes for children using its search engine, YouTube and TikTok limiting the direct messaging abilities of younger users, as well as offering advice to parents and caregivers on how to support teenagers when they sign up.