Internet platforms given 16 point list of recommendations to improve under 18s online safety

  • img Adriana Furlotti
  • POSTED ON 15 Apr 2019
  • Maybe Ok


Today, the 15 April 2019, the Information Commissioner’s Office (ICO) introduced standards expected of “those responsible for designing, developing or providing online services likely to be accessed by children”. This includes apps, connected toys, online games, educational websites, streaming services and social media platforms.

The code sets out 16 points of Age Appropriate Design standards, some of which are the following:

  • High privacy settings by default, for example geo-location services being turned off
  • Children’s personal data to not be used in ways that are counter to industry standards such as the CAP code (Committee for Advertising Practice)
  • A child friendly default position until the user can prove their age through a ‘robust age verification mechanism’
  • No use of ‘nudge techniques’ (design features used to make users go down a preferred path of decision making. For example, making a ‘Yes’ option more attractive in graphics than a ‘No’ option) which encourage children to make poor privacy decisions

In order to reach these standards, the office has suggested to companies that they should put an accountability programme into place.

The ICO can enforce assessment notices, warnings, reprimands, enforcement notices and penalty notices (administrative fines) to any who do not comply. Only in cases of serious breach of the standards will the ICO have the power to issue fines of up to £17 million, or 4% of the company’s annual worldwide turnover. For Facebook this means $1.6 billion of their revenue (based on their annual revenue statistics from 2017)

Elizabeth Denham, the information commissioner said the following: “This is the connected generation. The internet and all its wonders are hardwired into their everyday lives. We shouldn’t have to prevent our children from being able to use it, but we must demand that they are protected when they do. This code does that.”

Andy Burrows from the NSPCC said: “We know that one in four children have been contacted by someone that they don't know on apps sites and games”

He claimed that social networks “continually failed to prioritise child safety in their design”, resulting in “tragic consequences”.

“That’s why it is vital this code requires children to be given the highest privacy settings by default and forces firms to act in the best interest of children,”

5Rights Foundation responded to the ICO, claiming that their Age Appropriate Design Code is “a fair and equitable data protection regime that respects the rights and privileges of childhood will restore trust in a sector that has not adequately responded to the needs and rights of children”.

The code is being consulted until 31 May, when a final version is to be laid out to Parliament and is expected to come into effect before the end of the year.