New ICO guidance on services 'likely to be accessed by children'

The Information Commissioner’s Office (ICO) has issued new, draft guidance regarding when an information society service is 'likely to be accessed by children'. The guidance is aimed at the assessment of services which are not intended for use by children, but which may in reality be accessed by children, for the purposes of considering whether the ICO's Children's Code applies to these services. The guidance is made up of FAQs, examples of 'factors' to consider and case studies, all aimed at enabling organisations to assess whether children form a 'substantive and identifiable user group' of their service. A consultation on this new guidance will remain open until 19th May.

The guidance suggests a fairly holistic approach, taking into account a number of factors, rather than focusing only on hard data, such as the number of child users. The ICO also reminds organisations to maintain a record of its assessment and to keep this under regular review.

Interestingly the guidance touches on the hot topic of 'age assurance', noting that an age-gating page will not be within the scope of the code if it is compliant with data protection legislation. However, it does not address the ever-challenging question of what such 'compliance' might look like in practice. Notably, if an age-gating mechanism is effective in stopping under 18s from accessing a service, the code will not apply to the service.

Overall, the draft guidance isn't particularly ground-breaking, but it does serve as a useful and practical reference point for those organisations providing services targeted at adults, which may also appeal to children, as to whether the code is likely to apply to them. It also provides a helpful reminder that the ICO recognises that the Children's Code is broad in its application and that it is possible to conform with it in a 'risk-based and proportionate manner'.