That country’s Information Commissioner’s Office published a 16-point draft code of practice that outlines age-appropriate design for “those responsible for designing, developing or providing online services likely to be accessed by children and which process their data.”
One of the proposed rules would preclude social media companies from targeting kids with nudge techniques such as “likes” and “streaks.”
“You should not use nudge techniques to lead or encourage children to activate options that mean they will give you more of their personal data, or turn off privacy protections,” the draft reads.
Nudge techniques take advantage of human psychology to keep people online—where they can be served ads and provide personal data—for longer. But that’s not the only risk.
“The employment of nudge techniques in the design of online services can be used to encourage users, including children, to provide an online service with more personal data than they would otherwise volunteer,” the code reads. “[I]t can be used to lead users, particularly children, to select less privacy enhancing choices when personalizing their privacy settings.”
Other language includes turning location services off by default for children, providing “bite-sized” explanations about how their data is being used, and making it clear when parental controls including activity tracking are being used.
The code was promulgated per the requirements of the U.K. Data Protection Act 2018. It will remain a draft until May 31. It’s anticipated that it will go into effect by the end of the year.
Unsurprisingly, tech companies have expressed concerns. The executive director of a trade group whose members include Facebook and Snap said that “any new guidelines must be technically possible to implement in practice, and not stifle innovation and opportunities for smaller platforms.”
“We must be careful when designing regulation to ensure any technical challenges, particularly around age verification, are understood and taken into consideration.”