New Standards For Children's Privacy Online
The Information Commissioner’s Office have published a set of standards expected by those who design, develop or provide online services that are likely to be accessed by children. The guidelines aim to explain to providers exactly what is expected of them in relation to responsibly looking after children’s data. The publication emphasises the resonsibility digital publishers have a to place children's interests first when desiging products and services, rather than addressing issues retrospectively.
This welcome change is coming at a time when our understanding of how children are using the internet and the effect it is having on them has often been alarming, particularly as increasing numbers of children own or have access to smartphones, tablets and laptops. One example of the stipulations specifies that privacy settings must be set to a high level of security by default and that data which is collected and stored must be minimal and not shared unless necessary. It also states that geolocation services must be off by default and 'nudge' techniques must not be used to encourage children to turn off/weaken their security, or provide unnecessary personal details.
As part of the Data Protection Act 2018, the code applies not only to websites and apps, but also to internet connected toys, online games, educational websites and video or music streaming services. If these guidelines are not being followed, a fine or order to stop processing data can be enforced. Failure to comply also suggests that you are not following GDPR or the Privacy and Electronic Communications Regulations (PECR), which can also result in a fine of up to €20 million or 4% of your annual worldwide turnover, whichever is higher.
If you would like to read the review yourself, you can view the PDF here.