Age appropriate design: a code of practice for online services
AuthorBad Dinosaur Team
Everything seems to be in a 'transition period' right now, whether it's Brexit or Covid or remote working. The one you might not be aware of is the Information Commissioner's Office 'Age Appropriate Design Code'. Businesses have until September this year to conform.
The problem the ICO are addressing is that children are being ‘datafied’, as companies and organisations are "recording many thousands of data points about them as they grow up. These can range from details about their mood and their friendships to what time they woke up and when they went to bed."
The code sets out 15 standards of appropriate design. They're all a bit long winded, and like any ICO guidance it's often 'open to interpretation'. But, it's well worth reading through the summary points. You can see the full list here.
Most of them centre around capturing data, and they feel quite GDPR-y, encouraging organisations to:
- only capture what you need
- default most tracking to off
- make the users aware of it
Basically don't do stuff unless you can demonstrate a compelling reason for it.
A couple of standards that stood out were:
Number 13: "Do not use nudge techniques to lead or encourage children to provide unnecessary personal data or turn off privacy protections". It's super refreshing to see strong wording like "do not" rather than "avoid", so that tells us the ICO is less likely to be lenient on this. On the other hand, 'nudge techniques' are not exactly easy to identify or categorise, so that one might cause trouble.
Number 3: "Take a risk-based approach to recognising the age of individual users...". This one is interesting because it puts the onus on the organisation to deliver age appropriate applications of the guidelines. Could this lead to organisations having a legitimate reason to capture DOB where they haven't previously?
Elizabeth Durham, the information commissioner, said:
"We want coders, UX designers and system engineers to engage with these standards in their day-to-day to work"
There's so many interesting considerations in this code, but it's not getting a huge amount of attention. If we're expected to apply these standards in our day to day then we need to amplify the conversation.
Are you aware of this new code?
Do you agree with what they're trying to achieve?
What apps are failing to meet this code?