Age Appropriate Design Code

There have been welcome steps forward in children’s online safety this month with the coming into force of the Age-Appropriate Design Code.

This code is also known as the Children’s Code.  It sets out 15 Standards to be followed by online services likely to be accessed by children.  These encourage organisations to design data protection safeguards into online services to meet the development needs of children.

The code is overseen by the Information Commissioner’s Office.  The ICO has the power to take enforcement action against companies that fail to conform including orders to stop processing data and fines of up to 4% of global turnover.  Its executive director, Stephen Bonner, promises “We will be proactive in requiring social media platforms, video and music streaming sites and the gaming industry to tell us how their services are designed in line with the code.”

The Code requires companies to put the best interests of children first in their use of personal data.  This includes not collecting more of their data than is necessary and not using or sharing it unfairly.  It requires that children are given high privacy settings by default, that they are provided with an age-appropriate service even if children change their default settings, that there are age-appropriate communications that children can understand and that there are tools which help children when they need it.  Online tools such as ways to report concerns must be easy for children to find. They should be prominently displayed and easily identifiable on the screen.

Default settings are the settings which are in place when someone begins to use a service.  When automatically set to high privacy this should prevent children’s data being revealed to others unless they have chosen to be friends with them.  Previously, even if users had changed their settings to private, they sometimes reverted to public settings when an upgrade was applied. 

Geo-location data can be very accurate and can put children at risk of harm.  The new code requires that except in limited cases (eg. map apps) location settings for children should be off by default and should revert to the default settings after each session, if they have been activated.  As well as keeping their location private, this should reduce the risk of children receiving unwanted friend recommendations from people they don’t know. 

It’s very encouraging to see that a number of major social media companies, including Facebook, Google, YouTube, Instagram and TikTok have made significant changes to their child safety features in the months and weeks leading up to the introduction of the code.  Looking back, I imagine we will be amazed that these features were not always in place.  Let’s hope that even more improvements will follow, and that children’s privacy and best interests receive the priority they deserve. Do bear in mind though that technology alone will not keep children safe and that education, vigilance and regular conversations about safety are still essential!

Sue Arbuthnot

Scroll to Top