Blog details

Tips for game designers from the ICO on Children’s code compliance

Tips for game designers from the ICO on Children’s code compliance

The ICO has published tips for game designers on how to comply with the children’s code.


In the UK, the Children’s code governs all online services that are likely to be accessed by children. This code was put in place to protect the UK’s minor population within the digital world. As games are one of the services more likely to be accessed by children, the ICO has undertaken an audit on game design companies to gain a level of comprehension on how the children’s code affects, and is affected by, factors within the gaming sector. From the outcome of this audit, the ICO has been able to outline what steps gaming companies should take to ensure compliance with the Children’s code. The ICO has published these tips to help guide game designers maintain compliance


The ICO has reiterated the importance of age verification in the design of games and their sign-up processes.


The ages of users, or players of a game must be known. Game designers are expected to identify UK players which are under 18 with an appropriate level of certainty. Companies should assess and document how they will identify players under 18, and investigate possible solutions to provide greater levels of certainty for age assurance. Measures should also be put in place to prevent players from falsifying their ages. The ICO provides suggestions on how to prevent false declarations of age. One example is implementing a cool off period, Which prevents a user from re-entering the sign-up process and providing a different date of birth within a certain time frame.


The ICO recommends conducting a Children’s Rights Impact Assessments to minimize data protection risks within games.


The ICO recommends risk assessments to minimize data protection risks within games and protect the rights and freedoms of children. Any risk assessment should include the consultation of external stakeholders including children. In particular, the ICO recommends a Children’s Rights Impact Assessment. These assessments should be regularly reviewed even after a game goes live. If any unexpected age groups have been found to be playing the game, there should be necessary adjustments in risk assessments.


Transparency and parental controls are key building blocks to trust in games and their designs.


Transparency and parental control are paramount to establishing and maintaining trust between parents and children and game designers. User research should be done to test child friendly privacy information with various age groups. Transparency information should be displayed based on a user ability rather than age. The ICO highlights that players should be given age-appropriate explanations and prompts in particular, whenever an attempt is made to change any privacy settings. The ICO also recommends giving parents real time alerts about their children’s activities, where this is in the child’s best interest. In general, the ICO echoes the importance of only processing children’s data when necessary and in ways that are not detrimental to their health or wellbeing.

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.

Prev post
La Comisión Europea publica el marco de referencia para la Cartera Digital Europea
February 16, 2023
Next post
Recomendaciones de la ICO para diseñadores de juegos en relación con el Código de los Niños
February 21, 2023