Skip to main content
Sign up to updates
FIND A LAWYER
ARTICLE

Age Appropriate Design Code Coming into Full Force

Last year, the Age Appropriate Design Code (“the Code”) came into force.  It included a 12 month transition period to allow for organisations to conform, which expires on 1 September 2021 – the Code comes into force on 2 September 2021.  The Code sets out requirements to protect children’s data online and is unique in its scope.

What’s the purpose of the Code?

The Code states that it “addresses how to design data protection safeguards into online services to ensure they are appropriate for use by, and meet the development needs of, children”.  It comes out of an acknowledgement that digital services are not inherently designed for children, and when children use them data is being collected about them.  It puts the welfare of children at the forefront.

What is the Code?

The Code considers the standard and principles set out in the United Nations Convention on the Rights of the Child.  It sets out 15 flexible and interconnected standards of age appropriate design that reflect a risk-based approach.  The aim is that, by default, only a minimal amount of data is collected when children are accessing online services.  The standards are wide ranging and include, for example, ensuring that the best interests of the child should be the primary consideration (Standard 1), not using data in a way that is detrimental to the child (Standard 5), and data minimisation (Standard 8).

Who does the Code apply?

It applies to “information society services likely to be accessed by children”.  This is wide ranging and will include apps, devices, social media, gaming, and streaming services.  This is by no means exhaustive.  It is important to note that it is not limited to services that are targeted at children, it is all about access, i.e. if children are accessing the service, the Code applies.

What do we need to do?

Organisation are required to undertake significant assessment to ensure compliance with the 15 standards set out by the code. This will include assessments on the services being provided, the user base and ensuring that the 15 standards are integrated in the product and services design at the development process. The assessments are likely to be in the form of Data Protection impact Assessments that would focus on implementing privacy principles by default and by design.

For most organisations, this will also result in a review of policies, framework and procedures on processing and collection of data belonging to children. The emphasis is on the requirement that only age-specific content is delivered to the intended audience, i.e. children. The code sets a threshold of 18 years and organisations are required to assess whether anyone under that age will have the capacity to understand the content they are viewing, interact and express themselves without compromising their welfare.

What is the status of the Code and what if there is non-compliance?

The Code has been prepared under the Data Protection Act 2018.  Whilst it is not law per se, if a business to which the Code applies cannot demonstrate that they are complying with it, it will be hard for them to say that they are compliant with the law.  ICO can commence regulatory action against a business, and they will take the code into account when investigating (this comes from powers conferred by s127 of the Data Protection Act 2018).

The penalties can vary, depending on ICO’s view, from: assessment notices, warnings, reprimands, enforcement notices, and penalty notices.  Where there are serious breaches fines of up to £17.5m or 4% of annual turner, whichever is higher, can be issued.

Greenwoods Legal LLP is a Limited Liability Partnership, registered in England, registered number OC306912. Our registered office is Queens House, 55-56 Lincoln’s Inn Fields, London, WC2A 3LJ. A list of the members’ names is available for inspection at our offices in Peterborough, Cambridge and London. Authorised and regulated by the Solicitors Regulation Authority, SRA number 401162. Details of the Solicitors’ Codes of Conduct can be found at www.sra.org.uk. All instructions accepted by Greenwoods Legal LLP are subject to our current Terms of Business. VAT Reg No: 161 9287 89.




    By completing and submitting this form, you consent to Greenwoods Legal LLP processing your personal data to provide you with the email update services you have selected and any other materials and information about our services that Greenwoods Legal LLP reasonably believes will be of interest to you. You are free to withdraw your consent at any time by emailing mailinglists@greenwoods.co.uk