Celebrating 3 years of the Age-Appropriate Design Code
Monday 2 September 2024 marks the third anniversary of the UK’s Age Appropriate Design Code. For three years, the Code has helped deliver protections for children online by requiring tech companies to give them a high level of privacy by design and default. This year, the Code’s influence has grown, shaping the UK’s online safety regulatory map to build upon this innovative standard.
Code continues to have global impact
The impact of the Age-Appropriate Design Code has continued to reverberate globally. This year, the Maryland Kids Code was adopted into state law, based on the principles of the UK’s Code. We also saw similar initiatives spread across the Americas, from Canada to Argentina and in three other US states, as well as in Europe and Asia. As the gold standard for children’s protection online, the Code is driving tech companies to make the necessary changes to their services to meet its standards.
Online Safety Act joins the Code as part of the UK’s children’s online safety regulatory ecosystem
This year, has also seen further action and work from the UK’s data protection regulator, the Information Commissioner’s Office (ICO) to support tech companies to comply.
In January, following the passage of the Online Safety Act, the ICO published updated guidance on how in-scope tech services working to comply with age assurance requirements can and must still be in compliance with the Code.
Code continues to bring innovation in children’s safety
In May, the significant impact of the Code on tech companies was illustrated in the Digital Futures for Children centre report Impact of regulation on children’s digital lives. Written by Steve Woods, the former Deputy Information Commissioner review revealed:
- 128 design changes implemented between 2017-24 by tech companies, including the largest tech companies such as Meta, Google, TikTok and Snap;
- 2021 saw the highest number of observed design changes, coinciding with the Age-Appropriate Design Code coming into force;
- The most notable were ‘by default’ design changes, with 63 specific changes found to strengthen children’s protections – for example setting children’s profiles to private by default, limiting harmful content pushed by recommender systems and prohibiting advertising based on profiling.
Poki: a case study in redesigning services for children
With 5Rights’ guidance, tech companies are making significant design changes to comply with the Age-Appropriate Design Code. Beginning early last year, to radically overhaul its system for UK users, ensuring it meets the Code’s standards.
Key changes made during this joint project included:
- Setting privacy defaults to the highest levels;
- Restricting cookies;
- Replacing contextual advertising based on profiling;
- Ending precise location tracking;
- Making published policies more accessible for children.
The Poki case demonstrates that tech companies, large and small, can redesign their services to align with the Code’s provisions, ensuring they are safe and privacy-preserving for children by design and default. 5Rights remains committed to support companies seeking to comply with the Code, building the digital world children deserve.
What next?
As the Code’s impact manifests at the regulatory and design level, we welcome the ICO’s focused approach with regards to its 2024-25 Children’s code strategy. Robust and proactive enforcement plays a critical role in any effective regulatory regime, and we support the ICO’s initial action against several services in breach of the Code.
5Rights will continue to monitor the regulatory landscape, in particular enforcement of the Code and any upcoming changes to data protection legislation, to ensure that children’s privacy and protection remains a key priority.