Updates from the Information Commissioner
Sign up for myFT Daily Digest to be the first to know about news from the Office of the Information Commissioner.
The UK will target social media companies, video streaming and gaming platforms as a broad set of new regulation to protect children’s data online goes into effect Thursday next week.
The rules proposed by the UK regulator, the Information Commissioner’s Office, aim to prevent businesses from tracking the whereabouts of children, personalizing content or advertising for them, and offering behavioral advice, such as automatically playing videos. .
“We have identified that currently some of the biggest risks come from social media platforms, video and music streaming sites, and video game platforms,” said Stephen Bonner, executive director of regulatory futures at the ICO. “This can include inappropriate advertising; unsolicited messages and friend requests; and privacy-eroding nudges urging kids to stay online.
Bonner added that he was concerned that the adverse consequences for children could be “physical, emotional, psychological and financial.”
The UK’s Age Appropriate Design Code, which comes into effect after a one-year grace period for companies to comply, has been touted as pioneering regulation.
Violating the code will result in the same potential penalties as the EU’s General Data Protection Regulation (GDPR), including a fine of up to 4% of global revenue for companies that do not comply.
Members of the United States Senate and Congress have called major American technology and games companies to voluntarily adopt the ICO code for American children.
Over the past two months, the biggest social media platforms, including YouTube, Instagram and TikTok, have announced changes related to children’s privacy ahead of the code’s application.
Earlier this month, YouTube announced that it would turn off autoplay by default on videos and remove targeting and ad personalization for anyone under the age of 18. It would also activate ‘take a break’ and ‘bedtime’ reminders for the same age group, he said.
Meanwhile, Instagram last month introduced a new feature that prevents adults from sending messages to people under the age of 18 who don’t follow them, among other changes. And TikTok said it will no longer send push notifications after 9 p.m. to users aged 13-15, and after 10 p.m. to those aged 16 and 17.
“These are not proactive changes, they are a set of changes that respond to the code – this is proof that the regulations are working,” said Beeban Kidron, a member of the House of Lords who originally proposed the amendment to the law. “Otherwise, why would three global companies make similar announcements in the weeks leading up to September 2? It shows that the digital world can be designed to respond to societal concerns. “
Despite its pioneering nature, the code has been criticized by a series of companies that operate online services, who have complained that the ICO’s comprehensive approach would encompass companies that did not specifically target children, including children. retailers and newspapers.
In response, the ICO has now said it will focus its proactive regulatory and enforcement efforts on high-risk areas, “performing audits” and “overall enforcement,” according to Bonner.
“When the risk is relatively low, we wouldn’t expect to see stocks in the short term. We have been clear on where the potential damage is greatest, so these organizations can take action quickly, ”he said. He suggested that news websites and e-commerce companies generally pose a lower risk to children’s privacy.
“Prioritizing certain areas makes a lot of sense to me because that’s where the risks lie, but it leaves the rest of the digital economy in theoretical uncertainty,” said Dom Hallas, executive director of the Coalition for a Digital Economy, which represents technology. start-up. “The vast majority of businesses still don’t know what obligations they have under the code. ”
Another aspect of the new rules that is of particular concern to businesses is age verification, which they say could carry additional privacy risks and become a burden on small businesses without the resources to develop sophisticated technology.
“We have helped provide advice on realistic solutions to a number of issues raised, while also working to disseminate practical advice to our members to support efforts to achieve compliance,” said Ukie, the organization. UK gaming industry, which will be one of the ICO’s target areas for compliance.
“[However] Elements of the code rely on technological solutions, such as age verification, which are currently impractical, inefficient, or likely to be intrusive if implemented in their current form. He added that enforcement efforts should take place alongside “ongoing dialogue and education,” as the code comes into force.
The ICO told the Financial Times that they don’t expect all online businesses to immediately put an age barrier in place. Bonner said the ICO would release further guidance on age verification in the fall, for clarity. “We don’t want to build a walled garden. The aim of our work is that children can be protected in [the internet], not from him, ”he said.