Last month, the UK Information Commissioner’s Office released a comprehensive Age Appropriate Design Code that seeks to protect children within the digital world.
The code sets out 15 flexible standards of age appropriate design for online services. These standards focus on providing “high privacy” default settings, transparency to children with regard to active location tracking and parental controls, and minimized data collection and use, while prohibiting nudge techniques that could encourage children to reveal more personal details and profiling that automatically recommends sexual or violent content to children based on their searches.
While there is some overlap between the UK’s code and our own Children’s Online Privacy Protection Act of 1998 (COPPA), the UK’s proposed regulation is far more extensive in scope. For instance, while COPPA only covers children under the age of 13, the UK code expands its protection to teenagers, covering all children under the age of 18. With regard to application, COPPA is directed toward websites or online services that knowingly collect and use data from children, whereas the Age Appropriate Design Code applies to “information society services likely to be accessed by children” in the UK. Such services include not just search engines, apps, online games, and social media platforms, but also connected toys and devices – a sweeping application likely to affect a number of big tech companies, some of whom think the code conflates the issue of inappropriate content with data protection.
The proposed regulation is issued under Britain’s Data Protection Act of 2018 and is set for Parliament’s approval. Once the code takes effect, online services within the scope of the code would have 12 months to become compliant. If implemented, violators could face fines of up to 4% of their global revenue.