September 2, 2022 | 1 minute read

The Age Appropriate Design Code one year on

Get in touch

Faye Harrison

Senior Associate

Get in touch

Faye Harrison

Senior Associate

A blog post by the ICO marking the one year anniversary of the introduction of the Age Appropriate Design Code (AADC) in the UK, serves as an important reminder to providers of online services of the current focus of the ICO and other data protection authorities on children's privacy.

The ICO highlights that it has been looking into the AADC compliance efforts of over 50 providers of online products and services, with a number of these leading to ongoing investigations and audits. There is a clear focus by the ICO on social media, gaming and streaming services; organisations in these sectors in particular should therefore be thinking about reviewing their compliance efforts to help reduce the risk of becoming the ICO's next target. We continue to work with many of our clients to review and update their AADC compliance, as well as helping them to navigate tricky questions from the ICO and to keep up to date with global updates in the child privacy space.

The ICO blog post reiterates that the AADC applies to services that are 'likely to be accessed by children' and not just those that are specifically directed at children. This is an important consideration for providers of online services who intend their services to be for over 18s only, where in reality these services are also being used by children.

The ICO also gives a number of examples of the success of the AADC since its introduction last year, highlighting changes made by the big tech platforms and an overall trend towards better protection for children's privacy, which can only be a good thing. Notably, whilst the UK has somewhat lead the charge by introducing a statutory code for the protection of children's personal data, we are now seeing a number of other countries following suit, including the Irish DPC publishing its children's 'Fundamentals' towards the end of last year and the development of a Californian code, which is closely based on the AADC. This is clearly an area where we will continue to see developments over the next few years and which should be firmly on the radar of providers of online services, where these are used by children and teens.

The code applies to any service being used by children living in the UK, and we have seen changes by companies around the world. We have also seen other countries strengthening the protections they provide for children, inspired by our work. These include the recently proposed California Age Appropriate Design Code Bill, which uses the ICO’s Children’s code as a template, while Unicef are looking at how protections can be brought in globally. Organisations providing online services and products likely to be accessed by children must abide by the code or face tough sanctions. The ICO are currently looking into how over 50 different online services are conforming with the code, with four ongoing investigations. We have also audited nine organisations and are currently assessing their outcomes.