The Children’s Code (the Code) (which we covered in a previous article) applies to Information Society Service (ISS) providers whose services are “likely to be accessed by children” in the UK.
The ICO has published new draft guidance on “likely to be accessed by” in the context of the Code, to assist ISS providers in determining whether the services they provide fall within scope.
The main features of the draft guidance are:
- All ISS providers must decide whether their service is “likely to be accessed by children” to determine whether they must comply with the Code. As the ICO has clarified previously, this includes adult-only services that are not intended for use by children. If the service is likely to be used by children in practice, it will fall within the Code’s scope.
- Adult-only ISS providers must decide whether it is reasonable to conclude that children form a material group of the people using the service (although there is no requirement for the ISS providers to determine the actual identity of the people who are likely to be under 18).
- The Code’s reference to a “significant” number of children does not mean that many children must use the service for it to fall within scope. Rather, ISS providers must determine whether “more than a de minimis or insignificant number” of children are likely to access the service.
- If an ISS provider uses an age-gating page to prevent children from accessing an adult-only site, the age-gating page itself will not need to comply with the Code provided that (amongst other things) the age-gating page is robust and effective at preventing such access. A self-declaration age assurance method is unlikely to be an effective way of restricting access to adult-only content.
- The guidance provides a list of non-exhaustive factors to consider when deciding whether the service is likely to be accessed by children. These include:
- the number of children using the service (either in absolute terms or in proportion to the total number of UK users, or to the number of children in the UK);
- evidence of user behaviour, including information about user groups that may be used to infer age range;
- information on whether any advertisements featured on the service are likely to appeal to children;
- information on any complaints received about the age of people accessing the service;
- whether the types of content, design features and activities included in the service are likely to be of interest to children;
- whether children are known to access similar services; and
- whether the means used to market and promote the service are targeted at children.
If, after considering these factors, adult-only ISS providers conclude that children are likely to access the service and that service is not child appropriate, they should apply appropriate age assurance measures to restrict such access. Otherwise, they should ensure that the service complies with the Code.
The ICO is seeking feedback on the draft new guidance. The consultation will remain open for feedback until 19 May 2023.