Today is the day that the Age Appropriate Design Code comes into force, marking an enormous step forward for children’s digital rights.
The Code consists of 15 standards which online platforms will be required to meet in order to protect the data and privacy of under 18s. Platforms failing to do so will more than likely be in breach of GDPR, risking fines of up to £18 million or 4% of global turnover.
The standards require platforms to be guided by the best interests of the child as a primary consideration. They require privacy settings to be set as high by default, for the amount of data collected from children to be minimised and for platforms to avoid using nudge techniques to encourage children to share more data.
There will now be a transition period of 12 months before platforms will be required to meet the Code’s requirements.
The Code is the product of months and years of hard work from the Information Commissioner’s Office and campaigners, and is a remarkable achievement. But its success now depends on its implementation. The ICO will need to take bold enforcement action against platforms which fail to comply with its requirements. In particular, a high bar needs to be set for what platforms are expected to do to verify the age of their users. Efforts to protect children online will amount to very little indeed if platforms do not know who the children are.
The Code protects children’s data and privacy, but many more protections are needed for children to stay safe and well online. It is now critical that the Government progresses its online harms legislation without further delay, so that children can enjoy all the benefits of the digital world while avoiding the risks.