0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

do you collect personal data from children (whether deliberately or by accident)? If so you’d better read this…

3 February 2020

If you provide goods or services online that might be of interest to children then you’re going to want to go through the ICO’s “Age Appropriate Design Code of Practice” - a code requiring minimum standards of any online service aimed (or which is likely to interest) children.

You’re likely to want to check your website and your processes for collecting personal information (in particular if you share that information with anyone).

So whether its computer games, sportswear, schools, toys, retail offers, food or education – for every digital business - if you don’t comply with the code then there’s a risk your use of children’s personal data may be unfair - and that you may find yourself in breach of your obligations as a data controller.

The code runs to 146 pages (including a template DPIA) but the principles are summarised in the attached infographic.

If you’re collecting data from children, then you need to read and comply with the code.

related opinions

Marriott International: a look behind the ICO’s £99m fine and what this means for corporate acquisitions

Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.

View blog

Cyber risks – are businesses really ready?

The Hiscox Cyber Readiness report, a review of 3300 organisations, will be a stark warning for CEO’s of SME’s in the UK and in Europe.

View blog

Landlord and tenant inspections - getting the evidence right

In Rogerson v Bolsover District Council (2019) the Court of Appeal found against a local authority landlord pursuant to the Defective Premises Act 1972 following a finding of an inadequate inspection regime.

View blog

As Japan becomes 'adequate' for data protection laws...will the UK soon become 'inadequate'?

On 23 January 2019, the European Commission and the Personal Information Commission of Japan, concluded a two-year-long dialogue and the adoption of the decisions recognising each other’s personal data protection systems as ‘equivalent’.

View blog

Richard Nicholas

Richard Nicholas

Partner and Responsible for In House Lawyers

View profile

mailing list sign up



Select which mailings you would like to receive from us.

Sign up