• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Adlex Solicitors

UK internet and domain name lawyers

Call us now: 0207 317 8404   Email us now

Request Callback

We are operating normally during the COVID-19 crisis and are here to help

  • Home
  • What We Do
    • Website and App Terms & Conditions
    • Privacy and GDPR
      • Intro
      • Privacy Policies
      • Cookies and GDPR
    • Contracts
      • Intro
      • Website / App Design and Development Contracts
      • Web Hosting Contracts
      • White Label and Content Distribution Contracts
      • SEO Contracts
      • Internet Affiliate, Advertising and Marketing Contracts
    • Disputes
      • Intro
      • Domain Name Disputes and Cybersquatting
        • Introductory Guide to Domain Name Disputes
        • UDRP
        • Nominet’s DRS
        • Cybersquatting
        • Domain Name Hijacking
        • Domain Name Law
        • Domain Names and Trade Marks / Passing Off
        • Adlex’s Domain Name Legal Expertise
        • Free Legal Opinion
      • Online Copyright Infringement
      • Internet Trade Mark Infringement and Passing Off
    • Content Removal
      • Intro
      • Removal From Google Search Results
      • Removal From Facebook and Other Social Media
      • Removal From Websites
      • Internet Defamation
      • Right to be Forgotten
  • Who We Are
  • Testimonials
  • Blog
  • Contact Us
Home  ›  Privacy and GDPR  ›  Guidance on Designing your Website / App for Children’s Privacy

Guidance on Designing your Website / App for Children’s Privacy

In April, the Information Commissioner’s Office (ICO) issued for consultation a draft code of practice for online services likely to be accessed by UK children (under 18). Importantly, the code isn’t restricted to sites specifically aimed at children.

If and when the code is implemented, it won’t just be “guidance”. It’s a statutory code, which fleshes out relevant principles in the Data Protection Act 2018 and the “GDPR”. The ICO and the courts are likely to take it into account when assessing children-related privacy compliance by websites and apps. And we all know how sensitive this issue has now become.

Perhaps the key “take home” here is that you can’t comply with these standards by simply stuffing extra wording into your privacy policy. The clue is in the code title: “Age appropriate design…” Many of the requirements will impact on the design of your website or app. Obviously it’s better to incorporate these into your web or app design process as early as possible. Rather than waiting to start the “legals” until your project is close to completion, as usually happens.

So, what’s in the draft code? 122 pages, that’s what! Fortunately, this website loves bullet points and so we’ve selected some brief highlights for you:

  • Consider children’s best interests, e.g., minimise risks of exploitation.
  • Tailor your service to the appropriate children’s age ranges.
  • Apply the code to all users unless you have an effective age verification system to work out who are children.
  • Privacy language and terms must be short, prominent and clear including additional bite-sized explanations at key points.
  • Enforce your terms and policies.
  • Don’t use children’s personal information contrary to advertising etc codes or otherwise in a detrimental way, e.g, be careful about using “sticky” features to retain children’s engagement.
  • Generally, privacy settings must default to the highest level.
  • Collect the minimum children’s personal information you need.
  • Don’t share it without a very good reason.
  • Geolocation options should default to “off” unless there is compelling reason otherwise. Make it very clear to children when location tracking is on. If others can see the child’s location, default to off after each session.
  • Give children appropriate information about parental controls and monitoring.
  • Be very careful about profiling children.
  • Make tools readily available for children to exercise their data protection rights and report concerns.
  • Carry out a “data protection impact assessment” early in your design process.
  • Have polices and procedures which demonstrate your compliance with data protection requirements.

Here is the full code.

See here for more guidance from Adlex about privacy and the GDPR.

Privacy and GDPR · May 26, 2019 · by Adam Taylor

Filed Under: Privacy and GDPR

Adam Taylor

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Blog Categories

  • Domain Name Disputes
  • Internet Content Removal
  • Online Terms and Conditions
  • Privacy and GDPR

Twitter

  • Twitter

Recent Blog Posts

  • Moving Services Online to Beat Social Distancing
  • Guidance on Designing your Website / App for Children’s Privacy
  • Helping Google “Forget” – Removing Convictions from the Web
  • 10 Top Tips for Writing a Domain Dispute Complaint

How Adlex Solicitors Can Help You

For a free initial chat, call Adam of Adlex now on 0207 317 8404 or request a callback or email.

  • Home
  • Sitemap
  • Website Terms of Use
  • Privacy and Cookies Policy
  • Complaints

© Adlex Solicitors 2001 - 2022. Authorised and regulated by the Solicitors Regulation Authority (SRA number 344672).