UK’s Age Appropriate Design Code: four years of global impact before key review
As the UK’s pioneering children’s data protection code inspires global change, the upcoming review of the Code presents an opportunity to build on this success and tackle the risks children face and want to be addressed.
Four years after transforming how the world’s biggest tech companies treat children’s data in the UK, the groundbreaking Age Appropriate Design Code (AADC) is set for review by the Information Commissioner’s Office (ICO). On the fourth anniversary since the beginning of its enforcement, 5Rights Foundation asserts that this review must seek to build on – not water down – these crucial children’s privacy laws.
From the UK to the World: the global impact of the AADC
As the gold standard for children’s data protection, the Age Appropriate Design Code, passed under the UK’s Data Protection Act, has brought transformational changes to children’s lives online – driving unprecedented global change for children’s rights online. Following the UK’s lead, Indonesia and the USA states of Vermont and Nebraska have introduced similar codes, while Canada and Australia are both committed to developing their own version based on this framework.
This international momentum reflects the transformational impact of the Code: defaulting children’s account to private, turning off overnight notifications, and prohibited targeted advertising based on profiling. Spearheaded by 5Rights Founder and Honorary President, Baroness Beeban Kidron, the Age Appropriate Design Code has forced tech companies worldwide to fundamentally rethink how they design services for children.
Children’s voices reveal persistent risks
Despite this progress, new ICO research reveals children are still facing privacy risks online, leaving them exposed to harm:
- Complex contracts that children’s understanding: Children are still ticking ‘yes to agree’ on terms and conditions, without fully understanding what data they may have signed away – a fundamental barrier to informed consent.
- Peer pressure overrides privacy preferences: Children feel compelled to share their location, even when they don’t want to. As one child explained: “Some people can get a bit stroppy … I had a friend say something like, ‘how come you turned your location off?’ … I guess it’s just one of those things that people have started doing loads. It’s just a trend to share your location, which can be a problem. So, a lot of stuff’s just trends.”
- Children’s desire for validation leads to unintended data sharing: Teenagers sharing content to demonstrate their success in gaming may inadvertently reveal sensitive information, such as their current location, location history and purchase history.
An opportunity to strengthen, not compromise
Changes to the UK’s data protection framework in the Data (Use and Access) Act will see the Age Appropriate Design Code reviewed by the ICO, providing an excellent opportunity to stress test the Code against emerging challenges. With generative-AI and immersive environments becoming increasingly embedded into children’s everyday lives, we must ensure children’s protections evolve to meet these new challenges.
“The Age Appropriate Design Code has been transformational for children’s lives online. In its upcoming review, we must see this work built upon to reflect the serious privacy risks children face today, particularly in EdTech and AI which children increasingly have no option but to use and be subject to.”
Colette Collins-Walsh, Head of UK Affairs at 5Rights Foundation
5Rights is calling on the Government and the ICO to work together to close gaps in children’s data protection and address emerging risks in education technology and AI – strengthening the Age Appropriate Design Code in its forthcoming review to ensure children can benefit from its protection no matter what technology they are using.