Age Appropriate Design Code comes into force
Date: 3rd September 2021
Category: Protection from abuse or neglect
A landmark piece of regulation has come into force which requires the tech sector to consider children’s privacy, safety and wellbeing in their products and services if they are likely to be accessed by children and young people.
Enforced by the Information Commissioner, the Code’s requirements are designed to be proportionate to the risks arising from a service’s processing of data. Lower risk services will have lower obligations, while the expectations on higher risk services will be greater. Starting from the 2nd September 2020, there is a 12-month transition period for companies to comply.
The Code is derived from the principles in the Data Protection Act and GDPR, including data minimisation, purpose limitation, and data protection by design and default. As such, it places no extra obligations on services which are already fully compliant with GDPR, as such it aims to easily be adopted by other states and institutions.