Social media sites, games, and other online services won’t be allowed to “nudge” British kids into revealing personal details or lowering their privacy settings, under tough new rules drawn up by the country’s privacy regulator.
The set of standards aimed at protecting children’s online privacy were released on Jan. 22 by the Information Commissioner’s Office for Parliament’s approval.
“There are laws to protect children in the real world—film ratings, car seats, age restrictions on drinking and smoking. We need our laws to protect children in the digital world too,” Information Commissioner Elizabeth Denham said. “In a generation from now, we will look back and find it astonishing that online services weren’t always designed with children in mind.”
Tech companies won’t be able to use “nudge techniques,” such as making one option appear easier than the alternative, to encourage kids to provide unnecessary personal data or weaken or turn off their privacy protections. They'll also have to verify a user’s age or instead apply the code’s standards to all users.
Sharing or broadcasting a child’s location should be off by default, so should profiling kids for so-called behavioral advertising, the new rules say. Other requirements include collecting and holding a “minimum amount” of personal data and making “high privacy” settings the default. Online services should take children’s best interests into account and shouldn’t use their data to auto-recommend harmful content like videos advocating suicide or anorexia.
The “age appropriate design code” has 15 standards in all that must be met by apps, connected toys, social media platforms, online games, educational websites, and streaming services. They apply to any online service likely to be used by a child and to any companies offering their services in the UK.
Violators face punishment including, in serious cases, fines worth 4 percent of a company’s global revenue, which for the Silicon Valley giants like Facebook would equal billions of dollars.
Once Parliament gives its approval, companies will get a 12-month transition period to adapt to the new rules. They’re expected to come into full effect by autumn 2021.
Tech companies are coming under increasing pressure to tighten up online protection for young people, with authorities in the United States, Ireland, and elsewhere also working on updating their rulebooks.