Blog: Age Appropriate Design Code, Data Protection Bill

Data protection laws are changing, and children’s online rights are now at the forefront of the debate. 

The European General Data Protection Regulation (‘GDPR’) comes into force in the UK on May 25th 2018. It will give individuals greater control over their personal data and make it easier for them to access it. The ambition behind the EU-wide regulation is to strengthen citizens’ rights and build trust in the digital age. Whilst the GDPR acknowledges that children (those under 18) merit “specific protections” in relation to their data, it offers little guidance on what this higher standard means in practice. 

In September 2017, Government introduced the Data Protection Bill (‘the Bill’). The Bill sets our UK-specific derogations from the GDPR, it standardises UK data protection law and confirms that the UK will continue to comply with the GDPR post-Brexit. During the passage of the Bill, Baroness Kidron, with the support of Lord Ashton of Hyde (Parliamentary Under-Secretary, Department for Digital, Culture, Media and Sport), Lord Stevenson of Balmacara, (Labour Spokesperson), Baroness Harding (Conservative Peer and former CEO of TalkTalk) and Lord Clement-Jones (Liberal Democrat Spokesperson), tabled a set of amendments, introducing the ‘Age-Appropriate Design Code’ (‘the Code’).  The Kidron amendments were adopted by Government and now sit at clauses 123-126 of the Bill. 

When creating the Code, the Information Commissioner – the UK’s data regulator – is required to consider the development needs of children: that a child’s capacity to act and understand is limited by vulnerabilities and immaturities associated with their age and development stage. The Commissioner must also consider the UK’s obligations as a signatory to the UN Convention on the Rights of a Child, including the obligation to act in the “best interests” of a child. 

Aspects of design for which higher standards will be set for children include: 

  • Default privacy settings
  • Data minimisation 
  • Presentation of language of terms and conditions and privacy notices
  • Uses of geo-location technology
  • Automated and semi-automated profiling
  • Transparency of paid for activity, such as product placement and marketing
  • Sharing and resale of data
  • Strategies used to encourage extended user engagement
  • User reporting and resolution processes and systems
  • Ability to understand and activate a child’s right to erasure, rectification and restriction
  • Ability to access advice from independent, special advocates on all data rights
  • Any other aspect of design that the Commissioner considers relevant

The Code has widespread support, including from senior politicians and peers across the political spectrum, as well as from children’s charities, the NSPCC and the Children’s Society. 

In drawing up the Code, the Information Commissioner must consult with children, parents, child advocates, child development experts and trade associations. The Information Commissioner has 18 months from the date on which the Bill is passed to draft the Code. It will then be laid before Parliament for approval. As the first step in its consultation process, the Information Commissioner’s Office will shortly publish an open Call for Evidence, which will be available on their website. 

The Code is a statutory code and must be taken into account by the Commissioner when exercising her duties. Organisations who ignore it risk fines of up to £18 million or 4% of global turnover. 

The introduction of a high standard of data protection and rights for children is welcomed by 5Rights. The Code is an important step in recognising that a child is a child – even online. 

“I hope that all of us can now continue to work to make certain that the same principle is reflected in every aspect of a child’s digital life. There is still much to do. It is stated on the face of the bill that the Code must meet the development needs of children and that the regulator must take account of children, parents and those who advocate for children’s rights online, as well as industry. It is up to us all to make sure that the Code is robust, meaningful and effective for children.” – Baroness Kidron, Founder of 5Rights

5Rights Foundation leads joint UK letter to FTC on COPPA Rule Review

Read More

UNCRC General Comment expert consultation takes place in London

Read More

Broadband Commission calls for meaningful universal connectivity to drive global development

Read More

100+ brilliant women in AI making technology work for, and with, society

Read More

5Rights joins Peace Day pledge against Cyber Violence

Read More

Let’s make it easy for online services to protect children’s data

Read More

BLOG: From African American Apocalyptic Fiction to Children’s Rights in the Digital Environment, by Colin Gibson

Read More

5Rights YouGov poll: Parents' views on internet and child data protection regulation

Read More

The Age Appropriate Design Code: "A new deal between children and the tech sector"

Read More

5Rights welcomes Online Harms White Paper, calls for swifter legislation

Read More

Working with the Government of Rwanda and Police Scotland to support children online

Read More

House of Lords Select Committee on Communications Publish Report ‘Regulating in a Digital World’

Read More

UNCRC General Comment on children’s rights in relation to the digital environment

Read More

Council on Extended Intelligence Publish ‘The Case for Extended Intelligence’

Read More

UN High Level Panel on Digital Cooperation

Read More

Child Dignity Alliance Technical Working Group Report Launch

Read More