Wed 21 Sep 2022

One year on: Has the introduction of the ICO's Children's Code been worthwhile?

One year since the inception of the Children’s Code, the Information Commissioner’s Officer (ICO) has marked the anniversary and celebrated its success thus far. According to the ICO, “children are better protected online in 2022 than they were in 2021”. This is a good opportunity to remind ourselves what exactly the Children’s Code is, how it has improved the way in which children are treated online, and how it is paving the way for future international reform.

What is the Children’s Code?

On 2 September 2021, the Children’s Code (also known as the Age Appropriate Code) was introduced to the UK to protect children from viewing harmful and inappropriate content online. The code was catalysed by a number of campaigners who argued that children were not adequately protected from harmful viewing material on a number of online sites and social media platforms.

It is effectively a code of practice and contains 15 standards that online services are obliged to follow. It includes online services which are readily accessed by children, such as apps, games, news outlets and social media platforms to guarantee that children’s privacy and personal data are protected within the digital landscape. Complying with these standards guarantees that duties under data protection law to protect children’s online data are met.

The ICO provides that “the code applies to UK-based companies and non-UK companies who process the personal data of UK children”. It is important to note the international reach of the Children’s Code.

Positive impact

The implementation of the code has influenced a number of well-known social media platforms, gaming sites and video streaming sites to review and transform the way in which they protect children from accessing harmful content on their sites.

Social media giants Facebook and Instagram have been influenced to change their ways and afford more protection to children in the digital world. Both platforms have limited targeting to age, gender and location for those under the age of 18. If it is detected that users are under the age of 13, the accounts are automatically deleted. If someone cannot prove that they are over the age of 13, or repeatedly enter different birthdays, the account is removed. Furthermore, if an Instagram account is detected to be used by a person under the age of 18, the account is automatically made private.   

YouTube and Instagram have installed new features like “take a break” and set default “bedtime” reminders to urge young people under 18 to manage their time on these apps. The hugely popular app TikTok has also turned notifications off at bedtime in a bid to prevent harm.

Google has also made changes to improve its services by enabling anyone under the age of 18 (or their parent or guardian) to request that images are removed from searches. Location history of under 18s has also been disabled.

Although it is only a year old, the Children’s Code has ignited worldwide action and has paved the way for international reform. In California, the Age-Appropriate Design Act was passed on 2 September 2022 – exactly one year since the UK’s code went live; effectively mirroring the ICO’s work. UNICEF is also looking to see how these protections can be globally panned out, whilst Canada and Australia are also reviewing their current data protection practices. Not only has the code had a positive impact in the UK, but it has instilled change and allowed countries to review their position on providing children with sufficient protection in the digital world. However, the work does not stop there and many would argue much remains to be done.  

As it currently stands, nine large firms are currently being audited on whether they have breached the code, and the ICO is currently reviewing 50 online services. The Information Commissioner, John Edwards, is currently investigating four large social media and tech firms for potential breaches of the code – the first of its kind. If these firms are found to have breached the code, they could face fines in excess of £17.5 million, or 4% of their global turnover (for beach of data protection laws), as well as other sanctions. It is expected that judgments will be made on whether the firms did breach the code in the coming weeks.

This article was co-written by Katie Morrison, Trainee Solicitor.

Make an Enquiry

From our offices we serve the whole of Scotland, as well as clients around the world with interests in Scotland. Please complete the form below, and a member of our team will be in touch shortly.

Morton Fraser MacRoberts LLP will use the information you provide to contact you about your inquiry. The information is confidential. For more information on our privacy practices please see our Privacy Notice