The Information Commissioner's Office (ICO) has issued further guidance as to what it shall consider an online service "likely to be accessed by children" for the purposes of the Age Appropriate Design Code (the Children's Code).

Our Commercial and Technology teams explore the Children's Code and the updated ICO guidance.

What is the Children's Code?

The Children's Code came into force on September 2020 and is a statutory code of practice (designed and developed by the ICO) which applies to all organisations providing online services likely to be accessed by children under the age of 18.

The Children's Code, therefore, applies to providers of Apps, online games, websites and social media sites.

The Children's Code introduces 15 standards that must be incorporated into the design or upgrade process and development of online services and products that are likely to be accessed by children - even if children are not the intended target audience.

Therefore, the question of whether an online service is likely to be accessed by children has understandably provided organisations with cause for concern.

Further information regarding the content and scope of the Children's Code and the steps organisations should take to ensure compliance can be found within our article.

Updated ICO guidance

The updated ICO Guidance provides welcome clarity on what online services it considers likely to be accessed by children, including a non-exhaustive list of factors to consider when making such an assessment.

The ICO clarifies that the Children's Code applies to both services that are intended for use by children and also to services that, whilst not aimed at children, are accessed by a "significant number of children".

The ICO confirms that a "significant number of children" means both the number of children accessing or are likely to access the service.

"Significant" in this context, the ICO confirms, does not mean that a large number of children must be using the service or that children form a substantial proportion of your users – it means that there are more than a de minimis or insignificant number of children using the service.

This will be a question of fact that organisations should consider on a case-by-case basis, considering a variety of factors relating to the type of service, how it has been designed and the personal data processing risks that it presents to children.

Some of the factors the ICO suggests that organisations consider include:

  • whether children can access the service;
  • the number of child users of the service and the proportion of total UK users or total UK children this represents;
  • any advertisements targeted at children;
  • any complaints received from parents or third parties about children accessing the service; and
  • the type of content, design features and activities which are appealing to children.

The ICO guidance also includes helpful case studies to show organisations how to consider and apply the Children's Code.

Next steps

Organisations should review the updated guidance and consider the application of the Children's Code to its online service offering.

Failure to comply with the Children's Code risks regulatory action taken by the ICO.

To view original article, please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.