ICO publishes guidance on three standards of Children’s Code – Lexology
What must organisations do, or avoid doing, to meet the “best interests of the child”, “detrimental use of data” and “data minimisation” standards of the Children’s Code?
The key takeaway
The ICO’s additional guidance should be used to ensure that organisations whose online services are likely to be accessed by children do not breach the Children’s Code and subsequently the UK General Data Protection Regulation.
The background
The Children’s Code (the Code) is a statutory code of practice produced by the ICO. It consists of 15 “standards” which must be met by organisations providing an “information society service” (ISS) that children (under 18) in the UK are likely to access. The definition of an ISS is wide and encompasses most for-profit online services, such as apps, search engines, social media sites and content streaming services.
The development
The ICO has provided guidance on how organisations can meet three of the Code’s standards, namely “best interests of the child”, “detrimental use of data” and “data minimisation”.
Best interests of the child
This standard requires organisations to consider children’s rights to play, to be safe from commercial exploitation, to be protected from abuse when they interact with others and to have access to a wide range of information and media. The ICO’s suggestions for meeting each of these rights are as follows:
1. The right to play:
- use data analytics to improve gameplay functions, and
- ensure that children are free to join or leave online groups.
2. The right to be safe from commercial exploitation:
- avoid default personalised targeting of service features that generate revenue
- provide transparent information around how children’s data may be monetised
- do not have personalised advertising on-by-default
- abide by the Committee of Advertising Practice standards, and
- avoid marketing age-inappropriate or fraudulent products.
3. The right to protection from abuse when interacting with others:
- avoid on-by-default data sharing with other service users
- set privacy settings to “high privacy” by default
- ensure children understand how their information is shared, and
- keep children’s personal data from falling into the wrong hands.
4. The right to have access to a wide range of information and media:
- ensure that children can find diverse, age-appropriate information, and
- avoid serving children with personalised information that is not in their best interests, such as disinformation.</…….
Source: https://www.lexology.com/library/detail.aspx?g=5873b956-b592-47b1-9307-fd509f5532bd