Blog details

Children’s Code compliance called to question by the ICO

Children’s Code compliance called to question by the ICO

Children’s Code compliance was called to question by the ICO after an online child safety charity raised questions about various companies.


The ICO has written to Apple and Google for clarification on their process of determining age ratings for apps available in the App Store and Google Play respectively. Since the introduction of the Children’s Code, it has been a top priority to ensure children’s privacy, protection and safety online. Recently, concerns were raised by an online child safety charity,5Rights Foundation which caused the UK Information Commissioner to call into question the tech giants’ assessment of the apps as reported by TechCrunch.


After systemic breaches were discovered by the 5Rights Foundation, The ICO has called on Apple and Google to clarify their determination process for app age ratings.


The charity conducted research over the summer and found systemic breaches which included insufficient age assurance, mis-advertisement of minimum ages for games on app store, the use of dark patterns and nudges, data-driven recommendations that create risks for children a routine failure to enforce community standards, low default privacy settings, among others. A letter was then written to the UK’s Information Commissioner expressing concern over the safety of children using these platforms and their respective apps. In a recent statement, the Information Commissioner expressed that the office of the ICO is currently conducting an “evidence gathering process to identify conformance with the code, and thus compliance with the underlying data protection law”.


The Information Commissioner, Elizabeth Denham has written in response to the 5Rights Foundation stating “In this process, the ICO is taking a systemic approach; we are focusing our interventions on operators of online services where there is information which indicates potential poor compliance with privacy requirements, and where there is a high risk of potential harm to children.” In this letter the Information Commissioner also reported that the ICO has contacted Apple and Google “to enquire about the extent to which the risks associated with the processing of personal data are a factor when determining the age rating for an app”.


Close to 50 companies are currently being called to answer on their Children’s Code compliance.


The ICO has not only written to Apple and Google on this matter, but has also written to a total of 40 organizations across the three tech sectors which are considered to present the highest risk for kids – social media or messaging; gaming, and streaming platforms. This is in an effort “to determine their standards of conformance individually”. The ICO intends to write to nine more companies following the highlighting of other concerns by the charity. The full list of companies being targeted with questions on Children’s Code compliance has been published neither by the ICO, nor 5Rights Foundation. However, most of these companies have already been contacted.


The 5Rights Foundation is calling on the ICO to ensure Children’s Code compliance in practice.


While the Children’s Code came into force on September 2nd, the standards were published well over a year ago, providing a grace period during which companies were expected to come into compliance.The 5Rights Foundation has expressed concern that the Code may be misinterpreted a handful of safety measures, rather than a requirement for a holistic re-design of the systems and processes of services ensuring their data collection practices are in the best interests of children. The foundation reiterated in its letter that “If the Code is to have real value in protecting children’s safety and rights in the digital environment, the ICO must make sure that it is respected in practice.”






Does your company have all of the mandated safeguards in place to ensure the safety of Children who may use your website or app? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Prev post
Privacy class action lawsuit against Google halted by UK Supreme Court
November 18, 2021
Next post
Whatsapp privacy policy updated after record fine of €225 million
November 25, 2021

Leave a Comment