Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

The Children’s code (or the Age appropriate design code) contains 15 standards that online services need to follow. This ensures they are complying with the their obligations under data protection law to protect children’s data online.

Online services covered by the code are wide ranging and include

  • apps;
  • games;
  • connected toys and devices; and
  • news services.

If children are likely to access your service, even if they are not your target audience or user, then you need to consider the Children’s code.

Who does the code apply to?

The code applies to “information society services likely to be accessed by children”. The definition of an ISS is “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”

What this means in practice is that most for-profit online services are ISS, and therefore covered by the code. This includes:

  • apps;
  • programs;
  • search engines;
  • social media platforms;
  • online messaging or internet based voice telephony services;
  • online marketplaces;
  • content streaming services (eg video, music or gaming services);
  • online games;
  • news or educational websites; and
  • any websites offering other goods or services to users over the internet.

Electronic services for controlling connected toys and other connected devices are also ISS.

If your online service is likely to be accessed by children under the age of 18, even if it’s not aimed at them, then you are probably covered by the code. This means you may need to make some changes to how you design your service and how you process personal data to ensure you conform with the code.

Does the code only apply to UK-based companies?

No. The code applies to UK-based companies and non-UK companies who process the personal data of UK children.

What do I have to do to conform with the code?

Things you may need to think about or implement are:

  • Mapping what personal data you collect from UK children.
  • Checking the age of the people who visit your website, download your app or play your game.
  • Switching off geolocation services that track where in the world your visitors are.
  • Not using nudge techniques to encourage children provide more personal data.
  • Providing a high level of privacy by default.

Further help and resources are available on our additional resources page