AGE Appropriate Design Code: One year transition period begins 2 September 2020

4th September 2020boy on computer

“Taking care of children online should be as normal as putting their seat belts on in a car,” says Elizabeth Denham, the Information Commissioner.

The GDPR requires organisations to take account of children.  UK Parliament has gone further and has mandated the Information Commissioner’s Office (ICO) to produce a code of standards that clearly set out the requirements of the GDPR, so The Age Appropriate Design Code has been designed, in conjunction with educationalists and psychologists, to put into practice what is required of companies.  It makes it extremely clear.

It is rooted in existing law (The GDPR) however, The Code translates it and makes it easier and more practical for companies to comply.  Not only that, but the ICO has built in a transitional year for companies to come into line.  During this time the ICO are providing support and guidance, so there really will be no excuse when the Code come into force in 12 months, on 2nd September 2021.

What does the code require organisations to do?

 The best interests of the child should be a primary consideration when you design and develop online services likely to be accessed by a child”.

At the heart of the code is the fact that privacy by design must be built into any platform or service that is used by children.  It is far more than just ‘age-gating’.  The default must be closed, rather than open.

For example the Code dictates that you:

  • Must do a thorough Data Processing Impact Assessment (DPIA)
  • Location services must be turned off
  • Profiling must be turned off
  • Settings must be ‘high privacy’ by default
  • Collect the minimum amount of personal data needed
  • Do not disclose children’s data
  • Make it clear to the child if parental controls are in place / they are being monitored
  • Profiling options switched off by default
  • Do not use nudge techniques to encourage children to make poor privacy decisions
  • Provide age appropriate data protection tools

Those companies who do not make the required changes risk regulatory action, but also risk damaging their reputation.  Putting the wellbeing of children at the heart of your design process is going to be essential and potentially, for many businesses, quite a big change in operating procedures.

There is comprehensive information regarding the set of 15 standards that online services should meet as they are set out in The Age Appropriate Design code on the ICO website.

Elizabeth Denham said as she introduced The Code:

“One in five internet users in the UK is a child, but they are using an internet that was not designed for them.

“There are laws to protect children in the real world – film ratings, car seats, age restrictions on drinking and smoking. We need our laws to protect children in the digital world too.

“In a generation from now, we will look back and find it astonishing that online services weren’t always designed with children in mind.”

Her Office have given online service companies 12 months to comply.  We suspect after this time they may come down pretty hard on companies who don’t.

If you need any help in determining the modifications you need to make to your business, in light of the publication of the Age Appropriate Design Code (or if you just need some peace of mind), book your complimentary Zoom consultation with one of our specialists as soon as possible, to allow yourself plenty of time to implement any necessary changes.

Book your complimentary call with one of our data protection specialists or contact us:

Call: +44 (0)1673 88 55 33

Email: [email protected]






Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.