Starting from next year, technology companies that target children but fail to ensure such users are safe could face serious fines after the Information Commissioner's Office (ICO) laid down new privacy standards.
Called the “Age Appropriate Design Code”, the standard introduces 15 general design principles that will ensure children’s safety. Consequently, tech companies will have a harder time selling data and will have to change certain tracking and consent practices.
So, for example, privacy protection needs to be set to its highest mode by default, while GPS needs to be off. To enable GPS, the business will need to prove there’s actual need for it – and ask for consent, too. The nudge technique (where the Yes button is clearly shown, while the No button is somewhat obscured) will now become a thing of the past.
This applies to both hardware products (like toys and such) and software – for example social media. Consent that can lead to sexual abuse or exploitation needs to be actively requested, while reporting and identification systems need to be adequately maintained.
When it comes to fines, it’s not a pretty picture. The ICO will treat any failure to comply with these standards as a violation of the General Data Protection Regulation (GDPR). That means that businesses not complying with the new rules face up to $22 million in fines (or 4 per cent of annual global turnover, whichever is higher).