Blog details

The UK’s ICO Publishes Age Appropriate Design Code

The UK’s ICO Publishes Age Appropriate Design Code

The ICO has published a new Age Appropriate Design code to protect childrens privacy online.


On January 21, the ICO published its final version of the Age Appropriate Design Code. This comes months after the ICO’s completion of a wide-ranging public consultation and engagement period which included meetings with individual organisations, trade bodies, industry and sector representatives, and campaigners.


The first of its kind, the ICO says this new code sets out 15 standards expected of those responsible for designing, developing or providing online services like apps, connected toys, social media platforms, online games, educational websites and streaming services. Additionally the ICO notes that this new Age Appropriate Design code covers services likely to be accessed by children and which process their data. Rooted in the GDPR, the code also gives practical guidance on data protection safeguards that ensure online services are appropriate for use by children.


“The code will require digital services to automatically provide children with a built-in baseline of data protection whenever they download a new app, game or visit a website. That means privacy settings should be set to high by default and nudge techniques should not be used to encourage children to weaken their settings. Location settings that allow the world to see where a child is, should also be switched off by default. Data collection and sharing should be minimised and profiling that can allow children to be served up targeted content should be switched off by default too,” expounds the ICO.


“The code says that the best interests of the child should be a primary consideration when designing and developing online services.”


At this current stage, the ICO’s first ever Age Appropriate Design Code has been submitted to the Secretary of State and is expected to be laid in Parliament sometime this year. After that, organisations will have 12 months to update their practices before the code comes into full effect which the ICO projects will occur by autumn 2021.



Does your company offer online services likely to be accessed by minors? If so, it will be imperative that you adhere to the UK Data Protection Code once it is effected. Aphaiadata protection impact assessments and Data Protection Officer outsourcing will assist you with ensuring compliance.


Prev post
Employer/ Employee relations : A GDPR perspective
January 29, 2020
Next post
La ICO publica su Código de diseño apropiado a la edad
January 31, 2020

Leave a Comment