August 12, 2019

Information Commissioner, Elizabeth Denham, reports that good progress is being made on producing a code that will translate General Data Protection Regulation (GDPR) requirements into design standards for online services. She explains that the code aims “not to protect children from the digital world, but instead protect them within it”.

Ms Denham notes that the consultation on the proposed code began in April, and prompted more than 450 written responses, as well more than 40 meetings with key stakeholders. For all the responses to the consultation, Ms Denham observes that few argued against the need to have a code that truly supports and protects children’s online experiences.

Ms Denham explains that there are many examples of how children’s personal data is used to persuade and cajole them into staying online. The GDPR already sets out rules on how data can be used and the importance of protecting children. The code will “make the requirements clearer and help designers and developers understand what is expected of them”.

Ms Denham acknowledges that delivering the standards set out in the code will “bring challenges for the tech, e-gaming and interactive entertainment industries”.

Ms Denham says that the consultation has helped to ensure that the final code will be “effective, proportionate and achievable”. It has also flagged the “need to be clearer on some standards”.

The ICO does not want to see an age-gated internet, where visiting any digital service requires people to prove how old they are. The aim has never been to keep children from online services, but to protect them within it. The ICO essentially wants providers to set their privacy settings to “high” as a default, and to have strategies in place for how children’s data is handled.

Ms Denham says that the code will not affect news websites. “The news media plays a fundamental role in children’s lives and the final version of the code will make that very clear”, she says.

That final version of the code will be delivered to the Secretary of State ahead of the statutory deadline of 23 November 2019.

The ICO recognises the need to allow companies time to implement the standards and ensure they are complying with the law. The law allows for a transition period of up to a year and the ICO will be considering the most appropriate approach to this, before making a final decision in the autumn. In addition to the code itself, the ICO is also preparing a “significant package to ensure that organisations are supported through any transition period, including help and advice for designers and engineers”.

Finally, Ms Denham says that her office is “working hard to produce a code that encourages future creativity and improvement, while protecting the privacy of the tech innovators of tomorrow”. To read the blog post in full, click here.