The new Age Appropriate Design Code or Children’s Code has made it mandatory for organisations offering online services and products for children to put children’s privacy at the heart of their design.
Earlier today, the Information Commissioner's Office announced the arrival of the new Children’s Code, stating that the statutory code aims to ensure that online apps, services, games, and other products will ensure the security and privacy of children up to age 18.
Organisations that offer online services and products that could be accessed by children up to the age of eighteen now have up to twelve months to make the necessary changes in their design codes to put children’s privacy at the heart of their design. The changes will include new digital services to automatically provide children with a built-in baseline of data protection whenever they download a new app, game, or visit a website.
“This code makes it clear that kids are not like adults online, and their data needs greater protections. We want children to be online, learning and playing and experiencing the world, but with the right protections in place,” said Information Commissioner Elizabeth Denham.
“We do understand that companies, particularly small businesses, will need support to comply with the code and that’s why we have taken the decision to give businesses a year to prepare, and why we’re offering help and support,” she added. The ICO is in the process of developing a tailored package of support to help organisations adapt their online products and services before 2 September 2021.
Organisations have the option of using the ICO’s new web hub for information on how to update their online services and products and will be able to attend dedicated webinars conducted by the authority to support members of trade associations in the gaming, video streaming, social media and connected toys sectors.
Commenting on the arrival of the new Children's Code, Boris Cipot, senior security engineer at Synopsys, said the Children's Code is a great step in the right direction as children do not understand that their toys, watches, walkie talkies, etc. can gather data and transmit it to platforms where they can be shared, or sold to commercial buyers.
"Children do not understand nor do they know about the threat that whatever they say or write online, do in a video game or post in a message, will continue to exist on servers for much longer than their lifetime; and can hurt them if this data gets leaked or otherwise misused.
"I would dare to say that there are many adults that also do not understand, know, or even care about these same dangers. Therefore, this should be a general practice or standard for every piece of user handled equipment today," he added.
According to Niamh Muldoon, Senior Director of Trust and Security at OneLogin, our digital identity, technology as well as operating online can offer a lot of benefits but it is also a hot-bed of crime and malicious activity. Therefore, we need to teach children, teenagers, and those most vulnerable, the security principle level so that they can make informed risk-based decisions on how to protect themselves.
“We shouldn’t stop here though, everyone has the right to privacy and organisations should be aiming to implement privacy from the get-go, regardless of their client base,” she added.