The ICO has outlined the Children’s Code standards on use of their online data.
The ICO has recently put the limelight on the Children’s Code standards to give greater clarity to organizations regarding their use of children’s data. For online businesses, there are a few important points to keep in mind. In all actions taken by organizations operating online, children’s best interest should be given prime consideration per the United Nations Convention on the Rights of the Child (UNCRC). Children’s Code standards include several guidelines on how best to collect and handle children’s data, as well as provide the best level of protection for children against abuse and other forms of exploitation.
The Children’s Code standards outline several measures which must be taken in order to protect children and their data.
Children should be kept safe from any commercial exploitation, including personalized features for revenue, personalized advertisement, use of children’s data for monetization, and age-inappropriate and fraudulent products. Businesses should also abide by standards set by the Committee of Advertising Practice. Children should always be protected from abuse when they interact with others. These organizations are expected to prevent all automated data sharing on children, to ensure that their data will not end up in the hands of any exploitative individual or organization. It is recommended to use high privacy settings and make sure that children are informed on how their data is being used.
Children should remain protected from misinformation, while understanding and controlling the information they share with others.
Moreover, according to UNCRC, children have the right to unbiased information so they can ensure that their best interests remain protected. They should be protected from misinformation. In addition to these, the UNCRC also provides for the right to play for children. Children’s data can therefore be used for improving child-friendly gameplay. However, children should have the freedom to join and leave groups on their own will and without consequence. Children should be aided in understanding and controlling the information they share with others.
Organizations are required to remain up to date with guidance from the ICO with regards to dealing with children’s data.
All online organizations and services are prohibited from using children’s personal data in a way that is detrimental to their wellbeing. For this purpose, they are required to conform to all detrimental use standards set under UK GDPR, industry code, regulatory provisions, and government advertisement. They are expected to give timely updates. Online businesses, before marketing, should ensure that they follow all guidelines issued by the ICO as well. Businesses are expected to implement various codes of practice and the relevant provisions from the ICO, from time to time, outlined in its blogs.
Companies who collect data from children should adhere to the principle of data minimisation and only use data in the ways in which it was intended.
When collecting data from children, online businesses are also expected to collect only the least amount of data that serves the purpose for the limited time frame. The collection should be isolated for each element of service while the children should be empowered to decide which element they want. Companies should avoid using data for other purposes particularly when it is used for personalized user experience.
Observing these guidelines while handling children’s personal data is imperative to fulfilling basic obligations towards children under the law and avoiding any sanctions.