24 septembre 2021 | 00:35:51
The Age Appropriate Design Code (the Children's Code) has now fully come into force, with the year-long transition period having ended earlier this month. Businesses operating in the UK are now obliged to comply with the requirements set out in the Children's Code.
The Children's Code, a statutory code of practice prepared by the Information Commissioner's Office (the ICO), applies where personal data is processed in the provision of digital services which are likely to be accessed by users aged under 18. With the Children's Code having now "come of age", the ICO is shifting its focus away from collaborative approaches and now more towards a supervisory role.
Vinod Bange is joined by Jacob Ohrvik-Stott, Head of Regulatory Futures at the ICO, where he leads their work to deliver the Children’s Code and develop the ICO’s approach to horizon scanning. Prior to joining the ICO, Jacob worked for technology think tank Doteveryone leading research into tech regulation, the digital economy and public digital rights.
The Children's Code is by design a broad code of practice, intending to cover as much media as possible, including but not limited to websites, apps, online games and digital wearables. Grounded in the UN Convention on the Rights of the Child (the UCRC), the Code articulates existing UK legislation, namely the UK General Data Protection Regulation (UK GDPR) and covers 15 interlinked standards spanning certain core principles, service design and high-risk data processing, enabling the fair processing of children's data.
In previous discussions of the Children's Code, at the end of March 2021 attendees thought the following:
There is further scope for individuals and businesses to gain more knowledge of the Children's Code, namely by increasing stakeholder awareness and engagement.
As well as helping individuals and businesses understand what is meant by the "best interests of the child" in reference to the UNCRC and reviewing how data impacts on children's rights, ICO offers support by way of Data Protection Impact Assessments (DPIAs) for online retail, gaming and connected device scenarios, as well as providing explanatory content in the form of deep-dive blogs, introductory webinars, industry case studies and commissioned academic articles. ICO also provides support for organisations through formal schemes such as the ICO Sandbox, business advice and certifications, including a Children's Code-specific certificate.
In conjunction with design agency Big Motive, design guidance is a key avenue in ICO maintaining its engagement with organisations and providing insight into how the Children's Code will look in practice. ICO's Transparency Champions Open call set out a series of lessons for transparency design for children, grounded in stakeholder consultation. ICO's design guidance also comprises guidelines and patterns in terms of what ideas should be emulated or avoided, as well as providing practical tools by way of workshops for people to map out different privacy moments.
ICO is now shifting its attention towards supervision. Over the next 6 months, ICO's supervision will prioritise its focuses on the gaming, social media and streaming services sectors, looking into scoping its audits and with plans to progress enforcement actions. ICO will publish detailed guidance on age assurance and age-appropriate application in the coming months this year, focusing on practical applications and providing advice on how to interpret risk levels, as well as continuing its commitment to review the impact of the Children's Code in September 2022 (which will include various exercises such as further discussions with industry).
There is nonetheless an understanding that queries will persist and the ICO will continue parts of its engagement with industry. Furthermore, Ofcom, the CMA and more recently the FCA have worked together in traversing digital regulation issues as of late which is a key avenue in continuing ICO's collaborative approaches.
par plusieurs auteurs
par plusieurs auteurs