The Commissioner’s Children’s Code

This commissioners children’s code was created to address how to design data protection safeguards into online services. Thus to ensure they are appropriate for use by children and minors. Firstly It reflects the increasing concern about the position of children in society. Highlighting current affairs and the risks posed by a modern digital world in particular. There is agreement and general consensus within the UK, that much more needs to be done to create a safe online space for our children to learn, explore and play. This code achieves this not by seeking to protect children from the digital world, but by protecting them within it.

The following document is designed for businesses, outlining key features of the code to ensure your online services appropriately safeguard children’s personal data. A full code of practice has been published by the relevant supervisory authority, outlining how to implement data protection within the parameters of this legislation. You should follow the code to help you process children’s data fairly, transparently, and lawfully. It will also enable you to design services that comply, and demonstrate compliance, with the GDPR or DPA18 and PECR as discussed in my last blog. If you do not follow this code, you are likely to find it more difficult to demonstrate your compliance with the law, increasing your chances of non-compliance and the ICO taking regulatory action against you.

Who does it apply to?

Providers of information society services (ISS)

If you are a small business with a website, your website is an ISS if you sell your products online, or offer a type of service which is transacted solely or mainly via your website without you needing to spend time with the customer in person. This code applies to “information society services likely to be accessed by children” in the UK. This includes: “Section 123 of the DPA 2018” 

  1.  Apps
  2.  Programs
  3.  Connected toys and devices
  4.  Search engines
  5.  Social media platforms
  6.  Streaming services
  7. Online games
  8.  News or educational websites and websites offering other goods or services to users over the internet.

What the commissioners children’s code means for you:

Essentially, this means that most online services are ISS, including apps, programs and many websites including search engines, social media platforms, online messaging or internet based voice telephony services, online marketplaces, content streaming services (e.g. video, music or gaming services), online games, news or educational websites, and any websites offering other goods or services to users over the internet. Electronic services for controlling connected toys and other connected devices are also ISS. These services are covered even if the ‘remuneration’ or funding of the service doesn’t come directly from the end user. For example, an online gaming app or search engine that is provided free to the end user but funded via advertising still comes within the definition of an ISS. This code also covers not-for-profit apps, games and educational sites, as long as those services can be considered as ‘economic activity’ in a more general sense

The Commissioner’s Children’s Code:

Therefore this regime requires you to take a risk-based approach when you use people’s data, based on certain key principles, rights and obligations. This code supports compliance with those general principles by setting out specific protections you need to build in when designing online services likely to be accessed by children, in line with Recital 38 of the GDPR:

What happens if you don’t conform to the GDPR standards in this code?

In summary you don’t conform to the standards in this code, you are likely to find it more difficult to demonstrate that your processing is fair, transparent and complies with the GDPR, DPA18 and PECR. If you process a child’s personal data in breach of the GDPR or PECR, The UK Information Commissioners Office can take monetary action against you. For serious breaches of the data protection principles, The ICO have the power to issue fines of up to £17.5 million or 4% of your annual worldwide turnover, whichever is higher. Their approach to using these powers will take in to account the risks to children that arose from your data processing, and prior efforts you have made to conform, comply to and implement GDPR , DPA18 , PECR to the standards in this code.

Are you a small to medium sized business? 

Do you feel that your company could benefit from our data protection consultancy? Or would you like to speak with one of our data protection officers, for a more in-depth chat around how we can help your business with GDPR compliance , PECR compliance , Outsourced DPO services , ISO Certification, overall maintenance and implementation of a data protection compliance strategy.

Compliance Direct Solutions Ltd are your trusted data-day data protection partners.

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/childrens-information/childrens-code-guidance-and-resources/introduction-to-the-childrens-code/#:~:text=The%20Children’s%20code%20(or%20the,to%20protect%20children’s%20data%20online.