UK Proposes Tough Child Data Privacy Rules

Tech companies wouldn’t be able to use “nudge techniques” to encourage kids to provide unnecessary data or weaken privacy protections.

In this Oct. 29, 2019, file photo, smartphone apps are shown in Miami, Fla.
In this Oct. 29, 2019, file photo, smartphone apps are shown in Miami, Fla.
AP Photo/Wilfredo Lee, File

LONDON (AP) — Social media sites, games and other online services won’t be allowed to “nudge” British kids into revealing personal details or lowering their privacy settings, under tough new rules drawn up by the country’s privacy regulator.

The set of standards aimed at protecting children’s online privacy were released Wednesday by the Information Commissioner’s Office for Parliament’s approval.

“There are laws to protect children in the real world - film ratings, car seats, age restrictions on drinking and smoking. We need our laws to protect children in the digital world too,” Information Commissioner Elizabeth Denham said. “In a generation from now, we will look back and find it astonishing that online services weren’t always designed with children in mind.”

Tech companies won’t be able to use “nudge techniques,” such as making one option appear easier than the alternative, to encourage kids to provide unnecessary personal data or weaken or turn off their privacy protections. They'll also have to verify a user's age or instead apply the code's standards to all users.

Sharing or broadcasting a child’s location should be off by default, so should profiling kids for so-called behavioral advertising, the new rules say. Other requirements include collecting and holding a “minimum amount” of personal data and making “high privacy” settings the default. Online services should take children’s best interests into account and shouldn’t use their data to auto-recommend harmful content like videos advocating suicide or anorexia.

The “age appropriate design code” has 15 standards in all that must be met by apps, connected toys, social media platforms, online games, educational websites and streaming services. They apply to any online service likely to be used by a child and to any companies offering their services in the U.K.

Violators face punishment including, in serious cases, fines worth 4% of a company's global revenue, which for the Silicon Valley giants like Facebook would equal billions of dollars.

Once Parliament gives its approval, companies will get a 12-month transition period to adapt to the new rules. They’re expected to come into full effect by autumn 2021.

Tech companies are coming under increasing pressure to tighten up online protection for young people, with authorities in the U.S., Ireland and elsewhere also working on updating their rulebooks.

More in IoT