Counterculture
 
  • About us
  • Contact us
  • Newsletter
  • Client Portal
Counterculture
  • Home
  • Services
    • Capital Projects and Exhibitions
    • Communications, Marketing, Audiences and Brand
    • Data Management
    • Digital – strategic leadership, skills and implementation
    • Economic Development and Public Policy
    • Events
    • Finance
    • Fundraising
    • Governance
    • Higher Education Advisory
    • HR and Professional Development
    • Interim Management
    • Legal Advice
      • Arts, Entertainment, and Fashion
      • Business and Commercial
      • Charity and Governance
      • Digital, Web, IT and Social Media
      • Employment and HR
      • Music
    • Management Consultancy
    • Project Management
    • Strategic and Business Planning
    • Tax and Accounts
  • Clients
    • Types of clients
    • Issues
    • Case studies
    • Blog
  • People
  • Home
  • Services
    • Capital Projects and Exhibitions
    • Communications, Marketing, Audiences and Brand
    • Data Management
    • Digital – strategic leadership, skills and implementation
    • Economic Development and Public Policy
    • Events
    • Finance
    • Fundraising
    • Governance
    • HR and Professional Development
    • Interim Management
    • Legal Advice
      • Arts, Entertainment, and Fashion
      • Business and Commercial
      • Charity and Governance
      • Digital, Web, IT and Social Media
      • Employment and HR
      • Music
    • Management Consultancy
    • Project Management
    • Strategic and Business Planning
    • Tax and Accounts
  • Clients
    • Types of clients
    • Issues
    • Case studies
    • Blog
  • People
  • About us
  • Contact us
  • Newsletter
Home / Clients / Blog / Data Protection Update: The Children’s Code
Millie Kashirahamwe - [ARCHIVE]
Millie Kashirahamwe - [ARCHIVE] • 29 Jun 2021
Paralegal

Data Protection Update: The Children’s Code

  • Data Management
  • Legal Advice

The Children’s Code (formally known as The Age Appropriate Design Code), provides protection for children up to the age of 18 when they visit online services. The Code came into force on 2nd September 2020 with a 12-month transition period, giving organisations time to prepare. All social media and online services used by children in the UK will need to conform to the Code when it comes into full effect from 2nd September 2021.

What is the Children’s Code?
The Code sets out 15 standards that online services must follow to comply with the obligations under UK Data Protection Law to protect children’s data whilst they are online. The Code applies to all major social media and online services used by children in the UK such as apps, search engines, online games and websites selling services and goods.

These standards include:
• providing privacy settings that are high by default;
• switching off geo-location services that can reveal a child’s location to the world; and
• not using not using nudge techniques and notifications to encourage children to provide more personal data.

The aim of the Code is to protect children’s privacy when they’re online, making sure online services safeguard children’s personal data as well as providing default settings to allow children to have the best possible access to online services, whilst minimising data collection and data use by default.


Why do we need the Children’s Code?

Children are being ‘datafied’ as they grow up with organisations recording information about them when they use online services. The information recorded can include details about their mood, friendships, location and what time they wake up and go to bed.

Implementing the Children’s Code helps make sure that the best interests of the child are taken into account. The Code will help empower both adults and children and reassure parents that services are dealing with children’s personal data accordingly and they are appropriate for children to use.

What action should Charities take to protect children’s data in line with the Children’s Code?

Step one – Determine whether the charity provides an online service within the scope of the Code.

If a charity provides a service designed for and aimed specifically at under-18s, then the Code applies. The Code also applies to services that aren’t specifically aimed or targeted at children but are nonetheless likely to be used by under-18s. If you do not believe your organisation to be in the scope of the Code, you should keep a record of your decision.

Step two – Complete a Data Protection Impact Assessment (DPIA).

If a charity falls within the scope of the Code, a DPIA should be completed. A DPIA is a process to help assess and mitigate the data protection risks of an online service, and to the rights of children who are likely to access it. A DPIA will help draw out and document the questions which will need to be answered to conform with the Children’s Code. It will also help identify risks and design appropriate changes to the online service to reduce the risks and to conform with the Code.

Step three – Create an implementation plan.

Creating an implementation plan or roadmap will help make sure all planned steps to comply with the Code are taken before the 2nd September 2021 deadline. It will also help show that the Charity is serious about complying with the Code.

What are the implications to those who do not comply by 2nd September 2021?

The Children’s Code is legally enforceable. Organisations that do not follow the Code could face enforcement action by the ICO which includes compulsory audits, orders to stop processing and fines of up to 4% of global turnover.

If you need any help developing your data protection policy please get in touch with our Legal Team

Employment law specialist Sam Butler joins Counterculture legal team as a Partner

Keith Arrowsmith • 10 Jan 2022

Charity Commission finance guides for trustees updated

Keith Arrowsmith • 21 Sep 2018

Transparency in the UK Property Market –overseas companies with UK property holdings need to act now 

Billy Laser • 3 Aug 2022

NCVO Developing a Code of Ethics for Charitable Organisations

Keith Arrowsmith • 18 Jul 2018

Employment Tribunals

Sam Butler • 14 Jan 2022

It’s not alright, alright, alright

Follow us on: Facebook Twitter LinkedIn

The Legal 500 – The Clients Guide to Law Firms

Counterculture Partnership LLP is a Limited Liability Partnership registered in England, number OC370322. Authorised and regulated by the Solicitors Regulation Authority (No: 623129). Hall & Birtles Solicitors is a trading name of Counterculture Partnership LLP. A list of members, and their respective professional regulators, is available for inspection at our registered office, Unit 115, Ducie House, Ducie Street, Manchester, M1 2JW.

In accordance with the disclosure requirements of Provision of Services Regulations, our professional indemnity insurers are Newline Group (4th Floor, 55 Mark Lane, London, EC3R 7NE and Allianz Global Corporate & Specialty SE (28 Koniginstrasse, Munich, Bavaria 80802, Germany).Our policy numbers are (for our consultancy services) GBF013895220 (Allianz), NID22045684A (Newline) and for our legal services, GBF009910210022 (Allianz). The territorial coverage is worldwide excluding professional business carried out from an office in the United States of America or Canada and excludes any action for a claim brought in any court in the United States of America or Canada.

Privacy | Terms of Use | Cookies | Complaints | Equality Diversity & Inclusion

Manage Cookie Consent
We use cookies to optimise our website.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Preferences
{title} {title} {title}