The Age Appropriate Design Code, also known as the 'Children's Code', has come into force today. It is a statutory code of practice for online services - which includes online games - that requires digital services to automatically provide children with a built-in baseline of data protection.
But what exactly do companies in the games industry need to know about the Age Appropriate Design Code and it's 12 month implementation period? Let's take a look.
What exactly does the code consist of?
The Age Appropriate Design Code consists of 15 standards, with the phrase age appropriate design defined as "such standards of age-appropriate design of such services as appear to the [Information Commissioner's Officer (ICO)] to be desirable having regard to the best interests of children."
The 15 standards, which you can view here, include points such as considering the best interests of the child, providing age appropriate information around parental controls and minimising data collection.
These points are designed to be principles, rather than specific regulations. The code accounts for the fact that different online services and games will operate in different ways, and aims to allow flexibility for that, while also binding everyone to the shared goal of ensuring design is age appropriate.
And importantly, there is a period of grace before the code is fully enforced. Companies have 12 months to implement the code, giving businesses time to adapt.
Why has the code been created?
The ICO says that the Age Appropriate Design Code is to protect children within the digital world by ensuring services online are better designed with their interests in mind.
It does so by translating the General Data Protection Regulation requirements into design standards for online services into an understandable framework.
The intention is to provide businesses with a clear framework to think through their decisions, while also ensuring that they take steps actively - and relatively quickly - to ensure their services are age appropriate in the coming year.
Why do games businesses need to take the code seriously?
Until now, games businesses have had a responsibility to consider what is age appropriate design through a number of different lenses. This includes, but wasn't limited to, submitting games for age rating, creating in game tools to help create age appropriate environments (e.g. such as screening for toxic messages) and, broadly, having a sense of responsibility for players.
The age appropriate design code, however, provides a new set of legal responsibilities for companies to adhere to. Online games businesses that have children within their player bases are, from today, subject to the code. This means that within a year, companies who fall under it must be compliant or face enforcement action under the ICO - including compulsory audits, orders to stop processing and fines of up to 4%.
How can we prepare for the code?
Preparing for the code will take a little bit of time but, fortunately, there are already some good tips out there on how to do so.
First, the ICO has supplemented the code with a simple guide that distils 15 points into five easy to handle guiding thoughts. They are:
- Put the child first by thinking about the ages of people who use the service, asking how much data you need to gather, how much has to be shared and whether sharing data/processing it could be detrimental.
- Give children a high privacy level by default by turning privacy settings on as 'high' as possible by default, while looking to 'switch off' uses of data that don't (e.g. optional data sharing).
- Aim to give children an age appropriate service even if those higher privacy default settings are turned off by the child.
- Provide age appropriate communications so children using your game can understand what is going on (and whether it's time to involve a parent/carer).
- Provide tools which help children with their data when they need it so, for example, they can download or delete it if they choose to.
It also recommends attempting to ascertain age of players where possibly by asking them, introducing age checks or providing a high privacy service by default but to do so while still considering what impact gathering that data could have on a child.
Beyond that, and if you are concerned, we also recommend getting in touch with some of our partner members who specialise in legal matters. They will be able to give you some useful guidance on how to adhere to the code in the coming year.
Finally, if you do need expert insight, you can pop an email over to our policy team who can explain the code in further detail. You can contact Grace Shin for more information.
Find out everything you need to know about the Age Appropriate Design Code at www.ico.org.uk/childrenscode.