Professional Documents
Culture Documents
default
Published
5 hours ago
Others who must conform to the code include educational websites, streaming services
that use, analyse and profile children's data and the makers of connected toys.
'Well-intentioned'
The ICO has the power to fine firms up to 4% of their global turnover if they breach data
protection guidelines. The organisation has previously said it will take more severe
action when it sees harm to children.
In September last year, YouTube was fined $170m (£139m) for collecting data on
children under 13 without the consent of their parents, following a US investigation by
the Federal Trade Commission.
The scope of protections needed for children online was huge and the ICO might not be
up to the job, said one digital rights campaigner, Jen Persson.
"The code is well-intentioned, and if enforced, may bring about some more focused
change in the approach of some apps and platforms to stop collecting excessive data
from children for example, and start to meet the requirements of core data protection
law in place for over 20 years.
"The key risks are that since the ICO has not enforced to date on behalf of children in its
current remit of concrete data protection law, that it may be seen as not having the
capability to enforce those new things in the code that go beyond that and are
subjective, such as the best interests of the child, or that outstrip the ICO technical
knowledge and capacity."
Andy Burrows, head of child safety online policy at the NSPCC, said he hoped the code
would force a rethink on the content provided to children.
"Tech firms have a year to prepare for this transformative code that will force them to
take online harms seriously, so there can be no more excuses for putting children at
risk.
"For the first time, high-risk social networks will have a legal duty to assess their sites
for sexual abuse risks and no longer serve up harmful self-harm and suicide content to
children."