A New, More Private Internet For Children?

The Age Appropriate Design Code

In the UK, the Information Commissioner’s Office (the independent body looking at information rights) has just implemented the Age Appropriate Design Code. What the hell does that mean? Perhaps it’s shortened name – the Children’s code – might help.

No? Didn’t think so.

ICO Children’s Code

The Children’s code is meant to be a set of standards tech companies and tech service providers will adhere to in order to better protect your child’s data, privacy and – perhaps – sanity, as they use the internet.

This data protection code of practice was first announced in September 2020, giving the tech industry a year to understand and implement the code within their own respective corners of the internet.

What does this mean for your children?

15 Standards to a Better Internet

This new code covers all digital service providers, so such things as:

  • Apps
  • Games
  • Connected toys and other devices
  • News services

The aim of the code is to make the above types of digital providers ensure that when they create services that might be used by children, said services should better protect the data privacy of the child and minimise, by default, the amount of data they collect.

The Children’s code goes above and beyond existing Data Protection Act (DPA), or GPDR standards.

There are 15 standards in the code, covering:

  1. Best Interest of the child
  2. Data protection impact assessments
  3. Age appropriate application
  4. Transparency
  5. Detrimental use of data
  6. Policies and community standards
  7. Default settings
  8. Data minimisation
  9. Data sharing
  10. Geolocation
  11. Parental controls
  12. Profiling
  13. Nudge techniques
  14. Connected toys and devices
  15. Online tools

A fairly boring, but comprehensive list. Remember – the aim of this code is to protect the data privacy of your children, so, theoretically, the more comprehensive the better.

Boiling some of this down, the code should mean the online apps, games and services your children use will…

  • Improve their privacy – E.g. Stop collecting every single bit of data they can about your child’s age, sex, where you live, their mood, their friends, their enemies, their frenemies, their inside leg measurement, when they last picked their nose, etc. etc.
  • Do not show inappropriate advertising – So no more prompting 8 year old Jimmy to bet on how many corners in the big Man U game, or offering 10 year old Cynthia to bet on the number of falling horses in the Grand National.
  • Reduce tactics keeping them on the site for evermore – No more auto-playing the next cat video as soon as the previous one of fluffy licking a banana has finished.
    • WARNING – Be prepared for: “Mummy/Daddy – YouTube kids has stopped working. It’s not magically playing the next Ryan’s World video and I really want to see him spend 24 hours with his Dad in an inflatable haunted house in the middle of his living room!”
      • Question – Who was this scarier for, Ryan, or his father?

Some of the larger players in the tech industry have already taken action. For instance,

  • YouTube will now default to no auto-play, and block ad personalisation for all children
  • TikTok have already made children’s accounts private by default and now also won’t send notifications after the following hours for the associated age ranges:
    • 13-15 year olds – no notifications after 21:00
    • 16-17 year olds – no notifications after 22:00
  • Instagram is stopping adults messaging children if the child is not a follower. Also, like TikTok, all children accounts will default to being private.
  • Google will allow children or their parents to request removal of images from search results.
    • Google have also stopped the “location history” service for children, which means they will no longer know more about where your kids are than you do.

Will it Work?


Hopefully, the internet is a slightly more private place for your children to use now (in the UK anyway).

If the tech companies adhere to this code of conduct.

The ICO has said it will monitor conformance to the code through proactive audits and will listen to complaints. If you have such a complaint the place to make it with the ICO is here.

Having said this, some tech industry players, including the Coalition for a Digital Economy, have said they are confused by the code and don’t quite know what the ICO expects of them. They’ve asked for a better definition of the scope and have also raised concerns about the above standards leading to more data collection, i.e. collecting the date of birth of users (quite why a simple tick box for “Are you over 18” wouldn’t be sufficient I am not sure?).

The cynic in me says this is a good way of delaying having to actually implement any changes as you can go round and round, and round, the houses asking exactly what do the words “internet”, “code”, “child”, “private”, “computer”, “user”, “cloud”, and “cookie” actually mean.

After all, a “cookie” can be an annoying user tracking tool to allow a hundred different companies to watch every mouse click you make, or it could be a tasty biscuit – and you only have to read about the whole Jaffa Cakes saga to see how complex it can be to know what the word “biscuit” actually means!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s