Grant funding for the development of a new assurance scheme for consumer IoT (Internet of Things) products aimed at protecting children using internet-connected toys has been awarded to a Stockport-based technical auditing company.
How you can prepare for the Age Appropriate Design Code?
The Age Appropriate Design Code came into force on 2nd September 2020 and has a 12-month transitional phase, meaning those organisations that it applies to must conform by 2nd September 2021 – a mere six months away! If you are confused as to whether the changes apply to your business, the ICO has stated that if anyone under the age of 18 is likely to access your online products or services, you must review your policy.
With stories about misuse of online data rife at the moment, there’s no doubt in anyone’s mind how necessary it was to introduce the Age Appropriate Design Code (AADC) last year. For those that aren’t sure, the AADC is a statutory code of practice, prepared by the ICO (Information Commissioner’s Office), designed to address the handling of children’s personal data online.
The Code ensures children’s data is protected when they are using games, apps, connected toys and programmes as well as search engines, social media platforms and websites offering goods or services over the internet. Before its introduction, nothing was stopping organisations from storing children’s data and using it to shape content they would be more likely to be influenced by and engage with.
The AADC came into force on 2nd September 2020 and has a 12-month transitional phase, meaning those organisations that it applies to must conform by 2nd September 2021 – a mere six months away! If you are confused as to whether the changes apply to your business, the ICO has stated that if anyone under the age of 18 is likely to access your online products or services, you must review your policy.
Why the code is so important right now?
As one of the most vulnerable groups in society, it’s important that children are protected against any potential persuasive or damaging content. We know that many parents are concerned about their children online. Echoing this, we recently commissioned some research and found 56% of parents with children under the age of 16 are concerned that tech companies have access to too much of their children’s personal data. Furthermore, 56% are worried about the amount of time their child spends online, a statistic only heightened by the Coronavirus pandemic, with 72% admitting that recent lockdowns have led to a surge in their child’s screen time.
It can be daunting to know where to start in making sure your organisation complies with the AADC. Consisting of 15 standards, those with developed privacy programmes such as data minimisation and restrictions on data sharing will be familiar with some of the points included. However, it is worth studying each one as there are some significant changes included which will change the way many companies can store data and the content they can use. To help you out, we’ve pulled together some of our top tips to help you best prepare for when the Code comes into force.
- Identify your audience
A good place to start is to determine your audience and the steps you have in place to identify/protect children should they visit your site. If you don’t want your site to be visited by children at all, you should make sure you have elements such as neutral age-screens and cookies that show the demographic of the person visiting your site, including age. For very high-risk activity, it can be worth hiring a third-party age verification service to check ages/collect ID solely for age verification purposes. A registry of systems that we have independently certified can be found here. - Child-friendly privacy disclosures
Moving forward, child-friendly privacy disclosures should be worked into websites. Often, it can be confusing for a child to understand a privacy policy so it can be good to ask yourself, if you were a child, would you understand your privacy policy? Consider including diagrams, cartoons and eye-catching graphics, as well as bite-sized explanations, to help younger users understand what they are agreeing to. You can even include messaging asking children to read through the policy with their parents before agreeing to it, to add extra reassurance. - Switch off optional data collection/sharing settings
Another simple way to comply with the Code is to make sure all optional data collection/sharing settings are switched off by default for all under-18 users in the UK. This includes any extra analytics and personalisation features that cannot be classed as part of your organisation’s core service. To find out if a user is under 18, ask them to input their date of birth upon entering the site. - Certification schemes
If you think you’d benefit from professional help, we are now taking initial enquiries for certification of adherence to the Code. This should be a quick and easy process and can provide added reassurance that you are doing everything you can to be compliant under the new rules. - Data Protection Impact Assessment (DPIA)
The Code requires all companies to document their compliance through a Data Protection Impact Assessment (DPIA). You can find a sample DPIA template online as part of the Code. A key requirement for an effective DPIA is to make sure you are consulting with parents and children to get their feedback on how they use your services and whether they fully understand the privacy policy you have in place. This can help you shape what needs to be done to improve your current policy and it is encouraged you host regular feedback sessions as you add more features to your website to make sure they are as compliant as possible.
You can register interest in our scheme, without obligation to proceed at ageappropriatedesign.accscheme.com
Whilst the Code presents a number of new challenges for organisations to overcome, now is the best time to make sure you fully understand the changes that will need to be made and how to make them so you are ready for 2nd September 2021. It can be daunting to begin with; however, complying with these rules and regulations will become even more imperative as we move towards a safer society that prioritises the protection of children online.
The UK Home Office have issued a call for proposals from innovators or alcohol licence holders for trials of technological innovations for age verification and the Age Check Certification Scheme is offering its services as an independent evaluation provider for this Regulatory Sandbox.
Implement a Mystery Shopping Test Purchase Programme to go hand in hand with your own audits, and protect your business.
We’re aiming for significant growth in 2021 after having secured a funding boost of £380k from NPIF – Maven Equity Finance, managed by Maven and part of the Northern Powerhouse Investment Fund (NPIF).
Customer and age verification plays a key part in the current iteration of the Gambling Act, and will continue to do so in any revised versions. Find out more on how bingo operators can achieve high standards of age check compliance and security.
Mystery Shopping and Audits Franchise Opportunity!
We are now expanding and we have a variety of new franchise opportunities right now in locations across Europe. If you want to join with us as we continue our expansion, we would like to hear from you.