ICO's Children's Code Strategy for 2024-2025
The Information Commissioner’s Office (ICO) has recently published its Children's Code Strategy for 2024-2025 which sets out the ICO’s priorities for protecting children's privacy online.
The ICO's Children's Code Strategy develops further the Children’s Code which was introduced in September 2021. The Children’s Code required online services, including websites, apps, and games, to provide better privacy protections for children.
The ICO's strategy for 2024-2025 focuses on social media and video-sharing platforms and lists the following priorities that such platforms must improve:
- Default Privacy and Geolocation Settings: Children's profiles must be private by default and geolocation settings must be turned off by default. This is to prevent misuse of location data that could compromise children's physical safety or mental wellbeing.
- Profiling Children for Targeted Advertisements: Unless there is a compelling reason, profiling for targeted advertising should be off by default. This is to prevent potential financial harms where adverts encourage in-service purchases or additional app access without adequate protections.
- Using Children’s Information in Recommender Systems: The ICO is calling on social media and video-sharing platforms to assess and understand the potential data harms to children on their platforms via recommender settings, and to take steps to mitigate them. For example, algorithmically produced content feeds may use information such as behavioural profiling and analysis of children’s search results. These feeds could result in unsuitable content including self-harm, suicide ideation, misogyny or eating disorders. The ICO also notes that recommender systems could lead to increased use of a platform by a child which in turn results in increased sharing of that child’s data with the platform.
- Using information of children under 13 years old: Children under the age of 13 cannot consent to an online service processing their personal information; parental consent is required. Therefore, the ICO stresses the importance for platforms to consider how consent is obtained in practice and how age assurance technologies might be used to assess users’ ages and apply protections appropriately.
Our Views
Organisations processing personal data relating to children online should consider the priorities outlined by the ICO and take practical steps in line with the ICO’s Children’s Code Strategy to minimise the risks identified by the ICO.
Read the other topical articles from our Spring Data Protection Update:
Get in touch
The content of this page is a summary of the law in force at the date of publication and is not exhaustive, nor does it contain definitive advice. Specialist legal advice should be sought in relation to any queries that may arise.
Related expertise
Other related news & articles
Contact us today
Whatever your legal needs, our wide ranging expertise is here to support you and your business, so let’s start your legal journey today and get you in touch with the right lawyer to get you started.
Get in touch
For general enquiries, please complete this form and we will direct your message to the most appropriate person.