As a result, and in addition to the code itself, the ICO is preparing a significant package of support for organisations.
The code is the first of its kind, but it reflects the global direction of travel with similar reform being considered in the USA, Europe and globally by the Organisation for Economic Co-operation and Development (OECD).
Ms Denham said:
“The ICO’s Code of Practice is the first concrete step towards protecting children online. But it’s just part of the solution. We will continue to work with others here in the UK and around the world to ensure that our code complements other measures being developed to address online harms.”
The Secretary of State will now need to lay the code before Parliament for its approval as soon as is reasonably practicable.
Before that, the Government intends to notify the European Commission of the code under the requirements of the Technical Standards and Regulations Directive 2015/1535/EU, and observe the resultant 3 month standstill period. Any queries about this referral process should be directed to DCMS press office at enquiries@culture.gov.uk. This is because the obligation to notify the European Commission falls upon the UK as a Member State of the European Union, rather than on the ICO, and is therefore a matter for Government.
Once the code has been laid it will remain before Parliament for 40 sitting days. If there are no objections, it will come into force 21 days after that. The code then provides a transition period of 12 months, to give online services time to conform.
The next phase of the ICO’s work will include significant engagement with organisations to help them understand the code and prepare for its implementation.
Changes to the code as a result of consultation
Key changes include:
- Clarification of the need to adopt a risk-based and proportionate approach to age verification
- Clarification of what services are considered to fall within the code because they are “likely to be accessed by children”
- Clarified our approach to enforcement as risk-based and proportionate
- FAQs specific to the media industry
- The introduction of a 12 month transition period – the maximum allowed.
A full summary of the ICO’s response to consultation feedback is attached to this media pack.
Background to the code
The Government included provisions in the Data Protection Act 2018 to create world-leading standards that provide proper safeguards for children when they are online.
As part of that, the ICO is required to produce an age-appropriate design code of practice to give guidance to organisations about the privacy standards they should adopt when offering online services and apps that children are likely to access and which will process their personal data. (A link to the Parliamentary debate, led by Baroness Kidron, is here.)
The standards in the Code were backed by existing data protection laws which are legally enforceable and regulated by the ICO. The regulator has powers to take action against organisations that break the law including tough sanctions like orders to stop processing data and fines of up to £17million or 4% of global turnover.
The first draft of the code went out to consultation in April 2019. It was informed by initial views and evidence gathered from designers, app developers, academics and civil society. You can read the responses here.
The ICO also sought views from parents and children by working with research company Revealing Reality. The findings from that work are here.
General information about the ICO
The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR) and Privacy and Electronic Communications Regulations 2003 (PECR).
Since 25 May 2018, the ICO has the power to impose a civil monetary penalty (CMP) on a data controller of up to £17million (20m Euro) or 4% of global turnover.
Pages: 1 · 2
More Articles
- Rose Madeline Mula Writes: I’ve Got A Secret – NOT!
- Senate Commerce Subcommittee Set ... Protecting Kids Online: Testimony From a Facebook Whistleblower
- Winterthur's Digital Collections: Boston Furniture, Spode, Patriotic America, Silversmith's Marks, Garden Collection and Soup Tureens
- Some of Representative John Lewis' Most Recent Statements: "The Conscience of Congress"; Former President Barack Obama on Lewis' Death
- Origins and Development, The Senate's Impeachment Role
- A Pew Research Report: Most Americans Find Cohabitation Acceptable, Even for Couples Who Don’t Plan to Get Married
- Julia Sneden's Magic Moments at the End of Summer
- If You Have Any Variety of Smart Beds, Sleep Apps Or Mattress Pads, They Know When You Sleep, Toss and Turn and May Be Able to Tell When You're Having Sex
- Elaine Soloway's The Hometown Rookie: Clubhouse, Nomad and Omen Chapters
- The PBS Mystery of Mrs. Wilson: It Begs the Question What Do We Actually Know About Our Partners