The Age Appropriate Design Code is a data protection Code for children and sits within the Data Protection Act 2018. If robustly conceived and enforced, it could transform children’s experience of the digital environment. The regulator the Information Commissioner’s Office (ICO), is responsible for drafting the Code.
The 5Rights Foundation has consulted widely and proposed a series of recommendations to the ICO that reflect the contributions of the many and varied stakeholders with whom we have spoken over the past few months.
5Rights recommends that the following 10 Guiding Principles should form the basis of the Code:
- In determining standards and what measures must be taken, the best interests of the child must be the paramount consideration
- A high bar of privacy by default; i.e. safety by design, privacy by design and high privacy by default should be the norm for all products and services’ features and functionalities likely to be accessed by children
- Responsibility for data protection rests with online services, not the child
- Responsibility for enforcement rests with the regulator, not the child
- The impact of service design on children (under 18) must be considered in advance
- The Code must reflect and/or enhance - never lessen - existing regulations, legislation, international agreements and cultural norms that protect children in other contexts, by incorporating and applying them so that they are enforceable in the digital environment
- The Code must give clarity to the EU General Data Protection Regulation’s (GDPR) assertion that “children merit specific protection”
- The Code must reflect and address the needs and concerns articulated by children themselves
- That children have different needs at different ages and stages of development and these must be considered when designing services
- Online services have a duty to uphold the spirit as well as the letter of the Code
5Rights’ full recommendations and response to the ICO can be found here.