• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy Blog

  • Home
  • Services
  • Events
  • Contacts

UK ICO publishes the final version of its Age Appropriate Design Code

February 6, 2020 By Paul Greaves and Wim Nauwelaerts

On January 21, 2020, the UK ICO published the final version of its Age Appropriate Design Code (the “Design Code”), which sets out 15 standards that online services should meet to protect children’s privacy. The Design Code is not only applicable to online services squarely aimed at children, but also covers online services likely to be accessed by children.

Amongst the 15 standards covered, the Design Code contains sections on:

  • What companies need to consider in order to protect the best interests of children in the design of online services.
  • Undertaking Data Protection Impact Assessments to assess and mitigate risks to the rights and freedoms of children who are likely to access the service.
  • ‘Age appropriate application’, which means that different needs of children at different stages of development should be taken into account when designing the service and applying the Design Code. This section also provides guidance on how users’ ages can be established with an appropriate level of certainty, while taking into account the principle of data minimization.
  • Profiling, including the use of privacy settings (e.g., in the context of behavioral advertising), compliance with cookie consent rules, and the use of appropriate measures to safeguard children (in particular from inappropriate content).

The Design Code also includes an annex setting out various age and developmental brackets together with key considerations aimed at helping providers of online services assess what is appropriate for each bracket.

The Design Code will primarily be of interest to companies regulated by the UK ICO, which will be obliged to take the Design Code into account when considering whether an online service complies with general data protection or ePrivacy rules. However, the guidance is also useful to organizations outside of the UK, given the emphasis placed on protecting children’s interests across various sections of the GDPR and in regulatory guidance at an EU level.

The Design Code can be accessed from the following link. It will come into force approximately two months after being laid before the UK parliament, and will provide for a transition period of 12 months, to give online services time to conform. At the time of writing, the UK ICO anticipates that the Design Code will come into full force by autumn 2021.

Filed Under: Behavioral Advertising, Children's Privacy, Data Protection, ePrivacy, GDPR, Online Privacy Tagged With: Behavioral Tracking, Big Data, Children, EU Data Protection, EU Privacy, GDPR, ICO, Social Media, UK

About Paul Greaves

Paul Greaves is an associate in the Brussels office and a member of the Privacy & Data Security Team. Paul’s privacy, information technology, and data protection practice includes a focus on compliance with the General Data Protection Regulation, ePrivacy rules, and cross-border data transfers.

[Read Bio]

About Wim Nauwelaerts

Wim Nauwelaerts is a partner in the Brussels office, leading Alston & Bird’s European Privacy & Data Security Team. Wim has over 20 years of experience working with global companies on their data protection, privacy, and cybersecurity needs, including General Data Protection Regulation (GDPR) readiness, data transfer, data security and breach requirements, and compliance training.

[Read Bio]

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy & Data Security team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
  • Financial Regulatory Agencies Announce Proposed Rule Requiring Notice of Computer Security Incidents
  • Brexit Trade Agreement Provides a Temporary Solution for Companies Transferring Personal Data from the EEA to the UK
  • UK ICO Publishes New Data Sharing Code
  • SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.
This website uses cookies to improve functionality and performance. By continuing to browse this site, you are consenting to the use of cookies on this website. OkCookie policy