As many as 1 in 3 internet users are children and Ofcom has reported that around a quarter of 5-7 year olds own a smart phone. Children's online activities raise significant privacy risks, which are now in the regulatory spotlight.
The UK was one of the first countries to act, launching the Children's Code in 2020, and since then, Children's Codes have been implemented in California and the Netherlands and proposed in Australia. Ireland has adopted the "Children's Fundamentals", and Singapore issued Advisory Guidelines on children's data. In addition, the European Commission adopted a better internet for kids (BIK+) strategy.
In recent months, regulatory momentum in the UK has increased. In August, the Information Commissioner's Office ("ICO") warned 11 social media and video sharing platforms to make improvements in their handling of children's data, or face enforcement action. We are also increasingly seeing active enforcement in this space, in the UK, the EU, and beyond, which has included some significant fines.
In order to support compliant processing of children's data, most online services likely to be accessed by UK children (under 18) are expected to address the 15 standards set out in the Children's Code. The ICO must take this into account when considering if a relevant online service has complied with its data protection obligations.
The ICO Children's Code Strategy for 2024/25 indicates that children's data will remain a regulatory priority, especially in respect of the following priority areas:
Online service providers are advised to check their compliance in this area.