New child data and privacy protection measures came into full force on Thursday and could result in some tech giants facing large fines if they don’t follow them.
The Age Appropriate Design Code sets out 15 standards that companies are expected to incorporate into their online services – potentially accessible by children, making data protection of young people a priority from the design up.
These codes will extend all the way from apps and connected toys to social media sites and online games, and even educational websites and streaming services.
Among the features that must be limited or switched off completely are location tracking, profiling, and the use of nudge techniques that encourage users to provide unnecessary personal data.
The Information Commissioner, whose office devised and will enforce the rules, said the move is not about “age-gating” the internet or “locking children out”.
“The internet was not designed with children in mind and I think the Age Appropriate Design Code will go a long way to ensure that kids have the right kind of experience online,” Elizabeth Denham told the PA news agency.
“I think it will be astonishing when we look back to ever think of a time when we didn’t have protections for children online because I think they need to be protected in the online world in the same way that they’re protected in the offline world.”
As the code is based on the back of GDPR, companies risk being fined up to £17.5 million or 4 per cent of their annual worldwide turnover – whichever is higher – for serious failures in keeping line with the code.
The Information Commissioner’s Office (ICO) warned that it will probably take more severe action against breaches involving children where it sees harm or potential harm.
Companies were given a year to ensure their platforms adhere to the measures before a September 2 deadline, although several have scrambled to make last-minute changes in recent weeks.
Baroness Kidron, chairwoman of children’s safety group the 5Rights Foundation, said the move would make a “material difference” to young people who have been the “invisible demographic” in terms of online data protection.
“We need the Online Safety Bill, we need algorithmic oversight, we need a more receptive culture from the sector, but this is a landmark moment,” she said.
“And I would just say, as a warning, if there are people who think this is only about the usual suspects of Facebook, Google, YouTube, Snapchat, Twitter and so on, it’s not.
“So I do call out the gaming sector, who we have heard a lot less from, and I do call out e-commerce, and some of the other people who think they can hide in the shadow of the big boys.
“That is not going to happen, we are watching and we will be looking to see what people do.”