We just attended a webinar by the Information Commissioner’s Office on the new Children’s Code. What is clear is that the exercise to achieve compliance with the standards in the Code will be a big piece of work. Organisations are advised to start planning their activities now so that there is ample time to fully explore the impact, develop solutions and consult interested parties before September 2021 when the Code comes into force.
The core of the Code is a set of 15 principles. There are core principles:
- To act in the best interests of the child
- To carry out Data Protection Impact Assessments before processing personal data relating to children
- To ensure that communications are age appropriate
- To ensure that there is no detriment to the child due to data processing by your organisation
- To follow data minimisation policy
- No data sharing without a compelling reason
The technical aspects of the Code impact on service design requiring high levels of transparency and default settings:
- Geolocation data collection to be off by default
- Disclosing when parental controls are active
- Online tools for exercising subject rights
- Prohibiting “nudge” techniques for data gathering
- Profiling activity to be off by default
Thoughts on how this might develop
The protection of children online is an area that would benefit from adopting standard icons to represent key topics such as “the exercise of data protection rights” and “finding out how we use your data” and there are workstreams at the ICO already working in that area. Also under development are standards and sector codes of conduct as industry groups get to grips with the potential impact of the Code for their members.
The ICO has set up a specific hub website to collate materials relevant to the Children’s Code at https://ico.org.uk/for-organisations/childrens-code-hub/ where you can find useful resources.
So there is plenty of information and resources to help organisations develop a compliance programme. But if your organisation needs help, you can contact Data Protection Consulting and we will be happy to advise.
Mandy P Webster, Data Protection Consultant