ICO launch call for evidence regarding children’s privacy online
Introduced by the Data Protection Act 2018, the code will provide guidance on the privacy standards that the Information Commissioner's Office (ICO) will expect organisations to adopt where they are offering online services and apps that children are likely to access and which will process their data. The Code will further the concept of data protection by design, which is a key feature of the new Data Protection Act and the General Data Protection Regulation (GDPR).
The commissioner will consider privacy settings and notices, and whether the language used is clear and easy to understand for young people at different stages of their development. The commissioner will assess whether automated profiling of children or the use of geolocation data might be appropriate, and the transparency of marketing, product placement and advertising. The commissioner will also look at the strategies used by sites and apps to personalise a child’s experience to encourage them to stay online longer, such as autoplay videos and the timing of social media notifications.
The call for evidence aims to gather views from providers of online services, child development experts, children’s advocacy services, academics and others with an interest in what the Code should say. Responses to this call for evidence must be submitted by 19th September 2018.
Further guidance on how the GDPR applies to children’s personal data can be found in the ICOs guidance Children and the GDPR. It may be useful to read this before responding to the call for evidence, to understand what is already required by the GDPR and what the ICO currently recommends as best practice.
The ICO will be undertaking a separate, direct consultation with children and parents/guardians, specifically targeted to their needs so they can gather best evidence to inform thinking. This blog post will be updated when further information is available.