The UK could be gearing up to hit a handful of tech firms with enforcement orders (and potentially fines) related to a children’s online privacy and safety Code which has been in force for a year.
“The ICO are currently looking into how over 50 different online services are conforming with the code, with four ongoing investigations. We have also audited nine organisations and are currently assessing their outcomes,” the data protection watchdog said in a blog post yesterday marking the one-year anniversary of the Code coming into application.
The Telegraph, which has interview with information commissioner, John Edwards — who heads up the Information Commissioner’s Office (ICO) — in today’s paper reports that two of the four social media and tech firms under investigation are household names.
Its reports says decisions by the ICO on whether to prosecute are expected to be announced within weeks.
“This code makes clear that children are not like adults online, and their data needs greater protections,” Edwards told the Telegraph. “We’ll use our enforcement powers where they are required.”
The companies in question have not been named — either by the newspaper or the ICO — but last November, the watchdog wrote to Apple and Google after concerns had been raised with it about how the pair assess apps on their respective mobile app stores to determine which age ratings they apply.
The ICO described its outreach then as an “evidence gathering process to identify conformance with the code” — although it remains to be seen whether the two tech giants are among the four firms facing possible enforcement, or if they’re just among the wider group whose compliance the watchdog has been eyeing.
“Unfortunately, we are unable to name the companies at the minute due to ongoing investigations,” a spokeswoman for the ICO confirmed when asked if it can share any more details.
The ICO first published the children’s Code back in 2020. It contains 15 standards for what’s billed as “age appropriate design” — essentially it’s a set of design recommendations for web services that are likely to be accessed by kids, containing recommendations such as setting high privacy defaults and not using heavy-handed engagement tactics that could keep kids unhealthily hooked on using a digital service.
The overarching aim is for the Code to encourage to platforms to safeguard kids from accessing inappropriate content and prevent them being commercially data-mined, although the ICO regulates personal data (rather than content) — the latter responsibility will fall to Ofcom under the incoming Online Safety Bill (assuming another change of UK prime minister does not lead to a legislative rethink on that front).