Age Appropriate Design Code

The Children’s Code (officially, the ‘Age Appropriate Design Code’) is the first statutory code of practice for children’s data anywhere in the world. It has the potential to completely transform the way that companies collect, share and use children’s data, requiring them to offer children a high level of privacy protection by default.  

Data drives many norms of the digital world, and the way children’s data are collected, shared, and used impacts every aspect of their on the digital experience, and also on their wider lives. The protections the Code offers are a significant and welcome change to how children are protected and supported in the digital age. This is particularly important now, as the pandemic has brought more children online for more of the time, deepening their dependence on digital technology in more areas of their lives. 

The Children’s Code is binding on all online services ‘likely to be accessed by children’ and is enforced by the Information Commissioner. The Code’s requirements are designed to be proportionate to the risks arising from a service’s processing of data. Lower risk services will have lower obligations, while the expectations on higher risk services will be greater. It came into force on 2 September 2020 and there is a 12-month transition period for companies to comply. 

The Data Protection Act (DPA) 2018 updated UK data protection law and implements the GDPR in the UK. An amendment to the DPA gave effect to the requirement in GDPR to offer children specific protection. That amendment became section 123 of the Act and required the Information Commissioner to introduce an Age Appropriate Design Code to set standards that make online services’ use of children’s data ‘age appropriate’. The Code is derived from the principles in the Data Protection Act and GDPR, including data minimisation, purpose limitation, and data protection by design and default. As such, it places no extra obligations on services which are already fully compliant with GDPR and it can easily be adopted by other states and institutions.

Working closely with young people, 5Rights published Demystifying the Age Appropriate Design Code, which explains in a child-friendly format how the Code will give children and young people more protection for and control over their data.

For more on the role 5Rights Foundation played in the creation of the Code, read this article from the New York Times.