September 13, 2021
The Children’s Code came into force on 2 September 2021, following a transition period of one year to allow organisations to prepare.
On 25 August 2021, the ICO published a blog post asking, “what’s next?”
In the post, the ICO notes that the Code is already having an impact on online services likely to be accessed by children, as Facebook, Google, Instagram, TikTok and others have all made significant changes to their child privacy and safety measures. The new Code is also having an influence globally, as Members of the US Senate and Congress have called on major US tech and gaming companies to voluntarily adopt the standards in the Code in America. Further, the Data Protection Commission in Ireland is preparing to introduce the Children’s Fundamentals to protect children online, which links closely to the Code and follows similar principles.
However, the ICO notes that the risks to children have not been removed overnight, and the work does not stop. It has identified that currently, some of the biggest risks come from social media platforms, video and music streaming sites and video gaming platforms. In these sectors, children’s personal data is being used and shared to bombard them with content and personalised service features, including inappropriate adverts, unsolicited messages and friend requests, and privacy-eroding nudges urging children to stay online. The ICO is concerned about the harms that could occur as a consequence of this data use.
The ICO expects organisations to prove that children’s best interests are a primary concern and that they are protecting children through the development of designs and services in accordance with the Code. The regulator says that it will be proactive in requiring social media platforms, video and music streaming sites and the gaming industry to tell it how they are complying with the Code. It will identify areas where it may need to provide support and, if necessary, it will use its powers to investigate or audit organisations.
Separately, the ICO is considering how organisations in scope of the Code can tackle age assurance, whether through verifying ages or age estimation. The ICO will be formally setting out its position on age assurance later in the autumn. To read the ICO’s blog post in full, click here.