The UK Information Commissioner’s Office (ICO), the UK privacy regulator, has published its draft code of practice for online services likely to be accessed by children. It applies to apps, connected toys, social media platforms, online games, educational websites and streaming services. It is not restricted to services specifically directed at children.

According to the draft code, the best interests of the child should be a primary consideration when designing and developing online services. The code also clarifies, among others, that privacy must be ingrained into the service; settings must be “high privacy” by default (unless there’s a compelling reason not to); only the minimum amount of personal data should be collected and retained; children’s data should not usually be shared; and geolocation services should be switched off by default in most circumstances.

The ICO indicates that when the code is finalized, it expects it to become an international benchmark. As for enforcement, the code warns that “[i]f you do not follow this code, you are likely to find it difficult to demonstrate your compliance, should [the ICO] take regulatory action against you”. It is planned as a statutory code of practice prepared under the authority of the UK Data Protection Act 2018.

The code is open for public comments through May 31, 2019.

CLICK HERE to read the ICO’s draft code of practice.

This article was published in the Internet, Cyber and Copyright Group’s April 2019 Newsletter.