Children's code explained
By Information Commissioner's Office (ICO)
Published Loading...
N/A views
N/A likes
Introduction to the Children's Code
📌 The Children's Code (formerly Age Appropriate Design Code) sets out 15 standards for age-appropriate design for online services processing children's personal data (under 18).
⚖️ It translates the principles of the UK Data Protection Act 2018 and the UK GDPR into practical requirements for children's data.
🌍 The goal is to protect children online without blocking their access to vital online services, recognizing that one in five UK internet users is a child.
🕰️ The 12-month transition period for the code ends on September 2nd of the current year.
Scope and Legal Basis
🌐 The code applies to Information Society Services (ISS) likely to be accessed by children, including apps, online games, and streaming services, not just services directed at them.
✅ A service is covered if there is a "more probable than not" chance that a child will try to access it.
🛡️ Non-conformance with the code suggests that processing of children's data is unlikely to be fair or compliant with underlying data protection requirements.
The 15 Standards Framework
The 15 standards are grouped into three areas: Core Principles, Service Design, and Data Processing.
🧠 Core Principles: Include adhering to the best interests of the child (guided by UNCRC), mandatory Data Protection Impact Assessments (DPIAs), age-appropriate application, avoiding detrimental use of data, and data minimization (only gathering necessary data).
🛠️ Service Design: Emphasizes transparency (clear, accessible information), controlling geolocaction (off by default), respecting privacy when parental controls are active, avoiding privacy-eroding nudges, and ensuring online tools for data rights are prominent.
📊 Data Processing: Requires services to do what they say they do (policies match reality), setting non-core data processing to "off" by default, having a compelling reason to share children's data, and applying safeguards for profiling.
💡 The standards are flexible and risk-based; for instance, the required certainty of age verification should be proportionate to the data processing risks.
Actionable Steps for Compliance
1️⃣ Determine Scope: Data controllers must evidence why their service should *not* be "likely to be accessed by children" using content appeal and access measures analysis.
2️⃣ Start the DPIA: This is mandatory; it requires a detailed data map, identifying user journeys, and using the ICO's Children's Code harms framework to identify risks.
3️⃣ Develop a Transformation Plan: This plan should involve a multi-disciplinary group (DPOs, designers, engineers) and communicate changes to children and parents to champion responsible data use.
4️⃣ Transparency in Practice: Provide bite-sized explanations at the point of data activation and tailor privacy information to the specific age ranges using the service.
Key Points & Insights
➡️ The DPIA is a cornerstone of compliance, essential for anticipating and mitigating risks to children and demonstrating seriousness to regulators.
➡️ Services must only gather the data needed; collecting excess data "just in case" violates the data minimization standard.
➡️ For younger children, services should still encourage seeking advice from a trusted adult or parent regarding privacy settings, recognizing a dual audience for information.
➡️ Exemptions to the code may apply narrowly to certain public authority services (if not for remuneration or performing a public task) and in-person counseling services.
📸 Video summarized with SummaryTube.com on Feb 01, 2026, 12:14 UTC
Related Products
Find relevant products on Amazon related to this video
As an Amazon Associate, we earn from qualifying purchases
📜Transcript
Loading transcript...
📄Video Description
TranslateUpgrade
The ICO’s Age-Appropriate Design Code, or Children’s Code, is a new code of practice placing the best interests of children at the heart of online services.
This introductory webinar will discuss the 15 standards outlined by the code, and how organisations can meet them to ensure that the best interests of children are a primary concern when using their data. You will learn more about the packages of guidance and practical resources that the ICO has developed to support organisations to meet their obligations under the code, and have an opportunity to discuss the code with members of the ICO Children’s Code team.
This webinar was delivered on 6 May 2021 as part of the ICO's Data Protection Practioners' Conference
Full video URL: youtube.com/watch?v=L8U3r96f6UY
Duration: 45:34
Recently Summarized Videos
Total Video Summary Page Visits :2
Introduction to the Children's Code
📌 The Children's Code (formerly Age Appropriate Design Code) sets out 15 standards for age-appropriate design for online services processing children's personal data (under 18).
⚖️ It translates the principles of the UK Data Protection Act 2018 and the UK GDPR into practical requirements for children's data.
🌍 The goal is to protect children online without blocking their access to vital online services, recognizing that one in five UK internet users is a child.
🕰️ The 12-month transition period for the code ends on September 2nd of the current year.
Scope and Legal Basis
🌐 The code applies to Information Society Services (ISS) likely to be accessed by children, including apps, online games, and streaming services, not just services directed at them.
✅ A service is covered if there is a "more probable than not" chance that a child will try to access it.
🛡️ Non-conformance with the code suggests that processing of children's data is unlikely to be fair or compliant with underlying data protection requirements.
The 15 Standards Framework
The 15 standards are grouped into three areas: Core Principles, Service Design, and Data Processing.
🧠 Core Principles: Include adhering to the best interests of the child (guided by UNCRC), mandatory Data Protection Impact Assessments (DPIAs), age-appropriate application, avoiding detrimental use of data, and data minimization (only gathering necessary data).
🛠️ Service Design: Emphasizes transparency (clear, accessible information), controlling geolocaction (off by default), respecting privacy when parental controls are active, avoiding privacy-eroding nudges, and ensuring online tools for data rights are prominent.
📊 Data Processing: Requires services to do what they say they do (policies match reality), setting non-core data processing to "off" by default, having a compelling reason to share children's data, and applying safeguards for profiling.
💡 The standards are flexible and risk-based; for instance, the required certainty of age verification should be proportionate to the data processing risks.
Actionable Steps for Compliance
1️⃣ Determine Scope: Data controllers must evidence why their service should *not* be "likely to be accessed by children" using content appeal and access measures analysis.
2️⃣ Start the DPIA: This is mandatory; it requires a detailed data map, identifying user journeys, and using the ICO's Children's Code harms framework to identify risks.
3️⃣ Develop a Transformation Plan: This plan should involve a multi-disciplinary group (DPOs, designers, engineers) and communicate changes to children and parents to champion responsible data use.
4️⃣ Transparency in Practice: Provide bite-sized explanations at the point of data activation and tailor privacy information to the specific age ranges using the service.
Key Points & Insights
➡️ The DPIA is a cornerstone of compliance, essential for anticipating and mitigating risks to children and demonstrating seriousness to regulators.
➡️ Services must only gather the data needed; collecting excess data "just in case" violates the data minimization standard.
➡️ For younger children, services should still encourage seeking advice from a trusted adult or parent regarding privacy settings, recognizing a dual audience for information.
➡️ Exemptions to the code may apply narrowly to certain public authority services (if not for remuneration or performing a public task) and in-person counseling services.
📸 Video summarized with SummaryTube.com on Feb 01, 2026, 12:14 UTC
Related Products
Find relevant products on Amazon related to this video
As an Amazon Associate, we earn from qualifying purchases
Loading Similar Videos...
Recently Summarized Videos
Get the Chrome Extension
Summarize youtube video with AI directly from any YouTube video page. Save Time.
Install our free Chrome extension. Get expert level summaries with one click.